deps: upgrade npm to 9.6.2

deps/npm/docs/content/commands/npm-install-ci-test.md

@@ -9,7 +9,7 @@ description: Install a project with a clean slate and run tests
 ```bash
 npm install-ci-test
 
-alias: cit
+aliases: cit, clean-install-test, sit
 ```
 
 ### Description

deps/npm/docs/content/commands/npm-ls.md

@@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages.  For
 example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@9.5.1 /path/to/npm
+npm@9.6.2 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 ```

deps/npm/docs/content/commands/npm.md

@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-9.5.1
+9.6.2
 
 ### Description
 

deps/npm/docs/content/configuring-npm/package-lock-json.md

@@ -112,12 +112,9 @@ the npm registry.  Lockfiles generated by npm v7 will contain
 * No version provided: an "ancient" shrinkwrap file from a version of npm
   prior to npm v5.
 * `1`: The lockfile version used by npm v5 and v6.
-* `2`: The lockfile version used by npm v7, which is backwards compatible
-  to v1 lockfiles.
-* `3`: The lockfile version used by npm v7, _without_ backwards
-  compatibility affordances.  This is used for the hidden lockfile at
-  `node_modules/.package-lock.json`, and will likely be used in a future
-  version of npm, once support for npm v6 is no longer relevant.
+* `2`: The lockfile version used by npm v7 and v8. Backwards compatible to v1
+  lockfiles.
+* `3`: The lockfile version used by npm v9. Backwards compatible to npm v7.
 
 npm will always attempt to get whatever data it can out of a lockfile, even
 if it is not a version that it was designed to support.

deps/npm/docs/output/commands/npm-install-ci-test.html

@@ -148,7 +148,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
 <pre><code class="language-bash">npm install-ci-test
 
-alias: cit
+aliases: cit, clean-install-test, sit
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This command runs <code>npm ci</code> followed immediately by <code>npm test</code>.</p>

deps/npm/docs/output/commands/npm-ls.html

@@ -160,7 +160,7 @@ <h3 id="description">Description</h3>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre><code class="language-bash">npm@9.5.1 /path/to/npm
+<pre><code class="language-bash">npm@9.6.2 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>

deps/npm/docs/output/commands/npm.html

@@ -150,7 +150,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 </code></pre>
 <p>Note: This command is unaware of workspaces.</p>
 <h3 id="version">Version</h3>
-<p>9.5.1</p>
+<p>9.6.2</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/docs/output/configuring-npm/package-lock-json.html

@@ -239,12 +239,9 @@ <h4 id="lockfileversion"><code>lockfileVersion</code></h4>
 <li>No version provided: an "ancient" shrinkwrap file from a version of npm
 prior to npm v5.</li>
 <li><code>1</code>: The lockfile version used by npm v5 and v6.</li>
-<li><code>2</code>: The lockfile version used by npm v7, which is backwards compatible
-to v1 lockfiles.</li>
-<li><code>3</code>: The lockfile version used by npm v7, <em>without</em> backwards
-compatibility affordances.  This is used for the hidden lockfile at
-<code>node_modules/.package-lock.json</code>, and will likely be used in a future
-version of npm, once support for npm v6 is no longer relevant.</li>
+<li><code>2</code>: The lockfile version used by npm v7 and v8. Backwards compatible to v1
+lockfiles.</li>
+<li><code>3</code>: The lockfile version used by npm v9. Backwards compatible to npm v7.</li>
 </ul>
 <p>npm will always attempt to get whatever data it can out of a lockfile, even
 if it is not a version that it was designed to support.</p>

deps/npm/lib/commands/access.js

@@ -53,20 +53,22 @@ class Access extends BaseCommand {
       return commands
     }
 
-    switch (argv[2]) {
-      case 'grant':
-        return ['read-only', 'read-write']
-      case 'revoke':
-        return []
-      case 'list':
-      case 'ls':
-        return ['packages', 'collaborators']
-      case 'get':
-        return ['status']
-      case 'set':
-        return setCommands
-      default:
-        throw new Error(argv[2] + ' not recognized')
+    if (argv.length === 3) {
+      switch (argv[2]) {
+        case 'grant':
+          return ['read-only', 'read-write']
+        case 'revoke':
+          return []
+        case 'list':
+        case 'ls':
+          return ['packages', 'collaborators']
+        case 'get':
+          return ['status']
+        case 'set':
+          return setCommands
+        default:
+          throw new Error(argv[2] + ' not recognized')
+      }
     }
   }
 
@@ -116,11 +118,11 @@ class Access extends BaseCommand {
   }
 
   async #grant (permissions, scope, pkg) {
-    await libnpmaccess.setPermissions(scope, pkg, permissions)
+    await libnpmaccess.setPermissions(scope, pkg, permissions, this.npm.flatOptions)
   }
 
   async #revoke (scope, pkg) {
-    await libnpmaccess.removePermissions(scope, pkg)
+    await libnpmaccess.removePermissions(scope, pkg, this.npm.flatOptions)
   }
 
   async #listPackages (owner, pkg) {

deps/npm/lib/commands/audit.js

@@ -389,11 +389,12 @@ class Audit extends ArboristWorkspaceCmd {
     const argv = opts.conf.argv.remain
 
     if (argv.length === 2) {
-      return ['fix']
+      return ['fix', 'signatures']
     }
 
     switch (argv[2]) {
       case 'fix':
+      case 'signatures':
         return []
       default:
         throw Object.assign(new Error(argv[2] + ' not recognized'), {

deps/npm/lib/commands/completion.js

@@ -79,12 +79,10 @@ class Completion extends BaseCommand {
       })
     }
 
-    const { COMP_CWORD, COMP_LINE, COMP_POINT } = process.env
+    const { COMP_CWORD, COMP_LINE, COMP_POINT, COMP_FISH } = process.env
 
     // if the COMP_* isn't in the env, then just dump the script.
-    if (COMP_CWORD === undefined ||
-      COMP_LINE === undefined ||
-      COMP_POINT === undefined) {
+    if (COMP_CWORD === undefined || COMP_LINE === undefined || COMP_POINT === undefined) {
       return dumpScript(resolve(this.npm.npmRoot, 'lib', 'utils', 'completion.sh'))
     }
 
@@ -111,6 +109,7 @@ class Completion extends BaseCommand {
     partialWords.push(partialWord)
 
     const opts = {
+      isFish: COMP_FISH === 'true',
       words,
       w,
       word,

deps/npm/lib/commands/run-script.js

@@ -51,6 +51,9 @@ class RunScript extends BaseCommand {
       // find the script name
       const json = resolve(this.npm.localPrefix, 'package.json')
       const { scripts = {} } = await rpj(json).catch(er => ({}))
+      if (opts.isFish) {
+        return Object.keys(scripts).map(s => `${s}\t${scripts[s].slice(0, 30)}`)
+      }
       return Object.keys(scripts)
     }
   }

deps/npm/lib/utils/audit-error.js

@@ -1,4 +1,5 @@
 const log = require('./log-shim')
+const replaceInfo = require('./replace-info.js')
 
 // print an error or just nothing if the audit report has an error
 // this is called by the audit command, and by the reify-output util
@@ -24,7 +25,7 @@ const auditError = (npm, report) => {
     npm.output(JSON.stringify({
       message: error.message,
       method: error.method,
-      uri: error.uri,
+      uri: replaceInfo(error.uri),
       headers: error.headers,
       statusCode: error.statusCode,
       body,

deps/npm/lib/utils/cmd-list.js

@@ -36,7 +36,7 @@ const aliases = {
   v: 'view',
   run: 'run-script',
   'clean-install': 'ci',
-  'clean-install-test': 'cit',
+  'clean-install-test': 'install-ci-test',
   x: 'exec',
   why: 'explain',
   la: 'll',
@@ -62,7 +62,7 @@ const aliases = {
   upgrade: 'update',
   udpate: 'update',
   rum: 'run-script',
-  sit: 'cit',
+  sit: 'install-ci-test',
   urn: 'run-script',
   ogr: 'org',
   'add-user': 'adduser',

deps/npm/lib/utils/completion.fish

@@ -0,0 +1,40 @@
+# npm completions for Fish shell
+# This script is a work in progress and does not fall under the normal semver contract as the rest of npm.
+
+# __fish_npm_needs_command taken from:
+# https://stackoverflow.com/questions/16657803/creating-autocomplete-script-with-sub-commands
+function __fish_npm_needs_command
+    set -l cmd (commandline -opc)
+
+    if test (count $cmd) -eq 1
+        return 0
+    end
+
+    return 1
+end
+
+# Taken from https://github.com/fish-shell/fish-shell/blob/HEAD/share/completions/npm.fish
+function __fish_complete_npm -d "Complete the commandline using npm's 'completion' tool"
+    # tell npm we are fish shell
+    set -lx COMP_FISH true
+    if command -sq npm
+        # npm completion is bash-centric, so we need to translate fish's "commandline" stuff to bash's $COMP_* stuff
+        # COMP_LINE is an array with the words in the commandline
+        set -lx COMP_LINE (commandline -opc)
+        # COMP_CWORD is the index of the current word in COMP_LINE
+        # bash starts arrays with 0, so subtract 1
+        set -lx COMP_CWORD (math (count $COMP_LINE) - 1)
+        # COMP_POINT is the index of point/cursor when the commandline is viewed as a string
+        set -lx COMP_POINT (commandline -C)
+        # If the cursor is after the last word, the empty token will disappear in the expansion
+        # Readd it
+        if test (commandline -ct) = ""
+            set COMP_CWORD (math $COMP_CWORD + 1)
+            set COMP_LINE $COMP_LINE ""
+        end
+        command npm completion -- $COMP_LINE 2>/dev/null
+    end
+end
+
+# flush out what ships with fish
+complete -e npm

deps/npm/man/man1/npm-access.1

@@ -1,4 +1,4 @@
-.TH "NPM-ACCESS" "1" "February 2023" "" ""
+.TH "NPM-ACCESS" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-access\fR - Set access level on published packages
 .SS "Synopsis"

deps/npm/man/man1/npm-adduser.1

@@ -1,4 +1,4 @@
-.TH "NPM-ADDUSER" "1" "February 2023" "" ""
+.TH "NPM-ADDUSER" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-adduser\fR - Add a registry user account
 .SS "Synopsis"

deps/npm/man/man1/npm-audit.1

@@ -1,4 +1,4 @@
-.TH "NPM-AUDIT" "1" "February 2023" "" ""
+.TH "NPM-AUDIT" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-audit\fR - Run a security audit
 .SS "Synopsis"

deps/npm/man/man1/npm-bugs.1

@@ -1,4 +1,4 @@
-.TH "NPM-BUGS" "1" "February 2023" "" ""
+.TH "NPM-BUGS" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-bugs\fR - Report bugs for a package in a web browser
 .SS "Synopsis"

deps/npm/man/man1/npm-cache.1

@@ -1,4 +1,4 @@
-.TH "NPM-CACHE" "1" "February 2023" "" ""
+.TH "NPM-CACHE" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-cache\fR - Manipulates packages cache
 .SS "Synopsis"

deps/npm/man/man1/npm-ci.1

@@ -1,4 +1,4 @@
-.TH "NPM-CI" "1" "February 2023" "" ""
+.TH "NPM-CI" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-ci\fR - Clean install a project
 .SS "Synopsis"

deps/npm/man/man1/npm-completion.1

@@ -1,4 +1,4 @@
-.TH "NPM-COMPLETION" "1" "February 2023" "" ""
+.TH "NPM-COMPLETION" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-completion\fR - Tab Completion for npm
 .SS "Synopsis"

deps/npm/man/man1/npm-config.1

@@ -1,4 +1,4 @@
-.TH "NPM-CONFIG" "1" "February 2023" "" ""
+.TH "NPM-CONFIG" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-config\fR - Manage the npm configuration files
 .SS "Synopsis"

deps/npm/man/man1/npm-dedupe.1

@@ -1,4 +1,4 @@
-.TH "NPM-DEDUPE" "1" "February 2023" "" ""
+.TH "NPM-DEDUPE" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-dedupe\fR - Reduce duplication in the package tree
 .SS "Synopsis"

deps/npm/man/man1/npm-deprecate.1

@@ -1,4 +1,4 @@
-.TH "NPM-DEPRECATE" "1" "February 2023" "" ""
+.TH "NPM-DEPRECATE" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-deprecate\fR - Deprecate a version of a package
 .SS "Synopsis"

deps/npm/man/man1/npm-diff.1

@@ -1,4 +1,4 @@
-.TH "NPM-DIFF" "1" "February 2023" "" ""
+.TH "NPM-DIFF" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-diff\fR - The registry diff command
 .SS "Synopsis"

deps/npm/man/man1/npm-dist-tag.1

@@ -1,4 +1,4 @@
-.TH "NPM-DIST-TAG" "1" "February 2023" "" ""
+.TH "NPM-DIST-TAG" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-dist-tag\fR - Modify package distribution tags
 .SS "Synopsis"

deps/npm/man/man1/npm-docs.1

@@ -1,4 +1,4 @@
-.TH "NPM-DOCS" "1" "February 2023" "" ""
+.TH "NPM-DOCS" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-docs\fR - Open documentation for a package in a web browser
 .SS "Synopsis"

deps/npm/man/man1/npm-doctor.1

@@ -1,4 +1,4 @@
-.TH "NPM-DOCTOR" "1" "February 2023" "" ""
+.TH "NPM-DOCTOR" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-doctor\fR - Check your npm environment
 .SS "Synopsis"

deps/npm/man/man1/npm-edit.1

@@ -1,4 +1,4 @@
-.TH "NPM-EDIT" "1" "February 2023" "" ""
+.TH "NPM-EDIT" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-edit\fR - Edit an installed package
 .SS "Synopsis"

deps/npm/man/man1/npm-exec.1

@@ -1,4 +1,4 @@
-.TH "NPM-EXEC" "1" "February 2023" "" ""
+.TH "NPM-EXEC" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-exec\fR - Run a command from a local or remote npm package
 .SS "Synopsis"

deps/npm/man/man1/npm-explain.1

@@ -1,4 +1,4 @@
-.TH "NPM-EXPLAIN" "1" "February 2023" "" ""
+.TH "NPM-EXPLAIN" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-explain\fR - Explain installed packages
 .SS "Synopsis"

deps/npm/man/man1/npm-explore.1

@@ -1,4 +1,4 @@
-.TH "NPM-EXPLORE" "1" "February 2023" "" ""
+.TH "NPM-EXPLORE" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-explore\fR - Browse an installed package
 .SS "Synopsis"

deps/npm/man/man1/npm-find-dupes.1

@@ -1,4 +1,4 @@
-.TH "NPM-FIND-DUPES" "1" "February 2023" "" ""
+.TH "NPM-FIND-DUPES" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-find-dupes\fR - Find duplication in the package tree
 .SS "Synopsis"

deps/npm/man/man1/npm-fund.1

@@ -1,4 +1,4 @@
-.TH "NPM-FUND" "1" "February 2023" "" ""
+.TH "NPM-FUND" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-fund\fR - Retrieve funding information
 .SS "Synopsis"

deps/npm/man/man1/npm-help-search.1

@@ -1,4 +1,4 @@
-.TH "NPM-HELP-SEARCH" "1" "February 2023" "" ""
+.TH "NPM-HELP-SEARCH" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-help-search\fR - Search npm help documentation
 .SS "Synopsis"

deps/npm/man/man1/npm-help.1

@@ -1,4 +1,4 @@
-.TH "NPM-HELP" "1" "February 2023" "" ""
+.TH "NPM-HELP" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-help\fR - Get help on npm
 .SS "Synopsis"

deps/npm/man/man1/npm-hook.1

@@ -1,4 +1,4 @@
-.TH "NPM-HOOK" "1" "February 2023" "" ""
+.TH "NPM-HOOK" "1" "March 2023" "" ""
 .SH "NAME"
 \fBnpm-hook\fR - Manage registry hooks
 .SS "Synopsis"