[question] can a component have a multiple purl

[viveksahu26]

This is a question. Can a component have multiple PURLs ?

For example, this go library https://github.com/olekukonko/tablewriter with a name https://github.com/olekukonko/tablewriter and a version v0.0.5.
So, the corresponding purl will be: pkg:golang/github.com/olekukonko/[email protected]

[mjherzog]

A component can have multiple PURLs in the sense that the PURL information becomes more specific as you read from left to right.
So pkg:golang/github.com/olekukonko/tablewriter is a valid PURL which might be useful for documenting the license, but it is of limited value for vulnerability reporting without a version.
A more specific PURL like: pkg:golang/github.com/olekukonko/[email protected]?download_url=xxxxxxxxxxxxxxxxxxxxx would be even more specific and useful.
Also - I am moving this to Discussions/Q&A which is a better home for questions

[viveksahu26]

So, depending on the precision of the purl via qualifiers and subpath., it can varies to multiple purls based on different use cases.