# UPMEX - Universal Package Metadata Extractor
Extract metadata and license information from various package formats with a single tool.
## Features
### Core Capabilities
- **Universal Package Support**: Extract metadata from 13 package ecosystems
- **Multi-Format Detection**: Automatic package type identification
- **Standardized Output**: Consistent JSON structure across all formats
- **Native Extraction**: No dependency on external package managers
- **High Performance**: Process packages up to 500MB in under 10 seconds
#### Advanced Features
- **NO-ASSERTION Handling**: Clear indication for unavailable data
- **Dependency Mapping**: Full dependency tree with version constraints
- **Author Parsing**: Intelligent name/email extraction and normalization
- **Copyright Holder Integration**: Automatically adds copyright holders to authors list
- **Repository Detection**: Automatic VCS URL extraction
- **Platform Support**: Architecture and OS requirement detection
- **Package URL (PURL)**: Generate standard Package URLs for all packages
- **File Hashing**: SHA-1, MD5, and fuzzy hash (TLSH) for package files
- **JSON Organization**: Structured output with package, metadata, people, licensing, copyright sections
- **Data Provenance**: Track source of each data field for attestation
#### Supported Ecosystems
- **Python**: wheel (.whl), sdist (.tar.gz, .zip)
- **NPM/Node.js**: .tgz, .tar.gz packages
- **Java/Maven**: .jar, .war, .ear with POM support
- **Gradle**: build.gradle, build.gradle.kts files
- **CocoaPods**: .podspec, .podspec.json files
- **Conda**: .conda (zip), .tar.bz2 packages
- **Perl/CPAN**: .tar.gz, .zip with META.json/yml
- **Conan C/C++**: conanfile.py, conanfile.txt, .tgz packages
- **Ruby Gems**: .gem packages
- **Rust Crates**: .crate packages
- **Go Modules**: .zip archives, go.mod files
- **NuGet/.NET**: .nupkg packages
- **Linux**: (Planned) Debian .deb, RPM .rpm
#### Advanced License & Copyright Detection
- **Powered by OSLiLI**: Integration with [oslili](https://github.com/oscarvalenzuelab/semantic-copycat-oslili) for accurate license and copyright detection
- **Multi-Method Detection**:
- Tag-based detection for short license identifiers (MIT, Apache-2.0, etc.)
- SPDX-License-Identifier exact matching
- Fuzzy hash (TLSH) matching against normalized license texts
- Regex-based pattern matching with comprehensive SPDX support
- Confidence scoring (0.0-1.0) with detection method tracking
- **Copyright Extraction**: Automatic extraction of copyright statements from source files
#### API Integrations
- **ClearlyDefined**: License and compliance data enrichment
- **Ecosyste.ms**: Package registry metadata and dependencies
- **Maven Central**: Parent POM resolution and inheritance
- **Offline-First**: All features work without internet connectivity
## Installation
```bash
# Install from source
git clone https://github.com/oscarvalenzuelab/semantic-copycat-upmex.git
cd semantic-copycat-upmex
pip install -e .
# Install with all features (includes oslili for license detection)
pip install -e ".[all]"
# Install for development
pip install -e ".[dev]"
```
## Quick Start
```python
from upmex import PackageExtractor
# Create extractor
extractor = PackageExtractor()
# Extract metadata from a package
metadata = extractor.extract("path/to/package.whl")
# Access metadata
print(f"Package: {metadata.name} v{metadata.version}")
print(f"Type: {metadata.package_type.value}")
print(f"License: {metadata.licenses[0].spdx_id if metadata.licenses else 'Unknown'}")
# Convert to JSON
import json
print(json.dumps(metadata.to_dict(), indent=2))
```
## CLI Usage
```bash
# Basic extraction (offline mode - default)
upmex extract package.whl
# Online mode - fetches parent POMs and queries APIs
upmex extract --online package.jar
# With pretty JSON output
upmex extract --pretty package.whl
# Output to file
upmex extract package.whl -o metadata.json
# Text format output
upmex extract --format text package.tar.gz
# Detect package type
upmex detect package.jar
# Extract license information with confidence scores
upmex license package.tgz --confidence
```
## Configuration
Configuration can be done via JSON files or environment variables:
### Environment Variables
```bash
# API Keys
export PME_CLEARLYDEFINED_API_KEY=your-api-key
export PME_ECOSYSTEMS_API_KEY=your-api-key
# Settings
export PME_LOG_LEVEL=DEBUG
export PME_CACHE_DIR=/path/to/cache
export PME_OUTPUT_FORMAT=json
```
### Configuration File
Create a `config.json`:
```json
{
"api": {
"clearlydefined": {
"enabled": true,
"api_key": null
}
},
"output": {
"format": "json",
"pretty_print": true
}
}
```
## Supported Package Types
| Ecosystem | Formats | Detection | Metadata | Online Mode | Tested |
|-----------|---------|-----------|----------|-------------|--------|
| Python | .whl, .tar.gz, .zip | ✓ | ✓ | API enrichment | ✓ |
| NPM | .tgz, .tar.gz | ✓ | ✓ | API enrichment | ✓ |
| Java | .jar, .war, .ear | ✓ | ✓ | Parent POM fetch | ✓ |
| Maven | .jar with POM | ✓ | ✓ | Parent POM fetch | ✓ |
| Gradle | build.gradle(.kts) | ✓ | ✓ | API enrichment | ✓ |
| CocoaPods | .podspec(.json) | ✓ | ✓ | API enrichment | ✓ |
| Conda | .conda, .tar.bz2 | ✓ | ✓ | API enrichment | ✓ |
| Perl/CPAN | .tar.gz, .zip | ✓ | ✓ | API enrichment | ✓ |
| Conan | conanfile.py/.txt | ✓ | ✓ | - | ✓ |
| Ruby | .gem | ✓ | ✓ | API enrichment | ✓ |
| Rust | .crate | ✓ | ✓ | API enrichment | ✓ |
| Go | .zip, .mod, go.mod | ✓ | ✓ | API enrichment | ✓ |
| NuGet | .nupkg | ✓ | ✓ | API enrichment | ✓ |
## Changelog
See [CHANGELOG.md](CHANGELOG.md) for a detailed history of changes.
## License
MIT License - see LICENSE file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "semantic-copycat-upmex",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "\"Oscar Valenzuela B.\" <oscar.valenzuela.b@gmail.com>",
"keywords": "package, metadata, extractor, license, detection, python, npm, maven, jar, wheel, pypi",
"author": null,
"author_email": "\"Oscar Valenzuela B.\" <oscar.valenzuela.b@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/e2/1e/5bd3f55e1b1f997d914ced982e6406bb6f6f72b12b2534a3c84de36c16eb/semantic_copycat_upmex-1.5.7.tar.gz",
"platform": null,
"description": "# UPMEX - Universal Package Metadata Extractor\n\nExtract metadata and license information from various package formats with a single tool.\n\n## Features\n\n### Core Capabilities\n- **Universal Package Support**: Extract metadata from 13 package ecosystems\n- **Multi-Format Detection**: Automatic package type identification\n- **Standardized Output**: Consistent JSON structure across all formats\n- **Native Extraction**: No dependency on external package managers\n- **High Performance**: Process packages up to 500MB in under 10 seconds\n\n#### Advanced Features\n- **NO-ASSERTION Handling**: Clear indication for unavailable data\n- **Dependency Mapping**: Full dependency tree with version constraints\n- **Author Parsing**: Intelligent name/email extraction and normalization\n- **Copyright Holder Integration**: Automatically adds copyright holders to authors list\n- **Repository Detection**: Automatic VCS URL extraction\n- **Platform Support**: Architecture and OS requirement detection\n- **Package URL (PURL)**: Generate standard Package URLs for all packages\n- **File Hashing**: SHA-1, MD5, and fuzzy hash (TLSH) for package files\n- **JSON Organization**: Structured output with package, metadata, people, licensing, copyright sections\n- **Data Provenance**: Track source of each data field for attestation\n\n#### Supported Ecosystems\n- **Python**: wheel (.whl), sdist (.tar.gz, .zip)\n- **NPM/Node.js**: .tgz, .tar.gz packages\n- **Java/Maven**: .jar, .war, .ear with POM support\n- **Gradle**: build.gradle, build.gradle.kts files\n- **CocoaPods**: .podspec, .podspec.json files\n- **Conda**: .conda (zip), .tar.bz2 packages\n- **Perl/CPAN**: .tar.gz, .zip with META.json/yml\n- **Conan C/C++**: conanfile.py, conanfile.txt, .tgz packages\n- **Ruby Gems**: .gem packages\n- **Rust Crates**: .crate packages\n- **Go Modules**: .zip archives, go.mod files\n- **NuGet/.NET**: .nupkg packages\n- **Linux**: (Planned) Debian .deb, RPM .rpm\n\n#### Advanced License & Copyright Detection\n- **Powered by OSLiLI**: Integration with [oslili](https://github.com/oscarvalenzuelab/semantic-copycat-oslili) for accurate license and copyright detection\n- **Multi-Method Detection**:\n - Tag-based detection for short license identifiers (MIT, Apache-2.0, etc.)\n - SPDX-License-Identifier exact matching\n - Fuzzy hash (TLSH) matching against normalized license texts\n - Regex-based pattern matching with comprehensive SPDX support\n - Confidence scoring (0.0-1.0) with detection method tracking\n- **Copyright Extraction**: Automatic extraction of copyright statements from source files\n\n#### API Integrations\n- **ClearlyDefined**: License and compliance data enrichment\n- **Ecosyste.ms**: Package registry metadata and dependencies\n- **Maven Central**: Parent POM resolution and inheritance\n- **Offline-First**: All features work without internet connectivity\n\n## Installation\n\n```bash\n# Install from source\ngit clone https://github.com/oscarvalenzuelab/semantic-copycat-upmex.git\ncd semantic-copycat-upmex\npip install -e .\n\n# Install with all features (includes oslili for license detection)\npip install -e \".[all]\"\n\n# Install for development\npip install -e \".[dev]\"\n\n```\n\n## Quick Start\n\n```python\nfrom upmex import PackageExtractor\n\n# Create extractor\nextractor = PackageExtractor()\n\n# Extract metadata from a package\nmetadata = extractor.extract(\"path/to/package.whl\")\n\n# Access metadata\nprint(f\"Package: {metadata.name} v{metadata.version}\")\nprint(f\"Type: {metadata.package_type.value}\")\nprint(f\"License: {metadata.licenses[0].spdx_id if metadata.licenses else 'Unknown'}\")\n\n# Convert to JSON\nimport json\nprint(json.dumps(metadata.to_dict(), indent=2))\n```\n\n## CLI Usage\n\n```bash\n# Basic extraction (offline mode - default)\nupmex extract package.whl\n\n# Online mode - fetches parent POMs and queries APIs\nupmex extract --online package.jar\n\n# With pretty JSON output\nupmex extract --pretty package.whl\n\n# Output to file\nupmex extract package.whl -o metadata.json\n\n# Text format output\nupmex extract --format text package.tar.gz\n\n# Detect package type\nupmex detect package.jar\n\n# Extract license information with confidence scores\nupmex license package.tgz --confidence\n```\n\n## Configuration\n\nConfiguration can be done via JSON files or environment variables:\n\n### Environment Variables\n\n```bash\n# API Keys\nexport PME_CLEARLYDEFINED_API_KEY=your-api-key\nexport PME_ECOSYSTEMS_API_KEY=your-api-key\n\n# Settings\nexport PME_LOG_LEVEL=DEBUG\nexport PME_CACHE_DIR=/path/to/cache\nexport PME_OUTPUT_FORMAT=json\n\n```\n\n### Configuration File\n\nCreate a `config.json`:\n\n```json\n{\n \"api\": {\n \"clearlydefined\": {\n \"enabled\": true,\n \"api_key\": null\n }\n },\n \"output\": {\n \"format\": \"json\",\n \"pretty_print\": true\n }\n}\n```\n\n## Supported Package Types\n\n| Ecosystem | Formats | Detection | Metadata | Online Mode | Tested |\n|-----------|---------|-----------|----------|-------------|--------|\n| Python | .whl, .tar.gz, .zip | \u2713 | \u2713 | API enrichment | \u2713 |\n| NPM | .tgz, .tar.gz | \u2713 | \u2713 | API enrichment | \u2713 |\n| Java | .jar, .war, .ear | \u2713 | \u2713 | Parent POM fetch | \u2713 |\n| Maven | .jar with POM | \u2713 | \u2713 | Parent POM fetch | \u2713 |\n| Gradle | build.gradle(.kts) | \u2713 | \u2713 | API enrichment | \u2713 |\n| CocoaPods | .podspec(.json) | \u2713 | \u2713 | API enrichment | \u2713 |\n| Conda | .conda, .tar.bz2 | \u2713 | \u2713 | API enrichment | \u2713 |\n| Perl/CPAN | .tar.gz, .zip | \u2713 | \u2713 | API enrichment | \u2713 |\n| Conan | conanfile.py/.txt | \u2713 | \u2713 | - | \u2713 |\n| Ruby | .gem | \u2713 | \u2713 | API enrichment | \u2713 |\n| Rust | .crate | \u2713 | \u2713 | API enrichment | \u2713 |\n| Go | .zip, .mod, go.mod | \u2713 | \u2713 | API enrichment | \u2713 |\n| NuGet | .nupkg | \u2713 | \u2713 | API enrichment | \u2713 |\n\n\n## Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md) for a detailed history of changes.\n\n## License\n\nMIT License - see LICENSE file for details.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Universal Package Metadata Extractor - Extract metadata from various package formats",
"version": "1.5.7",
"project_urls": {
"Changelog": "https://github.com/oscarvalenzuelab/semantic-copycat-upmex/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/oscarvalenzuelab/semantic-copycat-upmex#readme",
"Homepage": "https://github.com/oscarvalenzuelab/semantic-copycat-upmex",
"Issues": "https://github.com/oscarvalenzuelab/semantic-copycat-upmex/issues",
"Repository": "https://github.com/oscarvalenzuelab/semantic-copycat-upmex"
},
"split_keywords": [
"package",
" metadata",
" extractor",
" license",
" detection",
" python",
" npm",
" maven",
" jar",
" wheel",
" pypi"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "3e8402f36fa11d0475edf0bcf34b5bce660a5ce5aa32afc82cfa2b1e5c4db73a",
"md5": "ef0b8fd90e78f5e2165fbe78fa64cb59",
"sha256": "f4204d3b7bda45a90ec1f33745449e5a88971f2b6ff5b204178771484ce6bcc9"
},
"downloads": -1,
"filename": "semantic_copycat_upmex-1.5.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ef0b8fd90e78f5e2165fbe78fa64cb59",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 1308948,
"upload_time": "2025-09-06T06:02:52",
"upload_time_iso_8601": "2025-09-06T06:02:52.744641Z",
"url": "https://files.pythonhosted.org/packages/3e/84/02f36fa11d0475edf0bcf34b5bce660a5ce5aa32afc82cfa2b1e5c4db73a/semantic_copycat_upmex-1.5.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "e21e5bd3f55e1b1f997d914ced982e6406bb6f6f72b12b2534a3c84de36c16eb",
"md5": "9d2c16cf29faeb00383781a58d6eec54",
"sha256": "d94ef094fd74bfcc7edf54ad6b4ed6b106c53a87e04fd7f6bf45a9adc5d1144e"
},
"downloads": -1,
"filename": "semantic_copycat_upmex-1.5.7.tar.gz",
"has_sig": false,
"md5_digest": "9d2c16cf29faeb00383781a58d6eec54",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 756176,
"upload_time": "2025-09-06T06:02:54",
"upload_time_iso_8601": "2025-09-06T06:02:54.510209Z",
"url": "https://files.pythonhosted.org/packages/e2/1e/5bd3f55e1b1f997d914ced982e6406bb6f6f72b12b2534a3c84de36c16eb/semantic_copycat_upmex-1.5.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-06 06:02:54",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "oscarvalenzuelab",
"github_project": "semantic-copycat-upmex",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "semantic-copycat-upmex"
}
JSON
