fix(nodejs): fix npmjs parser.pkgNameFromPath() panic issue (#9688)

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

Author: derekhjray

pkg/dependency/parser/nodejs/npm/parse.go

@@ -345,7 +345,15 @@ func (p *Parser) pkgNameFromPath(pkgPath string) string {
 	// node_modules/function1
 	// node_modules/nested_func/node_modules/debug
 	if index := strings.LastIndex(pkgPath, nodeModulesDir); index != -1 {
-		return pkgPath[index+len(nodeModulesDir)+1:]
+		pkgName := pkgPath[index+len(nodeModulesDir):]
+		pkgName = strings.TrimPrefix(pkgName, "/")
+
+		if pkgName == "" {
+			p.logger.Warn("Invalid package-lock.json file. Package path doesn't have package name suffix", log.String("pkg_path", pkgPath))
+			return ""
+		}
+
+		return pkgName
 	}
 	p.logger.Warn("Package path doesn't have `node_modules` prefix", log.String("pkg_path", pkgPath))
 	return pkgPath

pkg/dependency/parser/nodejs/npm/parse_test.go

@@ -88,3 +88,43 @@ func TestParse(t *testing.T) {
 		})
 	}
 }
+
+func TestPkgNameFromPath(t *testing.T) {
+	tests := []struct {
+		path     string
+		expected string
+	}{
+		{
+			path:     "node_modules/package-name",
+			expected: "package-name",
+		},
+		{
+			path:     "node_modules/@package-namespace/package-name",
+			expected: "@package-namespace/package-name",
+		},
+		{
+			path:     "node_modules/package-name/node_modules/sub-sub-package",
+			expected: "sub-sub-package",
+		},
+		{
+			path:     "no/node/modules/dir",
+			expected: "no/node/modules/dir",
+		},
+		{
+			path:     "node_modules",
+			expected: "",
+		},
+		{
+			path:     "node_modules/",
+			expected: "",
+		},
+	}
+
+	parser := NewParser()
+	for _, test := range tests {
+		t.Run(test.path, func(t *testing.T) {
+			path := parser.pkgNameFromPath(test.path)
+			assert.Equal(t, test.expected, path)
+		})
+	}
+}