diff --git a/deps/npm/docs/content/commands/npm-ci.md b/deps/npm/docs/content/commands/npm-ci.md index 9b8238d05a3..30a03365ade 100644 --- a/deps/npm/docs/content/commands/npm-ci.md +++ b/deps/npm/docs/content/commands/npm-ci.md @@ -84,15 +84,129 @@ cache: -#### `audit` +#### `save` + +* Default: `true` unless when using `npm update` where it defaults to `false` +* Type: Boolean + +Save installed packages to a `package.json` file as dependencies. + +When used with the `npm rm` command, removes the dependency from +`package.json`. + +Will also prevent writing to `package-lock.json` if set to `false`. + + + + +#### `save-exact` + +* Default: false +* Type: Boolean + +Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator. + + + + +#### `global` + +* Default: false +* Type: Boolean + +Operates in "global" mode, so that packages are installed into the `prefix` +folder instead of the current working directory. See +[folders](/configuring-npm/folders) for more on the differences in behavior. + +* packages are installed into the `{prefix}/lib/node_modules` folder, instead + of the current working directory. +* bin files are linked to `{prefix}/bin` +* man pages are linked to `{prefix}/share/man` + + + + +#### `global-style` + +* Default: false +* Type: Boolean + +Causes npm to install the package into your local `node_modules` folder with +the same layout it uses with the global `node_modules` folder. Only your +direct dependencies will show in `node_modules` and everything they depend +on will be flattened in their `node_modules` folders. This obviously will +eliminate some deduping. If used with `legacy-bundling`, `legacy-bundling` +will be preferred. + + + + +#### `legacy-bundling` + +* Default: false +* Type: Boolean + +Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with `global-style` this option +will be preferred. + + + + +#### `omit` + +* Default: 'dev' if the `NODE_ENV` environment variable is set to + 'production', otherwise empty. +* Type: "dev", "optional", or "peer" (can be set multiple times) + +Dependency types to omit from the installation tree on disk. + +Note that these dependencies _are_ still resolved and added to the +`package-lock.json` or `npm-shrinkwrap.json` file. They are just not +physically installed on disk. + +If a package type appears in both the `--include` and `--omit` lists, then +it will be included. + +If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment +variable will be set to `'production'` for all lifecycle scripts. + + + + +#### `strict-peer-deps` + +* Default: false +* Type: Boolean + +If set to `true`, and `--legacy-peer-deps` is not set, then _any_ +conflicting `peerDependencies` will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships. + +By default, conflicting `peerDependencies` deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's `peerDependencies` object. + +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If `--strict-peer-deps` is set, then +this warning is treated as a failure. + + + + +#### `package-lock` * Default: true * Type: Boolean -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for [`npm audit`](/commands/npm-audit) for details on what is -submitted. +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + +This configuration does not affect `npm ci`. @@ -127,13 +241,132 @@ will *not* run any pre- or post-scripts. -#### `script-shell` +#### `audit` -* Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows -* Type: null or String +* Default: true +* Type: Boolean + +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for [`npm audit`](/commands/npm-audit) for details on what is +submitted. + + + + +#### `bin-links` + +* Default: true +* Type: Boolean + +Tells npm to create symlinks (or `.cmd` shims on Windows) for package +executables. + +Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems. + + + + +#### `fund` + +* Default: true +* Type: Boolean + +When "true" displays the message at the end of each `npm install` +acknowledging the number of dependencies looking for funding. See [`npm +fund`](/commands/npm-fund) for details. + + + + +#### `dry-run` + +* Default: false +* Type: Boolean + +Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, `install`, `update`, +`dedupe`, `uninstall`, as well as `pack` and `publish`. + +Note: This is NOT honored by other network related commands, eg `dist-tags`, +`owner`, etc. + + + + +#### `workspace` + +* Default: +* Type: String (can be set multiple times) + +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option. + +Valid values for the `workspace` config are either: + +* Workspace names +* Path to a workspace directory +* Path to a parent workspace directory (will result in selecting all + workspaces within that folder) + +When set for the `npm init` command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project. + +This value is not exported to the environment for child processes. + + + + +#### `workspaces` + +* Default: null +* Type: null or Boolean + +Set to true to run the command in the context of **all** configured +workspaces. + +Explicitly setting this to false will cause commands like `install` to +ignore workspaces altogether. When not set explicitly: + +- Commands that operate on the `node_modules` tree (install, update, etc.) +will link workspaces into the `node_modules` folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +_unless_ one or more workspaces are specified in the `workspace` config. + +This value is not exported to the environment for child processes. + + + + +#### `include-workspace-root` + +* Default: false +* Type: Boolean + +Include the workspace root when workspaces are enabled for a command. + +When false, specifying individual workspaces via the `workspace` config, or +all workspaces via the `workspaces` flag, will cause npm to operate only on +the specified workspaces, and not on the root project. + +This value is not exported to the environment for child processes. + + + + +#### `install-links` + +* Default: false +* Type: Boolean -The shell to use for scripts run with the `npm exec`, `npm run` and `npm -init ` commands. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces. diff --git a/deps/npm/docs/content/commands/npm-init.md b/deps/npm/docs/content/commands/npm-init.md index cd0be4643e0..f3124a7768d 100644 --- a/deps/npm/docs/content/commands/npm-init.md +++ b/deps/npm/docs/content/commands/npm-init.md @@ -38,6 +38,8 @@ follows: * `npm init foo` -> `npm exec create-foo` * `npm init @usr/foo` -> `npm exec @usr/create-foo` * `npm init @usr` -> `npm exec @usr/create` +* `npm init @usr@2.0.0` -> `npm exec @usr/create@2.0.0` +* `npm init @usr/foo@2.0.0` -> `npm exec @usr/create-foo@2.0.0` If the initializer is omitted (by just calling `npm init`), init will fall back to legacy init behavior. It will ask you a bunch of questions, and diff --git a/deps/npm/docs/content/commands/npm-install-ci-test.md b/deps/npm/docs/content/commands/npm-install-ci-test.md index 74ed4667e81..b886f8ab959 100644 --- a/deps/npm/docs/content/commands/npm-install-ci-test.md +++ b/deps/npm/docs/content/commands/npm-install-ci-test.md @@ -30,15 +30,129 @@ This command runs `npm ci` followed immediately by `npm test`. -#### `audit` +#### `save` + +* Default: `true` unless when using `npm update` where it defaults to `false` +* Type: Boolean + +Save installed packages to a `package.json` file as dependencies. + +When used with the `npm rm` command, removes the dependency from +`package.json`. + +Will also prevent writing to `package-lock.json` if set to `false`. + + + + +#### `save-exact` + +* Default: false +* Type: Boolean + +Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator. + + + + +#### `global` + +* Default: false +* Type: Boolean + +Operates in "global" mode, so that packages are installed into the `prefix` +folder instead of the current working directory. See +[folders](/configuring-npm/folders) for more on the differences in behavior. + +* packages are installed into the `{prefix}/lib/node_modules` folder, instead + of the current working directory. +* bin files are linked to `{prefix}/bin` +* man pages are linked to `{prefix}/share/man` + + + + +#### `global-style` + +* Default: false +* Type: Boolean + +Causes npm to install the package into your local `node_modules` folder with +the same layout it uses with the global `node_modules` folder. Only your +direct dependencies will show in `node_modules` and everything they depend +on will be flattened in their `node_modules` folders. This obviously will +eliminate some deduping. If used with `legacy-bundling`, `legacy-bundling` +will be preferred. + + + + +#### `legacy-bundling` + +* Default: false +* Type: Boolean + +Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with `global-style` this option +will be preferred. + + + + +#### `omit` + +* Default: 'dev' if the `NODE_ENV` environment variable is set to + 'production', otherwise empty. +* Type: "dev", "optional", or "peer" (can be set multiple times) + +Dependency types to omit from the installation tree on disk. + +Note that these dependencies _are_ still resolved and added to the +`package-lock.json` or `npm-shrinkwrap.json` file. They are just not +physically installed on disk. + +If a package type appears in both the `--include` and `--omit` lists, then +it will be included. + +If the resulting omit list includes `'dev'`, then the `NODE_ENV` environment +variable will be set to `'production'` for all lifecycle scripts. + + + + +#### `strict-peer-deps` + +* Default: false +* Type: Boolean + +If set to `true`, and `--legacy-peer-deps` is not set, then _any_ +conflicting `peerDependencies` will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships. + +By default, conflicting `peerDependencies` deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's `peerDependencies` object. + +When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If `--strict-peer-deps` is set, then +this warning is treated as a failure. + + + + +#### `package-lock` * Default: true * Type: Boolean -When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for [`npm audit`](/commands/npm-audit) for details on what is -submitted. +If set to false, then ignore `package-lock.json` files when installing. This +will also prevent _writing_ `package-lock.json` if `save` is true. + +This configuration does not affect `npm ci`. @@ -73,13 +187,132 @@ will *not* run any pre- or post-scripts. -#### `script-shell` +#### `audit` -* Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows -* Type: null or String +* Default: true +* Type: Boolean + +When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for [`npm audit`](/commands/npm-audit) for details on what is +submitted. + + + + +#### `bin-links` + +* Default: true +* Type: Boolean + +Tells npm to create symlinks (or `.cmd` shims on Windows) for package +executables. + +Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems. + + + + +#### `fund` + +* Default: true +* Type: Boolean + +When "true" displays the message at the end of each `npm install` +acknowledging the number of dependencies looking for funding. See [`npm +fund`](/commands/npm-fund) for details. + + + + +#### `dry-run` + +* Default: false +* Type: Boolean + +Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, `install`, `update`, +`dedupe`, `uninstall`, as well as `pack` and `publish`. + +Note: This is NOT honored by other network related commands, eg `dist-tags`, +`owner`, etc. + + + + +#### `workspace` + +* Default: +* Type: String (can be set multiple times) + +Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option. + +Valid values for the `workspace` config are either: + +* Workspace names +* Path to a workspace directory +* Path to a parent workspace directory (will result in selecting all + workspaces within that folder) + +When set for the `npm init` command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project. + +This value is not exported to the environment for child processes. + + + + +#### `workspaces` + +* Default: null +* Type: null or Boolean + +Set to true to run the command in the context of **all** configured +workspaces. + +Explicitly setting this to false will cause commands like `install` to +ignore workspaces altogether. When not set explicitly: + +- Commands that operate on the `node_modules` tree (install, update, etc.) +will link workspaces into the `node_modules` folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +_unless_ one or more workspaces are specified in the `workspace` config. + +This value is not exported to the environment for child processes. + + + + +#### `include-workspace-root` + +* Default: false +* Type: Boolean + +Include the workspace root when workspaces are enabled for a command. + +When false, specifying individual workspaces via the `workspace` config, or +all workspaces via the `workspaces` flag, will cause npm to operate only on +the specified workspaces, and not on the root project. + +This value is not exported to the environment for child processes. + + + + +#### `install-links` + +* Default: false +* Type: Boolean -The shell to use for scripts run with the `npm exec`, `npm run` and `npm -init ` commands. +When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces. diff --git a/deps/npm/docs/content/commands/npm-install.md b/deps/npm/docs/content/commands/npm-install.md index 7e5544f85e3..35e0df22777 100644 --- a/deps/npm/docs/content/commands/npm-install.md +++ b/deps/npm/docs/content/commands/npm-install.md @@ -311,7 +311,7 @@ into a tarball (b). can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither `#` or - `#semver:` is specified, then `master` is used. + `#semver:` is specified, then the default branch is used. As with regular git dependencies, `dependencies` and `devDependencies` will be installed if the package has a `prepare` script before the diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index a97c5168e6e..a7936fafc72 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -44,7 +44,7 @@ npm@@VERSION@ /path/to/npm It will print out extraneous, missing, and invalid packages. If a project specifies git urls for dependencies these are shown -in parentheses after the name@version to make it easier for users to +in parentheses after the `name@version` to make it easier for users to recognize potential forks of a project. The tree shown is the logical dependency tree, based on package @@ -62,7 +62,7 @@ disk would be roughly identical. With the advent of automatic install-time deduplication of dependencies in npm v3, the `ls` output was modified to display the logical dependency graph as a tree structure, since this was more useful to most users. -However, without using `npm ls -l`, it became impossible show _where_ a +However, without using `npm ls -l`, it became impossible to show _where_ a package was actually installed much of the time! With the advent of automatic installation of `peerDependencies` in npm v7, diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md index f0315d60efe..b0231662f69 100644 --- a/deps/npm/docs/content/configuring-npm/package-json.md +++ b/deps/npm/docs/content/configuring-npm/package-json.md @@ -632,7 +632,7 @@ commit. If the commit-ish has the format `#semver:`, `` can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither `#` or `#semver:` is -specified, then `master` is used. +specified, then the default branch is used. Examples: diff --git a/deps/npm/docs/content/using-npm/workspaces.md b/deps/npm/docs/content/using-npm/workspaces.md index 82491cd74af..5b68ef8ce9d 100644 --- a/deps/npm/docs/content/using-npm/workspaces.md +++ b/deps/npm/docs/content/using-npm/workspaces.md @@ -137,6 +137,8 @@ nested workspaces to be consumed elsewhere. You can use the `workspace` configuration option to run commands in the context of a configured workspace. +Additionally, if your current directory is in a workspace, the `workspace` +configuration is implicitly set, and `prefix` is set to the root workspace. Following is a quick example on how to use the `npm run` command in the context of nested workspaces. For a project containing multiple workspaces, e.g: @@ -158,7 +160,13 @@ given command in the context of that specific workspace. e.g: npm run test --workspace=a ``` -This will run the `test` script defined within the +You could also run the command within the workspace. + +``` +cd packages/a && npm run test +``` + +Either will run the `test` script defined within the `./packages/a/package.json` file. Please note that you can also specify this argument multiple times in the diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html index abc8ce6deb0..51efa6ea98b 100644 --- a/deps/npm/docs/output/commands/npm-ci.html +++ b/deps/npm/docs/output/commands/npm-ci.html @@ -142,7 +142,7 @@

npm-ci

Table of contents

-
+

Synopsis

@@ -205,15 +205,108 @@

Configuration

-

audit

+

save

+
    +
  • Default: true unless when using npm update where it defaults to false
    • +
  • Type: Boolean
    • +
+

Save installed packages to a package.json file as dependencies.

+

When used with the npm rm command, removes the dependency from +package.json.

+

Will also prevent writing to package-lock.json if set to false.

+ + +

save-exact

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator.

+ + +

global

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Operates in "global" mode, so that packages are installed into the prefix +folder instead of the current working directory. See +folders for more on the differences in behavior.

+
    +
  • packages are installed into the {prefix}/lib/node_modules folder, instead +of the current working directory.
    • +
  • bin files are linked to {prefix}/bin
    • +
  • man pages are linked to {prefix}/share/man
    • +
+ + +

global-style

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Causes npm to install the package into your local node_modules folder with +the same layout it uses with the global node_modules folder. Only your +direct dependencies will show in node_modules and everything they depend +on will be flattened in their node_modules folders. This obviously will +eliminate some deduping. If used with legacy-bundling, legacy-bundling +will be preferred.

+ + +

legacy-bundling

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with global-style this option +will be preferred.

+ + +

omit

+
    +
  • Default: 'dev' if the NODE_ENV environment variable is set to +'production', otherwise empty.
    • +
  • Type: "dev", "optional", or "peer" (can be set multiple times)
    • +
+

Dependency types to omit from the installation tree on disk.

+

Note that these dependencies are still resolved and added to the +package-lock.json or npm-shrinkwrap.json file. They are just not +physically installed on disk.

+

If a package type appears in both the --include and --omit lists, then +it will be included.

+

If the resulting omit list includes 'dev', then the NODE_ENV environment +variable will be set to 'production' for all lifecycle scripts.

+ + +

strict-peer-deps

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

If set to true, and --legacy-peer-deps is not set, then any +conflicting peerDependencies will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships.

+

By default, conflicting peerDependencies deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's peerDependencies object.

+

When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If --strict-peer-deps is set, then +this warning is treated as a failure.

+ + +

package-lock

  • Default: true
  • Type: Boolean
-

When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for npm audit for details on what is -submitted.

+

If set to false, then ignore package-lock.json files when installing. This +will also prevent writing package-lock.json if save is true.

+

This configuration does not affect npm ci.

foreground-scripts

@@ -240,12 +333,110 @@

ignore-scripts

will not run any pre- or post-scripts.

-

script-shell

+

audit

    -
  • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
    • -
  • Type: null or String
    • +
  • Default: true
    • +
  • Type: Boolean
    • +
+

When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for npm audit for details on what is +submitted.

+ + + +
    +
  • Default: true
    • +
  • Type: Boolean
    • +
+

Tells npm to create symlinks (or .cmd shims on Windows) for package +executables.

+

Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems.

+ + +

fund

+
    +
  • Default: true
    • +
  • Type: Boolean
    • +
+

When "true" displays the message at the end of each npm install +acknowledging the number of dependencies looking for funding. See npm fund for details.

+ + +

dry-run

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, install, update, +dedupe, uninstall, as well as pack and publish.

+

Note: This is NOT honored by other network related commands, eg dist-tags, +owner, etc.

+ + +

workspace

+
    +
  • Default:
    • +
  • Type: String (can be set multiple times)
    • +
+

Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option.

+

Valid values for the workspace config are either:

+
    +
  • Workspace names
    • +
  • Path to a workspace directory
    • +
  • Path to a parent workspace directory (will result in selecting all +workspaces within that folder)
    • +
+

When set for the npm init command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project.

+

This value is not exported to the environment for child processes.

+ + +

workspaces

+
    +
  • Default: null
    • +
  • Type: null or Boolean
    • +
+

Set to true to run the command in the context of all configured +workspaces.

+

Explicitly setting this to false will cause commands like install to +ignore workspaces altogether. When not set explicitly:

+
    +
  • Commands that operate on the node_modules tree (install, update, etc.) +will link workspaces into the node_modules folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +unless one or more workspaces are specified in the workspace config.
    • +
+

This value is not exported to the environment for child processes.

+ + +

include-workspace-root

+
    +
  • Default: false
    • +
  • Type: Boolean
    • +
+

Include the workspace root when workspaces are enabled for a command.

+

When false, specifying individual workspaces via the workspace config, or +all workspaces via the workspaces flag, will cause npm to operate only on +the specified workspaces, and not on the root project.

+

This value is not exported to the environment for child processes.

+ + + +
    +
  • Default: false
    • +
  • Type: Boolean
-

The shell to use for scripts run with the npm exec, npm run and npm init <package-spec> commands.

+

When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces.

diff --git a/deps/npm/docs/output/commands/npm-init.html b/deps/npm/docs/output/commands/npm-init.html index c7c00b3531b..3897be30c76 100644 --- a/deps/npm/docs/output/commands/npm-init.html +++ b/deps/npm/docs/output/commands/npm-init.html @@ -170,6 +170,8 @@

Description

  • npm init foo -> npm exec create-foo
  • npm init @usr/foo -> npm exec @usr/create-foo
  • npm init @usr -> npm exec @usr/create
    • +
  • npm init @usr@2.0.0 -> npm exec @usr/create@2.0.0
    • +
  • npm init @usr/foo@2.0.0 -> npm exec @usr/create-foo@2.0.0

    • If the initializer is omitted (by just calling npm init), init will fall back to legacy init behavior. It will ask you a bunch of questions, and diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html index 8d3d9541421..f7d6e04649c 100644 --- a/deps/npm/docs/output/commands/npm-install-ci-test.html +++ b/deps/npm/docs/output/commands/npm-install-ci-test.html @@ -142,7 +142,7 @@

    npm-install-ci-test

    Table of contents

    -
    +

    Synopsis

    @@ -162,15 +162,108 @@

    Configuration

    -

    audit

    +

    save

    +
      +
    • Default: true unless when using npm update where it defaults to false
      • +
    • Type: Boolean
      • +
    +

    Save installed packages to a package.json file as dependencies.

    +

    When used with the npm rm command, removes the dependency from +package.json.

    +

    Will also prevent writing to package-lock.json if set to false.

    + + +

    save-exact

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Dependencies saved to package.json will be configured with an exact version +rather than using npm's default semver range operator.

    + + +

    global

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Operates in "global" mode, so that packages are installed into the prefix +folder instead of the current working directory. See +folders for more on the differences in behavior.

    +
      +
    • packages are installed into the {prefix}/lib/node_modules folder, instead +of the current working directory.
      • +
    • bin files are linked to {prefix}/bin
      • +
    • man pages are linked to {prefix}/share/man
      • +
    + + +

    global-style

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Causes npm to install the package into your local node_modules folder with +the same layout it uses with the global node_modules folder. Only your +direct dependencies will show in node_modules and everything they depend +on will be flattened in their node_modules folders. This obviously will +eliminate some deduping. If used with legacy-bundling, legacy-bundling +will be preferred.

    + + +

    legacy-bundling

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Causes npm to install the package such that versions of npm prior to 1.4, +such as the one included with node 0.8, can install the package. This +eliminates all automatic deduping. If used with global-style this option +will be preferred.

    + + +

    omit

    +
      +
    • Default: 'dev' if the NODE_ENV environment variable is set to +'production', otherwise empty.
      • +
    • Type: "dev", "optional", or "peer" (can be set multiple times)
      • +
    +

    Dependency types to omit from the installation tree on disk.

    +

    Note that these dependencies are still resolved and added to the +package-lock.json or npm-shrinkwrap.json file. They are just not +physically installed on disk.

    +

    If a package type appears in both the --include and --omit lists, then +it will be included.

    +

    If the resulting omit list includes 'dev', then the NODE_ENV environment +variable will be set to 'production' for all lifecycle scripts.

    + + +

    strict-peer-deps

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    If set to true, and --legacy-peer-deps is not set, then any +conflicting peerDependencies will be treated as an install failure, even +if npm could reasonably guess the appropriate resolution based on non-peer +dependency relationships.

    +

    By default, conflicting peerDependencies deep in the dependency graph will +be resolved using the nearest non-peer dependency specification, even if +doing so will result in some packages receiving a peer dependency outside +the range set in their package's peerDependencies object.

    +

    When such and override is performed, a warning is printed, explaining the +conflict and the packages involved. If --strict-peer-deps is set, then +this warning is treated as a failure.

    + + +

    package-lock

    • Default: true
    • Type: Boolean
    -

    When "true" submit audit reports alongside the current npm command to the -default registry and all registries configured for scopes. See the -documentation for npm audit for details on what is -submitted.

    +

    If set to false, then ignore package-lock.json files when installing. This +will also prevent writing package-lock.json if save is true.

    +

    This configuration does not affect npm ci.

    foreground-scripts

    @@ -197,12 +290,110 @@

    ignore-scripts

    will not run any pre- or post-scripts.

    -

    script-shell

    +

    audit

      -
    • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
      • -
    • Type: null or String
      • +
    • Default: true
      • +
    • Type: Boolean
      • +
    +

    When "true" submit audit reports alongside the current npm command to the +default registry and all registries configured for scopes. See the +documentation for npm audit for details on what is +submitted.

    + + + +
      +
    • Default: true
      • +
    • Type: Boolean
      • +
    +

    Tells npm to create symlinks (or .cmd shims on Windows) for package +executables.

    +

    Set to false to have it not do this. This can be used to work around the +fact that some file systems don't support symlinks, even on ostensibly Unix +systems.

    + + +

    fund

    +
      +
    • Default: true
      • +
    • Type: Boolean
      • +
    +

    When "true" displays the message at the end of each npm install +acknowledging the number of dependencies looking for funding. See npm fund for details.

    + + +

    dry-run

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Indicates that you don't want npm to make any changes and that it should +only report what it would have done. This can be passed into any of the +commands that modify your local installation, eg, install, update, +dedupe, uninstall, as well as pack and publish.

    +

    Note: This is NOT honored by other network related commands, eg dist-tags, +owner, etc.

    + + +

    workspace

    +
      +
    • Default:
      • +
    • Type: String (can be set multiple times)
      • +
    +

    Enable running a command in the context of the configured workspaces of the +current project while filtering by running only the workspaces defined by +this configuration option.

    +

    Valid values for the workspace config are either:

    +
      +
    • Workspace names
      • +
    • Path to a workspace directory
      • +
    • Path to a parent workspace directory (will result in selecting all +workspaces within that folder)
      • +
    +

    When set for the npm init command, this may be set to the folder of a +workspace which does not yet exist, to create the folder and set it up as a +brand new workspace within the project.

    +

    This value is not exported to the environment for child processes.

    + + +

    workspaces

    +
      +
    • Default: null
      • +
    • Type: null or Boolean
      • +
    +

    Set to true to run the command in the context of all configured +workspaces.

    +

    Explicitly setting this to false will cause commands like install to +ignore workspaces altogether. When not set explicitly:

    +
      +
    • Commands that operate on the node_modules tree (install, update, etc.) +will link workspaces into the node_modules folder. - Commands that do +other things (test, exec, publish, etc.) will operate on the root project, +unless one or more workspaces are specified in the workspace config.
      • +
    +

    This value is not exported to the environment for child processes.

    + + +

    include-workspace-root

    +
      +
    • Default: false
      • +
    • Type: Boolean
      • +
    +

    Include the workspace root when workspaces are enabled for a command.

    +

    When false, specifying individual workspaces via the workspace config, or +all workspaces via the workspaces flag, will cause npm to operate only on +the specified workspaces, and not on the root project.

    +

    This value is not exported to the environment for child processes.

    + + + +
      +
    • Default: false
      • +
    • Type: Boolean
    -

    The shell to use for scripts run with the npm exec, npm run and npm init <package-spec> commands.

    +

    When set file: protocol dependencies that exist outside of the project root +will be packed and installed as regular dependencies instead of creating a +symlink. This option has no effect on workspaces.

    diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html index 48f62f9e482..7702ab5c167 100644 --- a/deps/npm/docs/output/commands/npm-install.html +++ b/deps/npm/docs/output/commands/npm-install.html @@ -408,7 +408,7 @@

    Description

    can be any valid semver range or exact version, and npm will look for any tags or refs matching that range in the remote repository, much as it would for a registry dependency. If neither #<commit-ish> or -#semver:<semver> is specified, then master is used.

    +#semver:<semver> is specified, then the default branch is used.

    As with regular git dependencies, dependencies and devDependencies will be installed if the package has a prepare script before the package is done installing.

    diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 47b3bbc085e..ce8eda1b711 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -166,13 +166,13 @@

    Description

    the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

    -
    npm@8.15.0 /path/to/npm
+
    npm@8.15.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
    
 
    It will print out extraneous, missing, and invalid packages.
    
 
    If a project specifies git urls for dependencies these are shown
-in parentheses after the name@version to make it easier for users to
+in parentheses after the name@version to make it easier for users to
 recognize potential forks of a project.
    
 
    The tree shown is the logical dependency tree, based on package
 dependencies, not the physical layout of your node_modules folder.
    
@@ -185,7 +185,7 @@ 
    Note: Design Changes Pending
    
 
    With the advent of automatic install-time deduplication of dependencies in
 npm v3, the ls output was modified to display the logical dependency
 graph as a tree structure, since this was more useful to most users.
-However, without using npm ls -l, it became impossible show where a
+However, without using npm ls -l, it became impossible to show where a
 package was actually installed much of the time!
    
 
    With the advent of automatic installation of peerDependencies in npm v7,
 this gets even more curious, as peerDependencies are logically
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 514017fd875..b254b72c370 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -149,7 +149,7 @@ 
    Table of contents
    
 
 
 
    Version
    
-
    8.15.0
    
+
    8.15.1
    
 
    Description
    
 
    npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html
index 354069b1a2c..2b1240ebee9 100644
--- a/deps/npm/docs/output/configuring-npm/package-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-json.html
@@ -622,7 +622,7 @@ 
    Git URLs as Dependencies
    
 be any valid semver range or exact version, and npm will look for any tags
 or refs matching that range in the remote repository, much as it would for
 a registry dependency. If neither #<commit-ish> or #semver:<semver> is
-specified, then master is used.
    
+specified, then the default branch is used.
    
 
    Examples:
    
 
    git+ssh://git@github.com:npm/cli.git#v1.0.27
 git+ssh://git@github.com:npm/cli#semver:^5.0
diff --git a/deps/npm/docs/output/using-npm/workspaces.html b/deps/npm/docs/output/using-npm/workspaces.html
index 06928563acc..2a3dd880c2c 100644
--- a/deps/npm/docs/output/using-npm/workspaces.html
+++ b/deps/npm/docs/output/using-npm/workspaces.html
@@ -240,7 +240,9 @@ 
    Using workspaces
    
 nested workspaces to be consumed elsewhere.
    
 
    Running commands in the context of workspaces
    
 
    You can use the workspace configuration option to run commands in the context
-of a configured workspace.
    
+of a configured workspace.
+Additionally, if your current directory is in a workspace, the workspace
+configuration is implicitly set, and prefix is set to the root workspace.
    
 
    Following is a quick example on how to use the npm run command in the context
 of nested workspaces. For a project containing multiple workspaces, e.g:
    
 
    .
@@ -255,7 +257,10 @@ 
    Running commands in the c
 given command in the context of that specific workspace. e.g:
    
 
    npm run test --workspace=a
 
    
-
    This will run the test script defined within the
+
    You could also run the command within the workspace.
    
+
    cd packages/a && npm run test
+
    
+
    Either will run the test script defined within the
 ./packages/a/package.json file.
    
 
    Please note that you can also specify this argument multiple times in the
 command-line in order to target multiple workspaces, e.g:
    
diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js
index 2a6125d564e..0adf203a985 100644
--- a/deps/npm/lib/commands/ci.js
+++ b/deps/npm/lib/commands/ci.js
@@ -9,16 +9,13 @@ const log = require('../utils/log-shim.js')
 const validateLockfile = require('../utils/validate-lockfile.js')
 
 const ArboristWorkspaceCmd = require('../arborist-cmd.js')
+const Install = require('./install.js')
 
 class CI extends ArboristWorkspaceCmd {
   static description = 'Clean install a project'
   static name = 'ci'
-  static params = [
-    'audit',
-    'foreground-scripts',
-    'ignore-scripts',
-    'script-shell',
-  ]
+
+  static params = Install.params
 
   async exec () {
     if (this.npm.global) {
diff --git a/deps/npm/lib/commands/diff.js b/deps/npm/lib/commands/diff.js
index b8a64bd98a0..bbd6fae6680 100644
--- a/deps/npm/lib/commands/diff.js
+++ b/deps/npm/lib/commands/diff.js
@@ -106,7 +106,7 @@ class Diff extends BaseCommand {
       const pkgName = await this.packageName(this.prefix)
       return [
         `${pkgName}@${this.npm.config.get('tag')}`,
-        `file:${this.prefix}`,
+        `file:${this.prefix.replace(/#/g, '%23')}`,
       ]
     }
 
@@ -134,7 +134,7 @@ class Diff extends BaseCommand {
       }
       return [
         `${pkgName}@${a}`,
-        `file:${this.prefix}`,
+        `file:${this.prefix.replace(/#/g, '%23')}`,
       ]
     }
 
@@ -165,7 +165,7 @@ class Diff extends BaseCommand {
         }
         return [
           `${spec.name}@${spec.fetchSpec}`,
-          `file:${this.prefix}`,
+          `file:${this.prefix.replace(/#/g, '%23')}`,
         ]
       }
 
@@ -178,7 +178,7 @@ class Diff extends BaseCommand {
         }
       }
 
-      const aSpec = `file:${node.realpath}`
+      const aSpec = `file:${node.realpath.replace(/#/g, '%23')}`
 
       // finds what version of the package to compare against, if a exact
       // version or tag was passed than it should use that, otherwise
@@ -211,8 +211,8 @@ class Diff extends BaseCommand {
       ]
     } else if (spec.type === 'directory') {
       return [
-        `file:${spec.fetchSpec}`,
-        `file:${this.prefix}`,
+        `file:${spec.fetchSpec.replace(/#/g, '%23')}`,
+        `file:${this.prefix.replace(/#/g, '%23')}`,
       ]
     } else {
       throw this.usageError(`Spec type ${spec.type} not supported.`)
@@ -279,7 +279,7 @@ class Diff extends BaseCommand {
 
       const res = !node || !node.package || !node.package.version
         ? spec.fetchSpec
-        : `file:${node.realpath}`
+        : `file:${node.realpath.replace(/#/g, '%23')}`
 
       return `${spec.name}@${res}`
     })
diff --git a/deps/npm/lib/commands/init.js b/deps/npm/lib/commands/init.js
index b8b6bd5d53e..cff8340dcd7 100644
--- a/deps/npm/lib/commands/init.js
+++ b/deps/npm/lib/commands/init.js
@@ -85,8 +85,13 @@ class Init extends BaseCommand {
     const [initerName, ...otherArgs] = args
     let packageName = initerName
 
+    // Only a scope, possibly with a version
     if (/^@[^/]+$/.test(initerName)) {
-      packageName = initerName + '/create'
+      const [, scope, version] = initerName.split('@')
+      packageName = `@${scope}/create`
+      if (version) {
+        packageName = `${packageName}@${version}`
+      }
     } else {
       const req = npa(initerName)
       if (req.type === 'git' && req.hosted) {
diff --git a/deps/npm/lib/commands/link.js b/deps/npm/lib/commands/link.js
index b0b889ea787..7bce73ed2bb 100644
--- a/deps/npm/lib/commands/link.js
+++ b/deps/npm/lib/commands/link.js
@@ -122,7 +122,7 @@ class Link extends ArboristWorkspaceCmd {
       ...this.npm.flatOptions,
       prune: false,
       path: this.npm.prefix,
-      add: names.map(l => `file:${resolve(globalTop, 'node_modules', l)}`),
+      add: names.map(l => `file:${resolve(globalTop, 'node_modules', l).replace(/#/g, '%23')}`),
       save,
       workspaces: this.workspaceNames,
     })
@@ -133,7 +133,7 @@ class Link extends ArboristWorkspaceCmd {
   async linkPkg () {
     const wsp = this.workspacePaths
     const paths = wsp && wsp.length ? wsp : [this.npm.prefix]
-    const add = paths.map(path => `file:${path}`)
+    const add = paths.map(path => `file:${path.replace(/#/g, '%23')}`)
     const globalTop = resolve(this.npm.globalDir, '..')
     const arb = new Arborist({
       ...this.npm.flatOptions,
diff --git a/deps/npm/lib/npm.js b/deps/npm/lib/npm.js
index 2197f11a52c..66111cab89a 100644
--- a/deps/npm/lib/npm.js
+++ b/deps/npm/lib/npm.js
@@ -241,16 +241,18 @@ class Npm extends EventEmitter {
     await this.time('npm:load:configload', () => this.config.load())
 
     // mkdir this separately since the logs dir can be set to
-    // a different location. an error here should be surfaced
-    // right away since it will error in cacache later
+    // a different location. if this fails, then we don't have
+    // a cache dir, but we don't want to fail immediately since
+    // the command might not need a cache dir (like `npm --version`)
     await this.time('npm:load:mkdirpcache', () =>
-      fs.mkdir(this.cache, { recursive: true, owner: 'inherit' }))
+      fs.mkdir(this.cache, { recursive: true, owner: 'inherit' })
+        .catch((e) => log.verbose('cache', `could not create cache: ${e}`)))
 
     // its ok if this fails. user might have specified an invalid dir
     // which we will tell them about at the end
     await this.time('npm:load:mkdirplogs', () =>
       fs.mkdir(this.logsDir, { recursive: true, owner: 'inherit' })
-        .catch((e) => log.warn('logfile', `could not create logs-dir: ${e}`)))
+        .catch((e) => log.verbose('logfile', `could not create logs-dir: ${e}`)))
 
     // note: this MUST be shorter than the actual argv length, because it
     // uses the same memory, so node will truncate it if it's too long.
diff --git a/deps/npm/lib/utils/log-file.js b/deps/npm/lib/utils/log-file.js
index 9cf6513bedf..d62329c8551 100644
--- a/deps/npm/lib/utils/log-file.js
+++ b/deps/npm/lib/utils/log-file.js
@@ -204,7 +204,9 @@ class LogFiles {
       this.#files.push(logStream.path)
       return logStream
     } catch (e) {
-      log.warn('logfile', `could not be created: ${e}`)
+      // If the user has a readonly logdir then we don't want to
+      // warn this on every command so it should be verbose
+      log.verbose('logfile', `could not be created: ${e}`)
     }
   }
 
@@ -226,7 +228,7 @@ class LogFiles {
       )
 
       // Always ignore the currently written files
-      const files = await glob(globify(logGlob), { ignore: this.#files.map(globify) })
+      const files = await glob(globify(logGlob), { ignore: this.#files.map(globify), silent: true })
       const toDelete = files.length - this.#logsMax
 
       if (toDelete <= 0) {
diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1
index 316da3a6118..6a83ab881ca 100644
--- a/deps/npm/man/man1/npm-ci.1
+++ b/deps/npm/man/man1/npm-ci.1
@@ -80,7 +80,126 @@ cache:
 .fi
 .RE
 .SS Configuration
-.SS \fBaudit\fP
+.SS \fBsave\fP
+.RS 0
+.IP \(bu 2
+Default: \fBtrue\fP unless when using \fBnpm update\fP where it defaults to \fBfalse\fP
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Save installed packages to a \fBpackage\.json\fP file as dependencies\.
+.P
+When used with the \fBnpm rm\fP command, removes the dependency from
+\fBpackage\.json\fP\|\.
+.P
+Will also prevent writing to \fBpackage\-lock\.json\fP if set to \fBfalse\fP\|\.
+.SS \fBsave\-exact\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Dependencies saved to package\.json will be configured with an exact version
+rather than using npm's default semver range operator\.
+.SS \fBglobal\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Operates in "global" mode, so that packages are installed into the \fBprefix\fP
+folder instead of the current working directory\. See
+npm help folders for more on the differences in behavior\.
+.RS 0
+.IP \(bu 2
+packages are installed into the \fB{prefix}/lib/node_modules\fP folder, instead
+of the current working directory\.
+.IP \(bu 2
+bin files are linked to \fB{prefix}/bin\fP
+.IP \(bu 2
+man pages are linked to \fB{prefix}/share/man\fP
+
+.RE
+.SS \fBglobal\-style\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Causes npm to install the package into your local \fBnode_modules\fP folder with
+the same layout it uses with the global \fBnode_modules\fP folder\. Only your
+direct dependencies will show in \fBnode_modules\fP and everything they depend
+on will be flattened in their \fBnode_modules\fP folders\. This obviously will
+eliminate some deduping\. If used with \fBlegacy\-bundling\fP, \fBlegacy\-bundling\fP
+will be preferred\.
+.SS \fBlegacy\-bundling\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Causes npm to install the package such that versions of npm prior to 1\.4,
+such as the one included with node 0\.8, can install the package\. This
+eliminates all automatic deduping\. If used with \fBglobal\-style\fP this option
+will be preferred\.
+.SS \fBomit\fP
+.RS 0
+.IP \(bu 2
+Default: 'dev' if the \fBNODE_ENV\fP environment variable is set to
+\|'production', otherwise empty\.
+.IP \(bu 2
+Type: "dev", "optional", or "peer" (can be set multiple times)
+
+.RE
+.P
+Dependency types to omit from the installation tree on disk\.
+.P
+Note that these dependencies \fIare\fR still resolved and added to the
+\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP file\. They are just not
+physically installed on disk\.
+.P
+If a package type appears in both the \fB\-\-include\fP and \fB\-\-omit\fP lists, then
+it will be included\.
+.P
+If the resulting omit list includes \fB\|'dev'\fP, then the \fBNODE_ENV\fP environment
+variable will be set to \fB\|'production'\fP for all lifecycle scripts\.
+.SS \fBstrict\-peer\-deps\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+If set to \fBtrue\fP, and \fB\-\-legacy\-peer\-deps\fP is not set, then \fIany\fR
+conflicting \fBpeerDependencies\fP will be treated as an install failure, even
+if npm could reasonably guess the appropriate resolution based on non\-peer
+dependency relationships\.
+.P
+By default, conflicting \fBpeerDependencies\fP deep in the dependency graph will
+be resolved using the nearest non\-peer dependency specification, even if
+doing so will result in some packages receiving a peer dependency outside
+the range set in their package's \fBpeerDependencies\fP object\.
+.P
+When such and override is performed, a warning is printed, explaining the
+conflict and the packages involved\. If \fB\-\-strict\-peer\-deps\fP is set, then
+this warning is treated as a failure\.
+.SS \fBpackage\-lock\fP
 .RS 0
 .IP \(bu 2
 Default: true
@@ -89,10 +208,10 @@ Type: Boolean
 
 .RE
 .P
-When "true" submit audit reports alongside the current npm command to the
-default registry and all registries configured for scopes\. See the
-documentation for npm help \fBaudit\fP for details on what is
-submitted\.
+If set to false, then ignore \fBpackage\-lock\.json\fP files when installing\. This
+will also prevent \fIwriting\fR \fBpackage\-lock\.json\fP if \fBsave\fP is true\.
+.P
+This configuration does not affect \fBnpm ci\fP\|\.
 .SS \fBforeground\-scripts\fP
 .RS 0
 .IP \(bu 2
@@ -123,17 +242,144 @@ Note that commands explicitly intended to run a particular script, such as
 \fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP
 will still run their intended script if \fBignore\-scripts\fP is set, but they
 will \fInot\fR run any pre\- or post\-scripts\.
-.SS \fBscript\-shell\fP
+.SS \fBaudit\fP
+.RS 0
+.IP \(bu 2
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+When "true" submit audit reports alongside the current npm command to the
+default registry and all registries configured for scopes\. See the
+documentation for npm help \fBaudit\fP for details on what is
+submitted\.
+.SS \fBbin\-links\fP
+.RS 0
+.IP \(bu 2
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Tells npm to create symlinks (or \fB\|\.cmd\fP shims on Windows) for package
+executables\.
+.P
+Set to false to have it not do this\. This can be used to work around the
+fact that some file systems don't support symlinks, even on ostensibly Unix
+systems\.
+.SS \fBfund\fP
 .RS 0
 .IP \(bu 2
-Default: '/bin/sh' on POSIX systems, 'cmd\.exe' on Windows
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+When "true" displays the message at the end of each \fBnpm install\fP
+acknowledging the number of dependencies looking for funding\. See npm help \fBnpm
+fund\fP for details\.
+.SS \fBdry\-run\fP
+.RS 0
 .IP \(bu 2
-Type: null or String
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Indicates that you don't want npm to make any changes and that it should
+only report what it would have done\. This can be passed into any of the
+commands that modify your local installation, eg, \fBinstall\fP, \fBupdate\fP,
+\fBdedupe\fP, \fBuninstall\fP, as well as \fBpack\fP and \fBpublish\fP\|\.
+.P
+Note: This is NOT honored by other network related commands, eg \fBdist\-tags\fP,
+\fBowner\fP, etc\.
+.SS \fBworkspace\fP
+.RS 0
+.IP \(bu 2
+Default:
+.IP \(bu 2
+Type: String (can be set multiple times)
+
+.RE
+.P
+Enable running a command in the context of the configured workspaces of the
+current project while filtering by running only the workspaces defined by
+this configuration option\.
+.P
+Valid values for the \fBworkspace\fP config are either:
+.RS 0
+.IP \(bu 2
+Workspace names
+.IP \(bu 2
+Path to a workspace directory
+.IP \(bu 2
+Path to a parent workspace directory (will result in selecting all
+workspaces within that folder)
+
+.RE
+.P
+When set for the \fBnpm init\fP command, this may be set to the folder of a
+workspace which does not yet exist, to create the folder and set it up as a
+brand new workspace within the project\.
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBworkspaces\fP
+.RS 0
+.IP \(bu 2
+Default: null
+.IP \(bu 2
+Type: null or Boolean
+
+.RE
+.P
+Set to true to run the command in the context of \fBall\fR configured
+workspaces\.
+.P
+Explicitly setting this to false will cause commands like \fBinstall\fP to
+ignore workspaces altogether\. When not set explicitly:
+.RS 0
+.IP \(bu 2
+Commands that operate on the \fBnode_modules\fP tree (install, update, etc\.)
+will link workspaces into the \fBnode_modules\fP folder\. \- Commands that do
+other things (test, exec, publish, etc\.) will operate on the root project,
+\fIunless\fR one or more workspaces are specified in the \fBworkspace\fP config\.
+
+.RE
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBinclude\-workspace\-root\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Include the workspace root when workspaces are enabled for a command\.
+.P
+When false, specifying individual workspaces via the \fBworkspace\fP config, or
+all workspaces via the \fBworkspaces\fP flag, will cause npm to operate only on
+the specified workspaces, and not on the root project\.
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBinstall\-links\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
 
 .RE
 .P
-The shell to use for scripts run with the \fBnpm exec\fP, \fBnpm run\fP and \fBnpm
-init \fP commands\.
+When set file: protocol dependencies that exist outside of the project root
+will be packed and installed as regular dependencies instead of creating a
+symlink\. This option has no effect on workspaces\.
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1
index 50334564f99..b21a794af47 100644
--- a/deps/npm/man/man1/npm-init.1
+++ b/deps/npm/man/man1/npm-init.1
@@ -30,6 +30,10 @@ follows:
 \fBnpm init @usr/foo\fP \-> \fBnpm exec @usr/create\-foo\fP
 .IP \(bu 2
 \fBnpm init @usr\fP \-> \fBnpm exec @usr/create\fP
+.IP \(bu 2
+\fBnpm init @usr@2\.0\.0\fP \-> \fBnpm exec @usr/create@2\.0\.0\fP
+.IP \(bu 2
+\fBnpm init @usr/foo@2\.0\.0\fP \-> \fBnpm exec @usr/create\-foo@2\.0\.0\fP
 
 .RE
 .P
diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1
index 59fb33b10bd..10f78569852 100644
--- a/deps/npm/man/man1/npm-install-ci-test.1
+++ b/deps/npm/man/man1/npm-install-ci-test.1
@@ -14,7 +14,126 @@ alias: cit
 .P
 This command runs \fBnpm ci\fP followed immediately by \fBnpm test\fP\|\.
 .SS Configuration
-.SS \fBaudit\fP
+.SS \fBsave\fP
+.RS 0
+.IP \(bu 2
+Default: \fBtrue\fP unless when using \fBnpm update\fP where it defaults to \fBfalse\fP
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Save installed packages to a \fBpackage\.json\fP file as dependencies\.
+.P
+When used with the \fBnpm rm\fP command, removes the dependency from
+\fBpackage\.json\fP\|\.
+.P
+Will also prevent writing to \fBpackage\-lock\.json\fP if set to \fBfalse\fP\|\.
+.SS \fBsave\-exact\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Dependencies saved to package\.json will be configured with an exact version
+rather than using npm's default semver range operator\.
+.SS \fBglobal\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Operates in "global" mode, so that packages are installed into the \fBprefix\fP
+folder instead of the current working directory\. See
+npm help folders for more on the differences in behavior\.
+.RS 0
+.IP \(bu 2
+packages are installed into the \fB{prefix}/lib/node_modules\fP folder, instead
+of the current working directory\.
+.IP \(bu 2
+bin files are linked to \fB{prefix}/bin\fP
+.IP \(bu 2
+man pages are linked to \fB{prefix}/share/man\fP
+
+.RE
+.SS \fBglobal\-style\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Causes npm to install the package into your local \fBnode_modules\fP folder with
+the same layout it uses with the global \fBnode_modules\fP folder\. Only your
+direct dependencies will show in \fBnode_modules\fP and everything they depend
+on will be flattened in their \fBnode_modules\fP folders\. This obviously will
+eliminate some deduping\. If used with \fBlegacy\-bundling\fP, \fBlegacy\-bundling\fP
+will be preferred\.
+.SS \fBlegacy\-bundling\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Causes npm to install the package such that versions of npm prior to 1\.4,
+such as the one included with node 0\.8, can install the package\. This
+eliminates all automatic deduping\. If used with \fBglobal\-style\fP this option
+will be preferred\.
+.SS \fBomit\fP
+.RS 0
+.IP \(bu 2
+Default: 'dev' if the \fBNODE_ENV\fP environment variable is set to
+\|'production', otherwise empty\.
+.IP \(bu 2
+Type: "dev", "optional", or "peer" (can be set multiple times)
+
+.RE
+.P
+Dependency types to omit from the installation tree on disk\.
+.P
+Note that these dependencies \fIare\fR still resolved and added to the
+\fBpackage\-lock\.json\fP or \fBnpm\-shrinkwrap\.json\fP file\. They are just not
+physically installed on disk\.
+.P
+If a package type appears in both the \fB\-\-include\fP and \fB\-\-omit\fP lists, then
+it will be included\.
+.P
+If the resulting omit list includes \fB\|'dev'\fP, then the \fBNODE_ENV\fP environment
+variable will be set to \fB\|'production'\fP for all lifecycle scripts\.
+.SS \fBstrict\-peer\-deps\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+If set to \fBtrue\fP, and \fB\-\-legacy\-peer\-deps\fP is not set, then \fIany\fR
+conflicting \fBpeerDependencies\fP will be treated as an install failure, even
+if npm could reasonably guess the appropriate resolution based on non\-peer
+dependency relationships\.
+.P
+By default, conflicting \fBpeerDependencies\fP deep in the dependency graph will
+be resolved using the nearest non\-peer dependency specification, even if
+doing so will result in some packages receiving a peer dependency outside
+the range set in their package's \fBpeerDependencies\fP object\.
+.P
+When such and override is performed, a warning is printed, explaining the
+conflict and the packages involved\. If \fB\-\-strict\-peer\-deps\fP is set, then
+this warning is treated as a failure\.
+.SS \fBpackage\-lock\fP
 .RS 0
 .IP \(bu 2
 Default: true
@@ -23,10 +142,10 @@ Type: Boolean
 
 .RE
 .P
-When "true" submit audit reports alongside the current npm command to the
-default registry and all registries configured for scopes\. See the
-documentation for npm help \fBaudit\fP for details on what is
-submitted\.
+If set to false, then ignore \fBpackage\-lock\.json\fP files when installing\. This
+will also prevent \fIwriting\fR \fBpackage\-lock\.json\fP if \fBsave\fP is true\.
+.P
+This configuration does not affect \fBnpm ci\fP\|\.
 .SS \fBforeground\-scripts\fP
 .RS 0
 .IP \(bu 2
@@ -57,17 +176,144 @@ Note that commands explicitly intended to run a particular script, such as
 \fBnpm start\fP, \fBnpm stop\fP, \fBnpm restart\fP, \fBnpm test\fP, and \fBnpm run\-script\fP
 will still run their intended script if \fBignore\-scripts\fP is set, but they
 will \fInot\fR run any pre\- or post\-scripts\.
-.SS \fBscript\-shell\fP
+.SS \fBaudit\fP
+.RS 0
+.IP \(bu 2
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+When "true" submit audit reports alongside the current npm command to the
+default registry and all registries configured for scopes\. See the
+documentation for npm help \fBaudit\fP for details on what is
+submitted\.
+.SS \fBbin\-links\fP
+.RS 0
+.IP \(bu 2
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Tells npm to create symlinks (or \fB\|\.cmd\fP shims on Windows) for package
+executables\.
+.P
+Set to false to have it not do this\. This can be used to work around the
+fact that some file systems don't support symlinks, even on ostensibly Unix
+systems\.
+.SS \fBfund\fP
 .RS 0
 .IP \(bu 2
-Default: '/bin/sh' on POSIX systems, 'cmd\.exe' on Windows
+Default: true
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+When "true" displays the message at the end of each \fBnpm install\fP
+acknowledging the number of dependencies looking for funding\. See npm help \fBnpm
+fund\fP for details\.
+.SS \fBdry\-run\fP
+.RS 0
 .IP \(bu 2
-Type: null or String
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Indicates that you don't want npm to make any changes and that it should
+only report what it would have done\. This can be passed into any of the
+commands that modify your local installation, eg, \fBinstall\fP, \fBupdate\fP,
+\fBdedupe\fP, \fBuninstall\fP, as well as \fBpack\fP and \fBpublish\fP\|\.
+.P
+Note: This is NOT honored by other network related commands, eg \fBdist\-tags\fP,
+\fBowner\fP, etc\.
+.SS \fBworkspace\fP
+.RS 0
+.IP \(bu 2
+Default:
+.IP \(bu 2
+Type: String (can be set multiple times)
+
+.RE
+.P
+Enable running a command in the context of the configured workspaces of the
+current project while filtering by running only the workspaces defined by
+this configuration option\.
+.P
+Valid values for the \fBworkspace\fP config are either:
+.RS 0
+.IP \(bu 2
+Workspace names
+.IP \(bu 2
+Path to a workspace directory
+.IP \(bu 2
+Path to a parent workspace directory (will result in selecting all
+workspaces within that folder)
+
+.RE
+.P
+When set for the \fBnpm init\fP command, this may be set to the folder of a
+workspace which does not yet exist, to create the folder and set it up as a
+brand new workspace within the project\.
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBworkspaces\fP
+.RS 0
+.IP \(bu 2
+Default: null
+.IP \(bu 2
+Type: null or Boolean
+
+.RE
+.P
+Set to true to run the command in the context of \fBall\fR configured
+workspaces\.
+.P
+Explicitly setting this to false will cause commands like \fBinstall\fP to
+ignore workspaces altogether\. When not set explicitly:
+.RS 0
+.IP \(bu 2
+Commands that operate on the \fBnode_modules\fP tree (install, update, etc\.)
+will link workspaces into the \fBnode_modules\fP folder\. \- Commands that do
+other things (test, exec, publish, etc\.) will operate on the root project,
+\fIunless\fR one or more workspaces are specified in the \fBworkspace\fP config\.
+
+.RE
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBinclude\-workspace\-root\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Include the workspace root when workspaces are enabled for a command\.
+.P
+When false, specifying individual workspaces via the \fBworkspace\fP config, or
+all workspaces via the \fBworkspaces\fP flag, will cause npm to operate only on
+the specified workspaces, and not on the root project\.
+.P
+This value is not exported to the environment for child processes\.
+.SS \fBinstall\-links\fP
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
 
 .RE
 .P
-The shell to use for scripts run with the \fBnpm exec\fP, \fBnpm run\fP and \fBnpm
-init \fP commands\.
+When set file: protocol dependencies that exist outside of the project root
+will be packed and installed as regular dependencies instead of creating a
+symlink\. This option has no effect on workspaces\.
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1
index 43adfbe9e4b..f54f1e202cd 100644
--- a/deps/npm/man/man1/npm-install.1
+++ b/deps/npm/man/man1/npm-install.1
@@ -320,7 +320,7 @@ GIT_SSH_COMMAND='ssh \-i ~/\.ssh/custom_ident' npm install git+ssh://git@github\
   can be any valid semver range or exact version, and npm will look for
   any tags or refs matching that range in the remote repository, much as
   it would for a registry dependency\. If neither \fB#\fP or
-  \fB#semver:\fP is specified, then \fBmaster\fP is used\.
+  \fB#semver:\fP is specified, then the default branch is used\.
   As with regular git dependencies, \fBdependencies\fP and \fBdevDependencies\fP
   will be installed if the package has a \fBprepare\fP script before the
   package is done installing\.
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 511f481a6ea..cc465caebe5 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@8\.15\.0 /path/to/npm
+npm@8\.15\.1 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
@@ -35,7 +35,7 @@ npm@8\.15\.0 /path/to/npm
 It will print out extraneous, missing, and invalid packages\.
 .P
 If a project specifies git urls for dependencies these are shown
-in parentheses after the name@version to make it easier for users to
+in parentheses after the \fBname@version\fP to make it easier for users to
 recognize potential forks of a project\.
 .P
 The tree shown is the logical dependency tree, based on package
@@ -52,7 +52,7 @@ disk would be roughly identical\.
 With the advent of automatic install\-time deduplication of dependencies in
 npm v3, the \fBls\fP output was modified to display the logical dependency
 graph as a tree structure, since this was more useful to most users\.
-However, without using \fBnpm ls \-l\fP, it became impossible show \fIwhere\fR a
+However, without using \fBnpm ls \-l\fP, it became impossible to show \fIwhere\fR a
 package was actually installed much of the time!
 .P
 With the advent of automatic installation of \fBpeerDependencies\fP in npm v7,
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 984dbc49192..b3bc8bb4171 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -4,7 +4,7 @@
 .SS Synopsis
 .SS Version
 .P
-8\.15\.0
+8\.15\.1
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index 0fd5174f6aa..ae522f1de82 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -709,7 +709,7 @@ commit\. If the commit\-ish has the format \fB#semver:\fP, \fB\f
 be any valid semver range or exact version, and npm will look for any tags
 or refs matching that range in the remote repository, much as it would for
 a registry dependency\. If neither \fB#\fP or \fB#semver:\fP is
-specified, then \fBmaster\fP is used\.
+specified, then the default branch is used\.
 .P
 Examples:
 .P
diff --git a/deps/npm/man/man7/workspaces.7 b/deps/npm/man/man7/workspaces.7
index 0bc4488b44e..6575130ec7f 100644
--- a/deps/npm/man/man7/workspaces.7
+++ b/deps/npm/man/man7/workspaces.7
@@ -143,6 +143,8 @@ nested workspaces to be consumed elsewhere\.
 .P
 You can use the \fBworkspace\fP configuration option to run commands in the context
 of a configured workspace\.
+Additionally, if your current directory is in a workspace, the \fBworkspace\fP
+configuration is implicitly set, and \fBprefix\fP is set to the root workspace\.
 .P
 Following is a quick example on how to use the \fBnpm run\fP command in the context
 of nested workspaces\. For a project containing multiple workspaces, e\.g:
@@ -168,7 +170,15 @@ npm run test \-\-workspace=a
 .fi
 .RE
 .P
-This will run the \fBtest\fP script defined within the
+You could also run the command within the workspace\.
+.P
+.RS 2
+.nf
+cd packages/a && npm run test
+.fi
+.RE
+.P
+Either will run the \fBtest\fP script defined within the
 \fB\|\./packages/a/package\.json\fP file\.
 .P
 Please note that you can also specify this argument multiple times in the
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
index da2652c449a..0e98ed6fc53 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
@@ -484,7 +484,7 @@ Try using the package name instead, e.g:
             .catch(/* istanbul ignore next */ er => null)
           if (st && st.isSymbolicLink()) {
             const target = await readlink(dir)
-            const real = resolve(dirname(dir), target)
+            const real = resolve(dirname(dir), target).replace(/#/g, '%23')
             tree.package.dependencies[name] = `file:${real}`
           } else {
             tree.package.dependencies[name] = '*'
@@ -603,7 +603,7 @@ Try using the package name instead, e.g:
     if (filepath) {
       const { name } = spec
       const tree = this.idealTree.target
-      spec = npa(`file:${relpath(tree.path, filepath)}`, tree.path)
+      spec = npa(`file:${relpath(tree.path, filepath).replace(/#/g, '%23')}`, tree.path)
       spec.name = name
     }
     return spec
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
index 43351b69034..d4eabe8c0fd 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
@@ -196,7 +196,7 @@ module.exports = cls => class ActualLoader extends cls {
       const actualRoot = tree.isLink ? tree.target : tree
       const { dependencies = {} } = actualRoot.package
       for (const [name, kid] of actualRoot.children.entries()) {
-        const def = kid.isLink ? `file:${kid.realpath}` : '*'
+        const def = kid.isLink ? `file:${kid.realpath.replace(/#/g, '%23')}` : '*'
         dependencies[name] = dependencies[name] || def
       }
       actualRoot.package = { ...actualRoot.package, dependencies }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
index fb3f334747f..947659f177e 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
@@ -162,7 +162,7 @@ module.exports = cls => class VirtualLoader extends cls {
       lockfile: s.data,
     })
     for (const [name, path] of workspaces.entries()) {
-      lockWS.push(['workspace', name, `file:${path}`])
+      lockWS.push(['workspace', name, `file:${path.replace(/#/g, '%23')}`])
     }
 
     const lockEdges = [
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index faf016c7040..4f1061e4abe 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -1241,7 +1241,7 @@ module.exports = cls => class Reifier extends cls {
             // path initially, in which case we can end up with the wrong
             // thing, so just get the ultimate fetchSpec and relativize it.
             const p = req.fetchSpec.replace(/^file:/, '')
-            const rel = relpath(addTree.realpath, p)
+            const rel = relpath(addTree.realpath, p).replace(/#/g, '%23')
             newSpec = `file:${rel}`
           }
         } else {
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
index e34e40a46d0..5308dc7e2f9 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/consistent-resolve.js
@@ -20,8 +20,8 @@ const consistentResolve = (resolved, fromPath, toPath, relPaths = false) => {
       raw,
     } = npa(resolved, fromPath)
     const isPath = type === 'file' || type === 'directory'
-    return isPath && !relPaths ? `file:${fetchSpec}`
-      : isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec) : fetchSpec)
+    return isPath && !relPaths ? `file:${fetchSpec.replace(/#/g, '%23')}`
+      : isPath ? 'file:' + (toPath ? relpath(toPath, fetchSpec.replace(/#/g, '%23')) : fetchSpec.replace(/#/g, '%23'))
       : hosted ? `git+${
         hosted.auth ? hosted.https(hostedOpt) : hosted.sshurl(hostedOpt)
       }`
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/link.js b/deps/npm/node_modules/@npmcli/arborist/lib/link.js
index dcce8c0d3df..6fed063772b 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/link.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/link.js
@@ -118,7 +118,7 @@ class Link extends Node {
     // the path/realpath guard is there for the benefit of setting
     // these things in the "wrong" order
     return this.path && this.realpath
-      ? `file:${relpath(dirname(this.path), this.realpath)}`
+      ? `file:${relpath(dirname(this.path), this.realpath).replace(/#/g, '%23')}`
       : null
   }
 
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
index d731e5f6179..66d46d746ab 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
@@ -824,7 +824,7 @@ class Node {
     }
 
     for (const [name, path] of this[_workspaces].entries()) {
-      new Edge({ from: this, name, spec: `file:${path}`, type: 'workspace' })
+      new Edge({ from: this, name, spec: `file:${path.replace(/#/g, '%23')}`, type: 'workspace' })
     }
   }
 
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
index 3305bac4914..e2180fd4c80 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
@@ -815,7 +815,7 @@ class Shrinkwrap {
       const pathFixed = !resolved ? null
         : !/^file:/.test(resolved) ? resolved
         // resolve onto the metadata path
-        : `file:${resolve(this.path, resolved.slice(5))}`
+        : `file:${resolve(this.path, resolved.slice(5)).replace(/#/g, '%23')}`
 
       // if we have one, only set the other if it matches
       // otherwise it could be for a completely different thing.
@@ -996,7 +996,7 @@ class Shrinkwrap {
       : npa.resolve(node.name, edge.spec, edge.from.realpath)
 
     if (node.isLink) {
-      lock.version = `file:${relpath(this.path, node.realpath)}`
+      lock.version = `file:${relpath(this.path, node.realpath).replace(/#/g, '%23')}`
     } else if (spec && (spec.type === 'file' || spec.type === 'remote')) {
       lock.version = spec.saveSpec
     } else if (spec && spec.type === 'git' || rSpec.type === 'git') {
@@ -1074,7 +1074,7 @@ class Shrinkwrap {
             // this especially shows up with workspace edges when the root
             // node is also a workspace in the set.
             const p = resolve(node.realpath, spec.slice('file:'.length))
-            set[k] = `file:${relpath(node.realpath, p)}`
+            set[k] = `file:${relpath(node.realpath, p).replace(/#/g, '%23')}`
           } else {
             set[k] = spec
           }
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index 328cdf0146c..48814eda691 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "5.3.0",
+  "version": "5.3.1",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 969e8e160c2..7526c4754b0 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "8.15.0",
+  "version": "8.15.1",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
diff --git a/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs
index a9a10b20a2f..e01409e4ce1 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/link.js.test.cjs
@@ -5,6 +5,11 @@
  * Make sure to inspect the output below.  Do not ignore changes!
  */
 'use strict'
+exports[`test/lib/commands/link.js TAP hash character in working directory path > should create a global link to current pkg, even within path with hash 1`] = `
+{CWD}/test/lib/commands/tap-testdir-link-hash-character-in-working-directory-path/global-prefix/lib/node_modules/test-pkg-link -> {CWD}/test/lib/commands/tap-testdir-link-hash-character-in-working-directory-path/i_like_#_in_my_paths/test-pkg-link
+
+`
+
 exports[`test/lib/commands/link.js TAP link global linked pkg to local nm when using args > should create a local symlink to global pkg 1`] = `
 {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/my-project/node_modules/@myscope/bar -> {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/global-prefix/lib/node_modules/@myscope/bar
 {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/my-project/node_modules/@myscope/linked -> {CWD}/test/lib/commands/tap-testdir-link-link-global-linked-pkg-to-local-nm-when-using-args/scoped-linked
diff --git a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
index b697dfbb796..88b1d49556f 100644
--- a/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/load-all-commands.js.test.cjs
@@ -116,8 +116,13 @@ Usage:
 npm ci
 
 Options:
-[--no-audit] [--foreground-scripts] [--ignore-scripts]
-[--script-shell ]
+[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle]
+[-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling]
+[--omit  [--omit  ...]]
+[--strict-peer-deps] [--no-package-lock] [--foreground-scripts]
+[--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run]
+[-w|--workspace  [-w|--workspace  ...]]
+[-ws|--workspaces] [--include-workspace-root] [--install-links]
 
 aliases: clean-install, ic, install-clean, isntall-clean
 
@@ -425,8 +430,13 @@ Usage:
 npm install-ci-test
 
 Options:
-[--no-audit] [--foreground-scripts] [--ignore-scripts]
-[--script-shell ]
+[-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle]
+[-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling]
+[--omit  [--omit  ...]]
+[--strict-peer-deps] [--no-package-lock] [--foreground-scripts]
+[--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run]
+[-w|--workspace  [-w|--workspace  ...]]
+[-ws|--workspaces] [--include-workspace-root] [--install-links]
 
 alias: cit
 
diff --git a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
index b2ba45b2d61..8d5f188b079 100644
--- a/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/npm.js.test.cjs
@@ -254,8 +254,13 @@ All commands:
                     npm ci
 
                     Options:
-                    [--no-audit] [--foreground-scripts] [--ignore-scripts]
-                    [--script-shell ]
+                    [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle]
+                    [-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling]
+                    [--omit  [--omit  ...]]
+                    [--strict-peer-deps] [--no-package-lock] [--foreground-scripts]
+                    [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run]
+                    [-w|--workspace  [-w|--workspace  ...]]
+                    [-ws|--workspaces] [--include-workspace-root] [--install-links]
 
                     aliases: clean-install, ic, install-clean, isntall-clean
 
@@ -511,8 +516,13 @@ All commands:
                     npm install-ci-test
 
                     Options:
-                    [--no-audit] [--foreground-scripts] [--ignore-scripts]
-                    [--script-shell ]
+                    [-S|--save|--no-save|--save-prod|--save-dev|--save-optional|--save-peer|--save-bundle]
+                    [-E|--save-exact] [-g|--global] [--global-style] [--legacy-bundling]
+                    [--omit  [--omit  ...]]
+                    [--strict-peer-deps] [--no-package-lock] [--foreground-scripts]
+                    [--ignore-scripts] [--no-audit] [--no-bin-links] [--no-fund] [--dry-run]
+                    [-w|--workspace  [-w|--workspace  ...]]
+                    [-ws|--workspaces] [--include-workspace-root] [--install-links]
 
                     alias: cit
 
diff --git a/deps/npm/test/fixtures/mock-npm.js b/deps/npm/test/fixtures/mock-npm.js
index a79812fb71a..90bf7da4c10 100644
--- a/deps/npm/test/fixtures/mock-npm.js
+++ b/deps/npm/test/fixtures/mock-npm.js
@@ -108,17 +108,20 @@ const LoadMockNpm = async (t, {
     cache: cacheDir,
     global: globalPrefixDir,
   })
-  const prefix = path.join(dir, 'prefix')
-  const cache = path.join(dir, 'cache')
-  const globalPrefix = path.join(dir, 'global')
-  const home = path.join(dir, 'home')
+  const dirs = {
+    testdir: dir,
+    prefix: path.join(dir, 'prefix'),
+    cache: path.join(dir, 'cache'),
+    globalPrefix: path.join(dir, 'global'),
+    home: path.join(dir, 'home'),
+  }
 
   // Set cache to testdir via env var so it is available when load is run
   // XXX: remove this for a solution where cache argv is passed in
   mockGlobals(t, {
-    'process.env.HOME': home,
-    'process.env.npm_config_cache': cache,
-    ...(globals ? result(globals, { prefix, cache, home }) : {}),
+    'process.env.HOME': dirs.home,
+    'process.env.npm_config_cache': dirs.cache,
+    ...(globals ? result(globals, { ...dirs }) : {}),
     // Some configs don't work because they can't be set via npm.config.set until
     // config is loaded. But some config items are needed before that. So this is
     // an explicit set of configs that must be loaded as env vars.
@@ -126,7 +129,8 @@ const LoadMockNpm = async (t, {
     ...Object.entries(config)
       .filter(([k]) => envConfigKeys.includes(k))
       .reduce((acc, [k, v]) => {
-        acc[`process.env.npm_config_${k.replace(/-/g, '_')}`] = v.toString()
+        acc[`process.env.npm_config_${k.replace(/-/g, '_')}`] =
+          result(v, { ...dirs }).toString()
         return acc
       }, {}),
   })
@@ -138,7 +142,7 @@ const LoadMockNpm = async (t, {
 
   if (load) {
     await npm.load()
-    for (const [k, v] of Object.entries(result(config, { npm, prefix, cache }))) {
+    for (const [k, v] of Object.entries(result(config, { npm, ...dirs }))) {
       if (typeof v === 'object' && v.value && v.where) {
         npm.config.set(k, v.value, v.where)
       } else {
@@ -148,20 +152,16 @@ const LoadMockNpm = async (t, {
     // Set global loglevel *again* since it possibly got reset during load
     // XXX: remove with npmlog
     setLoglevel(t, config.loglevel, false)
-    npm.prefix = prefix
-    npm.cache = cache
-    npm.globalPrefix = globalPrefix
+    npm.prefix = dirs.prefix
+    npm.cache = dirs.cache
+    npm.globalPrefix = dirs.globalPrefix
   }
 
   return {
     ...rest,
+    ...dirs,
     Npm,
     npm,
-    home,
-    prefix,
-    globalPrefix,
-    testdir: dir,
-    cache,
     debugFile: async () => {
       const readFiles = npm.logFiles.map(f => fs.readFile(f))
       const logFiles = await Promise.all(readFiles)
@@ -171,7 +171,7 @@ const LoadMockNpm = async (t, {
         .join('\n')
     },
     timingFile: async () => {
-      const data = await fs.readFile(path.resolve(cache, '_timing.json'), 'utf8')
+      const data = await fs.readFile(path.resolve(dirs.cache, '_timing.json'), 'utf8')
       return JSON.parse(data) // XXX: this fails if multiple timings are written
     },
   }
diff --git a/deps/npm/test/lib/commands/init.js b/deps/npm/test/lib/commands/init.js
index 32816adbc27..e7b27393414 100644
--- a/deps/npm/test/lib/commands/init.js
+++ b/deps/npm/test/lib/commands/init.js
@@ -136,6 +136,44 @@ t.test('npm init @scope/name', async t => {
   await init.exec(['@npmcli/something'])
 })
 
+t.test('npm init @scope@spec', async t => {
+  t.plan(1)
+  npm.localPrefix = t.testdir({})
+
+  const Init = t.mock('../../../lib/commands/init.js', {
+    libnpmexec: ({ args }) => {
+      t.same(
+        args,
+        ['@npmcli/create@foo'],
+        'should npx with scoped packages'
+      )
+    },
+  })
+  const init = new Init(npm)
+
+  process.chdir(npm.localPrefix)
+  await init.exec(['@npmcli@foo'])
+})
+
+t.test('npm init @scope/name@spec', async t => {
+  t.plan(1)
+  npm.localPrefix = t.testdir({})
+
+  const Init = t.mock('../../../lib/commands/init.js', {
+    libnpmexec: ({ args }) => {
+      t.same(
+        args,
+        ['@npmcli/create-something@foo'],
+        'should npx with scoped packages'
+      )
+    },
+  })
+  const init = new Init(npm)
+
+  process.chdir(npm.localPrefix)
+  await init.exec(['@npmcli/something@foo'])
+})
+
 t.test('npm init git spec', async t => {
   t.plan(1)
   npm.localPrefix = t.testdir({})
diff --git a/deps/npm/test/lib/commands/link.js b/deps/npm/test/lib/commands/link.js
index a01de0b2479..5bd7a3f1480 100644
--- a/deps/npm/test/lib/commands/link.js
+++ b/deps/npm/test/lib/commands/link.js
@@ -514,3 +514,39 @@ t.test('--global option', async t => {
     'should throw an useful error'
   )
 })
+
+t.test('hash character in working directory path', async t => {
+  const testdir = t.testdir({
+    'global-prefix': {
+      lib: {
+        node_modules: {
+          a: {
+            'package.json': JSON.stringify({
+              name: 'a',
+              version: '1.0.0',
+            }),
+          },
+        },
+      },
+    },
+    'i_like_#_in_my_paths': {
+      'test-pkg-link': {
+        'package.json': JSON.stringify({
+          name: 'test-pkg-link',
+          version: '1.0.0',
+        }),
+      },
+    },
+  })
+  npm.globalDir = resolve(testdir, 'global-prefix', 'lib', 'node_modules')
+  npm.prefix = resolve(testdir, 'i_like_#_in_my_paths', 'test-pkg-link')
+
+  link.workspacePaths = null
+  await link.exec([])
+  const links = await printLinks({
+    path: resolve(npm.globalDir, '..'),
+    global: true,
+  })
+
+  t.matchSnapshot(links, 'should create a global link to current pkg, even within path with hash')
+})
diff --git a/deps/npm/test/lib/npm.js b/deps/npm/test/lib/npm.js
index cd692a93f50..62e48ce6050 100644
--- a/deps/npm/test/lib/npm.js
+++ b/deps/npm/test/lib/npm.js
@@ -3,6 +3,7 @@ const { resolve, dirname, join } = require('path')
 
 const { load: loadMockNpm } = require('../fixtures/mock-npm.js')
 const mockGlobals = require('../fixtures/mock-globals')
+const fs = require('@npmcli/fs')
 
 // delete this so that we don't have configs from the fact that it
 // is being run by 'npm test'
@@ -435,23 +436,42 @@ t.test('debug log', async t => {
     t.match(debug, log2.join(' '), 'after load log appears')
   })
 
-  t.test('with bad dir', async t => {
-    const { npm } = await loadMockNpm(t, {
+  t.test('can load with bad dir', async t => {
+    const { npm, testdir } = await loadMockNpm(t, {
+      load: false,
       config: {
-        'logs-dir': 'LOGS_DIR',
-      },
-      mocks: {
-        '@npmcli/fs': {
-          mkdir: async (dir) => {
-            if (dir.includes('LOGS_DIR')) {
-              throw new Error('err')
-            }
-          },
-        },
+        'logs-dir': (c) => join(c.testdir, 'my_logs_dir'),
       },
     })
+    const logsDir = join(testdir, 'my_logs_dir')
+
+    // make logs dir a file before load so it files
+    await fs.writeFile(logsDir, 'A_TEXT_FILE')
+    await t.resolves(npm.load(), 'loads with invalid logs dir')
+
+    t.equal(npm.logFiles.length, 0, 'no log files array')
+    t.strictSame(fs.readFileSync(logsDir, 'utf-8'), 'A_TEXT_FILE')
+  })
+})
+
+t.test('cache dir', async t => {
+  t.test('creates a cache dir', async t => {
+    const { npm } = await loadMockNpm(t)
+
+    t.ok(fs.existsSync(npm.cache), 'cache dir exists')
+  })
+
+  t.test('can load with a bad cache dir', async t => {
+    const { npm, cache } = await loadMockNpm(t, {
+      load: false,
+      // The easiest way to make mkdir(cache) fail is to make it a file.
+      // This will have the same effect as if its read only or inaccessible.
+      cacheDir: 'A_TEXT_FILE',
+    })
+
+    await t.resolves(npm.load(), 'loads with cache dir as a file')
 
-    t.equal(npm.logFiles.length, 0, 'no log file')
+    t.equal(fs.readFileSync(cache, 'utf-8'), 'A_TEXT_FILE')
   })
 })