NPM Package API fails with 400 Bad Request when requesting url encoded scoped package

Summary

After upgrading to GitLab 18.6, package installs using npm started to fail with a 400 Bad Request error. The reason seems to be that the packages we use are scoped to @inaf. When resolving npm performs a request to https://gitlab.<redact>.com/api/v4/projects/412/packages/npm/@inaf%2fbuild-base. Note the url-encoded slash in the package name. The API seems to only accept the unencoded url https://gitlab.<redact>.com/api/v4/projects/412/packages/npm/@inaf/build-base as of the latest version.

Steps to reproduce

1. Create a new repository (optional)
2. create and publish a package with a scoped name (@scope/package-name) to the repository using npm and a personal access token
3. try to install the package from the package registry using npm (npm install @scope/package-name)
4. The npm log probably shows something like this:

WARN  GET https://gitlab.com/api/v4/projects//packages/npm/@scope%2Fpacakge-name error (undefined). Will retry in 1 minute. 1 retries left.

5. Trying to access the URL (for example using the browser) results in a 400 Bad Request error

What is the current bug behavior?

The Request fails with a 400 Bad Request

What is the expected correct behavior?

URL-Encoded package names should work the same as non-encoded once. The behaviour of the previous versions.