Skip to content

feat!: (re)move non-standard implementations #571

New issue
New issue
Closed
Closed
feat!: (re)move non-standard implementations#571
Assignees
jkowalleck
Labels
breaking change
Milestone
v4.0.0
@jkowalleck

Description

@jkowalleck
jkowalleck
opened on Nov 30, 2025

This library claims to implement the CycloneDX standard. And it doe.

but it also has some implementation parts that are not standard - they should be moved to the "contrib" area, or removed entirely.

Goal

  • move helpers/factories/builders to the "contrib" area
  • remove the usage of external models
    • Compoennt.purl is no longer an instance of PackageUrl but a simple str or instance of string-castable
      • cast to string on normalization
      • downstream users can still use a PackageURL object, if needed ....
      • remove packageurl dependency
      • BC: PackageUrl as string #588
    • validation of external standards -like SPDX expressios and such...
    • tbc...

Motivation:

  • have a clean standard implementation, no opinionated fluff, only models and (de)serailization.

Metadata

Metadata

Assignees

Labels

breaking change

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions