Description
What / Why
If you run array dependencies through normalizePackageData (depObjectify specifically), the leading @ in a scoped package name will be incorrectly interpreted as the beginning of a range instead of the beginning of the package name, leading to the "fixed" dependency name being the empty string and the dependency semver range being a github specifier.
While array dependencies are not encouraged, they are still allowed to be published, and if nothing else this leads to very strange error messages:
$ npm publish
$ 400 Bad Request - PUT https://registry.npmjs.org/your-package - "dependencies" dep "" is not a valid dependency name.Again, non-scoped-package array dependencies can be published successfully, and if anything you'd want this message to say "scoped packages are not allowed in array dependencies".
When
Here is a reproducible test case: https://runkit.com/tolmasky/scoped-package-in-array-dependencies
Happy to submit a PR if it is agreed that this is not desired behavior.