Update src/malwareMatcher.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: aegilops

src/malwareMatcher.ts

@@ -159,8 +159,13 @@ export function matchMalware(advisories: MalwareAdvisoryNode[], sboms: Repositor
       }
     }
     // Annotate with default branch for reporting (if known)
-    return list.map(p => ({ ...p, __branch: repo.defaultBranch || undefined }));
-  };
+          // Some ecosystems require a namespace (e.g., Maven, NuGet)
+          const ecosystemsWithNamespace = new Set(['maven', 'nuget', 'composer', 'golang']);
+          if (ecosystemsWithNamespace.has(change.ecosystem) && change.namespace) {
+            p = `pkg:${change.ecosystem}/${change.namespace}/${change.name}${change.version ? '@' + change.version : ''}`;
+          } else {
+            p = `pkg:${change.ecosystem}/${change.name}${change.version ? '@' + change.version : ''}`;
+          }
 
   // Enumerate packages implied by branch diffs (added/updated head-side versions)
   const enumerateDiffPackages = (repo: RepositorySbom): Array<{ purl: string; name?: string; ecosystem?: string; version?: string; __branch: string }> => {