check_package
Analyze package files or PURLs to extract metadata, detect licenses, and optionally check vulnerabilities using intelligent tool selection.
Instructions
Check a specific package using intelligent tool selection.
This tool intelligently analyzes package files by:
For archives (.jar, .whl, .rpm, .gem, etc.): Use upmex for metadata extraction
If upmex fails or for non-archives: Fall back to osslili for license detection
For PURLs: Use package registry APIs when available
Args: identifier: Package identifier (PURL like pkg:maven/com.google.gson/gson@2.10.1, file path to archive, or package file) check_vulnerabilities: Whether to check for vulnerabilities (default: False for speed) check_licenses: Whether to extract license information (default: True)
Returns: Dictionary containing package metadata, licenses, and optionally vulnerabilities
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| identifier | Yes | ||
| check_licenses | No | ||
| check_vulnerabilities | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |