deps: upgrade npm to 9.1.0

deps/npm/README.md

@@ -9,9 +9,9 @@
 
 One of the following versions of [Node.js](https://nodejs.org/en/download/) must be installed to run **`npm`**:
 
-* `12.x.x` >= `12.13.0`
-* `14.x.x` >= `14.15.0`
-* `16.0.0` or higher
+* `14.x.x` >= `14.17.0`
+* `16.x.x` >= `16.13.0`
+* `18.0.0` or higher
 
 ### Installation
 

deps/npm/bin/npx-cli.js

@@ -98,6 +98,7 @@ for (i = 3; i < process.argv.length; i++) {
     }
 
     if (removed.has(key)) {
+      // eslint-disable-next-line no-console
       console.error(`npx: the --${key} argument has been removed.`)
       sawRemovedFlags = true
       process.argv.splice(i, 1)
@@ -122,6 +123,7 @@ for (i = 3; i < process.argv.length; i++) {
 }
 
 if (sawRemovedFlags) {
+  // eslint-disable-next-line no-console
   console.error('See `npm help exec` for more information')
 }
 

deps/npm/docs/README.md

@@ -0,0 +1,5 @@
+# docs
+
+[![CI - docs](https://github.com/npm/cli/actions/workflows/ci-docs.yml/badge.svg)](https://github.com/npm/cli/actions/workflows/ci-docs.yml)
+
+Scripts to build the npm docs.

deps/npm/docs/content/commands/npm-access.md

@@ -6,27 +6,16 @@ description: Set access level on published packages
 
 ### Synopsis
 
-<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/access.js -->
-
 ```bash
-npm access public [<package>]
-npm access restricted [<package>]
+npm access list packages [<user>|<scope>|<scope:team> [<package>]
+npm access list collaborators [<package> [<user>]]
+npm access get status [<package>]
+npm access set status=public|private [<package>]
+npm access set mfa=none|publish|automation [<package>]
 npm access grant <read-only|read-write> <scope:team> [<package>]
 npm access revoke <scope:team> [<package>]
-npm access 2fa-required [<package>]
-npm access 2fa-not-required [<package>]
-npm access ls-packages [<user>|<scope>|<scope:team>]
-npm access ls-collaborators [<package> [<user>]]
-npm access edit [<package>]
 ```
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/access.js -->
-
-<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
-
 ### Description
 
 Used to set access controls on private packages.
@@ -88,18 +77,17 @@ Management of teams and team memberships is done with the `npm team` command.
 
 ### Configuration
 
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-#### `registry`
+#### `json`
 
-* Default: "https://registry.npmjs.org/"
-* Type: URL
+* Default: false
+* Type: Boolean
 
-The base URL of the npm registry.
+Whether or not to output JSON data, rather than the normal output.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
+* In `npm pkg set` it enables parsing set values with JSON.parse() before
+  saving them to your `package.json`.
+
+Not supported by all npm commands.
 
 #### `otp`
 
@@ -112,10 +100,12 @@ when publishing or changing package permissions with `npm access`.
 If not set, and a registry response fails with a challenge for a one-time
 password, npm will prompt on the command line for one.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
+#### `registry`
+
+* Default: "https://registry.npmjs.org/"
+* Type: URL
 
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
+The base URL of the npm registry.
 
 ### See Also
 

deps/npm/docs/content/commands/npm-adduser.md

@@ -6,57 +6,32 @@ description: Add a registry user account
 
 ### Synopsis
 
-<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/adduser.js -->
-
 ```bash
 npm adduser
 
-aliases: login, add-user
+alias: add-user
 ```
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/adduser.js -->
-
-<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
-
 Note: This command is unaware of workspaces.
 
 ### Description
 
-Create or verify a user named `<username>` in the specified registry, and
-save the credentials to the `.npmrc` file. If no registry is specified,
-the default registry will be used (see [`config`](/using-npm/config)).
-
-The username, password, and email are read in from prompts.
-
-To reset your password, go to <https://www.npmjs.com/forgot>
-
-To change your email address, go to <https://www.npmjs.com/email-edit>
+Create a new user in the specified registry, and save the credentials to
+the `.npmrc` file. If no registry is specified, the default registry
+will be used (see [`registry`](/using-npm/registry)).
 
-You may use this command multiple times with the same user account to
-authorize on a new machine.  When authenticating on a new machine,
-the username, password and email address must all match with
-your existing record.
-
-`npm login` is an alias to `adduser` and behaves exactly the same way.
+When using `legacy` for your `auth-type`, the username, password, and
+email are read in from prompts.
 
 ### Configuration
 
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
 #### `registry`
 
 * Default: "https://registry.npmjs.org/"
 * Type: URL
 
 The base URL of the npm registry.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `scope`
 
 * Default: the scope of the current project, if any, or ""
@@ -87,24 +62,13 @@ npm init --scope=@foo --yes
 ```
 
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `auth-type`
 
-* Default: "legacy"
-* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
-NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
-removed in a future version.
+* Default: "web"
+* Type: "legacy" or "web"
 
 What authentication strategy to use with `login`.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
-
 ### See Also
 
 * [npm registry](/using-npm/registry)

deps/npm/docs/content/commands/npm-audit.md

@@ -6,19 +6,10 @@ description: Run a security audit
 
 ### Synopsis
 
-<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/audit.js -->
-
 ```bash
 npm audit [fix|signatures]
 ```
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/commands/audit.js -->
-
-<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
-
 ### Description
 
 The audit command submits a description of the dependencies configured in
@@ -109,9 +100,9 @@ the path `/-/npm/v1/security/advisories/bulk`.
 
 Any packages in the tree that do not have a `version` field in their
 package.json file will be ignored.  If any `--omit` options are specified
-(either via the `--omit` config, or one of the shorthands such as
-`--production`, `--only=dev`, and so on), then packages will be omitted
-from the submitted payload as appropriate.
+(either via the [`--omit` config](/using-npm/config#omit), or one of the
+shorthands such as `--production`, `--only=dev`, and so on), then packages will
+be omitted from the submitted payload as appropriate.
 
 If the registry responds with an error, or with an invalid response, then
 npm will attempt to load advisory data from the `Quick Audit` endpoint.
@@ -188,7 +179,7 @@ vulnerabilities are found _or_ if the remediation is able to successfully
 fix all vulnerabilities.
 
 If vulnerabilities were found the exit code will depend on the
-`audit-level` configuration setting.
+[`audit-level` config](/using-npm/config#audit-level).
 
 ### Examples
 
@@ -247,9 +238,6 @@ $ npm audit --audit-level=moderate
 
 ### Configuration
 
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
 #### `audit-level`
 
 * Default: null
@@ -258,9 +246,6 @@ $ npm audit --audit-level=moderate
 The minimum level of vulnerability for `npm audit` to exit with a non-zero
 exit code.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `dry-run`
 
 * Default: false
@@ -274,9 +259,6 @@ commands that modify your local installation, eg, `install`, `update`,
 Note: This is NOT honored by other network related commands, eg `dist-tags`,
 `owner`, etc.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `force`
 
 * Default: false
@@ -303,9 +285,6 @@ mistakes, unnecessary performance degradation, and malicious input.
 If you don't have a clear idea of what you want to do, it is strongly
 recommended that you do not use this option!
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `json`
 
 * Default: false
@@ -318,9 +297,6 @@ Whether or not to output JSON data, rather than the normal output.
 
 Not supported by all npm commands.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `package-lock-only`
 
 * Default: false
@@ -335,9 +311,6 @@ instead of checking `node_modules` and downloading dependencies.
 For `list` this means the output will be based on the tree described by the
 `package-lock.json`, rather than the contents of `node_modules`.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `omit`
 
 * Default: 'dev' if the `NODE_ENV` environment variable is set to
@@ -356,9 +329,6 @@ it will be included.
 If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment
 variable will be set to `'production'` for all lifecycle scripts.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `foreground-scripts`
 
 * Default: false
@@ -371,9 +341,6 @@ input, output, and error with the main npm process.
 Note that this will generally make installs run slower, and be much noisier,
 but can be useful for debugging.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `ignore-scripts`
 
 * Default: false
@@ -386,9 +353,6 @@ Note that commands explicitly intended to run a particular script, such as
 will still run their intended script if `ignore-scripts` is set, but they
 will *not* run any pre- or post-scripts.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `workspace`
 
 * Default:
@@ -411,9 +375,6 @@ brand new workspace within the project.
 
 This value is not exported to the environment for child processes.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `workspaces`
 
 * Default: null
@@ -432,9 +393,6 @@ _unless_ one or more workspaces are specified in the `workspace` config.
 
 This value is not exported to the environment for child processes.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `include-workspace-root`
 
 * Default: false
@@ -448,22 +406,14 @@ the specified workspaces, and not on the root project.
 
 This value is not exported to the environment for child processes.
 
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `install-links`
 
-* Default: false
+* Default: true
 * Type: Boolean
 
-When set file: protocol dependencies that exist outside of the project root
-will be packed and installed as regular dependencies instead of creating a
-symlink. This option has no effect on workspaces.
-
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
-<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
+When set file: protocol dependencies will be packed and installed as regular
+dependencies instead of creating a symlink. This option has no effect on
+workspaces.
 
 ### See Also