component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Purl is incorrect when the component name contains uppercase letter

Open kennylam91 opened this issue 1 year ago • 1 comments

It seems like the purl info is always lowercase even when the component name contains uppercase. For example:

name": "org.latencyutils.LatencyUtils",
"externalRefs": [
  {
    "referenceCategory": "PACKAGE-MANAGER",
    "referenceType": "purl",
    "referenceLocator": "pkg:maven/org.latencyutils/[email protected]"
  }
]

As far as I know, maven package name is case-sensitive. Therefore its purl should be case-sensitive as well.

kennylam91 avatar Jul 25 '24 03:07 kennylam91

This issue is caused by a bug in packageurl-dotnet version 1.0.0. The bug has been fixed in the latest version of packageurl-dotnet (https://github.com/package-url/packageurl-dotnet/commit/7b27f39553d5804da0d98d633a4b3e749aa3b293), so simply updating packageurl-dotnet to the latest version (1.3.0) should resolve this issue.

It seems that another bug in the latest version of packageurl-dotnet is blocking the update (https://github.com/microsoft/component-detection/pull/152).

rioil avatar Dec 31 '24 07:12 rioil