deps: upgrade npm to 7.24.1

deps/npm/docs/content/configuring-npm/package-lock-json.md

@@ -138,7 +138,8 @@ Package descriptors have the following fields:
   the case of packages fetched from the registry, this will be a url to a
   tarball.  In the case of git dependencies, this will be the full git url
   with commit sha.  In the case of link dependencies, this will be the
-  location of the link target.
+  location of the link target. `registry.npmjs.org` is a magic value meaning
+  "the currently configured registry".
 
 * integrity: A `sha512` or `sha1` [Standard Subresource
   Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/)
@@ -201,7 +202,8 @@ Dependency objects have the following fields:
 
 * resolved: For registry sources this is path of the tarball relative to
   the registry URL.  If the tarball URL isn't on the same server as the
-  registry URL then this is a complete URL.
+  registry URL then this is a complete URL. `registry.npmjs.org` is a magic
+  value meaning "the currently configured registry".
 
 * bundled:  If true, this is the bundled dependency and will be installed
   by the parent module.  When installing, this module will be extracted

deps/npm/docs/content/using-npm/registry.md

@@ -30,6 +30,13 @@ The registry URL used is determined by the scope of the package (see
 supplied by the `registry` config parameter.  See [`npm config`](/commands/npm-config),
 [`npmrc`](/configuring-npm/npmrc), and [`config`](/using-npm/config) for more on managing npm's configuration.
 
+When the default registry is used in a package-lock or shrinkwrap is has the
+special meaning of "the currently configured registry". If you create a lock
+file while using the default registry you can switch to another registry and
+npm will install packages from the new registry, but if you create a lock
+file while using a custom registry packages will be installed from that
+registry even after you change to another registry.
+
 ### Does npm send any information about me back to the registry?
 
 Yes.

deps/npm/docs/output/commands/npm-ls.html

@@ -159,7 +159,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm’s source tree will show:</p>
-<pre lang="bash"><code>npm@7.24.0 /path/to/npm
+<pre lang="bash"><code>npm@7.24.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>

deps/npm/docs/output/commands/npm.html

@@ -148,7 +148,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <pre lang="bash"><code>npm &lt;command&gt; [args]
 </code></pre>
 <h3 id="version">Version</h3>
-<p>7.24.0</p>
+<p>7.24.1</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/docs/output/configuring-npm/package-lock-json.html

@@ -262,7 +262,8 @@ <h4 id="packages"><code>packages</code></h4>
 the case of packages fetched from the registry, this will be a url to a
 tarball.  In the case of git dependencies, this will be the full git url
 with commit sha.  In the case of link dependencies, this will be the
-location of the link target.</p>
+location of the link target. <code>registry.npmjs.org</code> is a magic value meaning
+“the currently configured registry”.</p>
 </li>
 <li>
 <p>integrity: A <code>sha512</code> or <code>sha1</code> <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">Standard Subresource
@@ -334,7 +335,8 @@ <h4 id="dependencies">dependencies</h4>
 <li>
 <p>resolved: For registry sources this is path of the tarball relative to
 the registry URL.  If the tarball URL isn’t on the same server as the
-registry URL then this is a complete URL.</p>
+registry URL then this is a complete URL. <code>registry.npmjs.org</code> is a magic
+value meaning “the currently configured registry”.</p>
 </li>
 <li>
 <p>bundled:  If true, this is the bundled dependency and will be installed

deps/npm/docs/output/using-npm/registry.html

@@ -163,6 +163,12 @@ <h2 id="table-of-contents">Table of contents</h2>
 <a href="../using-npm/scope.html"><code>scope</code></a>. If no scope is specified, the default registry is used, which is
 supplied by the <code>registry</code> config parameter.  See <a href="../commands/npm-config.html"><code>npm config</code></a>,
 <a href="../configuring-npm/npmrc.html"><code>npmrc</code></a>, and <a href="../using-npm/config.html"><code>config</code></a> for more on managing npm’s configuration.</p>
+<p>When the default registry is used in a package-lock or shrinkwrap is has the
+special meaning of “the currently configured registry”. If you create a lock
+file while using the default registry you can switch to another registry and
+npm will install packages from the new registry, but if you create a lock
+file while using a custom registry packages will be installed from that
+registry even after you change to another registry.</p>
 <h3 id="does-npm-send-any-information-about-me-back-to-the-registry">Does npm send any information about me back to the registry?</h3>
 <p>Yes.</p>
 <p>When making requests of the registry npm adds two headers with information

deps/npm/lib/deprecate.js

@@ -49,7 +49,7 @@ class Deprecate extends BaseCommand {
   }
 
   async deprecate ([pkg, msg]) {
-    // msg == null becase '' is a valid value, it indicates undeprecate
+    // msg == null because '' is a valid value, it indicates undeprecate
     if (!pkg || msg == null)
       throw this.usageError()
 

deps/npm/man/man1/npm-ls.1

@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@7\.24\.0 /path/to/npm
+npm@7\.24\.1 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi

deps/npm/man/man1/npm.1

@@ -10,7 +10,7 @@ npm <command> [args]
 .RE
 .SS Version
 .P
-7\.24\.0
+7\.24\.1
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts

deps/npm/man/man5/package-lock-json.5

@@ -142,7 +142,8 @@ resolved: The place where the package was actually resolved from\.  In
 the case of packages fetched from the registry, this will be a url to a
 tarball\.  In the case of git dependencies, this will be the full git url
 with commit sha\.  In the case of link dependencies, this will be the
-location of the link target\.
+location of the link target\. \fBregistry\.npmjs\.org\fP is a magic value meaning
+"the currently configured registry"\.
 .IP \(bu 2
 integrity: A \fBsha512\fP or \fBsha1\fP Standard Subresource
 Integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR
@@ -215,7 +216,8 @@ dependencies, this is the commit sha\.
 .IP \(bu 2
 resolved: For registry sources this is path of the tarball relative to
 the registry URL\.  If the tarball URL isn't on the same server as the
-registry URL then this is a complete URL\.
+registry URL then this is a complete URL\. \fBregistry\.npmjs\.org\fP is a magic
+value meaning "the currently configured registry"\.
 .IP \(bu 2
 bundled:  If true, this is the bundled dependency and will be installed
 by the parent module\.  When installing, this module will be extracted

deps/npm/man/man7/registry.7

@@ -26,6 +26,13 @@ The registry URL used is determined by the scope of the package (see
 npm help \fBscope\fP\|\. If no scope is specified, the default registry is used, which is
 supplied by the \fBregistry\fP config parameter\.  See npm help \fBconfig\fP,
 npm help \fBnpmrc\fP, and npm help \fBconfig\fP for more on managing npm's configuration\.
+.P
+When the default registry is used in a package\-lock or shrinkwrap is has the
+special meaning of "the currently configured registry"\. If you create a lock
+file while using the default registry you can switch to another registry and
+npm will install packages from the new registry, but if you create a lock
+file while using a custom registry packages will be installed from that
+registry even after you change to another registry\.
 .SS Does npm send any information about me back to the registry?
 .P
 Yes\.