fix: include namespace in deduplicated purl construction (#44)

* fix: include namespace in deduplicated purl construction

Fix purl deduplication logic to properly handle namespace and inputPurl fields.
Previously, Maven packages were missing namespace in the returned purl field.

- Use inputPurl when available and complete
- Append version to incomplete inputPurl
- Construct proper purl with namespace when building from scratch

* Added in templates

* Update .github/PULL_REQUEST_TEMPLATE/bug-fix.md

Co-authored-by: Philipp Burckhardt <[email protected]>

---------

Co-authored-by: Philipp Burckhardt <[email protected]>

Author: dacoburn

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,5 @@
+Click on the "Preview" tab and select appropriate PR template:
+
+[New Feature](?expand=1&template=feature.md)
+[Bug Fix](?expand=1&template=bug-fix.md)
+[Improvement](?expand=1&template=improvement.md)

.github/PULL_REQUEST_TEMPLATE/bug-fix.md

@@ -0,0 +1,19 @@
+<!--Description: Briefly describe the bug and its impact. ⬇️ -->
+
+## Root Cause
+<!-- Concise explanation of what caused the bug ⬇️ -->
+
+
+
+## Fix
+<!-- Explain how your changes address the bug ⬇️ -->
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog, Leave blank otherwise. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+
+<!-- TEMPLATE TYPE DON'T REMOVE: python-sdk-template-bug-fix -->

.github/PULL_REQUEST_TEMPLATE/feature.md

@@ -0,0 +1,16 @@
+<!-- Description: Briefly describe the new feature you're introducing ⬇️ -->
+
+
+## Why?
+<!-- Explain the motivation behind this feature and its expected benefits ⬇️ -->
+
+
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+<!-- TEMPLATE TYPE DON'T REMOVE: python-sdk-template-feature -->

.github/PULL_REQUEST_TEMPLATE/improvement.md

@@ -0,0 +1,10 @@
+<!-- Description: Briefly describe the code improvement you're making. This could include things like lint fixes, adding monitoring dashboards, optimizing scripts, refactoring, etc. ⬇️ -->
+
+## Public Changelog
+<!-- Write a changelog message between comment tags if this should be included in the public product changelog. -->
+
+<!-- changelog ⬇️-->
+N/A
+<!-- /changelog ⬆️ -->
+
+<!-- TEMPLATE TYPE DON'T REMOVE: python-sdk-template-improvement -->

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketdev"
-version = "3.0.0"
+version = "3.0.2"
 requires-python = ">= 3.9"
 dependencies = [
     'requests',

socketdev/core/dedupe.py

@@ -61,7 +61,29 @@ def alert_identity(alert: dict) -> tuple:
         base = package_group[0]
         base["releases"] = sorted(releases)
         base["alerts"] = list(alert_map.values())
-        base["purl"] = f"pkg:{base.get('type', 'unknown')}/{base.get('name', 'unknown')}@{base.get('version', '0.0.0')}"
+        
+        # Use inputPurl if available and complete, otherwise construct proper purl with namespace
+        if "inputPurl" in base and "@" in base["inputPurl"]:
+            # inputPurl has version, use it as-is
+            base["purl"] = base["inputPurl"]
+        else:
+            # Construct purl properly with namespace and version
+            purl_type = base.get('type', 'unknown')
+            namespace = base.get('namespace')
+            name = base.get('name', 'unknown')
+            version = base.get('version', '0.0.0')
+            
+            # Start with inputPurl if available (without version) or construct from scratch
+            if "inputPurl" in base and not "@" in base["inputPurl"]:
+                # inputPurl exists but lacks version, append it
+                base["purl"] = f"{base['inputPurl']}@{version}"
+            else:
+                # Construct complete purl from components
+                if namespace:
+                    base["purl"] = f"pkg:{purl_type}/{namespace}/{name}@{version}"
+                else:
+                    base["purl"] = f"pkg:{purl_type}/{name}@{version}"
+        
         return base
 
     @staticmethod

socketdev/version.py

@@ -1 +1 @@
-__version__ = "3.0.0"
+__version__ = "3.0.2"