An oci://... or pkg:oci/... PURL refers to a container image that conforms to the Open Container Initiative (OCI) image specification. Like Docker images, OCI artifacts are stored and distributed as separate blobs over an API - not a single file.

Key reasons:

Spec-compliant registries: OCI images must be fetched using the OCI Distribution Spec, which requires reading manifests and downloading blobs via digest.

Registries vary: There’s no universal registry or URL format-ghcr.io, quay.io, and gcr.io all differ.

Complex structure: You must:

Fetch the manifest

Retrieve each layer blob

Resolve any associated artifacts (e.g., signatures, SBOMs)

Tooling is required: Use tools like oras, skopeo, or crane to pull artifacts - a single wget URL simply doesn’t exist.

So, like Docker, an OCI PURL also cannot be resolved to a direct download link without orchestrating a registry-aware client process.