@ sign in npm package-names leads to an exception

[profTwinglings]

Describe the bug When using dependency check on a package.json and package-lock.json file with a depdency with a @-sign in its name like https://www.npmjs.com/package/@emotion/react package.json

{
  "name": "test",
  "dependencies": {

    "@types/jest": "^27.4.1",
    "axios": "^0.26.0",
......

Gives:

Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
exception: org.owasp.dependencycheck.analyzer.exception.SearchException: Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.

I get a successful run if I remove all packages starting with @ or when I use an older node that generates a package-lock.json using version 1.

Version of dependency-check used Using dependency-check-maven 7.1.0. Package-lock.json is generated with node v18.0.0

Log file

Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
exception: org.owasp.dependencycheck.analyzer.exception.SearchException: Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.

org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage(NodeAuditSearch.java:209)
org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage(NodeAuditSearch.java:133)
org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzePackage(NodeAuditAnalyzer.java:189)
org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzeDependency(NodeAuditAnalyzer.java:146)
org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
java.base/java.lang.Thread.run(Thread.java:829)

Full package.json: https://gist.github.com/profTwinglings/51d7dbff3abe771c8ece98659fdbf101 package-lock.json: https://gist.github.com/profTwinglings/fadc6d506b4984245dac0feae9a6ebbe older package-lock.json with node v14: https://gist.github.com/profTwinglings/ff06bb025fcb7cfaedf6350f9f537ee8 To Reproduce Run dependency check maven with a package.json that has a package with @ in its name:

 <plugin>
                    <groupId>org.owasp</groupId>
                    <artifactId>dependency-check-maven</artifactId>
                    <version>7.1.0</version>
                    <configuration>
                        <scanSet>
                            <fileSet>
                                <directory>foo</directory>
                                <includes>
                                    <include>package.json</include>
                                    <include>package-lock.json</include>
                                </includes>
                            </fileSet>

Expected behavior Successful scan

[nhumblot]

Closing as duplicate of #4412