Skip to content

feat!: (re)move non-standard implementations #919

New issue
New issue
Open
Open
feat!: (re)move non-standard implementations#919
Labels
breaking change
@jkowalleck

Description

@jkowalleck
jkowalleck
opened on Nov 30, 2025

This library claims to implement the CycloneDX standard. And it doe.

but it also has some implementation parts that are not standard - they should be moved to the "contrib" area, or removed entirely.

Goal

  • move helpers/factories/builders to the "contrib" area
  • remove the usage of external models
    • Compoennt.purl is no longer an instance of PackageUrl but a simple str or instance of string-castable
      • cast to string on normalization
      • downstream users can still use a PackageURL object, if needed ....
      • remove packageurl dependency
    • validation of external standards -like SPDX expressios and such...
    • don't use UUID for bom.serailNumber - this is a string ...
    • tbc...

Motivation:

  • have a clean standard implementation, no opinionated fluff, only models and (de)serailization.

Metadata

Metadata

Assignees

No one assigned

    Labels

    breaking change

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions