perf: do not sanitize npm package labels multiple times

MODULE.bazel

@@ -215,7 +215,7 @@ use_repo(
     "npm__rollup__2.70.2",
     "npm__rollup__2.70.2__links",
     "npm__unused__0.2.2__links",
-    "npm__webpack-bundle-analyzer__4.5.0__bufferutil_4.0.7",
+    "npm__webpack-bundle-analyzer__4.5.0_bufferutil_4.0.7",
 )
 
 # As an example, manually import a package using explicit coordinates.

e2e/pnpm_lockfiles/MODULE.bazel

@@ -73,11 +73,11 @@ npm = use_extension(
         "lock-%s__at_types_sizzle__2.3.8__links" % version,
 
         # Dep with peers
-        "lock-%s__at_aspect-test_d__2.0.0__at_aspect-test_c_2.0.2" % version,
-        "lock-%s__at_aspect-test_d__2.0.0__at_aspect-test_c_2.0.2__links" % version,
+        "lock-%s__at_aspect-test_d__2.0.0_at_aspect-test_c_2.0.2" % version,
+        "lock-%s__at_aspect-test_d__2.0.0_at_aspect-test_c_2.0.2__links" % version,
 
         # Dep with patch
-        "lock-%s__meaning-of-life__1.0.0__o3deharooos255qt5xdujc3cuq" % version,
+        "lock-%s__meaning-of-life__1.0.0_o3deharooos255qt5xdujc3cuq" % version,
     )
     for version in PNPM_LOCK_VERSIONS
 ]

e2e/pnpm_lockfiles/lockfile-test.bzl

@@ -139,14 +139,14 @@ def lockfile_test(name = None):
 
             # Patched dependencies
             ":.aspect_rules_js/node_modules/meaning-of-life@1.0.0_o3deharooos255qt5xdujc3cuq",
-            "@%s__meaning-of-life__1.0.0__o3deharooos255qt5xdujc3cuq//:pkg" % lock_repo,
+            "@%s__meaning-of-life__1.0.0_o3deharooos255qt5xdujc3cuq//:pkg" % lock_repo,
 
             # Direct deps from custom registry
             ":.aspect_rules_js/node_modules/@types+node@16.18.11",
 
             # Direct deps with peers
             ":.aspect_rules_js/node_modules/@aspect-test+d@2.0.0_at_aspect-test_c_2.0.2",
-            "@%s__at_aspect-test_d__2.0.0__at_aspect-test_c_2.0.2//:pkg" % lock_repo,
+            "@%s__at_aspect-test_d__2.0.0_at_aspect-test_c_2.0.2//:pkg" % lock_repo,
         ],
     )
 

npm/private/pnpm.bzl

@@ -115,18 +115,26 @@ def _convert_v5_importers(importers):
     return result
 
 def _convert_pnpm_v5_version_peer_dep(version):
-    # Covert a pnpm lock file v5 version string of the format
-    # 1.2.3_@scope+peer@2.0.2_@scope+peer@4.5.6
-    # to a version_peer_version that is compatible with rules_js.
+    # Convert a pnpm lock file v5 dependency version string to a format
+    # compatible with rules_js.
+    #
+    # Example versions:
+    #  1.2.3
+    #  1.2.3_@scope+peer@2.0.2_@scope+peer@4.5.6
+    #  2.0.0_@aspect-test+c@2.0.2
+    #  3.1.0_rollup@2.14.0
+    #  4.5.6_o3deharooos255qt5xdujc3cuq
 
     # If there is a suffix to the version
     peer_dep_index = version.find("_")
     if peer_dep_index != -1:
         # if the suffix contains an @version (not just a _patchhash)
-        peer_dep_index = version.find("@", peer_dep_index)
-        if peer_dep_index != -1:
+        peer_dep_at_index = version.find("@", peer_dep_index)
+        if peer_dep_at_index != -1:
             peer_dep = version[peer_dep_index:]
-            version = version[0:peer_dep_index] + utils.sanitize_string(peer_dep)
+            peer_dep = peer_dep.replace("_@", "_at_").replace("@", "_").replace("/", "_").replace("+", "_")
+
+            version = version[0:peer_dep_index] + peer_dep
 
     return version
 
@@ -204,9 +212,13 @@ def _convert_v5_packages(packages):
 ######################### Lockfile v6 #########################
 
 def _convert_pnpm_v6_v9_version_peer_dep(version):
-    # Covert a pnpm lock file v6 version string of the format
-    # 1.2.3(@scope/peer@2.0.2)(@scope/peer@4.5.6)
-    # to a version_peer_version that is compatible with rules_js.
+    # Convert a pnpm lock file v6-9+ version string to a format compatible
+    # with rules_js.
+    #
+    # Examples:
+    #   1.2.3
+    #   1.2.3(@scope/peer@2.0.2)(@scope/peer@4.5.6)
+    #   4.5.6(patch_hash=o3deharooos255qt5xdujc3cuq)
     if version[-1] == ")":
         # Drop the patch_hash= not present in v5 so (patch_hash=123) -> (123) like v5
         version = version.replace("(patch_hash=", "(")
@@ -218,9 +230,10 @@ def _convert_pnpm_v6_v9_version_peer_dep(version):
             # Prevent long paths. The pnpm lockfile v6 no longer hashes long sequences of
             # peer deps so we must hash here to prevent extremely long file paths that lead to
             # "File name too long) build failures.
-            peer_dep = "_" + utils.hash(peer_dep)
-        version = version[0:peer_dep_index] + utils.sanitize_string(peer_dep)
-        version = version.rstrip("_")
+            peer_dep = utils.hash(peer_dep)
+        else:
+            peer_dep = peer_dep.replace("(@", "(_at_").replace(")(", "_").replace("@", "_").replace("/", "_")
+        version = version[0:peer_dep_index] + "_" + peer_dep.strip("_-()")
     return version
 
 def _strip_v6_default_registry_to_version(name, version):

npm/private/test/BUILD.bazel

@@ -41,7 +41,7 @@ write_source_files(
         "snapshots/wksp/fsevents_links_defs.bzl": "@npm__fsevents__2.3.2__links//:defs.bzl",
         "snapshots/wksp/rollup_links_defs.bzl": "@npm__rollup__2.70.2__links//:defs.bzl",
         "snapshots/wksp/package_json.bzl": "@npm__rollup__2.70.2//examples/npm_deps:package_json.bzl",
-        "snapshots/wksp/package_json_with_dashes.bzl": "@npm__webpack-bundle-analyzer__4.5.0__bufferutil_4.0.7//npm/private/test:package_json.bzl",
+        "snapshots/wksp/package_json_with_dashes.bzl": "@npm__webpack-bundle-analyzer__4.5.0_bufferutil_4.0.7//npm/private/test:package_json.bzl",
     },
     target_compatible_with = select({
         "@aspect_bazel_lib//lib:bzlmod": ["@platforms//:incompatible"],
@@ -59,7 +59,7 @@ write_source_files(
         "snapshots/bzlmod/fsevents_links_defs.bzl": "@npm__fsevents__2.3.2__links//:defs.bzl",
         "snapshots/bzlmod/rollup_links_defs.bzl": "@npm__rollup__2.70.2__links//:defs.bzl",
         "snapshots/bzlmod/package_json.bzl": "@npm__rollup__2.70.2//examples/npm_deps:package_json.bzl",
-        "snapshots/bzlmod/package_json_with_dashes.bzl": "@npm__webpack-bundle-analyzer__4.5.0__bufferutil_4.0.7//npm/private/test:package_json.bzl",
+        "snapshots/bzlmod/package_json_with_dashes.bzl": "@npm__webpack-bundle-analyzer__4.5.0_bufferutil_4.0.7//npm/private/test:package_json.bzl",
     },
     target_compatible_with = select({
         "@aspect_bazel_lib//lib:bzlmod": [],