deps: upgrade npm to 9.1.3

PR-URL: #45693 Backport-PR-URL: #46230 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruy Adorno <ruyadorno@google.com>
nodejs · Jan 22, 2023 · 4844935 · 4844935
1 parent 8dce62c
commit 4844935
Show file tree

Hide file tree

Showing 848 changed files with 47,132 additions and 26,227 deletions.
diff --git a/deps/npm/README.md b/deps/npm/README.md
@@ -9,9 +9,9 @@
 
 One of the following versions of [Node.js](https://nodejs.org/en/download/) must be installed to run **`npm`**:
 
-* `12.x.x` >= `12.13.0`
-* `14.x.x` >= `14.15.0`
-* `16.0.0` or higher
+* `14.x.x` >= `14.17.0`
+* `16.x.x` >= `16.13.0`
+* `18.0.0` or higher
 
 ### Installation
 

diff --git a/deps/npm/bin/npx-cli.js b/deps/npm/bin/npx-cli.js
@@ -98,6 +98,7 @@ for (i = 3; i < process.argv.length; i++) {
     }
 
     if (removed.has(key)) {
+      // eslint-disable-next-line no-console
       console.error(`npx: the --${key} argument has been removed.`)
       sawRemovedFlags = true
       process.argv.splice(i, 1)
@@ -122,6 +123,7 @@ for (i = 3; i < process.argv.length; i++) {
 }
 
 if (sawRemovedFlags) {
+  // eslint-disable-next-line no-console
   console.error('See `npm help exec` for more information')
 }
 

diff --git a/deps/npm/docs/README.md b/deps/npm/docs/README.md
@@ -0,0 +1,5 @@
+# docs
+
+[![CI - docs](https://github.com/npm/cli/actions/workflows/ci-docs.yml/badge.svg)](https://github.com/npm/cli/actions/workflows/ci-docs.yml)
+
+Scripts to build the npm docs.
diff --git a/deps/npm/docs/content/commands/npm-access.md b/deps/npm/docs/content/commands/npm-access.md
@@ -7,15 +7,13 @@ description: Set access level on published packages
 ### Synopsis
 
 ```bash
-npm access public [<package>]
-npm access restricted [<package>]
+npm access list packages [<user>|<scope>|<scope:team> [<package>]
+npm access list collaborators [<package> [<user>]]
+npm access get status [<package>]
+npm access set status=public|private [<package>]
+npm access set mfa=none|publish|automation [<package>]
 npm access grant <read-only|read-write> <scope:team> [<package>]
 npm access revoke <scope:team> [<package>]
-npm access 2fa-required [<package>]
-npm access 2fa-not-required [<package>]
-npm access ls-packages [<user>|<scope>|<scope:team>]
-npm access ls-collaborators [<package> [<user>]]
-npm access edit [<package>]
 ```
 
 ### Description
@@ -79,12 +77,17 @@ Management of teams and team memberships is done with the `npm team` command.
 
 ### Configuration
 
-#### `registry`
+#### `json`
 
-* Default: "https://registry.npmjs.org/"
-* Type: URL
+* Default: false
+* Type: Boolean
 
-The base URL of the npm registry.
+Whether or not to output JSON data, rather than the normal output.
+
+* In `npm pkg set` it enables parsing set values with JSON.parse() before
+  saving them to your `package.json`.
+
+Not supported by all npm commands.
 
 #### `otp`
 
@@ -97,6 +100,13 @@ when publishing or changing package permissions with `npm access`.
 If not set, and a registry response fails with a challenge for a one-time
 password, npm will prompt on the command line for one.
 
+#### `registry`
+
+* Default: "https://registry.npmjs.org/"
+* Type: URL
+
+The base URL of the npm registry.
+
 ### See Also
 
 * [`libnpmaccess`](https://npm.im/libnpmaccess)

diff --git a/deps/npm/docs/content/commands/npm-adduser.md b/deps/npm/docs/content/commands/npm-adduser.md
@@ -9,29 +9,19 @@ description: Add a registry user account
 ```bash
 npm adduser
 
-aliases: login, add-user
+alias: add-user
 ```
 
 Note: This command is unaware of workspaces.
 
 ### Description
 
-Create or verify a user named `<username>` in the specified registry, and
-save the credentials to the `.npmrc` file. If no registry is specified,
-the default registry will be used (see [`config`](/using-npm/config)).
+Create a new user in the specified registry, and save the credentials to
+the `.npmrc` file. If no registry is specified, the default registry
+will be used (see [`registry`](/using-npm/registry)).
 
-The username, password, and email are read in from prompts.
-
-To reset your password, go to <https://www.npmjs.com/forgot>
-
-To change your email address, go to <https://www.npmjs.com/email-edit>
-
-You may use this command multiple times with the same user account to
-authorize on a new machine.  When authenticating on a new machine,
-the username, password and email address must all match with
-your existing record.
-
-`npm login` is an alias to `adduser` and behaves exactly the same way.
+When using `legacy` for your `auth-type`, the username, password, and
+email are read in from prompts.
 
 ### Configuration
 
@@ -74,11 +64,8 @@ npm init --scope=@foo --yes
 
 #### `auth-type`
 
-* Default: "legacy"
-* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
-NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
-removed in a future version.
+* Default: "web"
+* Type: "legacy" or "web"
 
 What authentication strategy to use with `login`.
 

diff --git a/deps/npm/docs/content/commands/npm-audit.md b/deps/npm/docs/content/commands/npm-audit.md
@@ -100,9 +100,9 @@ the path `/-/npm/v1/security/advisories/bulk`.
 
 Any packages in the tree that do not have a `version` field in their
 package.json file will be ignored.  If any `--omit` options are specified
-(either via the `--omit` config, or one of the shorthands such as
-`--production`, `--only=dev`, and so on), then packages will be omitted
-from the submitted payload as appropriate.
+(either via the [`--omit` config](/using-npm/config#omit), or one of the
+shorthands such as `--production`, `--only=dev`, and so on), then packages will
+be omitted from the submitted payload as appropriate.
 
 If the registry responds with an error, or with an invalid response, then
 npm will attempt to load advisory data from the `Quick Audit` endpoint.
@@ -179,7 +179,7 @@ vulnerabilities are found _or_ if the remediation is able to successfully
 fix all vulnerabilities.
 
 If vulnerabilities were found the exit code will depend on the
-`audit-level` configuration setting.
+[`audit-level` config](/using-npm/config#audit-level).
 
 ### Examples
 
@@ -408,12 +408,12 @@ This value is not exported to the environment for child processes.
 
 #### `install-links`
 
-* Default: false
+* Default: true
 * Type: Boolean
 
-When set file: protocol dependencies that exist outside of the project root
-will be packed and installed as regular dependencies instead of creating a
-symlink. This option has no effect on workspaces.
+When set file: protocol dependencies will be packed and installed as regular
+dependencies instead of creating a symlink. This option has no effect on
+workspaces.
 
 ### See Also
 

diff --git a/deps/npm/docs/content/commands/npm-bin.md b/deps/npm/docs/content/commands/npm-bin.md
diff --git a/deps/npm/docs/content/commands/npm-bugs.md b/deps/npm/docs/content/commands/npm-bugs.md
@@ -16,8 +16,9 @@ alias: issues
 
 This command tries to guess at the likely location of a package's bug
 tracker URL or the `mailto` URL of the support email, and then tries to
-open it using the `--browser` config param. If no package name is provided, it
-will search for a `package.json` in the current folder and use the `name` property.
+open it using the [`--browser` config](/using-npm/config#browser) param. If no
+package name is provided, it will search for a `package.json` in the current
+folder and use the `name` property.
 
 ### Configuration
 

diff --git a/deps/npm/docs/content/commands/npm-cache.md b/deps/npm/docs/content/commands/npm-cache.md
@@ -75,8 +75,7 @@ verify`.
 * Default: Windows: `%LocalAppData%\npm-cache`, Posix: `~/.npm`
 * Type: Path
 
-The location of npm's cache directory. See [`npm
-cache`](/commands/npm-cache)
+The location of npm's cache directory.
 
 ### See Also
 

diff --git a/deps/npm/docs/content/commands/npm-ci.md b/deps/npm/docs/content/commands/npm-ci.md
@@ -106,27 +106,39 @@ folder instead of the current working directory. See
 * bin files are linked to `{prefix}/bin`
 * man pages are linked to `{prefix}/share/man`
 
-#### `global-style`
+#### `install-strategy`
+
+* Default: "hoisted"
+* Type: "hoisted", "nested", or "shallow"
+
+Sets the strategy for installing packages in node_modules. hoisted
+(default): Install non-duplicated in top-level, and duplicated as necessary
+within directory structure. nested: (formerly --legacy-bundling) install in
+place, no hoisting. shallow (formerly --global-style) only install direct
+deps at top-level. linked: (coming soon) install in node_modules/.store,
+link in place, unhoisted.
+
+#### `legacy-bundling`
 
 * Default: false
 * Type: Boolean
+* DEPRECATED: This option has been deprecated in favor of
+  `--install-strategy=nested`
 
-Causes npm to install the package into your local `node_modules` folder with
-the same layout it uses with the global `node_modules` folder. Only your
-direct dependencies will show in `node_modules` and everything they depend
-on will be flattened in their `node_modules` folders. This obviously will
-eliminate some deduping. If used with `legacy-bundling`, `legacy-bundling`
-will be preferred.
+Instead of hoisting package installs in `node_modules`, install packages in
+the same manner that they are depended on. This may cause very deep
+directory structures and duplicate package installs as there is no
+de-duplicating. Sets `--install-strategy=nested`.
 
-#### `legacy-bundling`
+#### `global-style`
 
 * Default: false
 * Type: Boolean
+* DEPRECATED: This option has been deprecated in favor of
+  `--install-strategy=shallow`
 
-Causes npm to install the package such that versions of npm prior to 1.4,
-such as the one included with node 0.8, can install the package. This
-eliminates all automatic deduping. If used with `global-style` this option
-will be preferred.
+Only install direct dependencies in the top level `node_modules`, but hoist
+on deeper dependendencies. Sets `--install-strategy=shallow`.
 
 #### `omit`
 
@@ -298,12 +310,12 @@ This value is not exported to the environment for child processes.
 
 #### `install-links`
 
-* Default: false
+* Default: true
 * Type: Boolean
 
-When set file: protocol dependencies that exist outside of the project root
-will be packed and installed as regular dependencies instead of creating a
-symlink. This option has no effect on workspaces.
+When set file: protocol dependencies will be packed and installed as regular
+dependencies instead of creating a symlink. This option has no effect on
+workspaces.
 
 ### See Also
 

diff --git a/deps/npm/docs/content/commands/npm-config.md b/deps/npm/docs/content/commands/npm-config.md
@@ -12,6 +12,7 @@ npm config get [<key> [<key> ...]]
 npm config delete <key> [<key> ...]
 npm config list [--json]
 npm config edit
+npm config fix
 
 alias: c
 ```
@@ -26,7 +27,7 @@ variables, `npmrc` files, and in some cases, the `package.json` file.
 See [npmrc](/configuring-npm/npmrc) for more information about the npmrc
 files.
 
-See [config(7)](/using-npm/config) for a more thorough explanation of the
+See [config](/using-npm/config) for a more thorough explanation of the
 mechanisms involved, and a full list of config options available.
 
 The `npm config` command can be used to update and edit the contents
@@ -91,6 +92,16 @@ npm config edit
 Opens the config file in an editor.  Use the `--global` flag to edit the
 global config.
 
+#### fix
+
+```bash
+npm config fix
+```
+
+Attempts to repair invalid configuration items.  Usually this means
+attaching authentication config (i.e. `_auth`, `_authToken`) to the
+configured `registry`.
+
 ### Configuration
 
 #### `json`
@@ -121,8 +132,8 @@ folder instead of the current working directory. See
 
 #### `editor`
 
-* Default: The EDITOR or VISUAL environment variables, or 'notepad.exe' on
-  Windows, or 'vim' on Unix systems
+* Default: The EDITOR or VISUAL environment variables, or
+  '%SYSTEMROOT%\notepad.exe' on Windows, or 'vi' on Unix systems
 * Type: String
 
 The command to run for `npm edit` and `npm config edit`.