PackageGraph Ontology

A rigorous OWL 2 ontology for cross-distribution package analysis and software supply chain research.

v0.6.0 OWL 2 DL 29 SHACL Shapes CC0 1.0

GitHub Changelog 33 Competency Questions Design Decisions vs SPDX/CycloneDX/OSV

Core

Foundational classes and properties shared across all ecosystems

core

Package, Version, Dependency, Distribution, Architecture, License, Person, Maintainer, BuildActivity, PackageIdentity

Documentation WebVOWL Turtle N-Triples JSON-LD

System-Level Package Managers

Linux distributions and OS-level package management

deb

Debian/Ubuntu (.deb) packages, APT repositories, sections, priorities

Documentation WebVOWL Turtle N-Triples JSON-LD

rpm

RPM/DNF packages, epochs, disttags, changelogs, weak dependencies

Documentation WebVOWL Turtle N-Triples JSON-LD

pacman

Arch Linux packages, groups, hooks, provides/conflicts

Documentation WebVOWL Turtle N-Triples JSON-LD

apk

Alpine Linux packages, APKBUILD scripts, branches

Documentation WebVOWL Turtle N-Triples JSON-LD

portage

Gentoo ebuilds, USE flags, slots, EAPI, eclasses

Documentation WebVOWL Turtle N-Triples JSON-LD

homebrew

macOS formulae, casks, bottles, taps

Documentation WebVOWL Turtle N-Triples JSON-LD

nix

Nix derivations, channels, stdenv, functional builds

Documentation WebVOWL Turtle N-Triples JSON-LD

xbps

Void Linux XBPS packages

Documentation WebVOWL Turtle N-Triples JSON-LD

opkg

OpenWrt embedded Linux packages

Documentation WebVOWL Turtle N-Triples JSON-LD

bsdpkg

FreeBSD/NetBSD/OpenBSD ports, flavors, options

Documentation WebVOWL Turtle N-Triples JSON-LD

chocolatey

Windows Chocolatey/NuGet packages, PowerShell scripts

Documentation WebVOWL Turtle N-Triples JSON-LD

bitbake

Yocto/OpenEmbedded recipes, layers, machines

Documentation WebVOWL Turtle N-Triples JSON-LD

buildroot

Buildroot packages, defconfigs, build infrastructures

Documentation WebVOWL Turtle N-Triples JSON-LD

Language Ecosystem Managers

Programming language package registries and dependency managers

npm

Node.js/JavaScript, scopes, workspaces, peer dependencies

Documentation WebVOWL Turtle N-Triples JSON-LD

pypi

Python packages, wheels, sdists, extras, classifiers

Documentation WebVOWL Turtle N-Triples JSON-LD

cargo

Rust crates, features, editions, targets

Documentation WebVOWL Turtle N-Triples JSON-LD

gomod

Go modules, replace directives, module proxies

Documentation WebVOWL Turtle N-Triples JSON-LD

maven

Java/JVM artifacts, groupId:artifactId:version, POM

Documentation WebVOWL Turtle N-Triples JSON-LD

nuget

.NET packages, target frameworks

Documentation WebVOWL Turtle N-Triples JSON-LD

rubygems

Ruby gems, platforms, gemspec

Documentation WebVOWL Turtle N-Triples JSON-LD

cpan

Perl distributions, PAUSE IDs, modules

Documentation WebVOWL Turtle N-Triples JSON-LD

cran

R packages, Depends/Imports/Suggests

Documentation WebVOWL Turtle N-Triples JSON-LD

hackage

Haskell packages, Cabal metadata

Documentation WebVOWL Turtle N-Triples JSON-LD

hex

Elixir/Erlang packages, mix/rebar3

Documentation WebVOWL Turtle N-Triples JSON-LD

conda

Anaconda packages, channels, feedstocks

Documentation WebVOWL Turtle N-Triples JSON-LD

Application Distribution

Application packaging and distribution formats

flatpak

Linux desktop apps, runtimes, sandboxing

Documentation WebVOWL Turtle N-Triples JSON-LD

snap

Ubuntu Snap apps, confinement, interfaces

Documentation WebVOWL Turtle N-Triples JSON-LD

Extensions

Cross-cutting concerns extending the core model

security

CVE vulnerabilities, OSV ranges, CVSS scores, security advisories, patch provenance

Documentation WebVOWL Turtle N-Triples JSON-LD

vcs

Git repositories, commits, branches, tags, pull requests

Documentation WebVOWL Turtle N-Triples JSON-LD

slsa

Build provenance attestations, SLSA levels, builder identity

Documentation WebVOWL Turtle N-Triples JSON-LD

metrics

Code analysis: lines of code, cyclomatic complexity, language breakdowns

Documentation WebVOWL Turtle N-Triples JSON-LD

dq

Data quality issues and metadata validation

Documentation WebVOWL Turtle N-Triples JSON-LD

Vendor Extensions

Distribution-specific vendor metadata

redhat

Red Hat RHEL package sets, BaseOS/AppStream

Documentation WebVOWL Turtle N-Triples JSON-LD

Citation

If you use PackageGraph in academic work, please cite:

PackageGraph Project. PackageGraph: An OWL 2 Ontology for Cross-Distribution Software Package Analysis. Version 0.6.0, 2026. Available at: https://purl.org/packagegraph/ontology/core

BibTeX

@misc{packagegraph2026,
  title        = {{PackageGraph}: An {OWL} 2 Ontology for Cross-Distribution
                  Software Package Analysis},
  author       = {{PackageGraph Project}},
  year         = {2026},
  howpublished = {\url{https://purl.org/packagegraph/ontology/core}},
  note         = {Version 0.6.0. 34 modules, 253 classes, 29 ecosystem
                  extensions. OWL 2 DL, OntoClean compliant, SHACL validated.
                  Licensed under CC0 1.0 Universal.},
  url          = {https://purl.org/packagegraph/ontology/core}
}

Preferred namespace prefix: pkg: for https://purl.org/packagegraph/ontology/core#