feat: scoped npm support (@angular/core style paths) in extract_npm_info

tests/e2e/test_webhook_flow.py

@@ -103,6 +103,44 @@ class TestWebhookToScanFlow:
         data = resp.json()
         assert data["status"] == "accepted"
 
+    @pytest.mark.asyncio
+    async def test_e2e_webhook_accepts_scoped_npm_asset(self, e2e_client, e2e_db_session):
+        """Verify that scoped npm (@scope/name) assets are accepted."""
+        payload = {
+            "action": "UPDATED",
+            "repositoryName": "npm-proxy",
+            "initiator": "e2e-test",
+            "asset": {
+                "format": "npm",
+                "name": "/packages/@angular/core/-/core-18.0.0.tgz",
+                "downloadUrl": "http://nexus:8081/repository/npm-proxy/@angular/core/-/core-18.0.0.tgz",
+            },
+        }
+
+        async def mock_harvest(*args, **kwargs):
+            from guarddog_nexus.db.models import Scan, ScanStatus
+
+            scan = Scan(
+                package_name="@angular/core",
+                package_version="18.0.0",
+                ecosystem="npm",
+                repository="npm-proxy",
+                nexus_asset_url=args[0],
+                status=ScanStatus.COMPLETED.value,
+                total_findings=0,
+                flagged=False,
+            )
+            e2e_db_session.add(scan)
+            await e2e_db_session.commit()
+            await e2e_db_session.refresh(scan)
+            return scan
+
+        with patch("guarddog_nexus.routes.webhooks._scan_in_background", mock_harvest):
+            resp = await e2e_client.post("/webhooks/nexus", json=payload)
+
+        assert resp.status_code == 200
+        assert resp.json()["status"] == "accepted"
+
 
 class TestWebhookSignatureValidation:
     """E2E tests for webhook signature validation."""