A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programing languages, package managers, packaging conventions, tools, APIs and databases.
Tern's SPDX documents are more consumable and interoperable with other tooling if purls are available for the packages.
SPDX supports the inclusion of purls as a PACKAGE-MANAGER category of ExternalReference for a package. See https://spdx.github.io/spdx-spec/v2.3/package-information/#721-external-reference-field and https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/#f35-purl.
A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programing languages, package managers, packaging conventions, tools, APIs and databases.
Tern's SPDX documents are more consumable and interoperable with other tooling if purls are available for the packages.
SPDX supports the inclusion of purls as a
PACKAGE-MANAGERcategory of ExternalReference for a package. See https://spdx.github.io/spdx-spec/v2.3/package-information/#721-external-reference-field and https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/#f35-purl.