deps: upgrade npm to 8.1.4

PR-URL: #40865
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

deps/npm/bin/npx-cli.js

@@ -26,7 +26,7 @@ const removed = new Set([
 
 const { definitions, shorthands } = require('../lib/utils/config/index.js')
 const npmSwitches = Object.entries(definitions)
-  .filter(([key, {type}]) => type === Boolean ||
+  .filter(([key, { type }]) => type === Boolean ||
     (Array.isArray(type) && type.includes(Boolean)))
   .map(([key]) => key)
 
@@ -65,9 +65,9 @@ let i
 let sawRemovedFlags = false
 for (i = 3; i < process.argv.length; i++) {
   const arg = process.argv[i]
-  if (arg === '--')
+  if (arg === '--') {
     break
-  else if (/^-/.test(arg)) {
+  } else if (/^-/.test(arg)) {
     const [key, ...v] = arg.replace(/^-+/, '').split('=')
 
     switch (key) {
@@ -87,8 +87,9 @@ for (i = 3; i < process.argv.length; i++) {
         // resolve shorthands and run again
         if (shorthands[key] && !removed.has(key)) {
           const a = [...shorthands[key]]
-          if (v.length)
+          if (v.length) {
             a.push(v.join('='))
+          }
           process.argv.splice(i, 1, ...a)
           i--
           continue
@@ -109,8 +110,9 @@ for (i = 3; i < process.argv.length; i++) {
       if (removed.has(key)) {
         // also remove the value for the cut key.
         process.argv.splice(i + 1, 1)
-      } else
+      } else {
         i++
+      }
     }
   } else {
     // found a positional arg, put -- in front of it, and we're done
@@ -119,7 +121,8 @@ for (i = 3; i < process.argv.length; i++) {
   }
 }
 
-if (sawRemovedFlags)
+if (sawRemovedFlags) {
   console.error('See `npm help exec` for more information')
+}
 
 cli(process)

deps/npm/docs/content/commands/npm-install.md

@@ -58,7 +58,7 @@ into a tarball (b).
 
 * `npm install` (in a package directory, no arguments):
 
-    Install the dependencies in the local `node_modules` folder.
+    Install the dependencies to the local `node_modules` folder.
 
     In global mode (ie, with `-g` or `--global` appended to the command),
     it installs the current package context (ie, the current working

deps/npm/docs/content/using-npm/developers.md

@@ -119,7 +119,9 @@ need to add them to `.npmignore` explicitly:
 * `._*`
 * `.DS_Store`
 * `.git`
+* `.gitignore`
 * `.hg`
+* `.npmignore`
 * `.npmrc`
 * `.lock-wscript`
 * `.svn`

deps/npm/docs/output/commands/npm-access.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-access</title>
 <style>
 body {
@@ -181,7 +182,7 @@ <h3 id="description">Description</h3>
 <li>
 <p>ls-packages:
 Show all of the packages a user or a team is able to access, along with the
-access level, except for read-only public packages (it won’t print the whole
+access level, except for read-only public packages (it won't print the whole
 registry listing)</p>
 </li>
 <li>
@@ -209,7 +210,7 @@ <h3 id="details">Details</h3>
 <li>You have been given read-write privileges for a package, either as a member
 of a team or directly as an owner.</li>
 </ul>
-<p>If you have two-factor authentication enabled then you’ll be prompted to
+<p>If you have two-factor authentication enabled then you'll be prompted to
 provide an otp token, or may use the <code>--otp=...</code> option to specify it on
 the command line.</p>
 <p>If your account is not paid, then attempts to publish scoped packages will
@@ -222,7 +223,7 @@ <h3 id="configuration">Configuration</h3>
 <!-- raw HTML omitted -->
 <h4 id="registry"><code>registry</code></h4>
 <ul>
-<li>Default: “<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>”</li>
+<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
 <li>Type: URL</li>
 </ul>
 <p>The base URL of the npm registry.</p>
@@ -233,7 +234,7 @@ <h4 id="otp"><code>otp</code></h4>
 <li>Default: null</li>
 <li>Type: null or String</li>
 </ul>
-<p>This is a one-time password from a two-factor authenticator. It’s needed
+<p>This is a one-time password from a two-factor authenticator. It's needed
 when publishing or changing package permissions with <code>npm access</code>.</p>
 <p>If not set, and a registry response fails with a challenge for a one-time
 password, npm will prompt on the command line for one.</p>

deps/npm/docs/output/commands/npm-adduser.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-adduser</title>
 <style>
 body {
@@ -168,15 +169,15 @@ <h3 id="configuration">Configuration</h3>
 <!-- raw HTML omitted -->
 <h4 id="registry"><code>registry</code></h4>
 <ul>
-<li>Default: “<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>”</li>
+<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
 <li>Type: URL</li>
 </ul>
 <p>The base URL of the npm registry.</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h4 id="scope"><code>scope</code></h4>
 <ul>
-<li>Default: the scope of the current project, if any, or “”</li>
+<li>Default: the scope of the current project, if any, or ""</li>
 <li>Type: String</li>
 </ul>
 <p>Associate an operation with a scope for a scoped registry.</p>

deps/npm/docs/output/commands/npm-audit.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-audit</title>
 <style>
 body {
@@ -159,13 +160,13 @@ <h3 id="description">Description</h3>
 <p>The command will exit with a 0 exit code if no vulnerabilities were found.</p>
 <p>Note that some vulnerabilities cannot be fixed automatically and will
 require manual intervention or review.  Also note that since <code>npm audit fix</code> runs a full-fledged <code>npm install</code> under the hood, all configs that
-apply to the installer will also apply to <code>npm install</code> – so things like
+apply to the installer will also apply to <code>npm install</code> -- so things like
 <code>npm audit fix --package-lock-only</code> will work as expected.</p>
 <p>By default, the audit command will exit with a non-zero code if any
 vulnerability is found. It may be useful in CI environments to include the
 <code>--audit-level</code> parameter to specify the minimum vulnerability level that
 will cause the command to fail. This option does not filter the report
-output, it simply changes the command’s failure threshold.</p>
+output, it simply changes the command's failure threshold.</p>
 <h3 id="audit-endpoints">Audit Endpoints</h3>
 <p>There are two audit endpoints that npm may use to fetch vulnerability
 information: the <code>Bulk Advisory</code> endpoint and the <code>Quick Audit</code> endpoint.</p>
@@ -203,7 +204,7 @@ <h4 id="quick-audit-endpoint">Quick Audit Endpoint</h4>
 <p>All packages in the tree are submitted to the Quick Audit endpoint.
 Omitted dependency types are skipped when generating the report.</p>
 <h4 id="scrubbing">Scrubbing</h4>
-<p>Out of an abundance of caution, npm versions 5 and 6 would “scrub” any
+<p>Out of an abundance of caution, npm versions 5 and 6 would "scrub" any
 packages from the submitted report if their name contained a <code>/</code> character,
 so as to avoid leaking the names of potentially private packages or git
 URLs.</p>
@@ -215,12 +216,12 @@ <h4 id="scrubbing">Scrubbing</h4>
 <h4 id="calculating-meta-vulnerabilities-and-remediations">Calculating Meta-Vulnerabilities and Remediations</h4>
 <p>npm uses the
 <a href="http://npm.im/@npmcli/metavuln-calculator"><code>@npmcli/metavuln-calculator</code></a>
-module to turn a set of security advisories into a set of “vulnerability”
-objects.  A “meta-vulnerability” is a dependency that is vulnerable by
+module to turn a set of security advisories into a set of "vulnerability"
+objects.  A "meta-vulnerability" is a dependency that is vulnerable by
 virtue of dependence on vulnerable versions of a vulnerable package.</p>
 <p>For example, if the package <code>foo</code> is vulnerable in the range <code>&gt;=1.0.2 &lt;2.0.0</code>, and the package <code>bar</code> depends on <code>foo@^1.1.0</code>, then that version
 of <code>bar</code> can only be installed by installing a vulnerable version of <code>foo</code>.
-In this case, <code>bar</code> is a “metavulnerability”.</p>
+In this case, <code>bar</code> is a "metavulnerability".</p>
 <p>Once metavulnerabilities for a given package are calculated, they are
 cached in the <code>~/.npm</code> folder and only re-evaluated if the advisory range
 changes, or a new version of the package is published (in which case, the
@@ -275,7 +276,7 @@ <h3 id="configuration">Configuration</h3>
 <h4 id="audit-level"><code>audit-level</code></h4>
 <ul>
 <li>Default: null</li>
-<li>Type: null, “info”, “low”, “moderate”, “high”, “critical”, or “none”</li>
+<li>Type: null, "info", "low", "moderate", "high", "critical", or "none"</li>
 </ul>
 <p>The minimum level of vulnerability for <code>npm audit</code> to exit with a non-zero
 exit code.</p>
@@ -286,7 +287,7 @@ <h4 id="dry-run"><code>dry-run</code></h4>
 <li>Default: false</li>
 <li>Type: Boolean</li>
 </ul>
-<p>Indicates that you don’t want npm to make any changes and that it should
+<p>Indicates that you don't want npm to make any changes and that it should
 only report what it would have done. This can be passed into any of the
 commands that modify your local installation, eg, <code>install</code>, <code>update</code>,
 <code>dedupe</code>, <code>uninstall</code>, as well as <code>pack</code> and <code>publish</code>.</p>
@@ -316,7 +317,7 @@ <h4 id="force"><code>force</code></h4>
 <li>Implicitly set <code>--yes</code> during <code>npm init</code>.</li>
 <li>Allow clobbering existing values in <code>npm pkg</code></li>
 </ul>
-<p>If you don’t have a clear idea of what you want to do, it is strongly
+<p>If you don't have a clear idea of what you want to do, it is strongly
 recommended that you do not use this option!</p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
@@ -348,9 +349,9 @@ <h4 id="package-lock-only"><code>package-lock-only</code></h4>
 <!-- raw HTML omitted -->
 <h4 id="omit"><code>omit</code></h4>
 <ul>
-<li>Default: ‘dev’ if the <code>NODE_ENV</code> environment variable is set to
-‘production’, otherwise empty.</li>
-<li>Type: “dev”, “optional”, or “peer” (can be set multiple times)</li>
+<li>Default: 'dev' if the <code>NODE_ENV</code> environment variable is set to
+'production', otherwise empty.</li>
+<li>Type: "dev", "optional", or "peer" (can be set multiple times)</li>
 </ul>
 <p>Dependency types to omit from the installation tree on disk.</p>
 <p>Note that these dependencies <em>are</em> still resolved and added to the

deps/npm/docs/output/commands/npm-bin.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-bin</title>
 <style>
 body {
@@ -159,7 +160,7 @@ <h4 id="global"><code>global</code></h4>
 <li>Default: false</li>
 <li>Type: Boolean</li>
 </ul>
-<p>Operates in “global” mode, so that packages are installed into the <code>prefix</code>
+<p>Operates in "global" mode, so that packages are installed into the <code>prefix</code>
 folder instead of the current working directory. See
 <a href="../configuring-npm/folders.html">folders</a> for more on the differences in behavior.</p>
 <ul>

deps/npm/docs/output/commands/npm-bugs.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-bugs</title>
 <style>
 body {
@@ -150,7 +151,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 aliases: issues
 </code></pre>
 <h3 id="description">Description</h3>
-<p>This command tries to guess at the likely location of a package’s bug
+<p>This command tries to guess at the likely location of a package's bug
 tracker URL or the <code>mailto</code> URL of the support email, and then tries to
 open it using the <code>--browser</code> config param. If no package name is provided, it
 will search for a <code>package.json</code> in the current folder and use the <code>name</code> property.</p>
@@ -171,7 +172,7 @@ <h4 id="browser"><code>browser</code></h4>
 <!-- raw HTML omitted -->
 <h4 id="registry"><code>registry</code></h4>
 <ul>
-<li>Default: “<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>”</li>
+<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
 <li>Type: URL</li>
 </ul>
 <p>The base URL of the npm registry.</p>

deps/npm/docs/output/commands/npm-cache.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-cache</title>
 <style>
 body {
@@ -141,7 +142,7 @@ <h1 id="npm-cache">npm-cache</h1>
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#details">Details</a></li><li><a href="#a-note-about-the-caches-design">A note about the cache’s design</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#cache"><code>cache</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#details">Details</a></li><li><a href="#a-note-about-the-caches-design">A note about the cache's design</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#cache"><code>cache</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -168,7 +169,7 @@ <h3 id="description">Description</h3>
 <li>
 <p>clean:
 Delete all data out of the cache folder.  Note that this is typically
-unnecessary, as npm’s cache is self-healing and resistant to data
+unnecessary, as npm's cache is self-healing and resistant to data
 corruption issues.</p>
 </li>
 <li>
@@ -195,7 +196,7 @@ <h3 id="details">Details</h3>
 used directly.</p>
 <p>npm will not remove data by itself: the cache will grow as new packages are
 installed.</p>
-<h3 id="a-note-about-the-caches-design">A note about the cache’s design</h3>
+<h3 id="a-note-about-the-caches-design">A note about the cache's design</h3>
 <p>The npm cache is strictly a cache: it should not be relied upon as a
 persistent and reliable data store for package data. npm makes no guarantee
 that a previously-cached piece of data will be available later, and will
@@ -212,7 +213,7 @@ <h4 id="cache"><code>cache</code></h4>
 <li>Default: Windows: <code>%LocalAppData%\npm-cache</code>, Posix: <code>~/.npm</code></li>
 <li>Type: Path</li>
 </ul>
-<p>The location of npm’s cache directory. See <a href="../commands/npm-cache.html"><code>npm cache</code></a></p>
+<p>The location of npm's cache directory. See <a href="../commands/npm-cache.html"><code>npm cache</code></a></p>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->

deps/npm/docs/output/commands/npm-ci.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-ci</title>
 <style>
 body {
@@ -149,9 +150,9 @@ <h2 id="table-of-contents">Table of contents</h2>
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This command is similar to <a href="../commands/npm-install.html"><code>npm install</code></a>, except
-it’s meant to be used in automated environments such as test platforms,
-continuous integration, and deployment – or any situation where you want
-to make sure you’re doing a clean install of your dependencies.</p>
+it's meant to be used in automated environments such as test platforms,
+continuous integration, and deployment -- or any situation where you want
+to make sure you're doing a clean install of your dependencies.</p>
 <p><code>npm ci</code> will be significantly faster when:</p>
 <ul>
 <li>There is a <code>package-lock.json</code> or <code>npm-shrinkwrap.json</code> file.</li>
@@ -199,7 +200,7 @@ <h4 id="audit"><code>audit</code></h4>
 <li>Default: true</li>
 <li>Type: Boolean</li>
 </ul>
-<p>When “true” submit audit reports alongside the current npm command to the
+<p>When "true" submit audit reports alongside the current npm command to the
 default registry and all registries configured for scopes. See the
 documentation for <a href="../commands/npm-audit.html"><code>npm audit</code></a> for details on what is
 submitted.</p>
@@ -219,7 +220,7 @@ <h4 id="ignore-scripts"><code>ignore-scripts</code></h4>
 <!-- raw HTML omitted -->
 <h4 id="script-shell"><code>script-shell</code></h4>
 <ul>
-<li>Default: ‘/bin/sh’ on POSIX systems, ‘cmd.exe’ on Windows</li>
+<li>Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows</li>
 <li>Type: null or String</li>
 </ul>
 <p>The shell to use for scripts run with the <code>npm exec</code>, <code>npm run</code> and <code>npm init &lt;pkg&gt;</code> commands.</p>

deps/npm/docs/output/commands/npm-completion.html

@@ -1,4 +1,5 @@
-<html><head>
+<!DOCTYPE html><html><head>
+<meta charset="utf-8">
 <title>npm-completion</title>
 <style>
 body {
@@ -162,7 +163,7 @@ <h3 id="description">Description</h3>
 <code>/etc/bash_completion.d/npm</code> if you have a system that will read
 that file for you.</p>
 <p>When <code>COMP_CWORD</code>, <code>COMP_LINE</code>, and <code>COMP_POINT</code> are defined in the
-environment, <code>npm completion</code> acts in “plumbing mode”, and outputs
+environment, <code>npm completion</code> acts in "plumbing mode", and outputs
 completions based on the arguments.</p>
 <h3 id="see-also">See Also</h3>
 <ul>