Merge pull request package-url#611 from package-url/592-convert-remaining-rst-to-md

mjherzog · web-flow · commit 4bcfc452a015 · 2025-08-20T17:34:07.000-07:00
Convert remaining rST files to markdown format
We may need to make further updates from the next review, but these changes are need to complete an update to purl-standard.md to complete Section 5.6 PURL Types
diff --git a/PURL-TYPES.rst b/PURL-TYPES.rst
@@ -62,8 +62,8 @@ repository with:
 
  - a new JSON definition file under `types/`.
  - a new JSON test file file under `tests/types/`.
- 
-  
+
+
 Ensure that your proposal follows the **PURL Type Definition Schema** and includes all required
 fields. For this see the README-dev.rst for details to run local checks.
 
diff --git a/README-dev.md b/README-dev.md
@@ -1,33 +1,34 @@
-Development setup and instructions
-=====================================
+# Development setup and instructions
 
 We use some code:
 
 - to validate the JSON schemas for correctness and format them, and
 - to validate that the test suite data files are schema-valid.
 
 To setup an environment to contribute to the Package-URL spec and standard, follow these
-instructions::
+instructions:
 
-Setup
--------
+## Setup
 
 1. Ensure that you have a recent Python version 3 and Make installed.
-2. Configure your environment::
+2. Configure your environment:
 
+    ```bash
     make conf
+    ```
 
-Usage
--------
+## Usage
 
-To validate that the schemas and data files are correct, run::
-
-    make check
+To validate that the schemas and data files are correct, run:
 
+```bash
+make check
+```
 
 To regenerate the Python utility model code from the JSON schemas, then regenerate the
-PURL type documentation from the JSON PURL type definition files, run::
-
-    make generate
-    make docs
+PURL type documentation from the JSON PURL type definition files, run:
 
+```bash
+make generate
+make docs
+```
diff --git a/README.md b/README.md
@@ -1,15 +1,12 @@
-Context
-=======
+# Context
 
 We build and release software by massively consuming and producing software
 packages such as NPMs, RPMs, Rubygems, etc.
 
 Each package manager, platform, type or ecosystem has its own conventions and
 protocols to identify, locate and provision software packages.
 
-
-Problem
-=======
+# Problem
 
 When tools, APIs and databases process or store multiple package types, it is
 difficult to reference the same software package across tools in a uniform way.
@@ -48,9 +45,7 @@ differences in syntax, naming and conventions:
 - Sonatype Lifecycle uses a format id followed by format specific coordinates.
   https://links.sonatype.com/products/nxiq/doc/component-identifier
 
-
-Solution
-========
+# Solution
 
 A `purl` or package URL is an attempt to standardize existing approaches to
 reliably identify and locate software packages.
@@ -62,17 +57,14 @@ packaging conventions, tools, APIs and databases.
 Such a package URL is useful to reliably reference the same software package
 using a simple and expressive syntax and conventions based on familiar URLs.
 
-
 Check also this short `purl` presentation (with video) at FOSDEM 2018
 https://fosdem.org/2018/schedule/event/purl/ for an overview.
 
-
-purl
-~~~~~
+## purl
 
 `purl` stands for **package URL**.
 
-A `purl` is a URL composed of seven components::
+A `purl` is a URL composed of seven components:
 
     scheme:type/namespace/name@version?qualifiers#subpath
 
@@ -94,20 +86,14 @@ The definition for each components is:
 - **subpath**: extra subpath within a package, relative to the package root.
   Optional.
 
-
 Components are designed such that they form a hierarchy from the most significant component
 on the left to the least significant component on the right.
 
-
 A `purl` must NOT contain a URL Authority i.e. there is no support for
 `username`, `password`, `host` and `port` components. A `namespace` segment may
 sometimes look like a `host` but its interpretation is specific to a `type`.
 
-
-Some `purl` examples
-~~~~~~~~~~~~~~~~~~~~
-
-::
+## Some `purl` examples
 
     pkg:bitbucket/birkenfeld/pygments-main@244fd47e07d1014f0aed9c
 
@@ -138,23 +124,19 @@ Some `purl` examples
 
 (NB: some checksums are truncated for brevity)
 
-
-Specification details
-~~~~~~~~~~~~~~~~~~~~~
+## Specification details
 
 The `purl` specification consists of a core syntax definition and independent
 type definitions:
 
 - `Package URL core <PURL-SPECIFICATION.rst>`_: Defines a versioned and
   formalized format, syntax, and rules used to represent and validate `purl`.
 
-- `Type definitions <PURL-TYPES.rst>`_: Defines `purl` types (e.g. maven, npm,
+- `Type definitions <PURL-TYPES.md>`_: Defines `purl` types (e.g. maven, npm,
   cargo, rpm, etc) independent of the core specification. Definitions also
   include types reserved for future use.
 
-
-Known implementations
-~~~~~~~~~~~~~~~~~~~~~
+## Known implementations
 
 - .NET: https://github.com/package-url/packageurl-dotnet
 - Erlang / Elixir: https://github.com/erlef/purl
@@ -170,14 +152,6 @@ Known implementations
 - Rust: https://github.com/package-url/packageurl.rs
 - Swift: https://github.com/package-url/packageurl-swift
 
-
-Users, adopters and links
-~~~~~~~~~~~~~~~~~~~~~~~~~
+## Users, adopters and links
 
 See the `dedicated adopters list <ADOPTERS.md>`_.
-
-
-License
-~~~~~~~
-
-This document is licensed under the MIT license
diff --git a/docs/candidate-purl-types.md b/docs/candidate-purl-types.md
@@ -0,0 +1,48 @@
+## Other candidate types to define
+
+- ``android`` for Android apk packages
+- ``apache`` for Apache projects packages
+- ``atom`` for Atom packages
+- ``bower`` for Bower JavaScript packages
+- ``brew`` for Homebrew packages
+- ``buildroot`` for Buildroot packages
+- ``carthage`` for Cocoapods Cocoa packages
+- ``chef`` for Chef packages
+- ``chocolatey`` for Chocolatey packages
+- ``clojars`` for Clojure packages
+- ``coreos`` for CoreOS packages
+- ``crystal`` for Crystal Shards packages
+- ``ctan`` for CTAN TeX packages
+- ``drupal`` for Drupal packages
+- ``dtype`` for DefinitelyTyped TypeScript type definitions
+- ``dub`` for D packages
+- ``ebuild`` for Gentoo Linux portage packages
+- ``eclipse`` for Eclipse projects packages
+- ``elm`` for Elm packages
+- ``gitea`` for Gitea-based packages
+- ``gitlab`` for GitLab-based packages
+- ``gradle`` for Gradle plugins
+- ``guix`` for Guix packages
+- ``haxe`` for Haxe packages
+- ``helm`` for Kubernetes packages
+- ``julia`` for Julia packages
+- ``melpa`` for Emacs packages
+- ``meteor`` for Meteor JavaScript packages
+- ``nim`` for Nim packages
+- ``nix`` for Nixos packages
+- ``opam`` for OCaml packages
+- ``openwrt`` for OpenWRT packages
+- ``osgi`` for OSGi bundle packages
+- ``p2`` for Eclipse p2 packages
+- ``pear`` for Pear PHP packages
+- ``pecl`` for PECL PHP packages
+- ``perl6`` for Perl 6 module packages
+- ``platformio`` for PlatformIO packages
+- ``puppet`` for Puppet Forge packages
+- ``sourceforge`` for Sourceforge-based packages
+- ``sublime`` for Sublime packages
+- ``terraform`` for Terraform modules
+- ``vagrant`` for Vagrant boxes
+- ``vim`` for Vim scripts packages
+- ``wordpress`` for Wordpress packages
+- ``yocto`` for Yocto recipe packages
diff --git a/docs/maintain-purl-types.md b/docs/maintain-purl-types.md
@@ -0,0 +1,30 @@
+## How PURL Types are maintained
+
+PURL type definitions are maintained as JSON definition files and JSON
+test files in the PURL specification repository. These JSON files serve as
+the source of truth and define the structure of each PURL type, including:
+
+- Namespace and name formatting rules
+- Supported qualifiers
+- Repository requirements
+- Mapping of PURL concepts to the native ecosystem concepts
+
+On commit, a job automatically:
+
+- Checks that all JSON files are schema-valid
+- Formats all the JSON files
+- Generates the ``purl-types-index.json`` file containing a list of defined
+  registered PURL types
+- Generates human-readable documentation for each type
+
+## How to Propose a New PURL Type
+
+To propose a new PURL type, create an **issue** and a corresponding
+**pull request** in the repository with:
+
+- a new JSON definition file under `types/`.
+- a new JSON test file file under `tests/types/`.
+
+Ensure that your proposal follows the **PURL Type Definition Schema** and
+includes all required fields. For this see the README-dev.md for details to
+run local checks.
diff --git a/docs/standard/types.md b/docs/standard/types.md
@@ -1,4 +1,32 @@
-##Registered `purl` types
+## Package-URL Type definitions
 
-There are several registered `purl` package type definitions tracked in the
-separate [PURL-TYPES.rst](PURL-TYPES.rst) document.
+Each package manager, platform, type, or ecosystem has its own conventions
+and protocols to identify, locate, and provision software packages.
+
+The package **type** is the component of a Package-URL that is used to
+capture this information with a short string such as ``maven``, ``npm``,
+``nuget``, ``gem``, ``pypi``, etc.
+
+These are registered ``PURL`` package type definitions.
+
+Definitions can also include types reserved for future use.
+
+See also https://github.com/package-url/purl-spec and
+[PURL-SPECIFICATION.rst](https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst) for the Package URL specification.
+
+This document no longer contains a manually maintained list of PURL types.
+
+Instead, all PURL type definitions are now maintained in a simple JSON
+document with automatically generated documentation.
+
+## Where to find PURL Type information
+
+- In the JSON Index listing of all defined PURL types at:
+  `/purl-types-index.json <https://github.com/package-url/purl-spec/tree/main/purl-types-index.json>`_
+
+- In individual JSON files, one for each PURL type definition at:
+  `/types <https://github.com/package-url/purl-spec/tree/main/types>`_
+
+- As Markdown documentation, generated from for each PURL type JSON
+  definition at:
+  `/types-doc <https://github.com/package-url/purl-spec/tree/main/types-doc>`_
diff --git a/faq.md b/faq.md
@@ -0,0 +1,91 @@
+# Frequently Asked Questions
+
+## Scheme
+
+**QUESTION**: Can the ``scheme`` component be followed by a colon and two
+slashes, like a URI?
+
+**ANSWER**: No.  Since a ``purl`` never contains a URL Authority, its
+``scheme`` should not be suffixed with double slash as in 'pkg://' and should
+ use 'pkg:' instead. Otherwise this would be an invalid URI per RFC 3986 at
+ https://tools.ietf.org/html/rfc3986#section-3.3:
+
+    If a URI does not contain an authority component, then the path
+    cannot begin with two slash characters ("//").
+
+This rule applies to all slash '/' characters between the ``scheme``'s colon
+separator and the ``type`` component, e.g., ':/', '://', ':///' et al.
+
+In its canonical form, a ``purl`` must not use any such ':/' ``scheme``
+suffix and may only use ':' as a ``scheme`` suffix.  This means that:
+
+- ``purl`` parsers must accept URLs such as 'pkg://' and must ignore and
+remove all such '/' characters.
+
+- ``purl`` builders should not create invalid URLs with one or more slash '/'
+characters between 'pkg:' and the ``type`` component.
+
+For example, although these two purls are strictly equivalent, the first is
+in canonical form, while the second -- with a '//' between 'pkg:' and the
+``type`` 'gem' -- is an acceptable purl but is an invalid URI/URL per RFC
+3986:
+
+    pkg:gem/ruby-advisory-db-check@0.12.4
+
+    pkg://gem/ruby-advisory-db-check@0.12.4
+
+**QUESTION**: Is the colon between ``scheme`` and ``type`` encoded? Can it be
+encoded? If yes, how?
+
+**ANSWER**: The "Rules for each ``purl`` component" section provides that the
+``scheme`` MUST be followed by an unencoded colon ':'.
+
+In this case, the colon ':' between ``scheme`` and ``type`` is being used as
+a separator, and consequently should be used as-is, never encoded and never
+requiring any decoding. Moreover, it should be a parsing error if the colon
+':' does not come directly after 'pkg'.  Tools are welcome to recover from
+this error to help with malformed purls, but that's not a requirement.
+
+## Type
+
+**QUESTION**: What behavior is expected from a purl spec implementation if a
+``type`` contains a character like a slash '/' or a colon ':'?
+
+**ANSWER**: The "Rules for each purl component" section provides that the
+package ``type`` that list allowed characters:
+
+    MUST be composed only of ASCII letters and numbers, period '.', and
+    dash '-'.
+
+As a result, a purl spec implementation must return an error when
+encountering a ``type`` that contains a prohibited character.
+
+## Version
+
+**QUESTION**: How do package ``types`` handle the comparison and sorting of
+versions?
+
+**ANSWER**: Some package ``types`` use versioning conventions such as SemVer
+for NPMs or NEVRA conventions for RPMS. A ``type`` may define a procedure to
+compare and sort versions, but there is no reliable and uniform way to do
+such comparison consistently.
+
+Plus
+
+**QUESTION**: Can a PURL contain a plus character '+'?
+
+**ANSWER**: Decoded individual components can contain a plus. The encoded,
+canonical form can never contain an unencoded plus.
+
+## Qualifiers
+
+**QUESTION**: What is the qualifier for a checksum like a SHA1?
+
+**ANSWER**: The spec was originally ambiguous and used ``checksum``
+(singular) in one place and ``checksums`` (plural) in other places. This has
+been discussed extensively in issues and PRs such as
+https://github.com/package-url/purl-spec/issues/73 and
+https://github.com/package-url/purl-spec/pull/209 and the official form
+is ``checksum`` (singular). When writing a lenient parser, consider accepting
+both ``checksum`` (singular) and ``checksums`` (plural) when reading a PURL,
+and always emit ``checksum`` (singular) when writing a PURL.
diff --git a/faq.rst b/faq.rst
