PURL output isn't correctly separate namespace and name for NPM (maybe more)

[brphelps]

An example of the ScanManifest.json contents for an NPM package:

      "component": {
        "name": "@types/prop-types",
        "version": "15.7.4",
        "hash": null,
        "author": null,
        "type": "Npm",
        "id": "@types/prop-types 15.7.4 - Npm",
        "packageUrl": {
          "Scheme": "pkg",
          "Type": "npm",
          "Namespace": null,
          "Name": "@types/prop-types",
          "Version": "15.7.4",
          "Qualifiers": null,
          "Subpath": null
        }
      },

It looks like the tool is not aligning with the PURL spec definition of how namespaces should be decomposed in NPM packages (defined as the scope component).

It appears this would be relatively simple code in the NpmComponent -- Instead of passing along NPM's concept of name into the name property and ignoring whitespace, a simple split (taking the last segment as the name and the former X segments, escaped and joined with /) could provide the Namespace.

It also seems possible other ecosystems are not correctly utilizing namespace in PURL, but I haven't looked much into it.