Currently, the OSV API:
- Returns an error if you query with an
ecosystem not in the osv-schema
- Returns empty results (no error) if you do a
purl query with a PURL type that we do not know
- Returns empty results if you query an ecosystem with an unknown (or invaid) suffix (e.g.
Debian:100, Alpine:foobar, npm:2)
- (Usually) matches records of any ecosystem suffix even if a suffix is not provided and required (e.g.
Alpaquita matches Alpaquita:23, Alpaquita:25, Alpaquita:stream, etc)
We should decide and document the behaviour we want, and make sure it's consistent.
Currently, the OSV API:
ecosystemnot in the osv-schemapurlquery with a PURL type that we do not knowDebian:100,Alpine:foobar,npm:2)AlpaquitamatchesAlpaquita:23,Alpaquita:25,Alpaquita:stream, etc)We should decide and document the behaviour we want, and make sure it's consistent.