Coordinates
Coordinates system used by Sonatype OSS Index
Sonatype OSS Index uses Package-URL Specification to describe the coordinates of components (aka packages).
Component and package are interchangeable terms.
Syntax
A package-url (or purl) is a URI composed of six coordinate parts prefixed by pkg scheme:
pkg:type/namespace/name@version?qualifiers#subpath
A package-url with-out pkg scheme is also supported for backwards compatibility:
type:namespace/name@version?qualifiers#subpath
Coordinate Parts
Coordinate parts are separated by a specific character for unambiguous parsing:
- type
-
The component "type" or "format" such as maven, npm, nuget, gem, pypi, etc.
Required - namespace
-
Some name prefix such as a Maven group-id, a NPM package scope, or a Docker image owner.
Optional and type-specific - name
-
The name of the component.
Required - version
-
The version of the component.
Optional - qualifiers
-
Extra qualifying data for a component such as an OS, architecture, a distro, etc.
Optional, type-specific, ignored - subpath
-
Extra sub-path within a component, relative to the package root.
Optional, ignored
See ecosystem specific coordinates for more information.