Add on-demand package data collection for PyPI

[pombredanne]

We want to enable the collect/ endpoint for Pypi to avoid failure to collect a pypi PURL like pkg:pypi/jinja2@3.1.4 :

{
  "status": "cannot fetch Package data for pkg:pypi/jinja2@3.1.4: no available handler"
}

We need a handler that will be similar to the npm handler:

• https://github.com/aboutcode-org/purldb/blob/main/minecode/collectors/npm.py
  The overall process:
• for a PURL with a version, fetch JSON from the Pypi API. For instance the URL https://pypi.org/project/Jinja2/3.1.5/ has a JSON counterpart at https://pypi.org/pypi/Jinja2/3.1.5/json or https://pypi.org/pypi/Jinja2/json for any version
• then map to a ScanCode TK packagedcode object and finally push to be saved in the DB and scanned in the queue.

Later also support a PURL without version to collect all the versions.

There are few twists:

A) there are multiple packages for one version, and we need to use the file_name qualifier for each of the multiple sdist and wheels and create all packages, one for each file.

For instance, https://pypi.org/project/lxml/5.3.1/#files has 100's of wheels and we should create one for each like with lxml-5.3.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl: pkg:pypi/lxml@5.3.1?file_name=lxml-5.3.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl

B) because of this we likely have weird data in the main PurlDB with invalid PURLs because we were not that before. The package set may not work OK with these qualifiers

Also we have code we can reuse for this:

• purldb/minecode/miners/pypi.py

  Line 106 in b257482

  class PypiPackageReleaseVisitor(HttpJsonVisitor):

  can process some JSON from https://pypi.org/pypi/Jinja2/3.1.5/json
• the main interesting code is at

  purldb/minecode/miners/pypi.py

  Line 146 in b257482

  class PypiPackageMapper(Mapper):

  and below to parse the PyPI JSON data and yield ScanCode TK packages
• and the tests at https://github.com/aboutcode-org/purldb/blob/main/minecode/tests/miners/test_pypi.py

The "legacy" code can likely be left as-is to create a new https://github.com/aboutcode-org/purldb/blob/main/minecode/collectors/pypi.py module, copying select parts as needed.

[chinyeungli]

I figured a behavior. If I previously scanned a package with a specific version, such as pkg:pypi/isort@6.0.1, and then scan the same package without specifying a version, like pkg:pypi/isort, it does not call the process_request() function. In fact, it seems to bypass pypi.py altogether and simply returns the scanned data for pkg:pypi/isort@6.0.1. However, when I scan pkg:pypi/isort@6.0.0, the function runs properly and returns the scan data for that version. If I scan the same package without a version afterward, it again skips the process_request() function and returns the scanned data for both pkg:pypi/isort@6.0.1 and pkg:pypi/isort@6.0.0.

On the other hand, if I scan a package that hasn't been scanned before, such as pkg:pypi/aa-killstory, without specifying a version, the tool scans the package and returns the data for all versions as expected (I made the pypi.py to accept purl without version to fetch all versions).

So, it seems that there's some commands in the code (other files) ask not to perform a scan if the database already contains records for the package name if the provided purl doesn't include a version?

[chinyeungli]

For the multiple packages for one version, are we saying if there's only one built distribution, we are fine to use the default purl without the #filename= qualifier, but if it has multiple built distribution, then we'll need to use the #filename= qualifier?

For instance, isort 6.0.1 ( https://pypi.org/project/isort/6.0.1/#files )
there is only 1 source and 1 built distribution, so we can still use pkg:pypi/isort@6.0.1 as the purl.
Current returned data

    "url": "http://127.0.0.1:8001/api/packages/4e303d35-cde5-4472-8f9b-cd4586bb5cae/",
    "uuid": "4e303d35-cde5-4472-8f9b-cd4586bb5cae",
    "filename": "isort-6.0.1-py3-none-any.whl",
    "package_sets": [
      {
        "uuid": "5cb09b21-0e10-4323-a991-8b421e2d67cf",
        "packages": [
          "http://127.0.0.1:8001/api/packages/4e303d35-cde5-4472-8f9b-cd4586bb5cae/",
          "http://127.0.0.1:8001/api/packages/661bb492-263e-49c3-9b61-c67623728b49/"
        ]
      }
    ],
    "package_content": "source_archive",
    "purl": "pkg:pypi/isort@6.0.1",
    "type": "pypi",
    "namespace": "",
    "name": "isort",
    "version": "6.0.1",
    "qualifiers": "",
    "subpath": "",
    "primary_language": null,

However, for pillow 11.1.0 ( https://pypi.org/project/pillow/11.1.0/#files ), because it has multiple built distributions, we should not use the 'pkg:pillow@11.1.0` ?
Current returned data

    "url": "http://127.0.0.1:8001/api/packages/da0dde7f-62ab-425a-99e3-8b83f4bbea78/",
    "uuid": "da0dde7f-62ab-425a-99e3-8b83f4bbea78",
    "filename": "pillow-11.1.0-cp310-cp310-macosx_10_10_x86_64.whl",
    "package_sets": [
      {
        "uuid": "30679727-733f-445b-afa7-b4d299afa89f",
        "packages": [
          "http://127.0.0.1:8001/api/packages/da0dde7f-62ab-425a-99e3-8b83f4bbea78/",
          "http://127.0.0.1:8001/api/packages/42680036-f1fa-4d18-a4f8-380e20255320/"
        ]
      }
    ],
    "package_content": "source_archive",
    "purl": "pkg:pypi/pillow@11.1.0",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "11.1.0",
    "qualifiers": "",
    "subpath": "",
    "primary_language": null,

The above purl field needs to be updated to pkg:pypi/pillow@11.1.0?filename=pillow-11.1.0-cp310-cp310-macosx_10_10_x86_64.whl ? In another word, there will be no pkg:pillow@11.1.0 but pkg:pillow@11.1.0?filename=xxxxxx ?

[JonoYang]

@chinyeungli

So, it seems that there's some commands in the code (other files) ask not to perform a scan if the database already contains records for the package name if the provided purl doesn't include a version?

In the api/collect endpoint, we look up the purl values passed in and see if we have anything related already. If we do, then we return what we have, otherwise we pass the purl along to the handlers.

For the multiple packages for one version, are we saying if there's only one built distribution, we are fine to use the default purl without the #filename= qualifier, but if it has multiple built distribution, then we'll need to use the #filename= qualifier?

That is how it currently is, but what you described seems like the more correct way that we should handle pypi packages

@pombredanne Should we require the filename qualifier for pypi packages?

[chinyeungli]

@pombredanne / @JonoYang
I am still a bit confuse and want to clarify the below.
For instance, https://pypi.org/project/a2a/#files
It only contains one source distribution (i.e. one download url)
The current result is

[
  {
    "url": "http://127.0.0.1:8001/api/packages/a608fa0f-9d8d-46fa-83ba-c1f3b9533d86/",
    "uuid": "a608fa0f-9d8d-46fa-83ba-c1f3b9533d86",
    "filename": "v0.43.tar.gz",
    "package_sets": [],
    "package_content": "source_archive",
    "purl": "pkg:pypi/a2a@0.44",
    "type": "pypi",
    "namespace": "",
    "name": "a2a",
    "version": "0.44",
    "qualifiers": "",
    "subpath": "",
    "primary_language": null,
    "description": "Finds corresponding service offerings in Microsoft Azure and Amazon AWS .",
    "release_date": null,
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Kshitij Sharma",
        "email": "ikshitijsharma@gmail.com",
        "url": null
      }
    ],
    "keywords": [
      "aws",
      "service",
      "mapping",
      "map",
      "aws",
      "amazon"
    ],
    "homepage_url": "https://github.com/kshitijcode/a2a",
    "download_url": "https://github.com/kshitijcode/a2a/archive/v0.43.tar.gz",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": null,
    "md5": null,
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": "mit",
    "declared_license_expression_spdx": "MIT",
    "license_detections": [
      {
        "matches": [
          {
            "score": 100,
            "matcher": "1-spdx-id",
            "end_line": 1,
            "rule_url": null,
            "from_file": null,
            "start_line": 1,
            "matched_text": "MIT",
            "match_coverage": 100,
            "matched_length": 1,
            "rule_relevance": 100,
            "rule_identifier": "spdx-license-identifier-mit-5da48780aba670b0860c46d899ed42a0f243ff06",
            "license_expression": "mit",
            "license_expression_spdx": "MIT"
          }
        ],
        "identifier": "mit-a822f434-d61f-f2b1-c792-8b8cb9e7b9bf",
        "license_expression": "mit",
        "license_expression_spdx": "MIT"
      }
    ],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "- MIT\n",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/a2a@0.44?uuid=a608fa0f-9d8d-46fa-83ba-c1f3b9533d86",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/a608fa0f-9d8d-46fa-83ba-c1f3b9533d86/resources/",
    "history": "http://127.0.0.1:8001/api/packages/a608fa0f-9d8d-46fa-83ba-c1f3b9533d86/history/"
  }
]

For https://pypi.org/project/a9a/#files , it has one sdist and one bdist_wheel (i.e. 2 URLS) ,
based on the previous comment, we will create a single purl for this package, i.e.

[
  {
    "url": "http://127.0.0.1:8001/api/packages/2de84214-039b-4e49-b079-c3940fef4408/",
    "uuid": "2de84214-039b-4e49-b079-c3940fef4408",
    "filename": "a9a-0.0.2-py3-none-any.whl",
    "package_sets": [],
    "package_content": "source_archive",
    "purl": "pkg:pypi/a9a@0.0.2",
    "type": "pypi",
    "namespace": "",
    "name": "a9a",
    "version": "0.0.2",
    "qualifiers": "",
    "subpath": "",
    "primary_language": null,
    "description": "a9a archivator\nGit-friendly archive format to store many text files in one text file.\n\n\n",
    "release_date": "2021-11-20T00:00:00Z",
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Uladzislau Khamkou",
        "email": "",
        "url": null
      }
    ],
    "keywords": [],
    "homepage_url": "",
    "download_url": "https://files.pythonhosted.org/packages/0a/2e/e3dd9a0e09a133bca628ca01773a93c2fdfb347881c7d62e131af4dafffe/a9a-0.0.2-py3-none-any.whl",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": 3962,
    "md5": "53f2e9b563b72a31b650c05c12cb8fd7",
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": null,
    "declared_license_expression_spdx": null,
    "license_detections": [],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "[]",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/a9a@0.0.2?uuid=2de84214-039b-4e49-b079-c3940fef4408",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/2de84214-039b-4e49-b079-c3940fef4408/resources/",
    "history": "http://127.0.0.1:8001/api/packages/2de84214-039b-4e49-b079-c3940fef4408/history/"
  }
]

Note that the above doesn't contains the sdist's download URL. Is this correct?

For the case of Pillow where multiple files exist for a single version, we should generate multiple instances, each using the bdist_wheel's name as the filename qualifier, and we don't need to do anything about the sdist archive?

[chinyeungli]

Following is part of the results from my current code for pkg:pypi/pillow@9.0.5 in the /api/collect/
Note that the last dictionary in the list is referencing the sdist, should I remove it based on the above comment?

[
  {
    "url": "http://127.0.0.1:8001/api/packages/0a7833b7-7d7c-4824-806d-205a6ce1456f/",
    "uuid": "0a7833b7-7d7c-4824-806d-205a6ce1456f",
    "filename": "Pillow-9.5.0-cp310-cp310-macosx_10_10_x86_64.whl",
    "package_sets": [
      {
        "uuid": "b62f50e0-3584-4962-bf11-161fd102b025",
        "packages": [
          "http://127.0.0.1:8001/api/packages/0a7833b7-7d7c-4824-806d-205a6ce1456f/",
          "http://127.0.0.1:8001/api/packages/ebb01dac-5e8b-445f-971a-57201af7bceb/"
        ]
      }
    ],
    "package_content": null,
    "purl": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-cp310-cp310-macosx_10_10_x86_64.whl",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "9.5.0",
    "qualifiers": "filename=Pillow-9.5.0-cp310-cp310-macosx_10_10_x86_64.whl",
    "subpath": "",
    "primary_language": null,
    "description": "Python Imaging Library (Fork)\n<p align=\"center\">\n    <img width=\"248\" height=\"250\" src=\"https://raw.githubusercontent.com/python-pillow/pillow-logo/main/pillow-logo-248x250.png\" alt=\"Pillow logo\">\n</p>\n\n# Pillow\n\n## Python Imaging Library (Fork)\n\nPillow is the friendly PIL fork by [Jeffrey A. Clark (Alex) and\ncontributors](https://github.com/python-pillow/Pillow/graphs/contributors).\nPIL is the Python Imaging Library by Fredrik Lundh and Contributors.\nAs of 2019, Pillow development is\n[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).\n\n<table>\n    <tr>\n        <th>docs</th>\n        <td>\n            <a href=\"https://pillow.readthedocs.io/?badge=latest\"><img\n                alt=\"Documentation Status\"\n                src=\"https://readthedocs.org/projects/pillow/badge/?version=latest\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>tests</th>\n        <td>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/lint.yml\"><img\n                alt=\"GitHub Actions build status (Lint)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Lint/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test.yml\"><img\n                alt=\"GitHub Actions build status (Test Linux and macOS)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-windows.yml\"><img\n                alt=\"GitHub Actions build status (Test Windows)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Windows/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-mingw.yml\"><img\n                alt=\"GitHub Actions build status (Test MinGW)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20MinGW/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-cygwin.yml\"><img\n                alt=\"GitHub Actions build status (Test Cygwin)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Cygwin/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-docker.yml\"><img\n                alt=\"GitHub Actions build status (Test Docker)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Docker/badge.svg\"></a>\n            <a href=\"https://ci.appveyor.com/project/python-pillow/Pillow\"><img\n                alt=\"AppVeyor CI build status (Windows)\"\n                src=\"https://img.shields.io/appveyor/build/python-pillow/Pillow/main.svg?label=Windows%20build\"></a>\n            <a href=\"https://github.com/python-pillow/pillow-wheels/actions\"><img\n                alt=\"GitHub Actions wheels build status (Wheels)\"\n                src=\"https://github.com/python-pillow/pillow-wheels/workflows/Wheels/badge.svg\"></a>\n            <a href=\"https://app.travis-ci.com/github/python-pillow/pillow-wheels\"><img\n                alt=\"Travis CI wheels build status (aarch64)\"\n                src=\"https://img.shields.io/travis/com/python-pillow/pillow-wheels/main.svg?label=aarch64%20wheels\"></a>\n            <a href=\"https://app.codecov.io/gh/python-pillow/Pillow\"><img\n                alt=\"Code coverage\"\n                src=\"https://codecov.io/gh/python-pillow/Pillow/branch/main/graph/badge.svg\"></a>\n            <a href=\"https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:pillow\"><img\n                alt=\"Fuzzing Status\"\n                src=\"https://oss-fuzz-build-logs.storage.googleapis.com/badges/pillow.svg\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>package</th>\n        <td>\n            <a href=\"https://zenodo.org/badge/latestdoi/17549/python-pillow/Pillow\"><img\n                alt=\"Zenodo\"\n                src=\"https://zenodo.org/badge/17549/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=badge\"><img\n                alt=\"Tidelift\"\n                src=\"https://tidelift.com/badges/package/pypi/Pillow?style=flat\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Newest PyPI version\"\n                src=\"https://img.shields.io/pypi/v/pillow.svg\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Number of PyPI downloads\"\n                src=\"https://img.shields.io/pypi/dm/pillow.svg\"></a>\n            <a href=\"https://bestpractices.coreinfrastructure.org/projects/6331\"><img\n                alt=\"OpenSSF Best Practices\"\n                src=\"https://bestpractices.coreinfrastructure.org/projects/6331/badge\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>social</th>\n        <td>\n            <a href=\"https://gitter.im/python-pillow/Pillow?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge\"><img\n                alt=\"Join the chat at https://gitter.im/python-pillow/Pillow\"\n                src=\"https://badges.gitter.im/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://twitter.com/PythonPillow\"><img\n                alt=\"Follow on https://twitter.com/PythonPillow\"\n                src=\"https://img.shields.io/badge/tweet-on%20Twitter-00aced.svg\"></a>\n            <a href=\"https://fosstodon.org/@pillow\"><img\n                alt=\"Follow on https://fosstodon.org/@pillow\"\n                src=\"https://img.shields.io/badge/publish-on%20Mastodon-595aff.svg\"\n                rel=\"me\"></a>\n        </td>\n    </tr>\n</table>\n\n## Overview\n\nThe Python Imaging Library adds image processing capabilities to your Python interpreter.\n\nThis library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.\n\nThe core image library is designed for fast access to data stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.\n\n## More Information\n\n- [Documentation](https://pillow.readthedocs.io/)\n  - [Installation](https://pillow.readthedocs.io/en/latest/installation.html)\n  - [Handbook](https://pillow.readthedocs.io/en/latest/handbook/index.html)\n- [Contribute](https://github.com/python-pillow/Pillow/blob/main/.github/CONTRIBUTING.md)\n  - [Issues](https://github.com/python-pillow/Pillow/issues)\n  - [Pull requests](https://github.com/python-pillow/Pillow/pulls)\n- [Release notes](https://pillow.readthedocs.io/en/stable/releasenotes/index.html)\n- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)\n  - [Pre-fork](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#pre-fork)\n\n## Report a Vulnerability\n\nTo report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).\n",
    "release_date": "2023-04-01T00:00:00Z",
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Jeffrey A. Clark (Alex)",
        "email": "aclark@aclark.net",
        "url": null
      }
    ],
    "keywords": [
      "Imaging"
    ],
    "homepage_url": "https://python-pillow.org",
    "download_url": "https://files.pythonhosted.org/packages/1b/bc/cff591742feea45f88a3b8a83f7cab4a1dcdb4bcdfc51a06d92f96c81165/Pillow-9.5.0-cp310-cp310-macosx_10_10_x86_64.whl",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": 3395758,
    "md5": "7be826d1f7811d13b621eddea33ebb60",
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": "historical",
    "declared_license_expression_spdx": "HPND",
    "license_detections": [
      {
        "matches": [
          {
            "score": 99,
            "matcher": "1-hash",
            "end_line": 1,
            "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/historical_35.RULE",
            "from_file": null,
            "start_line": 1,
            "matched_text": "HPND",
            "match_coverage": 100,
            "matched_length": 1,
            "rule_relevance": 99,
            "rule_identifier": "historical_35.RULE",
            "license_expression": "historical",
            "license_expression_spdx": "HPND"
          }
        ],
        "identifier": "historical-ba5c36b1-63c0-b0b0-22db-9840f41b4a3a",
        "license_expression": "historical",
        "license_expression_spdx": "HPND"
      }
    ],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "- HPND\n",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-cp310-cp310-macosx_10_10_x86_64.whl&uuid=0a7833b7-7d7c-4824-806d-205a6ce1456f",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/0a7833b7-7d7c-4824-806d-205a6ce1456f/resources/",
    "history": "http://127.0.0.1:8001/api/packages/0a7833b7-7d7c-4824-806d-205a6ce1456f/history/"
  },
  {
    "url": "http://127.0.0.1:8001/api/packages/794dc2c8-3c24-4a39-a4a4-c7215fe7d07b/",
    "uuid": "794dc2c8-3c24-4a39-a4a4-c7215fe7d07b",
    "filename": "Pillow-9.5.0-cp310-cp310-macosx_11_0_arm64.whl",
    "package_sets": [
      {
        "uuid": "849fc219-e41d-47c9-a427-7eb8f8c59739",
        "packages": [
          "http://127.0.0.1:8001/api/packages/794dc2c8-3c24-4a39-a4a4-c7215fe7d07b/",
          "http://127.0.0.1:8001/api/packages/ebb01dac-5e8b-445f-971a-57201af7bceb/"
        ]
      }
    ],
    "package_content": null,
    "purl": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-cp310-cp310-macosx_11_0_arm64.whl",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "9.5.0",
    "qualifiers": "filename=Pillow-9.5.0-cp310-cp310-macosx_11_0_arm64.whl",
    "subpath": "",
    "primary_language": null,
    "description": "Python Imaging Library (Fork)\n<p align=\"center\">\n    <img width=\"248\" height=\"250\" src=\"https://raw.githubusercontent.com/python-pillow/pillow-logo/main/pillow-logo-248x250.png\" alt=\"Pillow logo\">\n</p>\n\n# Pillow\n\n## Python Imaging Library (Fork)\n\nPillow is the friendly PIL fork by [Jeffrey A. Clark (Alex) and\ncontributors](https://github.com/python-pillow/Pillow/graphs/contributors).\nPIL is the Python Imaging Library by Fredrik Lundh and Contributors.\nAs of 2019, Pillow development is\n[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).\n\n<table>\n    <tr>\n        <th>docs</th>\n        <td>\n            <a href=\"https://pillow.readthedocs.io/?badge=latest\"><img\n                alt=\"Documentation Status\"\n                src=\"https://readthedocs.org/projects/pillow/badge/?version=latest\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>tests</th>\n        <td>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/lint.yml\"><img\n                alt=\"GitHub Actions build status (Lint)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Lint/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test.yml\"><img\n                alt=\"GitHub Actions build status (Test Linux and macOS)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-windows.yml\"><img\n                alt=\"GitHub Actions build status (Test Windows)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Windows/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-mingw.yml\"><img\n                alt=\"GitHub Actions build status (Test MinGW)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20MinGW/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-cygwin.yml\"><img\n                alt=\"GitHub Actions build status (Test Cygwin)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Cygwin/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-docker.yml\"><img\n                alt=\"GitHub Actions build status (Test Docker)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Docker/badge.svg\"></a>\n            <a href=\"https://ci.appveyor.com/project/python-pillow/Pillow\"><img\n                alt=\"AppVeyor CI build status (Windows)\"\n                src=\"https://img.shields.io/appveyor/build/python-pillow/Pillow/main.svg?label=Windows%20build\"></a>\n            <a href=\"https://github.com/python-pillow/pillow-wheels/actions\"><img\n                alt=\"GitHub Actions wheels build status (Wheels)\"\n                src=\"https://github.com/python-pillow/pillow-wheels/workflows/Wheels/badge.svg\"></a>\n            <a href=\"https://app.travis-ci.com/github/python-pillow/pillow-wheels\"><img\n                alt=\"Travis CI wheels build status (aarch64)\"\n                src=\"https://img.shields.io/travis/com/python-pillow/pillow-wheels/main.svg?label=aarch64%20wheels\"></a>\n            <a href=\"https://app.codecov.io/gh/python-pillow/Pillow\"><img\n                alt=\"Code coverage\"\n                src=\"https://codecov.io/gh/python-pillow/Pillow/branch/main/graph/badge.svg\"></a>\n            <a href=\"https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:pillow\"><img\n                alt=\"Fuzzing Status\"\n                src=\"https://oss-fuzz-build-logs.storage.googleapis.com/badges/pillow.svg\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>package</th>\n        <td>\n            <a href=\"https://zenodo.org/badge/latestdoi/17549/python-pillow/Pillow\"><img\n                alt=\"Zenodo\"\n                src=\"https://zenodo.org/badge/17549/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=badge\"><img\n                alt=\"Tidelift\"\n                src=\"https://tidelift.com/badges/package/pypi/Pillow?style=flat\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Newest PyPI version\"\n                src=\"https://img.shields.io/pypi/v/pillow.svg\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Number of PyPI downloads\"\n                src=\"https://img.shields.io/pypi/dm/pillow.svg\"></a>\n            <a href=\"https://bestpractices.coreinfrastructure.org/projects/6331\"><img\n                alt=\"OpenSSF Best Practices\"\n                src=\"https://bestpractices.coreinfrastructure.org/projects/6331/badge\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>social</th>\n        <td>\n            <a href=\"https://gitter.im/python-pillow/Pillow?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge\"><img\n                alt=\"Join the chat at https://gitter.im/python-pillow/Pillow\"\n                src=\"https://badges.gitter.im/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://twitter.com/PythonPillow\"><img\n                alt=\"Follow on https://twitter.com/PythonPillow\"\n                src=\"https://img.shields.io/badge/tweet-on%20Twitter-00aced.svg\"></a>\n            <a href=\"https://fosstodon.org/@pillow\"><img\n                alt=\"Follow on https://fosstodon.org/@pillow\"\n                src=\"https://img.shields.io/badge/publish-on%20Mastodon-595aff.svg\"\n                rel=\"me\"></a>\n        </td>\n    </tr>\n</table>\n\n## Overview\n\nThe Python Imaging Library adds image processing capabilities to your Python interpreter.\n\nThis library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.\n\nThe core image library is designed for fast access to data stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.\n\n## More Information\n\n- [Documentation](https://pillow.readthedocs.io/)\n  - [Installation](https://pillow.readthedocs.io/en/latest/installation.html)\n  - [Handbook](https://pillow.readthedocs.io/en/latest/handbook/index.html)\n- [Contribute](https://github.com/python-pillow/Pillow/blob/main/.github/CONTRIBUTING.md)\n  - [Issues](https://github.com/python-pillow/Pillow/issues)\n  - [Pull requests](https://github.com/python-pillow/Pillow/pulls)\n- [Release notes](https://pillow.readthedocs.io/en/stable/releasenotes/index.html)\n- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)\n  - [Pre-fork](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#pre-fork)\n\n## Report a Vulnerability\n\nTo report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).\n",
    "release_date": "2023-04-01T00:00:00Z",
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Jeffrey A. Clark (Alex)",
        "email": "aclark@aclark.net",
        "url": null
      }
    ],
    "keywords": [
      "Imaging"
    ],
    "homepage_url": "https://python-pillow.org",
    "download_url": "https://files.pythonhosted.org/packages/38/06/de304914ecd2c911939a28579546bd4d9b6ae0b3c07ce5fe9bd7d100eb34/Pillow-9.5.0-cp310-cp310-macosx_11_0_arm64.whl",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": 3077111,
    "md5": "45211e53a6e2716929b07f26ae37005c",
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": "historical",
    "declared_license_expression_spdx": "HPND",
    "license_detections": [
      {
        "matches": [
          {
            "score": 99,
            "matcher": "1-hash",
            "end_line": 1,
            "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/historical_35.RULE",
            "from_file": null,
            "start_line": 1,
            "matched_text": "HPND",
            "match_coverage": 100,
            "matched_length": 1,
            "rule_relevance": 99,
            "rule_identifier": "historical_35.RULE",
            "license_expression": "historical",
            "license_expression_spdx": "HPND"
          }
        ],
        "identifier": "historical-ba5c36b1-63c0-b0b0-22db-9840f41b4a3a",
        "license_expression": "historical",
        "license_expression_spdx": "HPND"
      }
    ],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "- HPND\n",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-cp310-cp310-macosx_11_0_arm64.whl&uuid=794dc2c8-3c24-4a39-a4a4-c7215fe7d07b",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/794dc2c8-3c24-4a39-a4a4-c7215fe7d07b/resources/",
    "history": "http://127.0.0.1:8001/api/packages/794dc2c8-3c24-4a39-a4a4-c7215fe7d07b/history/"
  },
.
.
.
.
.
  {
    "url": "http://127.0.0.1:8001/api/packages/4977ccfa-dd7e-40ef-8cbe-b951d881bdb4/",
    "uuid": "4977ccfa-dd7e-40ef-8cbe-b951d881bdb4",
    "filename": "Pillow-9.5.0-pp39-pypy39_pp73-win_amd64.whl",
    "package_sets": [
      {
        "uuid": "b2c35846-8132-410a-811b-e9cda61cb94b",
        "packages": [
          "http://127.0.0.1:8001/api/packages/4977ccfa-dd7e-40ef-8cbe-b951d881bdb4/",
          "http://127.0.0.1:8001/api/packages/ebb01dac-5e8b-445f-971a-57201af7bceb/"
        ]
      }
    ],
    "package_content": null,
    "purl": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-pp39-pypy39_pp73-win_amd64.whl",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "9.5.0",
    "qualifiers": "filename=Pillow-9.5.0-pp39-pypy39_pp73-win_amd64.whl",
    "subpath": "",
    "primary_language": null,
    "description": "Python Imaging Library (Fork)\n<p align=\"center\">\n    <img width=\"248\" height=\"250\" src=\"https://raw.githubusercontent.com/python-pillow/pillow-logo/main/pillow-logo-248x250.png\" alt=\"Pillow logo\">\n</p>\n\n# Pillow\n\n## Python Imaging Library (Fork)\n\nPillow is the friendly PIL fork by [Jeffrey A. Clark (Alex) and\ncontributors](https://github.com/python-pillow/Pillow/graphs/contributors).\nPIL is the Python Imaging Library by Fredrik Lundh and Contributors.\nAs of 2019, Pillow development is\n[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).\n\n<table>\n    <tr>\n        <th>docs</th>\n        <td>\n            <a href=\"https://pillow.readthedocs.io/?badge=latest\"><img\n                alt=\"Documentation Status\"\n                src=\"https://readthedocs.org/projects/pillow/badge/?version=latest\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>tests</th>\n        <td>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/lint.yml\"><img\n                alt=\"GitHub Actions build status (Lint)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Lint/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test.yml\"><img\n                alt=\"GitHub Actions build status (Test Linux and macOS)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-windows.yml\"><img\n                alt=\"GitHub Actions build status (Test Windows)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Windows/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-mingw.yml\"><img\n                alt=\"GitHub Actions build status (Test MinGW)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20MinGW/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-cygwin.yml\"><img\n                alt=\"GitHub Actions build status (Test Cygwin)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Cygwin/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-docker.yml\"><img\n                alt=\"GitHub Actions build status (Test Docker)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Docker/badge.svg\"></a>\n            <a href=\"https://ci.appveyor.com/project/python-pillow/Pillow\"><img\n                alt=\"AppVeyor CI build status (Windows)\"\n                src=\"https://img.shields.io/appveyor/build/python-pillow/Pillow/main.svg?label=Windows%20build\"></a>\n            <a href=\"https://github.com/python-pillow/pillow-wheels/actions\"><img\n                alt=\"GitHub Actions wheels build status (Wheels)\"\n                src=\"https://github.com/python-pillow/pillow-wheels/workflows/Wheels/badge.svg\"></a>\n            <a href=\"https://app.travis-ci.com/github/python-pillow/pillow-wheels\"><img\n                alt=\"Travis CI wheels build status (aarch64)\"\n                src=\"https://img.shields.io/travis/com/python-pillow/pillow-wheels/main.svg?label=aarch64%20wheels\"></a>\n            <a href=\"https://app.codecov.io/gh/python-pillow/Pillow\"><img\n                alt=\"Code coverage\"\n                src=\"https://codecov.io/gh/python-pillow/Pillow/branch/main/graph/badge.svg\"></a>\n            <a href=\"https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:pillow\"><img\n                alt=\"Fuzzing Status\"\n                src=\"https://oss-fuzz-build-logs.storage.googleapis.com/badges/pillow.svg\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>package</th>\n        <td>\n            <a href=\"https://zenodo.org/badge/latestdoi/17549/python-pillow/Pillow\"><img\n                alt=\"Zenodo\"\n                src=\"https://zenodo.org/badge/17549/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=badge\"><img\n                alt=\"Tidelift\"\n                src=\"https://tidelift.com/badges/package/pypi/Pillow?style=flat\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Newest PyPI version\"\n                src=\"https://img.shields.io/pypi/v/pillow.svg\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Number of PyPI downloads\"\n                src=\"https://img.shields.io/pypi/dm/pillow.svg\"></a>\n            <a href=\"https://bestpractices.coreinfrastructure.org/projects/6331\"><img\n                alt=\"OpenSSF Best Practices\"\n                src=\"https://bestpractices.coreinfrastructure.org/projects/6331/badge\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>social</th>\n        <td>\n            <a href=\"https://gitter.im/python-pillow/Pillow?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge\"><img\n                alt=\"Join the chat at https://gitter.im/python-pillow/Pillow\"\n                src=\"https://badges.gitter.im/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://twitter.com/PythonPillow\"><img\n                alt=\"Follow on https://twitter.com/PythonPillow\"\n                src=\"https://img.shields.io/badge/tweet-on%20Twitter-00aced.svg\"></a>\n            <a href=\"https://fosstodon.org/@pillow\"><img\n                alt=\"Follow on https://fosstodon.org/@pillow\"\n                src=\"https://img.shields.io/badge/publish-on%20Mastodon-595aff.svg\"\n                rel=\"me\"></a>\n        </td>\n    </tr>\n</table>\n\n## Overview\n\nThe Python Imaging Library adds image processing capabilities to your Python interpreter.\n\nThis library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.\n\nThe core image library is designed for fast access to data stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.\n\n## More Information\n\n- [Documentation](https://pillow.readthedocs.io/)\n  - [Installation](https://pillow.readthedocs.io/en/latest/installation.html)\n  - [Handbook](https://pillow.readthedocs.io/en/latest/handbook/index.html)\n- [Contribute](https://github.com/python-pillow/Pillow/blob/main/.github/CONTRIBUTING.md)\n  - [Issues](https://github.com/python-pillow/Pillow/issues)\n  - [Pull requests](https://github.com/python-pillow/Pillow/pulls)\n- [Release notes](https://pillow.readthedocs.io/en/stable/releasenotes/index.html)\n- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)\n  - [Pre-fork](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#pre-fork)\n\n## Report a Vulnerability\n\nTo report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).\n",
    "release_date": "2023-04-01T00:00:00Z",
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Jeffrey A. Clark (Alex)",
        "email": "aclark@aclark.net",
        "url": null
      }
    ],
    "keywords": [
      "Imaging"
    ],
    "homepage_url": "https://python-pillow.org",
    "download_url": "https://files.pythonhosted.org/packages/02/4a/d362f7f44f1e5801c6726f0eaaeaf869d0d43c554b717072b2c5540cefb4/Pillow-9.5.0-pp39-pypy39_pp73-win_amd64.whl",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": 2538628,
    "md5": "4feb26e629aa83d1f66748960067a261",
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": "historical",
    "declared_license_expression_spdx": "HPND",
    "license_detections": [
      {
        "matches": [
          {
            "score": 99,
            "matcher": "1-hash",
            "end_line": 1,
            "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/historical_35.RULE",
            "from_file": null,
            "start_line": 1,
            "matched_text": "HPND",
            "match_coverage": 100,
            "matched_length": 1,
            "rule_relevance": 99,
            "rule_identifier": "historical_35.RULE",
            "license_expression": "historical",
            "license_expression_spdx": "HPND"
          }
        ],
        "identifier": "historical-ba5c36b1-63c0-b0b0-22db-9840f41b4a3a",
        "license_expression": "historical",
        "license_expression_spdx": "HPND"
      }
    ],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "- HPND\n",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0-pp39-pypy39_pp73-win_amd64.whl&uuid=4977ccfa-dd7e-40ef-8cbe-b951d881bdb4",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/4977ccfa-dd7e-40ef-8cbe-b951d881bdb4/resources/",
    "history": "http://127.0.0.1:8001/api/packages/4977ccfa-dd7e-40ef-8cbe-b951d881bdb4/history/"
  },
  {
    "url": "http://127.0.0.1:8001/api/packages/25ef3959-67ac-4120-9ac6-0257f9623044/",
    "uuid": "25ef3959-67ac-4120-9ac6-0257f9623044",
    "filename": "Pillow-9.5.0.tar.gz",
    "package_sets": [
      {
        "uuid": "d8068a33-f458-451c-8c8b-3496d672771c",
        "packages": [
          "http://127.0.0.1:8001/api/packages/25ef3959-67ac-4120-9ac6-0257f9623044/",
          "http://127.0.0.1:8001/api/packages/ebb01dac-5e8b-445f-971a-57201af7bceb/"
        ]
      }
    ],
    "package_content": null,
    "purl": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0.tar.gz",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "9.5.0",
    "qualifiers": "filename=Pillow-9.5.0.tar.gz",
    "subpath": "",
    "primary_language": null,
    "description": "Python Imaging Library (Fork)\n<p align=\"center\">\n    <img width=\"248\" height=\"250\" src=\"https://raw.githubusercontent.com/python-pillow/pillow-logo/main/pillow-logo-248x250.png\" alt=\"Pillow logo\">\n</p>\n\n# Pillow\n\n## Python Imaging Library (Fork)\n\nPillow is the friendly PIL fork by [Jeffrey A. Clark (Alex) and\ncontributors](https://github.com/python-pillow/Pillow/graphs/contributors).\nPIL is the Python Imaging Library by Fredrik Lundh and Contributors.\nAs of 2019, Pillow development is\n[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).\n\n<table>\n    <tr>\n        <th>docs</th>\n        <td>\n            <a href=\"https://pillow.readthedocs.io/?badge=latest\"><img\n                alt=\"Documentation Status\"\n                src=\"https://readthedocs.org/projects/pillow/badge/?version=latest\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>tests</th>\n        <td>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/lint.yml\"><img\n                alt=\"GitHub Actions build status (Lint)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Lint/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test.yml\"><img\n                alt=\"GitHub Actions build status (Test Linux and macOS)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-windows.yml\"><img\n                alt=\"GitHub Actions build status (Test Windows)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Windows/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-mingw.yml\"><img\n                alt=\"GitHub Actions build status (Test MinGW)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20MinGW/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-cygwin.yml\"><img\n                alt=\"GitHub Actions build status (Test Cygwin)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Cygwin/badge.svg\"></a>\n            <a href=\"https://github.com/python-pillow/Pillow/actions/workflows/test-docker.yml\"><img\n                alt=\"GitHub Actions build status (Test Docker)\"\n                src=\"https://github.com/python-pillow/Pillow/workflows/Test%20Docker/badge.svg\"></a>\n            <a href=\"https://ci.appveyor.com/project/python-pillow/Pillow\"><img\n                alt=\"AppVeyor CI build status (Windows)\"\n                src=\"https://img.shields.io/appveyor/build/python-pillow/Pillow/main.svg?label=Windows%20build\"></a>\n            <a href=\"https://github.com/python-pillow/pillow-wheels/actions\"><img\n                alt=\"GitHub Actions wheels build status (Wheels)\"\n                src=\"https://github.com/python-pillow/pillow-wheels/workflows/Wheels/badge.svg\"></a>\n            <a href=\"https://app.travis-ci.com/github/python-pillow/pillow-wheels\"><img\n                alt=\"Travis CI wheels build status (aarch64)\"\n                src=\"https://img.shields.io/travis/com/python-pillow/pillow-wheels/main.svg?label=aarch64%20wheels\"></a>\n            <a href=\"https://app.codecov.io/gh/python-pillow/Pillow\"><img\n                alt=\"Code coverage\"\n                src=\"https://codecov.io/gh/python-pillow/Pillow/branch/main/graph/badge.svg\"></a>\n            <a href=\"https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:pillow\"><img\n                alt=\"Fuzzing Status\"\n                src=\"https://oss-fuzz-build-logs.storage.googleapis.com/badges/pillow.svg\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>package</th>\n        <td>\n            <a href=\"https://zenodo.org/badge/latestdoi/17549/python-pillow/Pillow\"><img\n                alt=\"Zenodo\"\n                src=\"https://zenodo.org/badge/17549/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=badge\"><img\n                alt=\"Tidelift\"\n                src=\"https://tidelift.com/badges/package/pypi/Pillow?style=flat\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Newest PyPI version\"\n                src=\"https://img.shields.io/pypi/v/pillow.svg\"></a>\n            <a href=\"https://pypi.org/project/Pillow/\"><img\n                alt=\"Number of PyPI downloads\"\n                src=\"https://img.shields.io/pypi/dm/pillow.svg\"></a>\n            <a href=\"https://bestpractices.coreinfrastructure.org/projects/6331\"><img\n                alt=\"OpenSSF Best Practices\"\n                src=\"https://bestpractices.coreinfrastructure.org/projects/6331/badge\"></a>\n        </td>\n    </tr>\n    <tr>\n        <th>social</th>\n        <td>\n            <a href=\"https://gitter.im/python-pillow/Pillow?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge\"><img\n                alt=\"Join the chat at https://gitter.im/python-pillow/Pillow\"\n                src=\"https://badges.gitter.im/python-pillow/Pillow.svg\"></a>\n            <a href=\"https://twitter.com/PythonPillow\"><img\n                alt=\"Follow on https://twitter.com/PythonPillow\"\n                src=\"https://img.shields.io/badge/tweet-on%20Twitter-00aced.svg\"></a>\n            <a href=\"https://fosstodon.org/@pillow\"><img\n                alt=\"Follow on https://fosstodon.org/@pillow\"\n                src=\"https://img.shields.io/badge/publish-on%20Mastodon-595aff.svg\"\n                rel=\"me\"></a>\n        </td>\n    </tr>\n</table>\n\n## Overview\n\nThe Python Imaging Library adds image processing capabilities to your Python interpreter.\n\nThis library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.\n\nThe core image library is designed for fast access to data stored in a few basic pixel formats. It should provide a solid foundation for a general image processing tool.\n\n## More Information\n\n- [Documentation](https://pillow.readthedocs.io/)\n  - [Installation](https://pillow.readthedocs.io/en/latest/installation.html)\n  - [Handbook](https://pillow.readthedocs.io/en/latest/handbook/index.html)\n- [Contribute](https://github.com/python-pillow/Pillow/blob/main/.github/CONTRIBUTING.md)\n  - [Issues](https://github.com/python-pillow/Pillow/issues)\n  - [Pull requests](https://github.com/python-pillow/Pillow/pulls)\n- [Release notes](https://pillow.readthedocs.io/en/stable/releasenotes/index.html)\n- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)\n  - [Pre-fork](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#pre-fork)\n\n## Report a Vulnerability\n\nTo report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).\n",
    "release_date": "2023-04-01T00:00:00Z",
    "parties": [
      {
        "type": "person",
        "role": "author",
        "name": "Jeffrey A. Clark (Alex)",
        "email": "aclark@aclark.net",
        "url": null
      }
    ],
    "keywords": [
      "Imaging"
    ],
    "homepage_url": "https://python-pillow.org",
    "download_url": "https://files.pythonhosted.org/packages/00/d5/4903f310765e0ff2b8e91ffe55031ac6af77d982f0156061e20a4d1a8b2d/Pillow-9.5.0.tar.gz",
    "bug_tracking_url": null,
    "code_view_url": null,
    "vcs_url": null,
    "repository_homepage_url": null,
    "repository_download_url": null,
    "api_data_url": null,
    "size": 50488147,
    "md5": "ed80942ad1ade1aab0fcf3790d0be3ec",
    "sha1": null,
    "sha256": null,
    "sha512": null,
    "copyright": null,
    "holder": null,
    "declared_license_expression": "historical",
    "declared_license_expression_spdx": "HPND",
    "license_detections": [
      {
        "matches": [
          {
            "score": 99,
            "matcher": "1-hash",
            "end_line": 1,
            "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/historical_35.RULE",
            "from_file": null,
            "start_line": 1,
            "matched_text": "HPND",
            "match_coverage": 100,
            "matched_length": 1,
            "rule_relevance": 99,
            "rule_identifier": "historical_35.RULE",
            "license_expression": "historical",
            "license_expression_spdx": "HPND"
          }
        ],
        "identifier": "historical-ba5c36b1-63c0-b0b0-22db-9840f41b4a3a",
        "license_expression": "historical",
        "license_expression_spdx": "HPND"
      }
    ],
    "other_license_expression": null,
    "other_license_expression_spdx": null,
    "other_license_detections": [],
    "extracted_license_statement": "- HPND\n",
    "notice_text": null,
    "source_packages": [],
    "extra_data": {},
    "package_uid": "pkg:pypi/pillow@9.5.0?filename=Pillow-9.5.0.tar.gz&uuid=25ef3959-67ac-4120-9ac6-0257f9623044",
    "datasource_id": null,
    "file_references": [],
    "dependencies": [],
    "resources": "http://127.0.0.1:8001/api/packages/25ef3959-67ac-4120-9ac6-0257f9623044/resources/",
    "history": "http://127.0.0.1:8001/api/packages/25ef3959-67ac-4120-9ac6-0257f9623044/history/"
  }
]

[JonoYang]

@chinyeungli It seems reasonable to me to report all of the download targets in the pypi package release, like create a package for the sdist with the filename qualifier, and then for the rest of the download urls in the package release, such as the bdist, you create a package for it with the filename qualifier and then set the sdist package to be the bdist's source package.

@pombredanne What do you think?