tessl/pypi-spdx-tools
Python library to parse, validate and create SPDX documents
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-spdx-tools@0.8.0index.mddocs/
SPDX Tools
A comprehensive Python library for working with SPDX (Software Package Data Exchange) documents. Enables parsing, validation, creation, and conversion of SPDX files across multiple formats including Tag/Value, RDF, JSON, YAML, and XML. Provides full validation capabilities for SPDX document versions 2.2 and 2.3 against the official specification, includes command-line tools for file processing, and offers experimental support for the upcoming SPDX v3.0 specification.
Package Information
- Package Name: spdx-tools
- Package Type: pypi
- Language: Python
- Installation:
pip install spdx-tools
Core Imports
import spdx_toolsFor parsing and writing documents:
from spdx_tools.spdx.parser.parse_anything import parse_file
from spdx_tools.spdx.writer.write_anything import write_fileFor working with data models:
from spdx_tools.spdx.model import Document, Package, File, RelationshipFor validation:
from spdx_tools.spdx.validation.document_validator import validate_full_spdx_documentBasic Usage
from spdx_tools.spdx.parser.parse_anything import parse_file
from spdx_tools.spdx.writer.write_anything import write_file
from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document
# Parse an SPDX document from any supported format
document = parse_file("input.spdx")
# Validate the document
validation_messages = validate_full_spdx_document(document)
if validation_messages:
for message in validation_messages:
print(f"Validation error: {message.validation_message}")
else:
print("Document is valid")
# Convert to different format
write_file(document, "output.json") # Converts to JSON
# Access document components
print(f"Document name: {document.creation_info.name}")
print(f"Number of packages: {len(document.packages)}")
print(f"Number of files: {len(document.files)}")Architecture
SPDX Tools is organized around core concepts:
- Document Model: Comprehensive data structures reflecting the SPDX specification
- Parser Framework: Format-agnostic parsing with format-specific implementations
- Writer Framework: Format-agnostic writing with format-specific implementations
- Validation Engine: Comprehensive validation against SPDX specification rules
- CLI Tools: Command-line interfaces for common operations
The library supports SPDX specification versions 2.2 and 2.3, with experimental support for the upcoming SPDX 3.0 specification. All major SPDX serialization formats are supported: Tag/Value, RDF/XML, JSON, YAML, and XML.
Capabilities
Document Parsing
Parse SPDX documents from files in any supported format with automatic format detection based on file extension.
def parse_file(file_name: str, encoding: str = "utf-8") -> Document:
"""
Parse SPDX file in any supported format.
Args:
file_name: Path to SPDX file (.spdx, .json, .yaml, .xml, .rdf)
encoding: File encoding (default: utf-8)
Returns:
Document: Parsed SPDX document object
Raises:
SPDXParsingError: If parsing fails
"""Document Writing
Write SPDX documents to files in any supported format with automatic format detection and optional validation.
def write_file(document: Document, file_name: str, validate: bool = True) -> None:
"""
Write SPDX document to file in any supported format.
Args:
document: SPDX document to write
file_name: Output file path (format determined by extension)
validate: Whether to validate document before writing
"""Document Validation
Comprehensive validation of SPDX documents against the official specification with detailed error reporting.
def validate_full_spdx_document(document: Document, spdx_version: str = None) -> List[ValidationMessage]:
"""
Validate complete SPDX document against specification.
Args:
document: SPDX document to validate
spdx_version: SPDX version to validate against ("SPDX-2.2" or "SPDX-2.3")
Returns:
List of validation messages (empty if valid)
"""Data Models
Complete object model representing all SPDX specification elements including documents, packages, files, relationships, and metadata.
class Document:
"""Main SPDX document containing all elements."""
creation_info: CreationInfo
packages: List[Package]
files: List[File]
snippets: List[Snippet]
extracted_licensing_infos: List[ExtractedLicensingInfo]
relationships: List[Relationship]
annotations: List[Annotation]
class CreationInfo:
"""Document creation metadata."""
spdx_version: str
spdx_id: str
name: str
document_namespace: str
creators: List[Actor]
created: datetimeCommand Line Tools
CLI tools for parsing, validating, converting, and analyzing SPDX documents with support for all major formats and comprehensive error reporting.
def main(infile: str, outfile: str, version: str, novalidation: bool, graph: bool) -> None:
"""
CLI entry point for pyspdxtools command.
Args:
infile: Input SPDX file path
outfile: Output file path (or "-" for stdout)
version: SPDX version to validate against
novalidation: Skip validation if True
graph: Generate relationship graph if True
"""SPDX 3.0 Support
Experimental support for the upcoming SPDX 3.0 specification including new data models, profile support, and enhanced capabilities.
class SpdxDocument:
"""SPDX 3.0 document root."""
creation_info: CreationInfo
elements: List[Element]
class Element:
"""Base class for all SPDX 3.0 elements."""
spdx_id: str
name: Optional[str]
summary: Optional[str]Types
from enum import Enum
from datetime import datetime
from typing import List, Optional, Union
class FileFormat(Enum):
"""Supported SPDX file formats."""
JSON = "json"
YAML = "yaml"
XML = "xml"
TAG_VALUE = "tag_value"
RDF_XML = "rdf_xml"
class ActorType(Enum):
"""Types of actors/creators."""
PERSON = "Person"
ORGANIZATION = "Organization"
TOOL = "Tool"
class RelationshipType(Enum):
"""Types of relationships between SPDX elements."""
DESCRIBES = "DESCRIBES"
DESCRIBED_BY = "DESCRIBED_BY"
CONTAINS = "CONTAINS"
CONTAINED_BY = "CONTAINED_BY"
DEPENDS_ON = "DEPENDS_ON"
DEPENDENCY_OF = "DEPENDENCY_OF"
# ... many more relationship types
class ChecksumAlgorithm(Enum):
"""Supported checksum algorithms."""
SHA1 = "SHA1"
SHA224 = "SHA224"
SHA256 = "SHA256"
SHA384 = "SHA384"
SHA512 = "SHA512"
MD5 = "MD5"
BLAKE2B_256 = "BLAKE2b-256"
# ... more algorithms
class ValidationMessage:
"""Validation error or warning message."""
validation_message: str
context: ValidationContext
class SPDXParsingError(Exception):
"""Exception raised during SPDX parsing."""
def get_messages(self) -> List[str]:
"""Get list of parsing error messages."""