deps: upgrade npm to 8.9.0

PR-URL: #42968
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>

deps/npm/docs/content/commands/npm-dedupe.md

@@ -147,10 +147,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/commands/npm-find-dupes.md

@@ -87,10 +87,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/commands/npm-install-test.md

@@ -162,10 +162,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/commands/npm-install.md

@@ -552,10 +552,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/commands/npm-link.md

@@ -224,10 +224,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/commands/npm-owner.md

@@ -73,6 +73,52 @@ password, npm will prompt on the command line for one.
 <!-- automatically generated, do not edit manually -->
 <!-- see lib/utils/config/definitions.js -->
 
+#### `workspace`
+
+* Default:
+* Type: String (can be set multiple times)
+
+Enable running a command in the context of the configured workspaces of the
+current project while filtering by running only the workspaces defined by
+this configuration option.
+
+Valid values for the `workspace` config are either:
+
+* Workspace names
+* Path to a workspace directory
+* Path to a parent workspace directory (will result in selecting all
+  workspaces within that folder)
+
+When set for the `npm init` command, this may be set to the folder of a
+workspace which does not yet exist, to create the folder and set it up as a
+brand new workspace within the project.
+
+This value is not exported to the environment for child processes.
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
+#### `workspaces`
+
+* Default: null
+* Type: null or Boolean
+
+Set to true to run the command in the context of **all** configured
+workspaces.
+
+Explicitly setting this to false will cause commands like `install` to
+ignore workspaces altogether. When not set explicitly:
+
+- Commands that operate on the `node_modules` tree (install, update, etc.)
+will link workspaces into the `node_modules` folder. - Commands that do
+other things (test, exec, publish, etc.) will operate on the root project,
+_unless_ one or more workspaces are specified in the `workspace` config.
+
+This value is not exported to the environment for child processes.
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
 <!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
 
 ### See Also

deps/npm/docs/content/commands/npm-pkg.md

@@ -76,6 +76,14 @@ Returned values are always in **json** format.
     npm pkg get contributors[0].email
     ```
 
+    For complex fields you can also name a property in square brackets
+    to specifically select a child field. This is especially helpful
+    with the exports object:
+
+    ```bash
+    npm pkg get "exports[.].require"
+    ```
+
 * `npm pkg set <field>=<value>`
 
     Sets a `value` in your `package.json` based on the `field` value. When

deps/npm/docs/content/commands/npm-update.md

@@ -280,10 +280,6 @@ this warning is treated as a failure.
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/content/using-npm/config.md

@@ -1219,10 +1219,6 @@ The package to install for [`npm exec`](/commands/npm-exec)
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 
-When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use `npm prune`.
-
 This configuration does not affect `npm ci`.
 
 <!-- automatically generated, do not edit manually -->

deps/npm/docs/output/commands/npm-dedupe.html

@@ -253,9 +253,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-find-dupes.html

@@ -210,9 +210,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-install-test.html

@@ -273,9 +273,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-install.html

@@ -599,9 +599,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-link.html

@@ -312,9 +312,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-ls.html

@@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre lang="bash"><code>npm@8.8.0 /path/to/npm
+<pre lang="bash"><code>npm@8.9.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>

deps/npm/docs/output/commands/npm-owner.html

@@ -142,7 +142,7 @@ <h1 id="npm-owner">npm-owner</h1>
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#registry"><code>registry</code></a></li><li><a href="#otp"><code>otp</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#registry"><code>registry</code></a></li><li><a href="#otp"><code>otp</code></a></li><li><a href="#workspace"><code>workspace</code></a></li><li><a href="#workspaces"><code>workspaces</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -198,6 +198,45 @@ <h4 id="otp"><code>otp</code></h4>
 password, npm will prompt on the command line for one.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
+<h4 id="workspace"><code>workspace</code></h4>
+<ul>
+<li>Default:</li>
+<li>Type: String (can be set multiple times)</li>
+</ul>
+<p>Enable running a command in the context of the configured workspaces of the
+current project while filtering by running only the workspaces defined by
+this configuration option.</p>
+<p>Valid values for the <code>workspace</code> config are either:</p>
+<ul>
+<li>Workspace names</li>
+<li>Path to a workspace directory</li>
+<li>Path to a parent workspace directory (will result in selecting all
+workspaces within that folder)</li>
+</ul>
+<p>When set for the <code>npm init</code> command, this may be set to the folder of a
+workspace which does not yet exist, to create the folder and set it up as a
+brand new workspace within the project.</p>
+<p>This value is not exported to the environment for child processes.</p>
+<!-- raw HTML omitted -->
+<!-- raw HTML omitted -->
+<h4 id="workspaces"><code>workspaces</code></h4>
+<ul>
+<li>Default: null</li>
+<li>Type: null or Boolean</li>
+</ul>
+<p>Set to true to run the command in the context of <strong>all</strong> configured
+workspaces.</p>
+<p>Explicitly setting this to false will cause commands like <code>install</code> to
+ignore workspaces altogether. When not set explicitly:</p>
+<ul>
+<li>Commands that operate on the <code>node_modules</code> tree (install, update, etc.)
+will link workspaces into the <code>node_modules</code> folder. - Commands that do
+other things (test, exec, publish, etc.) will operate on the root project,
+<em>unless</em> one or more workspaces are specified in the <code>workspace</code> config.</li>
+</ul>
+<p>This value is not exported to the environment for child processes.</p>
+<!-- raw HTML omitted -->
+<!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h3 id="see-also">See Also</h3>
 <ul>

deps/npm/docs/output/commands/npm-pkg.html

@@ -192,6 +192,11 @@ <h3 id="description">Description</h3>
 contributor in the list, you can run:</p>
 <pre lang="bash"><code>npm pkg get contributors[0].email
 </code></pre>
+<p>For complex fields you can also name a property in square brackets
+to specifically select a child field. This is especially helpful
+with the exports object:</p>
+<pre lang="bash"><code>npm pkg get "exports[.].require"
+</code></pre>
 </li>
 <li>
 <p><code>npm pkg set &lt;field&gt;=&lt;value&gt;</code></p>

deps/npm/docs/output/commands/npm-update.html

@@ -352,9 +352,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm.html

@@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h3 id="version">Version</h3>
-<p>8.8.0</p>
+<p>8.9.0</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/docs/output/using-npm/config.html

@@ -1123,9 +1123,6 @@ <h4 id="package-lock"><code>package-lock</code></h4>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
-<p>When package package-locks are disabled, automatic pruning of extraneous
-modules will also be disabled. To remove extraneous modules with
-package-locks disabled use <code>npm prune</code>.</p>
 <p>This configuration does not affect <code>npm ci</code>.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/lib/commands/doctor.js

@@ -1,5 +1,4 @@
 const cacache = require('cacache')
-const chalk = require('chalk')
 const fs = require('fs')
 const fetch = require('make-fetch-happen')
 const table = require('text-table')
@@ -102,28 +101,19 @@ class Doctor extends BaseCommand {
       messages.push(line)
     }
 
-    const outHead = ['Check', 'Value', 'Recommendation/Notes'].map(
-      !this.npm.color ? h => h : h => chalk.underline(h)
-    )
+    const outHead = ['Check', 'Value', 'Recommendation/Notes'].map(h => this.npm.chalk.underline(h))
     let allOk = true
-    const outBody = messages.map(
-      !this.npm.color
-        ? item => {
-          allOk = allOk && item[1]
-          item[1] = item[1] ? 'ok' : 'not ok'
-          item[2] = String(item[2])
-          return item
-        }
-        : item => {
-          allOk = allOk && item[1]
-          if (!item[1]) {
-            item[0] = chalk.red(item[0])
-            item[2] = chalk.magenta(String(item[2]))
-          }
-          item[1] = item[1] ? chalk.green('ok') : chalk.red('not ok')
-          return item
-        }
-    )
+    const outBody = messages.map(item => {
+      if (!item[1]) {
+        allOk = false
+        item[0] = this.npm.chalk.red(item[0])
+        item[1] = this.npm.chalk.red('not ok')
+        item[2] = this.npm.chalk.magenta(String(item[2]))
+      } else {
+        item[1] = this.npm.chalk.green('ok')
+      }
+      return item
+    })
     const outTable = [outHead, ...outBody]
     const tableOpts = {
       stringLength: s => ansiTrim(s).length,

deps/npm/lib/commands/exec.js

@@ -73,6 +73,9 @@ class Exec extends BaseCommand {
 
     return libexec({
       ...flatOptions,
+      // we explicitly set packageLockOnly to false because if it's true
+      // when we try to install a missing package, we won't actually install it
+      packageLockOnly: false,
       args,
       call,
       localBin,