Unable to construct PURL containing percent signs

[matt-phylum]

> const { PackageURL } = await import("packageurl-js");
undefined
> new PackageURL("generic", "100%", "test");
Uncaught URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at Object.normalizeNamespace [as normalize] (/purl/repo/src/normalize.js:16:25)
    at new PackageURL (/purl/repo/src/package-url.js:50:39)
> new PackageURL("generic", "test", "100%");
Uncaught URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at Object.normalizeName [as normalize] (/purl/repo/src/normalize.js:10:11)
    at new PackageURL (/purl/repo/src/package-url.js:55:34)
> new PackageURL("generic", "test", "test", "100%");
Uncaught URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at Object.normalizeVersion [as normalize] (/purl/repo/src/normalize.js:91:11)
    at new PackageURL (/purl/repo/src/package-url.js:60:37)
> new PackageURL("generic", "test", "test", "1.0", {}, "100%");
Uncaught URIError: URI malformed
    at decodeURIComponent (<anonymous>)
    at Object.normalizeSubpath [as normalize] (/purl/repo/src/normalize.js:77:25)
    at new PackageURL (/purl/repo/src/package-url.js:71:37)

Or worse if the percent sign is followed by two or more hex characters:

> new PackageURL("generic", "", "%21").toString();
'pkg:generic/!'

It only works correctly for qualifier values:

> new PackageURL("generic", "test", "test", "1.0", {"a": "100%"}).toString();
'pkg:generic/test/test@1.0?a=100%25'

[jdalton]

@matt-phylum Thanks for the find! This happens because in v2 normalization is consistent across constructor and fromString. In v1.x PackageURL.fromString("pkg:general/100%/test") would throw a similar error (because of decodeURIComponent use).

[jdalton]

PR at #76.

[jdalton]

Closed by #76

[steven-esser]

v2.0.1 published to npmjs: https://www.npmjs.com/package/packageurl-js/v/2.0.1 with this fix included.