New pull requests should be opened when a "next" version of npm has been released. Once the "next" version has been promoted to "latest" the PR should be updated as necessary.
The specific Node.js release streams the new version will be able to land into are at the discretion of the release and LTS teams.
This process only covers full updates to new versions of npm. Cherry-picked changes can be reviewed and landed via the normal consensus seeking process.
$ git clone https://github.com/npm/cli.git npm
$ cd npmor if you already have npm cloned make sure the repo is up to date
$ git remote update -p
$ git reset --hard origin/latest$ git checkout vX.Y.Z
$ make
$ make releaseNote: please run npm dist-tag ls npm and make sure this is the latest
dist-tag. latest on git is usually released as next when it's time to
downstream
$ cd /path/to/node
$ git remote update -p
$ git checkout -b npm-x.y.z origin/master
$ cd deps
$ rm -rf npm$ tar zxf /path/to/npm/release/npm-x.y.z.tgz
$ git add -A npm
$ git commit -m "deps: upgrade npm to x.y.z"
$ cd ..$ ./configure
$ make -j4
$ ./tools/license-builder.sh
# The following commands are only necessary if there are changes
$ git add .
$ git commit -m "doc: update npm LICENSE using license-builder.sh"Note: please ensure you are only making the updates that are changed by npm.
$ git rebase --whitespace=fix masterThe term-size package in npm's dependency tree contains an unsigned macOS
binary in versions < 2.2.0. Until npm updates to a newer version of
update-notifier, Node.js macOS package files can't be notarized and will fail
to install on macOS Catalina and above.
When npm ls shows a term-size package version < 2.2.0, cherry-pick
commit d2f08a1bdb on top of the upgraded npm.
$ git cherry-pick d2f08a1bdbWhen npm ls shows a term-size package version >= 2.2.0, edit this file to
remove this step.
$ make test-npm