diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md
index b0231662f69309..5b4acf187f7772 100644
--- a/deps/npm/docs/content/configuring-npm/package-json.md
+++ b/deps/npm/docs/content/configuring-npm/package-json.md
@@ -873,7 +873,7 @@ be found or fails to install, then you may put it in the
 `optionalDependencies` object.  This is a map of package name to version or
 url, just like the `dependencies` object.  The difference is that build
 failures do not cause installation to fail.  Running `npm install
---no-optional` will prevent these dependencies from being installed.
+--omit=optional` will prevent these dependencies from being installed.
 
 It is still your program's responsibility to handle the lack of the
 dependency.  For example, something like this:
diff --git a/deps/npm/docs/content/using-npm/dependency-selectors.md b/deps/npm/docs/content/using-npm/dependency-selectors.md
index 45febf7cc7300b..c96057c798ef5c 100644
--- a/deps/npm/docs/content/using-npm/dependency-selectors.md
+++ b/deps/npm/docs/content/using-npm/dependency-selectors.md
@@ -54,7 +54,7 @@ The [`npm query`](/commands/npm-query) commmand exposes a new dependency selecto
 - [`:private`](https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private) when a dependency is private
 - `:link` when a dependency is linked (for instance, workspaces or packages manually [`linked`](https://docs.npmjs.com/cli/v8/commands/npm-link)
 - `:deduped` when a dependency has been deduped (note that this does *not* always mean the dependency has been hoisted to the root of node_modules)
-- `:override` when a dependency is an override (not implemented yet)
+- `:overridden` when a dependency has been overridden
 - `:extraneous` when a dependency exists but is not defined as a dependency of any node
 - `:invalid` when a dependency version is out of its ancestors specified range
 - `:missing` when a dependency is not found on disk
diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html
index 08c482c12d004e..f3fb8f05d85033 100644
--- a/deps/npm/docs/output/commands/npm-ls.html
+++ b/deps/npm/docs/output/commands/npm-ls.html
@@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre lang="bash"><code>npm@8.17.0 /path/to/npm
+<pre lang="bash"><code>npm@8.18.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 52362923750ab4..4c1f2a53ebacbe 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h3 id="version">Version</h3>
-<p>8.17.0</p>
+<p>8.18.0</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html
index 2b1240ebee9124..7fdc03e3eaf5aa 100644
--- a/deps/npm/docs/output/configuring-npm/package-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-json.html
@@ -803,7 +803,7 @@ <h3 id="optionaldependencies">optionalDependencies</h3>
 be found or fails to install, then you may put it in the
 <code>optionalDependencies</code> object.  This is a map of package name to version or
 url, just like the <code>dependencies</code> object.  The difference is that build
-failures do not cause installation to fail.  Running <code>npm install --no-optional</code> will prevent these dependencies from being installed.</p>
+failures do not cause installation to fail.  Running <code>npm install --omit=optional</code> will prevent these dependencies from being installed.</p>
 <p>It is still your program's responsibility to handle the lack of the
 dependency.  For example, something like this:</p>
 <pre lang="js"><code>try {
diff --git a/deps/npm/docs/output/using-npm/dependency-selectors.html b/deps/npm/docs/output/using-npm/dependency-selectors.html
index af8b766ceba2d7..e19499207dae74 100644
--- a/deps/npm/docs/output/using-npm/dependency-selectors.html
+++ b/deps/npm/docs/output/using-npm/dependency-selectors.html
@@ -194,7 +194,7 @@ <h4 id="pseudo-selectors">Pseudo Selectors</h4>
 <li><a href="https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private"><code>:private</code></a> when a dependency is private</li>
 <li><code>:link</code> when a dependency is linked (for instance, workspaces or packages manually <a href="https://docs.npmjs.com/cli/v8/commands/npm-link"><code>linked</code></a></li>
 <li><code>:deduped</code> when a dependency has been deduped (note that this does <em>not</em> always mean the dependency has been hoisted to the root of node_modules)</li>
-<li><code>:override</code> when a dependency is an override (not implemented yet)</li>
+<li><code>:overridden</code> when a dependency has been overridden</li>
 <li><code>:extraneous</code> when a dependency exists but is not defined as a dependency of any node</li>
 <li><code>:invalid</code> when a dependency version is out of its ancestors specified range</li>
 <li><code>:missing</code> when a dependency is not found on disk</li>
diff --git a/deps/npm/lib/commands/explain.js b/deps/npm/lib/commands/explain.js
index c0ef04548a4ed3..a06ad24152a1e4 100644
--- a/deps/npm/lib/commands/explain.js
+++ b/deps/npm/lib/commands/explain.js
@@ -59,7 +59,7 @@ class Explain extends ArboristWorkspaceCmd {
 
     const expls = []
     for (const node of nodes) {
-      const { extraneous, dev, optional, devOptional, peer, inBundle } = node
+      const { extraneous, dev, optional, devOptional, peer, inBundle, overridden } = node
       const expl = node.explain()
       if (extraneous) {
         expl.extraneous = true
@@ -69,6 +69,7 @@ class Explain extends ArboristWorkspaceCmd {
         expl.devOptional = devOptional
         expl.peer = peer
         expl.bundled = inBundle
+        expl.overridden = overridden
       }
       expls.push(expl)
     }
diff --git a/deps/npm/lib/commands/ls.js b/deps/npm/lib/commands/ls.js
index 073ca0c6992e83..6812c3923787e2 100644
--- a/deps/npm/lib/commands/ls.js
+++ b/deps/npm/lib/commands/ls.js
@@ -329,6 +329,11 @@ const getHumanOutputItem = (node, { args, color, global, long }) => {
         ? ' ' + (color ? chalk.green.bgBlack('extraneous') : 'extraneous')
         : ''
     ) +
+    (
+      node.overridden
+        ? ' ' + (color ? chalk.gray('overridden') : 'overridden')
+        : ''
+    ) +
     (isGitNode(node) ? ` (${node.resolved})` : '') +
     (node.isLink ? ` -> ${relativePrefix}${targetLocation}` : '') +
     (long ? `${EOL}${node.package.description || ''}` : '')
@@ -347,6 +352,13 @@ const getJsonOutputItem = (node, { global, long }) => {
     item.resolved = node.resolved
   }
 
+  // if the node is the project root, do not add the overridden flag. the project root can't be
+  // overridden anyway, and if we add the flag it causes undesirable behavior when `npm ls --json`
+  // is ran in an empty directory since we end up printing an object with only an overridden prop
+  if (!node.isProjectRoot) {
+    item.overridden = node.overridden
+  }
+
   item[_name] = node.name
 
   // special formatting for top-level package name
@@ -555,6 +567,7 @@ const parseableOutput = ({ global, long, seenNodes }) => {
         out += node.path !== node.realpath ? `:${node.realpath}` : ''
         out += isExtraneous(node, { global }) ? ':EXTRANEOUS' : ''
         out += node[_invalid] ? ':INVALID' : ''
+        out += node.overridden ? ':OVERRIDDEN' : ''
       }
       out += EOL
     }
diff --git a/deps/npm/lib/commands/query.js b/deps/npm/lib/commands/query.js
index 60294acaf4a68f..231329b19b5c83 100644
--- a/deps/npm/lib/commands/query.js
+++ b/deps/npm/lib/commands/query.js
@@ -20,6 +20,7 @@ class QuerySelectorItem {
     this.dev = node.target.dev
     this.inBundle = node.target.inBundle
     this.deduped = this.from.length > 1
+    this.overridden = node.overridden
     for (const edge of node.target.edgesIn) {
       this.from.push(edge.from.location)
     }
diff --git a/deps/npm/lib/utils/explain-dep.js b/deps/npm/lib/utils/explain-dep.js
index 107f68549ef1db..cd53a2269640e6 100644
--- a/deps/npm/lib/utils/explain-dep.js
+++ b/deps/npm/lib/utils/explain-dep.js
@@ -8,6 +8,7 @@ const nocolor = {
   magenta: s => s,
   blue: s => s,
   green: s => s,
+  gray: s => s,
 }
 
 const { relative } = require('path')
@@ -18,13 +19,14 @@ const explainNode = (node, depth, color) =>
   explainLinksIn(node, depth, color)
 
 const colorType = (type, color) => {
-  const { red, yellow, cyan, magenta, blue, green } = color ? chalk : nocolor
+  const { red, yellow, cyan, magenta, blue, green, gray } = color ? chalk : nocolor
   const style = type === 'extraneous' ? red
     : type === 'dev' ? yellow
     : type === 'optional' ? cyan
     : type === 'peer' ? magenta
     : type === 'bundled' ? blue
     : type === 'workspace' ? green
+    : type === 'overridden' ? gray
     : /* istanbul ignore next */ s => s
   return style(type)
 }
@@ -40,6 +42,7 @@ const printNode = (node, color) => {
     peer,
     bundled,
     isWorkspace,
+    overridden,
   } = node
   const { bold, dim, green } = color ? chalk : nocolor
   const extra = []
@@ -63,6 +66,10 @@ const printNode = (node, color) => {
     extra.push(' ' + bold(colorType('bundled', color)))
   }
 
+  if (overridden) {
+    extra.push(' ' + bold(colorType('overridden', color)))
+  }
+
   const pkgid = isWorkspace
     ? green(`${name}@${version}`)
     : `${bold(name)}@${bold(version)}`
@@ -112,11 +119,15 @@ const explainDependents = ({ name, dependents }, depth, color) => {
   return str.split('\n').join('\n  ')
 }
 
-const explainEdge = ({ name, type, bundled, from, spec }, depth, color) => {
+const explainEdge = ({ name, type, bundled, from, spec, rawSpec, overridden }, depth, color) => {
   const { bold } = color ? chalk : nocolor
-  const dep = type === 'workspace'
+  let dep = type === 'workspace'
     ? bold(relative(from.location, spec.slice('file:'.length)))
     : `${bold(name)}@"${bold(spec)}"`
+  if (overridden) {
+    dep = `${colorType('overridden', color)} ${dep} (was "${rawSpec}")`
+  }
+
   const fromMsg = ` from ${explainFrom(from, depth, color)}`
 
   return (type === 'prod' ? '' : `${colorType(type, color)} `) +
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index c67ea5cc40ec91..978ecaeabe0f6f 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@8\.17\.0 /path/to/npm
+npm@8\.18\.0 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 04133f580704fb..f33103ee0a8ee5 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -4,7 +4,7 @@
 .SS Synopsis
 .SS Version
 .P
-8\.17\.0
+8\.18\.0
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index d4f9723112b166..7b4480fcc5522c 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -969,7 +969,7 @@ be found or fails to install, then you may put it in the
 \fBoptionalDependencies\fP object\.  This is a map of package name to version or
 url, just like the \fBdependencies\fP object\.  The difference is that build
 failures do not cause installation to fail\.  Running \fBnpm install
-\-\-no\-optional\fP will prevent these dependencies from being installed\.
+\-\-omit=optional\fP will prevent these dependencies from being installed\.
 .P
 It is still your program's responsibility to handle the lack of the
 dependency\.  For example, something like this:
diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7
index e885790641d410..d6f53f4f4e61a7 100644
--- a/deps/npm/man/man7/dependency-selectors.7
+++ b/deps/npm/man/man7/dependency-selectors.7
@@ -87,7 +87,7 @@ the term "dependencies" is in reference to any \fBNode\fP found in a \fBtree\fP
 .IP \(bu 2
 \fB:deduped\fP when a dependency has been deduped (note that this does \fInot\fR always mean the dependency has been hoisted to the root of node_modules)
 .IP \(bu 2
-\fB:override\fP when a dependency is an override (not implemented yet)
+\fB:overridden\fP when a dependency has been overridden
 .IP \(bu 2
 \fB:extraneous\fP when a dependency exists but is not defined as a dependency of any node
 .IP \(bu 2
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
index be973565750a1d..8ec90ff3c8495a 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
@@ -334,6 +334,10 @@ class Node {
     return `${myname}@${alias}${version}`
   }
 
+  get overridden () {
+    return !!(this.overrides && this.overrides.value && this.overrides.name === this.name)
+  }
+
   get package () {
     return this[_package]
   }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
index 6c540dea3c872e..a3eac5ddc12389 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
@@ -262,6 +262,10 @@ class Results {
       !internalSelector.has(node))
   }
 
+  overriddenPseudo () {
+    return this.initialItems.filter(node => node.overridden)
+  }
+
   pathPseudo () {
     return this.initialItems.filter(node => {
       if (!this.currentAstNode.pathValue) {
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index e76a87a32e86ba..86e36e486c880d 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "5.5.0",
+  "version": "5.6.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js b/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
index 8fa18d5121effb..3704aa6d18e1e1 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
@@ -50,11 +50,15 @@ const update = (path, uid, gid) => {
     if (uid === stat.uid && gid === stat.gid) {
       return
     }
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 
   try {
     fs.chownSync(path, uid, gid)
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 }
 
 // accepts a `path` and the `owner` property of an options object and normalizes
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js b/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
index 3fe167cfc30aa2..9f02d41a5e4b31 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
@@ -50,11 +50,15 @@ const update = async (path, uid, gid) => {
     if (uid === stat.uid && gid === stat.gid) {
       return
     }
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 
   try {
     await fs.chown(path, uid, gid)
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 }
 
 // accepts a `path` and the `owner` property of an options object and normalizes
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js b/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
index ad08e6ee6e6d62..81db59dd054b42 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
@@ -27,7 +27,9 @@ const withTempDir = async (root, fn, opts) => {
 
   try {
     await rm(target, { force: true, recursive: true })
-  } catch {}
+  } catch {
+    // ignore errors
+  }
 
   if (err) {
     throw err
diff --git a/deps/npm/node_modules/@npmcli/fs/package.json b/deps/npm/node_modules/@npmcli/fs/package.json
index 9e18028218d1a2..1512fd6e4b0acb 100644
--- a/deps/npm/node_modules/@npmcli/fs/package.json
+++ b/deps/npm/node_modules/@npmcli/fs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/fs",
-  "version": "2.1.1",
+  "version": "2.1.2",
   "description": "filesystem utilities for the npm cli",
   "main": "lib/index.js",
   "files": [
diff --git a/deps/npm/node_modules/@npmcli/git/lib/which.js b/deps/npm/node_modules/@npmcli/git/lib/which.js
index a2f690e1bce80c..dc2a1ad2121663 100644
--- a/deps/npm/node_modules/@npmcli/git/lib/which.js
+++ b/deps/npm/node_modules/@npmcli/git/lib/which.js
@@ -3,7 +3,9 @@ const which = require('which')
 let gitPath
 try {
   gitPath = which.sync('git')
-} catch (e) {}
+} catch {
+  // ignore errors
+}
 
 module.exports = (opts = {}) => {
   if (opts.git) {
diff --git a/deps/npm/node_modules/@npmcli/git/package.json b/deps/npm/node_modules/@npmcli/git/package.json
index 08525ae99e8ec3..86b8e853992665 100644
--- a/deps/npm/node_modules/@npmcli/git/package.json
+++ b/deps/npm/node_modules/@npmcli/git/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/git",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -31,7 +31,9 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
+    "npm-package-arg": "^9.1.0",
+    "rimraf": "^3.0.2",
     "slash": "^3.0.0",
     "tap": "^16.0.1"
   },
@@ -52,6 +54,6 @@
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/@npmcli/move-file/lib/index.js b/deps/npm/node_modules/@npmcli/move-file/lib/index.js
index ecc55f0171da5f..5789bb127e0966 100644
--- a/deps/npm/node_modules/@npmcli/move-file/lib/index.js
+++ b/deps/npm/node_modules/@npmcli/move-file/lib/index.js
@@ -97,14 +97,19 @@ const moveFile = async (source, destination, options = {}, root = true, symlinks
       }
       // try to determine what the actual file is so we can create the correct
       // type of symlink in windows
-      let targetStat
+      let targetStat = 'file'
       try {
         targetStat = await stat(resolve(dirname(symSource), target))
-      } catch (err) {}
+        if (targetStat.isDirectory()) {
+          targetStat = 'junction'
+        }
+      } catch {
+        // targetStat remains 'file'
+      }
       await symlink(
         target,
         symDestination,
-        targetStat && targetStat.isDirectory() ? 'junction' : 'file'
+        targetStat
       )
     }))
     await rimraf(source)
@@ -157,14 +162,19 @@ const moveFileSync = (source, destination, options = {}, root = true, symlinks =
       }
       // try to determine what the actual file is so we can create the correct
       // type of symlink in windows
-      let targetStat
+      let targetStat = 'file'
       try {
         targetStat = statSync(resolve(dirname(symSource), target))
-      } catch (err) {}
+        if (targetStat.isDirectory()) {
+          targetStat = 'junction'
+        }
+      } catch {
+        // targetStat remains 'file'
+      }
       symlinkSync(
         target,
         symDestination,
-        targetStat && targetStat.isDirectory() ? 'junction' : 'file'
+        targetStat
       )
     }
     rimrafSync(source)
diff --git a/deps/npm/node_modules/@npmcli/move-file/package.json b/deps/npm/node_modules/@npmcli/move-file/package.json
index 1b1d377b0c7b2b..58793b93a9ca0f 100644
--- a/deps/npm/node_modules/@npmcli/move-file/package.json
+++ b/deps/npm/node_modules/@npmcli/move-file/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/move-file",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "files": [
     "bin/",
     "lib/"
@@ -13,7 +13,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
     "tap": "^16.0.1"
   },
   "scripts": {
@@ -42,6 +42,6 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/bin-links/lib/link-gently.js b/deps/npm/node_modules/bin-links/lib/link-gently.js
index 671ce38a586e7d..d9ef25e7c5b0b9 100644
--- a/deps/npm/node_modules/bin-links/lib/link-gently.js
+++ b/deps/npm/node_modules/bin-links/lib/link-gently.js
@@ -64,6 +64,8 @@ const linkGently = async ({ path, to, from, absFrom, force }) => {
         if (target.indexOf(path) === 0 || force) {
           return rm(to).then(() => CLOBBER)
         }
+        // neither skip nor clobber
+        return false
       })
     } else {
       // doesn't exist, dir might not either
diff --git a/deps/npm/node_modules/bin-links/lib/shim-bin.js b/deps/npm/node_modules/bin-links/lib/shim-bin.js
index 70259a49e5b0c0..bde328e510c53a 100644
--- a/deps/npm/node_modules/bin-links/lib/shim-bin.js
+++ b/deps/npm/node_modules/bin-links/lib/shim-bin.js
@@ -56,12 +56,12 @@ const shimBin = ({ path, to, from, absFrom, force }) => {
     }
 
     if (force) {
-      return
+      return false
     }
 
     return Promise.all(shims.map((s, i) => [s, stats[i]]).map(([s, st]) => {
       if (!st) {
-        return
+        return false
       }
       return readCmdShim(s)
         .then(target => {
@@ -69,6 +69,7 @@ const shimBin = ({ path, to, from, absFrom, force }) => {
           if (target.indexOf(resolve(path)) !== 0) {
             return failEEXIST({ from, to, path })
           }
+          return false
         }, er => handleReadCmdShimError({ er, from, to }))
     }))
   })
diff --git a/deps/npm/node_modules/bin-links/package.json b/deps/npm/node_modules/bin-links/package.json
index a86948de153c5c..aba3d8f6c09084 100644
--- a/deps/npm/node_modules/bin-links/package.json
+++ b/deps/npm/node_modules/bin-links/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bin-links",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "JavaScript package binary linker",
   "main": "./lib/index.js",
   "scripts": {
@@ -35,10 +35,10 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
     "mkdirp": "^1.0.3",
     "require-inject": "^1.4.4",
-    "tap": "^15.0.10"
+    "tap": "^16.0.1"
   },
   "tap": {
     "check-coverage": true,
@@ -55,6 +55,6 @@
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/cacache/lib/content/read.js b/deps/npm/node_modules/cacache/lib/content/read.js
index 8367ccb205d0b0..7c20c75257b4f4 100644
--- a/deps/npm/node_modules/cacache/lib/content/read.js
+++ b/deps/npm/node_modules/cacache/lib/content/read.js
@@ -81,7 +81,7 @@ function readStream (cache, integrity, opts = {}) {
       return stream.emit('error', sizeError(size, stat.size))
     }
 
-    readPipeline(cpath, stat.size, sri, stream)
+    return readPipeline(cpath, stat.size, sri, stream)
   }).catch(err => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/lib/content/write.js b/deps/npm/node_modules/cacache/lib/content/write.js
index 62388dc81d0fdd..0e8c0f49360648 100644
--- a/deps/npm/node_modules/cacache/lib/content/write.js
+++ b/deps/npm/node_modules/cacache/lib/content/write.js
@@ -80,9 +80,11 @@ class CacacheWriteStream extends Flush {
         // defer this one tick by rejecting a promise on it.
         return Promise.reject(e).catch(cb)
       }
+      // eslint-disable-next-line promise/catch-or-return
       this.handleContentP.then(
         (res) => {
           res.integrity && this.emit('integrity', res.integrity)
+          // eslint-disable-next-line promise/always-return
           res.size !== null && this.emit('size', res.size)
           cb()
         },
diff --git a/deps/npm/node_modules/cacache/lib/entry-index.js b/deps/npm/node_modules/cacache/lib/entry-index.js
index cbfa619099f906..1dc73a93f6b29e 100644
--- a/deps/npm/node_modules/cacache/lib/entry-index.js
+++ b/deps/npm/node_modules/cacache/lib/entry-index.js
@@ -285,6 +285,7 @@ function lsStream (cache) {
       }))
     }))
     stream.end()
+    return stream
   }).catch(err => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/lib/get.js b/deps/npm/node_modules/cacache/lib/get.js
index cc9d8f6796647a..254b4ecc38b57e 100644
--- a/deps/npm/node_modules/cacache/lib/get.js
+++ b/deps/npm/node_modules/cacache/lib/get.js
@@ -155,6 +155,7 @@ function getStream (cache, key, opts = {}) {
       stream.unshift(memoStream)
     }
     stream.unshift(src)
+    return stream
   }).catch((err) => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/package.json b/deps/npm/node_modules/cacache/package.json
index bb5674dafca81b..3f19d07d441669 100644
--- a/deps/npm/node_modules/cacache/package.json
+++ b/deps/npm/node_modules/cacache/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cacache",
-  "version": "16.1.1",
+  "version": "16.1.2",
   "cache-version": {
     "content": "2",
     "index": "5"
diff --git a/deps/npm/node_modules/libnpmexec/lib/index.js b/deps/npm/node_modules/libnpmexec/lib/index.js
index 15d5ba4eeca177..45c75d47156745 100644
--- a/deps/npm/node_modules/libnpmexec/lib/index.js
+++ b/deps/npm/node_modules/libnpmexec/lib/index.js
@@ -63,6 +63,9 @@ const missingFromTree = async ({ spec, tree, flatOptions }) => {
     // non-registry spec, or a specific tag.  Look up manifest and check
     // resolved to see if it's in the tree.
     const manifest = await getManifest(spec, flatOptions)
+    if (spec.type === 'directory') {
+      return { manifest }
+    }
     const nodesByManifest = tree.inventory.query('packageName', manifest.name)
     for (const node of nodesByManifest) {
       if (node.package.resolved === manifest._resolved) {
@@ -89,10 +92,10 @@ const exec = async (opts) => {
     path = '.',
     runPath = '.',
     scriptShell = isWindows ? process.env.ComSpec || 'cmd' : 'sh',
-    yes = undefined,
     ...flatOptions
   } = opts
 
+  let yes = opts.yes
   const run = () => runScript({
     args,
     call,
@@ -129,6 +132,16 @@ const exec = async (opts) => {
     packages.push(args[0])
   }
 
+  // Resolve any directory specs so that the npx directory is unique to the
+  // resolved directory, not the potentially relative one (i.e. "npx .")
+  for (const i in packages) {
+    const pkg = packages[i]
+    const spec = npa(pkg)
+    if (spec.type === 'directory') {
+      packages[i] = spec.fetchSpec
+    }
+  }
+
   const localArb = new Arborist({ ...flatOptions, path })
   const localTree = await localArb.loadActual()
 
@@ -153,6 +166,10 @@ const exec = async (opts) => {
   if (needPackageCommandSwap) {
     const spec = npa(args[0])
 
+    if (spec.type === 'directory') {
+      yes = true
+    }
+
     args[0] = getBinFromManifest(commandManifest)
 
     if (needInstall.length > 0 && globalPath) {
@@ -176,7 +193,15 @@ const exec = async (opts) => {
       throw new Error('Must provide a valid npxCache path')
     }
     const hash = crypto.createHash('sha512')
-      .update(packages.sort((a, b) => a.localeCompare(b, 'en')).join('\n'))
+      .update(packages.map(p => {
+        // Keeps the npx directory unique to the resolved directory, not the
+        // potentially relative one (i.e. "npx .")
+        const spec = npa(p)
+        if (spec.type === 'directory') {
+          return spec.fetchSpec
+        }
+        return p
+      }).sort((a, b) => a.localeCompare(b, 'en')).join('\n'))
       .digest('hex')
       .slice(0, 16)
     const installDir = resolve(npxCache, hash)
diff --git a/deps/npm/node_modules/libnpmexec/lib/run-script.js b/deps/npm/node_modules/libnpmexec/lib/run-script.js
index 18dcf7d8356c59..cee8ba45ae8e93 100644
--- a/deps/npm/node_modules/libnpmexec/lib/run-script.js
+++ b/deps/npm/node_modules/libnpmexec/lib/run-script.js
@@ -73,6 +73,7 @@ const run = async ({
       event: 'npx',
       args,
       stdio: 'inherit',
+      scriptShell,
     })
   } finally {
     npmlog.enableProgress()
diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json
index a83447d9ea695b..4de7259071fd29 100644
--- a/deps/npm/node_modules/libnpmexec/package.json
+++ b/deps/npm/node_modules/libnpmexec/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmexec",
-  "version": "4.0.10",
+  "version": "4.0.11",
   "files": [
     "bin/",
     "lib/"
diff --git a/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js b/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
index 4307962b889d0e..dba89d715d8a51 100644
--- a/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
+++ b/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
@@ -288,6 +288,7 @@ class CacheEntry {
         // stick a flag on here so downstream users will know if they can expect integrity events
         tee.pipe(cacheStream)
         // TODO if the cache write fails, log a warning but return the response anyway
+        // eslint-disable-next-line promise/catch-or-return
         cacheStream.promise().then(cacheWriteResolve, cacheWriteReject)
         body.unshift(tee)
         body.unshift(this.response.body)
diff --git a/deps/npm/node_modules/make-fetch-happen/package.json b/deps/npm/node_modules/make-fetch-happen/package.json
index 8b21901f34fc12..fc491d1152e153 100644
--- a/deps/npm/node_modules/make-fetch-happen/package.json
+++ b/deps/npm/node_modules/make-fetch-happen/package.json
@@ -1,6 +1,6 @@
 {
   "name": "make-fetch-happen",
-  "version": "10.2.0",
+  "version": "10.2.1",
   "description": "Opinionated, caching, retrying fetch client",
   "main": "lib/index.js",
   "files": [
diff --git a/deps/npm/node_modules/minipass-fetch/lib/body.js b/deps/npm/node_modules/minipass-fetch/lib/body.js
index c7ffa5babcbc60..58893309e63f9f 100644
--- a/deps/npm/node_modules/minipass-fetch/lib/body.js
+++ b/deps/npm/node_modules/minipass-fetch/lib/body.js
@@ -10,7 +10,9 @@ const FetchError = require('./fetch-error.js')
 let convert
 try {
   convert = require('encoding').convert
-} catch (e) {}
+} catch (e) {
+  // defer error until textConverted is called
+}
 
 const INTERNALS = Symbol('Body internals')
 const CONSUME_BODY = Symbol('consumeBody')
@@ -69,16 +71,16 @@ class Body {
     ))
   }
 
-  json () {
-    return this[CONSUME_BODY]().then(buf => {
-      try {
-        return JSON.parse(buf.toString())
-      } catch (er) {
-        return Promise.reject(new FetchError(
-          `invalid json response body at ${
-            this.url} reason: ${er.message}`, 'invalid-json'))
-      }
-    })
+  async json () {
+    try {
+      const buf = await this[CONSUME_BODY]()
+      return JSON.parse(buf.toString())
+    } catch (er) {
+      throw new FetchError(
+        `invalid json response body at ${this.url} reason: ${er.message}`,
+        'invalid-json'
+      )
+    }
   }
 
   text () {
diff --git a/deps/npm/node_modules/minipass-fetch/package.json b/deps/npm/node_modules/minipass-fetch/package.json
index 1f663b9245dea0..b47077adc111aa 100644
--- a/deps/npm/node_modules/minipass-fetch/package.json
+++ b/deps/npm/node_modules/minipass-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "minipass-fetch",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "An implementation of window.fetch in Node.js using Minipass streams",
   "license": "MIT",
   "main": "lib/index.js",
@@ -23,10 +23,11 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.1.2",
+    "@npmcli/template-oss": "3.5.0",
     "@ungap/url-search-params": "^0.2.2",
     "abort-controller": "^3.0.0",
     "abortcontroller-polyfill": "~1.7.3",
+    "encoding": "^0.1.13",
     "form-data": "^4.0.0",
     "nock": "^13.2.4",
     "parted": "^0.1.1",
@@ -61,6 +62,6 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.1.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/normalize-package-data/lib/extract_description.js b/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
index bf9896812e5f54..631966b5f29af5 100644
--- a/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
+++ b/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
@@ -11,12 +11,14 @@ function extractDescription (d) {
   // the first block of text before the first heading
   // that isn't the first line heading
   d = d.trim().split('\n')
-  for (var s = 0; d[s] && d[s].trim().match(/^(#|$)/); s++) {
-    ;
+  let s = 0
+  while (d[s] && d[s].trim().match(/^(#|$)/)) {
+    s++
   }
-  var l = d.length
-  for (var e = s + 1; e < l && d[e].trim(); e++) {
-    ;
+  const l = d.length
+  let e = s + 1
+  while (e < l && d[e].trim()) {
+    e++
   }
   return d.slice(s, e).join(' ').trim()
 }
diff --git a/deps/npm/node_modules/normalize-package-data/lib/fixer.js b/deps/npm/node_modules/normalize-package-data/lib/fixer.js
index 0846f2c045a6e5..bb78231d83ca9f 100644
--- a/deps/npm/node_modules/normalize-package-data/lib/fixer.js
+++ b/deps/npm/node_modules/normalize-package-data/lib/fixer.js
@@ -121,17 +121,17 @@ module.exports = {
       this.warn('nonArrayBundleDependencies')
       delete data[bd]
     } else if (data[bd]) {
-      data[bd] = data[bd].filter(function (bd) {
-        if (!bd || typeof bd !== 'string') {
-          this.warn('nonStringBundleDependency', bd)
+      data[bd] = data[bd].filter(function (filtered) {
+        if (!filtered || typeof filtered !== 'string') {
+          this.warn('nonStringBundleDependency', filtered)
           return false
         } else {
           if (!data.dependencies) {
             data.dependencies = {}
           }
-          if (!Object.prototype.hasOwnProperty.call(data.dependencies, bd)) {
-            this.warn('nonDependencyBundleDependency', bd)
-            data.dependencies[bd] = '*'
+          if (!Object.prototype.hasOwnProperty.call(data.dependencies, filtered)) {
+            this.warn('nonDependencyBundleDependency', filtered)
+            data.dependencies[filtered] = '*'
           }
           return true
         }
@@ -389,28 +389,28 @@ function unParsePerson (person) {
   }
   var name = person.name || ''
   var u = person.url || person.web
-  var url = u ? (' (' + u + ')') : ''
+  var wrappedUrl = u ? (' (' + u + ')') : ''
   var e = person.email || person.mail
-  var email = e ? (' <' + e + '>') : ''
-  return name + email + url
+  var wrappedEmail = e ? (' <' + e + '>') : ''
+  return name + wrappedEmail + wrappedUrl
 }
 
 function parsePerson (person) {
   if (typeof person !== 'string') {
     return person
   }
-  var name = person.match(/^([^(<]+)/)
-  var url = person.match(/\(([^()]+)\)/)
-  var email = person.match(/<([^<>]+)>/)
+  var matchedName = person.match(/^([^(<]+)/)
+  var matchedUrl = person.match(/\(([^()]+)\)/)
+  var matchedEmail = person.match(/<([^<>]+)>/)
   var obj = {}
-  if (name && name[0].trim()) {
-    obj.name = name[0].trim()
+  if (matchedName && matchedName[0].trim()) {
+    obj.name = matchedName[0].trim()
   }
-  if (email) {
-    obj.email = email[1]
+  if (matchedEmail) {
+    obj.email = matchedEmail[1]
   }
-  if (url) {
-    obj.url = url[1]
+  if (matchedUrl) {
+    obj.url = matchedUrl[1]
   }
   return obj
 }
diff --git a/deps/npm/node_modules/normalize-package-data/package.json b/deps/npm/node_modules/normalize-package-data/package.json
index a6f1244eb5a256..1bec9bb8645e7f 100644
--- a/deps/npm/node_modules/normalize-package-data/package.json
+++ b/deps/npm/node_modules/normalize-package-data/package.json
@@ -1,12 +1,12 @@
 {
   "name": "normalize-package-data",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "author": "GitHub Inc.",
   "description": "Normalizes data that can be found in package.json files.",
   "license": "BSD-2-Clause",
   "repository": {
     "type": "git",
-    "url": "git://github.com/npm/normalize-package-data.git"
+    "url": "https://github.com/npm/normalize-package-data.git"
   },
   "main": "lib/normalize.js",
   "scripts": {
@@ -15,13 +15,13 @@
     "preversion": "npm test",
     "test": "tap",
     "npmclilint": "npmcli-lint",
-    "lint": "eslint '**/*.js'",
+    "lint": "eslint \"**/*.js\"",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint",
     "postsnap": "npm run lintfix --",
-    "postlint": "npm-template-check",
-    "template-copy": "npm-template-copy --force",
-    "snap": "tap"
+    "postlint": "template-oss-check",
+    "snap": "tap",
+    "template-oss-apply": "template-oss-apply --force"
   },
   "dependencies": {
     "hosted-git-info": "^5.0.0",
@@ -30,18 +30,20 @@
     "validate-npm-package-license": "^3.0.4"
   },
   "devDependencies": {
-    "@npmcli/template-oss": "^2.9.2",
-    "tap": "^15.0.9"
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.5.0",
+    "tap": "^16.0.1"
   },
   "files": [
-    "bin",
-    "lib"
+    "bin/",
+    "lib/"
   ],
   "engines": {
-    "node": "^12.13.0 || ^14.15.0 || >=16"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
   },
   "templateOSS": {
-    "version": "2.9.2"
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "3.5.0"
   },
   "tap": {
     "branches": 86,
diff --git a/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js b/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
index 714513908df40c..066ac3c32420f2 100644
--- a/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
+++ b/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
@@ -61,7 +61,9 @@ function checkErrors (method, res, startTime, opts) {
       let parsed = body
       try {
         parsed = JSON.parse(body.toString('utf8'))
-      } catch (e) {}
+      } catch {
+        // ignore errors
+      }
       if (res.status === 401 && res.headers.get('www-authenticate')) {
         const auth = res.headers.get('www-authenticate')
           .split(/,\s*/)
diff --git a/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js b/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
index ba31dc462f3c5d..a419b47d6a339f 100644
--- a/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
+++ b/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
@@ -14,7 +14,9 @@ const cleanUrl = (str) => {
     if (url.password) {
       str = str.replace(url.password, replace)
     }
-  } catch {}
+  } catch {
+    // ignore errors
+  }
 
   return str
     .replace(tokenRegex, `npm_${replace}`)
diff --git a/deps/npm/node_modules/npm-registry-fetch/package.json b/deps/npm/node_modules/npm-registry-fetch/package.json
index 8a0189a9ef74d5..7a3885ae12e882 100644
--- a/deps/npm/node_modules/npm-registry-fetch/package.json
+++ b/deps/npm/node_modules/npm-registry-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "npm-registry-fetch",
-  "version": "13.3.0",
+  "version": "13.3.1",
   "description": "Fetch-based http client for use with npm registry APIs",
   "main": "lib",
   "files": [
@@ -46,8 +46,10 @@
     "@npmcli/eslint-config": "^3.0.1",
     "@npmcli/template-oss": "3.5.0",
     "cacache": "^16.0.2",
+    "mkdirp": "^1.0.4",
     "nock": "^13.2.4",
     "require-inject": "^1.4.4",
+    "rimraf": "^3.0.2",
     "ssri": "^9.0.0",
     "tap": "^16.0.1"
   },
diff --git a/deps/npm/node_modules/pacote/lib/bin.js b/deps/npm/node_modules/pacote/lib/bin.js
index 4a1f911e42bc52..f35b62ca71a537 100755
--- a/deps/npm/node_modules/pacote/lib/bin.js
+++ b/deps/npm/node_modules/pacote/lib/bin.js
@@ -18,10 +18,15 @@ const run = conf => {
     case 'tarball':
       if (!conf._[2] || conf._[2] === '-') {
         return pacote.tarball.stream(conf._[1], stream => {
-          stream.pipe(conf.testStdout ||
-          /* istanbul ignore next */ process.stdout)
+          stream.pipe(
+            conf.testStdout ||
+            /* istanbul ignore next */
+            process.stdout
+          )
           // make sure it resolves something falsey
-          return stream.promise().then(() => {})
+          return stream.promise().then(() => {
+            return false
+          })
         }, conf)
       } else {
         return pacote.tarball.file(conf._[1], conf._[2], conf)
diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
index 5f93e703bca4b8..95b6d3ee432bb9 100644
--- a/deps/npm/node_modules/pacote/lib/fetcher.js
+++ b/deps/npm/node_modules/pacote/lib/fetcher.js
@@ -254,6 +254,7 @@ class FetcherBase {
     cstream.on('error', err => stream.emit('error', err))
     stream.pipe(cstream)
 
+    // eslint-disable-next-line promise/catch-or-return
     cstream.promise().catch(() => {}).then(() => middleStream.end())
     return middleStream
   }
@@ -269,7 +270,10 @@ class FetcherBase {
   }
 
   // override the types getter
-  get types () {}
+  get types () {
+    return false
+  }
+
   [_assertType] () {
     if (this.types && !this.types.includes(this.spec.type)) {
       throw new TypeError(`Wrong spec type (${
diff --git a/deps/npm/node_modules/pacote/lib/git.js b/deps/npm/node_modules/pacote/lib/git.js
index 9d84d95fa62ab4..c4819b4fdf49c4 100644
--- a/deps/npm/node_modules/pacote/lib/git.js
+++ b/deps/npm/node_modules/pacote/lib/git.js
@@ -239,7 +239,7 @@ class GitFetcher extends Fetcher {
     tarballOk = tarballOk &&
       h && resolved === repoUrl(h, { noCommittish: false }) && h.tarball
 
-    return cacache.tmp.withTmp(this.cache, o, tmp => {
+    return cacache.tmp.withTmp(this.cache, o, async tmp => {
       // if we're resolved, and have a tarball url, shell out to RemoteFetcher
       if (tarballOk) {
         const nameat = this.spec.name ? `${this.spec.name}@` : ''
@@ -259,16 +259,15 @@ class GitFetcher extends Fetcher {
         })
       }
 
-      return (
+      const sha = await (
         h ? this[_cloneHosted](ref, tmp)
         : this[_cloneRepo](this.spec.fetchSpec, ref, tmp)
-      ).then(sha => {
-        this.resolvedSha = sha
-        if (!this.resolved) {
-          this[_addGitSha](sha)
-        }
-      })
-        .then(() => handler(tmp))
+      )
+      this.resolvedSha = sha
+      if (!this.resolved) {
+        await this[_addGitSha](sha)
+      }
+      return handler(tmp)
     })
   }
 
diff --git a/deps/npm/node_modules/pacote/lib/remote.js b/deps/npm/node_modules/pacote/lib/remote.js
index 6759dbba3ed2f2..a361a9e89782e5 100644
--- a/deps/npm/node_modules/pacote/lib/remote.js
+++ b/deps/npm/node_modules/pacote/lib/remote.js
@@ -41,6 +41,7 @@ class RemoteFetcher extends Fetcher {
       algorithms: [this.pickIntegrityAlgorithm()],
     }
 
+    // eslint-disable-next-line promise/always-return
     fetch(this.resolved, fetchOpts).then(res => {
       res.body.on('error',
         /* istanbul ignore next - exceedingly rare and hard to simulate */
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 696c925d353208..960530ec0b33d9 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "13.6.1",
+  "version": "13.6.2",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
diff --git a/deps/npm/node_modules/write-file-atomic/lib/index.js b/deps/npm/node_modules/write-file-atomic/lib/index.js
index 118666d2ce6d82..9d79d797a553fe 100644
--- a/deps/npm/node_modules/write-file-atomic/lib/index.js
+++ b/deps/npm/node_modules/write-file-atomic/lib/index.js
@@ -39,7 +39,9 @@ function cleanupOnExit (tmpfile) {
   return () => {
     try {
       fs.unlinkSync(typeof tmpfile === 'function' ? tmpfile() : tmpfile)
-    } catch (_) {}
+    } catch {
+      // ignore errors
+    }
   }
 }
 
@@ -156,7 +158,7 @@ async function writeFileAsync (filename, data, options = {}) {
   }
 }
 
-function writeFile (filename, data, options, callback) {
+async function writeFile (filename, data, options, callback) {
   if (options instanceof Function) {
     callback = options
     options = {}
@@ -164,7 +166,12 @@ function writeFile (filename, data, options, callback) {
 
   const promise = writeFileAsync(filename, data, options)
   if (callback) {
-    promise.then(callback, callback)
+    try {
+      const result = await promise
+      return callback(result)
+    } catch (err) {
+      return callback(err)
+    }
   }
 
   return promise
diff --git a/deps/npm/node_modules/write-file-atomic/package.json b/deps/npm/node_modules/write-file-atomic/package.json
index 7219f90b97be0b..86e2a0fbadfeb6 100644
--- a/deps/npm/node_modules/write-file-atomic/package.json
+++ b/deps/npm/node_modules/write-file-atomic/package.json
@@ -1,23 +1,23 @@
 {
   "name": "write-file-atomic",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "description": "Write files in an atomic fashion w/configurable ownership",
   "main": "./lib/index.js",
   "scripts": {
     "test": "tap",
     "posttest": "npm run lint",
-    "lint": "eslint '**/*.js'",
-    "postlint": "npm-template-check",
+    "lint": "eslint \"**/*.js\"",
+    "postlint": "template-oss-check",
     "preversion": "npm test",
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags",
     "lintfix": "npm run lint -- --fix",
     "snap": "tap",
-    "template-copy": "npm-template-copy --force"
+    "template-oss-apply": "template-oss-apply --force"
   },
   "repository": {
     "type": "git",
-    "url": "git://github.com/npm/write-file-atomic.git"
+    "url": "https://github.com/npm/write-file-atomic.git"
   },
   "keywords": [
     "writeFile",
@@ -34,20 +34,22 @@
     "signal-exit": "^3.0.7"
   },
   "devDependencies": {
-    "@npmcli/template-oss": "^2.7.1",
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.5.0",
     "mkdirp": "^1.0.4",
     "rimraf": "^3.0.2",
-    "tap": "^15.1.6"
+    "tap": "^16.0.1"
   },
   "files": [
-    "bin",
-    "lib"
+    "bin/",
+    "lib/"
   ],
   "engines": {
-    "node": "^12.13.0 || ^14.15.0 || >=16"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
   },
   "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "2.7.1"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 3641c1475185f4..f631c9f0683b25 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "8.17.0",
+  "version": "8.18.0",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
@@ -103,12 +103,12 @@
     "npm-package-arg": "^9.1.0",
     "npm-pick-manifest": "^7.0.1",
     "npm-profile": "^6.2.0",
-    "npm-registry-fetch": "^13.3.0",
+    "npm-registry-fetch": "^13.3.1",
     "npm-user-validate": "^1.0.1",
     "npmlog": "^6.0.2",
     "opener": "^1.5.2",
     "p-map": "^4.0.0",
-    "pacote": "^13.6.1",
+    "pacote": "^13.6.2",
     "parse-conflict-json": "^2.0.2",
     "proc-log": "^2.0.1",
     "qrcode-terminal": "^0.12.0",
diff --git a/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
index c56f8b162dc731..84bfed4c91500d 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
@@ -255,6 +255,12 @@ exports[`test/lib/commands/ls.js TAP ls --parseable no args > should output pars
 {CWD}/tap-testdir-ls-ls---parseable-no-args/node_modules/dog
 `
 
+exports[`test/lib/commands/ls.js TAP ls --parseable overridden dep > should contain overridden outout 1`] = `
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep:test-overridden@1.0.0
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep/node_modules/foo:foo@1.0.0
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep/node_modules/bar:bar@1.0.0:OVERRIDDEN
+`
+
 exports[`test/lib/commands/ls.js TAP ls --parseable resolved points to git ref > should output tree containing git refs 1`] = `
 {CWD}/tap-testdir-ls-ls---parseable-resolved-points-to-git-ref
 {CWD}/tap-testdir-ls-ls---parseable-resolved-points-to-git-ref/node_modules/abbrev
@@ -567,6 +573,20 @@ test-npm-ls@1.0.0 {CWD}/tap-testdir-ls-ls-no-args
 
 `
 
+exports[`test/lib/commands/ls.js TAP ls overridden dep > should contain overridden outout 1`] = `
+test-overridden@1.0.0 {CWD}/tap-testdir-ls-ls-overridden-dep
+\`-- foo@1.0.0
+  \`-- bar@1.0.0 overridden
+
+`
+
+exports[`test/lib/commands/ls.js TAP ls overridden dep w/ color > should contain overridden outout 1`] = `
+test-overridden@1.0.0 {CWD}/tap-testdir-ls-ls-overridden-dep-w-color
+\`-- foo@1.0.0
+  \`-- bar@1.0.0 overridden
+
+`
+
 exports[`test/lib/commands/ls.js TAP ls print deduped symlinks > should output tree containing linked deps 1`] = `
 print-deduped-symlinks@1.0.0 {CWD}/tap-testdir-ls-ls-print-deduped-symlinks
 +-- a@1.0.0
diff --git a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
index 0a2aa769ee6380..d827b62eef7400 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
@@ -22,7 +22,8 @@ exports[`test/lib/commands/query.js TAP global > should return global package 1`
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -51,7 +52,8 @@ exports[`test/lib/commands/query.js TAP include-workspace-root > should return w
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "name": "c",
@@ -66,7 +68,8 @@ exports[`test/lib/commands/query.js TAP include-workspace-root > should return w
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -86,7 +89,8 @@ exports[`test/lib/commands/query.js TAP linked node > should return linked node
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -111,7 +115,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "a@",
@@ -125,7 +130,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "b@",
@@ -139,7 +145,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -167,7 +174,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "a@",
@@ -181,7 +189,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "b@",
@@ -195,7 +204,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -215,7 +225,8 @@ exports[`test/lib/commands/query.js TAP workspace query > should return workspac
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
diff --git a/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
index 4d6f4686df8c4f..8550617eb0a00a 100644
--- a/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
@@ -156,6 +156,28 @@ optdep@1.0.0 optional
 node_modules/optdep
 `
 
+exports[`test/lib/utils/explain-dep.js TAP overridden > explain color deep 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+  overridden overridden-dep@"1.0.0" (was "^2.0.0") from the root project
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > explain nocolor shallow 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+  overridden overridden-dep@"1.0.0" (was "^2.0.0") from the root project
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > print color 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > print nocolor 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+`
+
 exports[`test/lib/utils/explain-dep.js TAP peer > explain color deep 1`] = `
 peer@1.0.0 peer
 node_modules/peer
diff --git a/deps/npm/test/lib/commands/ls.js b/deps/npm/test/lib/commands/ls.js
index f4cd4ef33d58e7..764d95298ca107 100644
--- a/deps/npm/test/lib/commands/ls.js
+++ b/deps/npm/test/lib/commands/ls.js
@@ -231,6 +231,88 @@ t.test('ls', t => {
     t.matchSnapshot(redactCwd(result), 'should output containing problems info')
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    t.teardown(() => {
+      config.all = false
+    })
+
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
+  t.test('overridden dep w/ color', async t => {
+    config.all = true
+    npm.color = true
+    t.teardown(() => {
+      config.all = false
+      npm.color = false
+    })
+
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
   t.test('with filter arg', async t => {
     npm.color = true
     npm.prefix = t.testdir({
@@ -1621,6 +1703,47 @@ t.test('ls --parseable', t => {
     t.matchSnapshot(redactCwd(result), 'should output containing problems info')
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    config.long = true
+    t.teardown(() => {
+      config.all = false
+      config.long = false
+    })
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
   t.test('with filter arg', async t => {
     npm.prefix = t.testdir({
       'package.json': JSON.stringify({
@@ -2413,14 +2536,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2448,6 +2574,7 @@ t.test('ls --json', t => {
           dog: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: dog@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/dog',
@@ -2456,6 +2583,7 @@ t.test('ls --json', t => {
           foo: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: foo@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/foo',
@@ -2469,6 +2597,7 @@ t.test('ls --json', t => {
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/chai',
@@ -2503,15 +2632,18 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-extraneous-deps/node_modules/chai',
@@ -2523,6 +2655,58 @@ t.test('ls --json', t => {
     )
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    t.teardown(() => config.all = false)
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.same(JSON.parse(result), {
+      name: 'test-overridden',
+      version: '1.0.0',
+      dependencies: {
+        foo: {
+          version: '1.0.0',
+          overridden: false,
+          dependencies: {
+            bar: {
+              version: '1.0.0',
+              overridden: true,
+            },
+          },
+        },
+      },
+    })
+  })
+
   t.test('missing deps --long', async t => {
     t.plan(3)
     config.long = true
@@ -2581,6 +2765,7 @@ t.test('ls --json', t => {
         dependencies: {
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2610,9 +2795,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
@@ -2653,14 +2840,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2717,9 +2907,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2752,9 +2944,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2787,14 +2981,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2833,6 +3030,7 @@ t.test('ls --json', t => {
           foo: {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: foo@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-invalid-extraneous/node_modules/foo',
@@ -2840,12 +3038,14 @@ t.test('ls --json', t => {
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-invalid-extraneous/node_modules/chai',
@@ -2893,10 +3093,17 @@ t.test('ls --json', t => {
         dependencies: {
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
               },
             },
           },
@@ -2949,6 +3156,7 @@ t.test('ls --json', t => {
           'linked-dep': {
             version: '1.0.0',
             resolved: 'file:../linked-dep',
+            overridden: false,
           },
         },
       },
@@ -2986,9 +3194,24 @@ t.test('ls --json', t => {
         name: 'test-npm-ls',
         version: '1.0.0',
         dependencies: {
-          chai: { version: '1.0.0' },
-          'optional-dep': { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'optional-dep': {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
+              },
+            },
+          },
         },
       },
       'should output json containing production deps'
@@ -3111,6 +3334,7 @@ t.test('ls --json', t => {
         dependencies: {
           '@isaacs/dedupe-tests-a': {
             version: '1.0.1',
+            overridden: false,
             resolved:
               'https://registry.npmjs.org/@isaacs/dedupe-tests-a/-/dedupe-tests-a-1.0.1.tgz',
             dependencies: {
@@ -3118,6 +3342,7 @@ t.test('ls --json', t => {
                 resolved:
                   'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-1.0.0.tgz',
                 extraneous: true,
+                overridden: false,
                 problems: [
                   /* eslint-disable-next-line max-len */
                   'extraneous: @isaacs/dedupe-tests-b@ {CWD}/tap-testdir-ls-ls---json-from-lockfile/node_modules/@isaacs/dedupe-tests-a/node_modules/@isaacs/dedupe-tests-b',
@@ -3127,6 +3352,7 @@ t.test('ls --json', t => {
           },
           '@isaacs/dedupe-tests-b': {
             version: '2.0.0',
+            overridden: false,
             resolved:
               'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-2.0.0.tgz',
           },
@@ -3171,6 +3397,7 @@ t.test('ls --json', t => {
         dependencies: {
           'peer-dep': {
             name: 'peer-dep',
+            overridden: false,
             description: 'Peer-dep description here',
             version: '1.0.0',
             _id: 'peer-dep@1.0.0',
@@ -3182,15 +3409,18 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             name: 'dev-dep',
+            overridden: false,
             description: 'A DEV dep kind of dep',
             version: '1.0.0',
             dependencies: {
               foo: {
                 name: 'foo',
                 version: '1.0.0',
+                overridden: false,
                 dependencies: {
                   dog: {
                     name: 'dog',
+                    overridden: false,
                     version: '1.0.0',
                     _id: 'dog@1.0.0',
                     devDependencies: {},
@@ -3217,6 +3447,7 @@ t.test('ls --json', t => {
           },
           chai: {
             name: 'chai',
+            overridden: false,
             version: '1.0.0',
             _id: 'chai@1.0.0',
             devDependencies: {},
@@ -3227,6 +3458,7 @@ t.test('ls --json', t => {
           },
           'optional-dep': {
             name: 'optional-dep',
+            overridden: false,
             description: 'Maybe a dep?',
             version: '1.0.0',
             _id: 'optional-dep@1.0.0',
@@ -3238,11 +3470,13 @@ t.test('ls --json', t => {
           },
           'prod-dep': {
             name: 'prod-dep',
+            overridden: false,
             description: 'A PROD dep kind of dep',
             version: '1.0.0',
             dependencies: {
               dog: {
                 name: 'dog',
+                overridden: false,
                 description: 'A dep that bars',
                 version: '2.0.0',
                 _id: 'dog@2.0.0',
@@ -3308,6 +3542,7 @@ t.test('ls --json', t => {
         dependencies: {
           'peer-dep': {
             name: 'peer-dep',
+            overridden: false,
             description: 'Peer-dep description here',
             version: '1.0.0',
             _id: 'peer-dep@1.0.0',
@@ -3319,6 +3554,7 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             name: 'dev-dep',
+            overridden: false,
             description: 'A DEV dep kind of dep',
             version: '1.0.0',
             _id: 'dev-dep@1.0.0',
@@ -3330,6 +3566,7 @@ t.test('ls --json', t => {
           },
           chai: {
             name: 'chai',
+            overridden: false,
             version: '1.0.0',
             _id: 'chai@1.0.0',
             devDependencies: {},
@@ -3340,6 +3577,7 @@ t.test('ls --json', t => {
           },
           'optional-dep': {
             name: 'optional-dep',
+            overridden: false,
             description: 'Maybe a dep?',
             version: '1.0.0',
             _id: 'optional-dep@1.0.0',
@@ -3351,6 +3589,7 @@ t.test('ls --json', t => {
           },
           'prod-dep': {
             name: 'prod-dep',
+            overridden: false,
             description: 'A PROD dep kind of dep',
             version: '1.0.0',
             _id: 'prod-dep@1.0.0',
@@ -3439,6 +3678,7 @@ t.test('ls --json', t => {
           'peer-dep': {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: peer-dep@1.0.0 {CWD}/tap-testdir-ls-ls---json-unmet-peer-dep/node_modules/peer-dep',
@@ -3446,16 +3686,38 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
+              },
+            },
+          },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'optional-dep': {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
               },
             },
           },
-          chai: { version: '1.0.0' },
-          'optional-dep': { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
         },
       },
       'should output json signaling missing peer dep in problems'
@@ -3502,6 +3764,7 @@ t.test('ls --json', t => {
           'optional-dep': {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: optional-dep@1.0.0 {CWD}/tap-testdir-ls-ls---json-unmet-optional-dep/node_modules/optional-dep',
@@ -3509,18 +3772,38 @@ t.test('ls --json', t => {
           },
           'peer-dep': {
             version: '1.0.0',
+            overridden: false,
           },
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
+              },
+            },
+          },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
               },
             },
           },
-          chai: { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
           'missing-optional-dep': {}, // missing optional dep has an empty entry in json output
         },
       },
@@ -3567,11 +3850,15 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               b: {
                 version: '1.0.0',
+                overridden: false,
                 dependencies: {
-                  a: { version: '1.0.0' },
+                  a: {
+                    version: '1.0.0',
+                  },
                 },
               },
             },
@@ -3623,6 +3910,7 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
             resolved: 'https://localhost:8080/abbrev/-/abbrev-1.1.1.tgz',
           },
         },
@@ -3683,6 +3971,7 @@ t.test('ls --json', t => {
         dependencies: {
           abbrev: {
             version: '1.1.1',
+            overridden: false,
             /* eslint-disable-next-line max-len */
             resolved: 'git+ssh://git@github.com/isaacs/abbrev-js.git#b8f3a2fc0c3bb8ffd8b0d0072cc6b5a3667e963c',
           },
@@ -3760,6 +4049,7 @@ t.test('ls --json', t => {
         dependencies: {
           'simple-output': {
             version: '2.1.1',
+            overridden: false,
             resolved: 'https://registry.npmjs.org/simple-output/-/simple-output-2.1.1.tgz',
           },
         },
@@ -3823,12 +4113,15 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
           },
           b: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               c: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
@@ -3934,14 +4227,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -3984,9 +4280,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4080,6 +4378,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4127,9 +4426,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4179,14 +4480,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4273,9 +4577,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4323,9 +4629,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4373,14 +4681,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4431,6 +4742,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               invalid: '"^2.0.0" from the root project',
               problems: [
                 /* eslint-disable-next-line max-len */
@@ -4439,6 +4751,7 @@ t.test('ls --package-lock-only', t => {
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4544,11 +4857,13 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             '@isaacs/dedupe-tests-a': {
               version: '1.0.1',
+              overridden: false,
               resolved:
                 'https://registry.npmjs.org/@isaacs/dedupe-tests-a/-/dedupe-tests-a-1.0.1.tgz',
               dependencies: {
                 '@isaacs/dedupe-tests-b': {
                   version: '1.0.0',
+                  overridden: false,
                   resolved:
                     'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-1.0.0.tgz',
                 },
@@ -4556,6 +4871,7 @@ t.test('ls --package-lock-only', t => {
             },
             '@isaacs/dedupe-tests-b': {
               version: '2.0.0',
+              overridden: false,
               resolved:
                 'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-2.0.0.tgz',
             },
@@ -4592,6 +4908,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             a: {
               version: '1.0.0',
+              overridden: false,
               resolved: 'https://localhost:8080/abbrev/-/abbrev-1.0.0.tgz',
             },
           },
@@ -4634,6 +4951,7 @@ t.test('ls --package-lock-only', t => {
             abbrev: {
               /* eslint-disable-next-line max-len */
               resolved: 'git+ssh://git@github.com/isaacs/abbrev-js.git#b8f3a2fc0c3bb8ffd8b0d0072cc6b5a3667e963c',
+              overridden: false,
             },
           },
         },
diff --git a/deps/npm/test/lib/utils/explain-dep.js b/deps/npm/test/lib/utils/explain-dep.js
index 000f5b8165a9b2..ed006c01d78fb3 100644
--- a/deps/npm/test/lib/utils/explain-dep.js
+++ b/deps/npm/test/lib/utils/explain-dep.js
@@ -129,6 +129,23 @@ const cases = {
     dependents: [],
     extraneous: true,
   },
+
+  overridden: {
+    name: 'overridden-root',
+    version: '1.0.0',
+    location: 'node_modules/overridden-root',
+    overridden: true,
+    dependents: [{
+      type: 'prod',
+      name: 'overridden-dep',
+      spec: '1.0.0',
+      rawSpec: '^2.0.0',
+      overridden: true,
+      from: {
+        location: '/path/to/project',
+      },
+    }],
+  },
 }
 
 cases.manyDeps = {