Parse and compare package versions and ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
☆43Feb 25, 2026Updated 3 weeks ago
Alternatives and similar repositories for univers
Users that are interested in univers are comparing it to the libraries listed below
Sorting:
- Automate open source license compliance and ensure software supply chain integrity☆41Mar 11, 2026Updated last week
- Tools to create and deploy a database of software packages metadata, origin, dependencies, and license keyed by PURLs (Package URLs). Sup…☆61Updated this week
- Common weakness enumeration library for Python (maintained fork of https://github.com/Julian-Nash/cwe )☆15Aug 29, 2024Updated last year
- ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Co…☆184Updated this week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆649Updated this week
- A library to reliably fetch code via HTTP, FTP and version control systems. This project is sponsored by NLnet project https://nlnet.nl/p…☆12Nov 28, 2025Updated 3 months ago
- The Keep It Simple Software Bill of Material☆11Jan 31, 2022Updated 4 years ago
- A python library to parse Debian deb822-style control and copyright files and all related Debian, Ubuntu and Debian-derivative manifest a…☆16Oct 2, 2025Updated 5 months ago
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆88Mar 11, 2026Updated last week
- SupplyShield is an open-source application security orchestration framework designed to secure your software supply chain from vulnerabil…☆16Dec 8, 2025Updated 3 months ago
- ☆50Updated this week
- The International FOSS Law Book, v.2 and onwards☆15Jan 17, 2022Updated 4 years ago
- Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners☆14Updated this week
- ☆17Updated this week
- PURL to CPE Relationship mapping project.☆111Updated this week
- This is a mapping of CPEs to package urls created by using VulnerableCode's data☆10Aug 14, 2020Updated 5 years ago
- ☆19Nov 14, 2024Updated last year
- An installer to enable the RPM Python binding in any environment.☆14May 11, 2023Updated 2 years ago
- Service to scan licenses from source code☆12Aug 14, 2023Updated 2 years ago
- A proving grounds for young and aspiring BBOT modules☆15Aug 31, 2022Updated 3 years ago
- CISA Known Exploited Vulnerabilities Catalog Enrichment☆19Jun 24, 2024Updated last year
- Vulnerability Management with SBOM☆20Updated this week
- A TypeScript implementation of CVSS 2.0, 3.0, 3.1 and 4.0, alongside a web application for calculating scores for multiple CVSS vectors s…☆18Feb 27, 2026Updated 3 weeks ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆992Mar 11, 2026Updated last week
- ☆19Feb 10, 2026Updated last month
- One Git library to Rule -- one API for many git forges☆56Mar 11, 2026Updated last week
- A parser for Python dependency files☆64Nov 25, 2024Updated last year
- The Disclosure-CLI provides an easy way to access the public api of the FOSS Disclosure Portal. It is the recommended tool for external s…☆18Dec 29, 2025Updated 2 months ago
- OSS License Open Data☆12Jun 28, 2019Updated 6 years ago
- Functionality and DataModels of OWASP CycloneDX for Python☆103Mar 13, 2026Updated last week
- About A git subcommand for analyzing package/dependency usage in git repositories over time☆117Mar 11, 2026Updated last week
- Project providing insights on the metaeffekt license database.☆12Feb 24, 2026Updated 3 weeks ago
- OASIS TC Open Repository: CSAF Parser tool for parsing and checking the syntax of the Common Vulnerability Reporting Framework (CVRF) con…☆24Jul 14, 2022Updated 3 years ago
- Utility that provides an API and CLI to identify licenses and legal terms☆52Jul 11, 2025Updated 8 months ago
- ☆10Oct 29, 2019Updated 6 years ago
- License Identifier☆14Mar 25, 2021Updated 4 years ago
- free and open source software license compatibility tool.☆50Apr 9, 2025Updated 11 months ago
- GitHub action to produce a SBOM report from a given Black Duck project☆12Feb 5, 2026Updated last month
- ☆191Updated this week