npm package names should not be lowered #19
Conversation
npm used to support package names containing capital characters: https://blog.npmjs.org/post/168978377570/new-package-moniker-rules.html Such packages still exist on the npm registry, like this one: https://www.npmjs.com/package/Acid/v/3.0.17
|
Hey @am11, mind taking a look at this? This bug is preventing our system from handling older npm packages properly, so we would love to get a fix in and a new version published to NuGet sooner rather than later. |
| { | ||
| "nuget" or "cocoapods" or "cpan" or "vsm" or "cran" => name, | ||
| "nuget" or "cocoapods" or "cpan" or "vsm" or "cran" or "npm" => name, | ||
| "pypi" => name.Replace('_', '-').ToLower(), | ||
| _ => name.ToLower() |
There was a problem hiding this comment.
Should we align name and namespace validations with python implementation: https://github.com/package-url/packageurl-python/blob/6c96667/src/packageurl/__init__.py#L94? i.e. ToLower() transformation is not applied unless we are sure it's necessary.
There was a problem hiding this comment.
Great point - I'd be happy to contribute that next week, if you don't mind that going in as a separate PR.
|
Thanks @am11! Aligning to preserve-case-by-default is a great idea - I'd be happy to contribute that next week. In the mean time, it would be helpful if we could be unblocked by getting this patch checked in and published - would you mind publishing this patch in a new version to NuGet? Thanks for your time looking at this. |
|
Oops, I clicked the wrong button I think 😅 |
|
v1.1.1 is published: https://www.nuget.org/packages/packageurl-dotnet/1.1.1 Thank you for the contribution. 👍 |
Like a few other package managers, npm package names are case sensitive. They now disallow uppercase characters in names for new packages (as discussed here), but older packages having uppercase names still exist (see https://www.npmjs.com/package/Acid vs. https://www.npmjs.com/package/acid).
So far I haven't seen evidence that scopes having uppercase characters exist, so I left that as-is.