deps: upgrade npm to 8.18.0

deps/npm/docs/content/configuring-npm/package-json.md

@@ -873,7 +873,7 @@ be found or fails to install, then you may put it in the
 `optionalDependencies` object.  This is a map of package name to version or
 url, just like the `dependencies` object.  The difference is that build
 failures do not cause installation to fail.  Running `npm install
---no-optional` will prevent these dependencies from being installed.
+--omit=optional` will prevent these dependencies from being installed.
 
 It is still your program's responsibility to handle the lack of the
 dependency.  For example, something like this:

deps/npm/docs/content/using-npm/dependency-selectors.md

@@ -54,7 +54,7 @@ The [`npm query`](/commands/npm-query) commmand exposes a new dependency selecto
 - [`:private`](https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private) when a dependency is private
 - `:link` when a dependency is linked (for instance, workspaces or packages manually [`linked`](https://docs.npmjs.com/cli/v8/commands/npm-link)
 - `:deduped` when a dependency has been deduped (note that this does *not* always mean the dependency has been hoisted to the root of node_modules)
-- `:override` when a dependency is an override (not implemented yet)
+- `:overridden` when a dependency has been overridden
 - `:extraneous` when a dependency exists but is not defined as a dependency of any node
 - `:invalid` when a dependency version is out of its ancestors specified range
 - `:missing` when a dependency is not found on disk

deps/npm/docs/output/commands/npm-ls.html

@@ -166,7 +166,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre lang="bash"><code>npm@8.17.0 /path/to/npm
+<pre lang="bash"><code>npm@8.18.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>

deps/npm/docs/output/commands/npm.html

@@ -149,7 +149,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <!-- raw HTML omitted -->
 <!-- raw HTML omitted -->
 <h3 id="version">Version</h3>
-<p>8.17.0</p>
+<p>8.18.0</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/docs/output/configuring-npm/package-json.html

@@ -803,7 +803,7 @@ <h3 id="optionaldependencies">optionalDependencies</h3>
 be found or fails to install, then you may put it in the
 <code>optionalDependencies</code> object.  This is a map of package name to version or
 url, just like the <code>dependencies</code> object.  The difference is that build
-failures do not cause installation to fail.  Running <code>npm install --no-optional</code> will prevent these dependencies from being installed.</p>
+failures do not cause installation to fail.  Running <code>npm install --omit=optional</code> will prevent these dependencies from being installed.</p>
 <p>It is still your program's responsibility to handle the lack of the
 dependency.  For example, something like this:</p>
 <pre lang="js"><code>try {

deps/npm/docs/output/using-npm/dependency-selectors.html

@@ -194,7 +194,7 @@ <h4 id="pseudo-selectors">Pseudo Selectors</h4>
 <li><a href="https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private"><code>:private</code></a> when a dependency is private</li>
 <li><code>:link</code> when a dependency is linked (for instance, workspaces or packages manually <a href="https://docs.npmjs.com/cli/v8/commands/npm-link"><code>linked</code></a></li>
 <li><code>:deduped</code> when a dependency has been deduped (note that this does <em>not</em> always mean the dependency has been hoisted to the root of node_modules)</li>
-<li><code>:override</code> when a dependency is an override (not implemented yet)</li>
+<li><code>:overridden</code> when a dependency has been overridden</li>
 <li><code>:extraneous</code> when a dependency exists but is not defined as a dependency of any node</li>
 <li><code>:invalid</code> when a dependency version is out of its ancestors specified range</li>
 <li><code>:missing</code> when a dependency is not found on disk</li>

deps/npm/lib/commands/explain.js

@@ -59,7 +59,7 @@ class Explain extends ArboristWorkspaceCmd {
 
     const expls = []
     for (const node of nodes) {
-      const { extraneous, dev, optional, devOptional, peer, inBundle } = node
+      const { extraneous, dev, optional, devOptional, peer, inBundle, overridden } = node
       const expl = node.explain()
       if (extraneous) {
         expl.extraneous = true
@@ -69,6 +69,7 @@ class Explain extends ArboristWorkspaceCmd {
         expl.devOptional = devOptional
         expl.peer = peer
         expl.bundled = inBundle
+        expl.overridden = overridden
       }
       expls.push(expl)
     }

deps/npm/lib/commands/ls.js

@@ -329,6 +329,11 @@ const getHumanOutputItem = (node, { args, color, global, long }) => {
         ? ' ' + (color ? chalk.green.bgBlack('extraneous') : 'extraneous')
         : ''
     ) +
+    (
+      node.overridden
+        ? ' ' + (color ? chalk.gray('overridden') : 'overridden')
+        : ''
+    ) +
     (isGitNode(node) ? ` (${node.resolved})` : '') +
     (node.isLink ? ` -> ${relativePrefix}${targetLocation}` : '') +
     (long ? `${EOL}${node.package.description || ''}` : '')
@@ -347,6 +352,13 @@ const getJsonOutputItem = (node, { global, long }) => {
     item.resolved = node.resolved
   }
 
+  // if the node is the project root, do not add the overridden flag. the project root can't be
+  // overridden anyway, and if we add the flag it causes undesirable behavior when `npm ls --json`
+  // is ran in an empty directory since we end up printing an object with only an overridden prop
+  if (!node.isProjectRoot) {
+    item.overridden = node.overridden
+  }
+
   item[_name] = node.name
 
   // special formatting for top-level package name
@@ -555,6 +567,7 @@ const parseableOutput = ({ global, long, seenNodes }) => {
         out += node.path !== node.realpath ? `:${node.realpath}` : ''
         out += isExtraneous(node, { global }) ? ':EXTRANEOUS' : ''
         out += node[_invalid] ? ':INVALID' : ''
+        out += node.overridden ? ':OVERRIDDEN' : ''
       }
       out += EOL
     }

deps/npm/lib/commands/query.js

@@ -20,6 +20,7 @@ class QuerySelectorItem {
     this.dev = node.target.dev
     this.inBundle = node.target.inBundle
     this.deduped = this.from.length > 1
+    this.overridden = node.overridden
     for (const edge of node.target.edgesIn) {
       this.from.push(edge.from.location)
     }

deps/npm/lib/utils/explain-dep.js

@@ -8,6 +8,7 @@ const nocolor = {
   magenta: s => s,
   blue: s => s,
   green: s => s,
+  gray: s => s,
 }
 
 const { relative } = require('path')
@@ -18,13 +19,14 @@ const explainNode = (node, depth, color) =>
   explainLinksIn(node, depth, color)
 
 const colorType = (type, color) => {
-  const { red, yellow, cyan, magenta, blue, green } = color ? chalk : nocolor
+  const { red, yellow, cyan, magenta, blue, green, gray } = color ? chalk : nocolor
   const style = type === 'extraneous' ? red
     : type === 'dev' ? yellow
     : type === 'optional' ? cyan
     : type === 'peer' ? magenta
     : type === 'bundled' ? blue
     : type === 'workspace' ? green
+    : type === 'overridden' ? gray
     : /* istanbul ignore next */ s => s
   return style(type)
 }
@@ -40,6 +42,7 @@ const printNode = (node, color) => {
     peer,
     bundled,
     isWorkspace,
+    overridden,
   } = node
   const { bold, dim, green } = color ? chalk : nocolor
   const extra = []
@@ -63,6 +66,10 @@ const printNode = (node, color) => {
     extra.push(' ' + bold(colorType('bundled', color)))
   }
 
+  if (overridden) {
+    extra.push(' ' + bold(colorType('overridden', color)))
+  }
+
   const pkgid = isWorkspace
     ? green(`${name}@${version}`)
     : `${bold(name)}@${bold(version)}`
@@ -112,11 +119,15 @@ const explainDependents = ({ name, dependents }, depth, color) => {
   return str.split('\n').join('\n  ')
 }
 
-const explainEdge = ({ name, type, bundled, from, spec }, depth, color) => {
+const explainEdge = ({ name, type, bundled, from, spec, rawSpec, overridden }, depth, color) => {
   const { bold } = color ? chalk : nocolor
-  const dep = type === 'workspace'
+  let dep = type === 'workspace'
     ? bold(relative(from.location, spec.slice('file:'.length)))
     : `${bold(name)}@"${bold(spec)}"`
+  if (overridden) {
+    dep = `${colorType('overridden', color)} ${dep} (was "${rawSpec}")`
+  }
+
   const fromMsg = ` from ${explainFrom(from, depth, color)}`
 
   return (type === 'prod' ? '' : `${colorType(type, color)} `) +

deps/npm/man/man1/npm-ls.1

@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@8\.17\.0 /path/to/npm
+npm@8\.18\.0 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi

deps/npm/man/man1/npm.1

@@ -4,7 +4,7 @@
 .SS Synopsis
 .SS Version
 .P
-8\.17\.0
+8\.18\.0
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts

deps/npm/man/man5/package-json.5

@@ -969,7 +969,7 @@ be found or fails to install, then you may put it in the
 \fBoptionalDependencies\fP object\.  This is a map of package name to version or
 url, just like the \fBdependencies\fP object\.  The difference is that build
 failures do not cause installation to fail\.  Running \fBnpm install
-\-\-no\-optional\fP will prevent these dependencies from being installed\.
+\-\-omit=optional\fP will prevent these dependencies from being installed\.
 .P
 It is still your program's responsibility to handle the lack of the
 dependency\.  For example, something like this:

deps/npm/man/man7/dependency-selectors.7

@@ -87,7 +87,7 @@ the term "dependencies" is in reference to any \fBNode\fP found in a \fBtree\fP
 .IP \(bu 2
 \fB:deduped\fP when a dependency has been deduped (note that this does \fInot\fR always mean the dependency has been hoisted to the root of node_modules)
 .IP \(bu 2
-\fB:override\fP when a dependency is an override (not implemented yet)
+\fB:overridden\fP when a dependency has been overridden
 .IP \(bu 2
 \fB:extraneous\fP when a dependency exists but is not defined as a dependency of any node
 .IP \(bu 2