From a8b4122ee9effdf182d534091e0e7a405f489e32 Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Wed, 17 Aug 2022 21:52:05 -0700 Subject: [PATCH] deps: upgrade npm to 8.18.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/44263 Reviewed-By: Tobias Nießen Reviewed-By: Myles Borins Reviewed-By: Darshan Sen Reviewed-By: Rich Trott --- .../content/configuring-npm/package-json.md | 2 +- .../content/using-npm/dependency-selectors.md | 2 +- deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm.html | 2 +- .../output/configuring-npm/package-json.html | 2 +- .../using-npm/dependency-selectors.html | 2 +- deps/npm/lib/commands/explain.js | 3 +- deps/npm/lib/commands/ls.js | 13 + deps/npm/lib/commands/query.js | 1 + deps/npm/lib/utils/explain-dep.js | 17 +- deps/npm/man/man1/npm-ls.1 | 2 +- deps/npm/man/man1/npm.1 | 2 +- deps/npm/man/man5/package-json.5 | 2 +- deps/npm/man/man7/dependency-selectors.7 | 2 +- .../node_modules/@npmcli/arborist/lib/node.js | 4 + .../arborist/lib/query-selector-all.js | 4 + .../@npmcli/arborist/package.json | 2 +- .../@npmcli/fs/lib/common/owner-sync.js | 8 +- .../@npmcli/fs/lib/common/owner.js | 8 +- .../@npmcli/fs/lib/with-temp-dir.js | 4 +- deps/npm/node_modules/@npmcli/fs/package.json | 2 +- .../npm/node_modules/@npmcli/git/lib/which.js | 4 +- .../npm/node_modules/@npmcli/git/package.json | 8 +- .../@npmcli/move-file/lib/index.js | 22 +- .../@npmcli/move-file/package.json | 6 +- .../node_modules/bin-links/lib/link-gently.js | 2 + .../node_modules/bin-links/lib/shim-bin.js | 5 +- deps/npm/node_modules/bin-links/package.json | 8 +- .../node_modules/cacache/lib/content/read.js | 2 +- .../node_modules/cacache/lib/content/write.js | 2 + .../node_modules/cacache/lib/entry-index.js | 1 + deps/npm/node_modules/cacache/lib/get.js | 1 + deps/npm/node_modules/cacache/package.json | 2 +- deps/npm/node_modules/libnpmexec/lib/index.js | 29 +- .../node_modules/libnpmexec/lib/run-script.js | 1 + deps/npm/node_modules/libnpmexec/package.json | 2 +- .../make-fetch-happen/lib/cache/entry.js | 1 + .../make-fetch-happen/package.json | 2 +- .../node_modules/minipass-fetch/lib/body.js | 24 +- .../node_modules/minipass-fetch/package.json | 7 +- .../lib/extract_description.js | 12 +- .../normalize-package-data/lib/fixer.js | 36 +- .../normalize-package-data/package.json | 26 +- .../npm-registry-fetch/lib/check-response.js | 4 +- .../npm-registry-fetch/lib/clean-url.js | 4 +- .../npm-registry-fetch/package.json | 4 +- deps/npm/node_modules/pacote/lib/bin.js | 11 +- deps/npm/node_modules/pacote/lib/fetcher.js | 6 +- deps/npm/node_modules/pacote/lib/git.js | 17 +- deps/npm/node_modules/pacote/lib/remote.js | 1 + deps/npm/node_modules/pacote/package.json | 2 +- .../write-file-atomic/lib/index.js | 13 +- .../write-file-atomic/package.json | 24 +- deps/npm/package.json | 6 +- .../test/lib/commands/ls.js.test.cjs | 20 + .../test/lib/commands/query.js.test.cjs | 33 +- .../test/lib/utils/explain-dep.js.test.cjs | 22 ++ deps/npm/test/lib/commands/ls.js | 342 +++++++++++++++++- deps/npm/test/lib/utils/explain-dep.js | 17 + 59 files changed, 663 insertions(+), 152 deletions(-) diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md index b0231662f69..5b4acf187f7 100644 --- a/deps/npm/docs/content/configuring-npm/package-json.md +++ b/deps/npm/docs/content/configuring-npm/package-json.md @@ -873,7 +873,7 @@ be found or fails to install, then you may put it in the `optionalDependencies` object. This is a map of package name to version or url, just like the `dependencies` object. The difference is that build failures do not cause installation to fail. Running `npm install ---no-optional` will prevent these dependencies from being installed. +--omit=optional` will prevent these dependencies from being installed. It is still your program's responsibility to handle the lack of the dependency. For example, something like this: diff --git a/deps/npm/docs/content/using-npm/dependency-selectors.md b/deps/npm/docs/content/using-npm/dependency-selectors.md index 45febf7cc73..c96057c798e 100644 --- a/deps/npm/docs/content/using-npm/dependency-selectors.md +++ b/deps/npm/docs/content/using-npm/dependency-selectors.md @@ -54,7 +54,7 @@ The [`npm query`](/commands/npm-query) commmand exposes a new dependency selecto - [`:private`](https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private) when a dependency is private - `:link` when a dependency is linked (for instance, workspaces or packages manually [`linked`](https://docs.npmjs.com/cli/v8/commands/npm-link) - `:deduped` when a dependency has been deduped (note that this does *not* always mean the dependency has been hoisted to the root of node_modules) -- `:override` when a dependency is an override (not implemented yet) +- `:overridden` when a dependency has been overridden - `:extraneous` when a dependency exists but is not defined as a dependency of any node - `:invalid` when a dependency version is out of its ancestors specified range - `:missing` when a dependency is not found on disk diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 08c482c12d0..f3fb8f05d85 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -166,7 +166,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@8.17.0 /path/to/npm
+
npm@8.18.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 52362923750..4c1f2a53eba 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -149,7 +149,7 @@ 
Table of contents

 
 
 
Version

-
8.17.0

+
8.18.0

 
Description

 
npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html
index 2b1240ebee9..7fdc03e3eaf 100644
--- a/deps/npm/docs/output/configuring-npm/package-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-json.html
@@ -803,7 +803,7 @@ 
optionalDependencies

 be found or fails to install, then you may put it in the
 optionalDependencies object.  This is a map of package name to version or
 url, just like the dependencies object.  The difference is that build
-failures do not cause installation to fail.  Running npm install --no-optional will prevent these dependencies from being installed.

+failures do not cause installation to fail.  Running npm install --omit=optional will prevent these dependencies from being installed.

 
It is still your program's responsibility to handle the lack of the
 dependency.  For example, something like this:

 
try {
diff --git a/deps/npm/docs/output/using-npm/dependency-selectors.html b/deps/npm/docs/output/using-npm/dependency-selectors.html
index af8b766ceba..e19499207da 100644
--- a/deps/npm/docs/output/using-npm/dependency-selectors.html
+++ b/deps/npm/docs/output/using-npm/dependency-selectors.html
@@ -194,7 +194,7 @@ 
Pseudo Selectors

 
  • :private when a dependency is private
    • 
 
  • :link when a dependency is linked (for instance, workspaces or packages manually linked
    • 
 
  • :deduped when a dependency has been deduped (note that this does not always mean the dependency has been hoisted to the root of node_modules)
    • 
-
  • :override when a dependency is an override (not implemented yet)
    • 
+
  • :overridden when a dependency has been overridden
    • 
 
  • :extraneous when a dependency exists but is not defined as a dependency of any node
    • 
 
  • :invalid when a dependency version is out of its ancestors specified range
    • 
 
  • :missing when a dependency is not found on disk
    • 
diff --git a/deps/npm/lib/commands/explain.js b/deps/npm/lib/commands/explain.js
index c0ef04548a4..a06ad24152a 100644
--- a/deps/npm/lib/commands/explain.js
+++ b/deps/npm/lib/commands/explain.js
@@ -59,7 +59,7 @@ class Explain extends ArboristWorkspaceCmd {
 
     const expls = []
     for (const node of nodes) {
-      const { extraneous, dev, optional, devOptional, peer, inBundle } = node
+      const { extraneous, dev, optional, devOptional, peer, inBundle, overridden } = node
       const expl = node.explain()
       if (extraneous) {
         expl.extraneous = true
@@ -69,6 +69,7 @@ class Explain extends ArboristWorkspaceCmd {
         expl.devOptional = devOptional
         expl.peer = peer
         expl.bundled = inBundle
+        expl.overridden = overridden
       }
       expls.push(expl)
     }
diff --git a/deps/npm/lib/commands/ls.js b/deps/npm/lib/commands/ls.js
index 073ca0c6992..6812c392378 100644
--- a/deps/npm/lib/commands/ls.js
+++ b/deps/npm/lib/commands/ls.js
@@ -329,6 +329,11 @@ const getHumanOutputItem = (node, { args, color, global, long }) => {
         ? ' ' + (color ? chalk.green.bgBlack('extraneous') : 'extraneous')
         : ''
     ) +
+    (
+      node.overridden
+        ? ' ' + (color ? chalk.gray('overridden') : 'overridden')
+        : ''
+    ) +
     (isGitNode(node) ? ` (${node.resolved})` : '') +
     (node.isLink ? ` -> ${relativePrefix}${targetLocation}` : '') +
     (long ? `${EOL}${node.package.description || ''}` : '')
@@ -347,6 +352,13 @@ const getJsonOutputItem = (node, { global, long }) => {
     item.resolved = node.resolved
   }
 
+  // if the node is the project root, do not add the overridden flag. the project root can't be
+  // overridden anyway, and if we add the flag it causes undesirable behavior when `npm ls --json`
+  // is ran in an empty directory since we end up printing an object with only an overridden prop
+  if (!node.isProjectRoot) {
+    item.overridden = node.overridden
+  }
+
   item[_name] = node.name
 
   // special formatting for top-level package name
@@ -555,6 +567,7 @@ const parseableOutput = ({ global, long, seenNodes }) => {
         out += node.path !== node.realpath ? `:${node.realpath}` : ''
         out += isExtraneous(node, { global }) ? ':EXTRANEOUS' : ''
         out += node[_invalid] ? ':INVALID' : ''
+        out += node.overridden ? ':OVERRIDDEN' : ''
       }
       out += EOL
     }
diff --git a/deps/npm/lib/commands/query.js b/deps/npm/lib/commands/query.js
index 60294acaf4a..231329b19b5 100644
--- a/deps/npm/lib/commands/query.js
+++ b/deps/npm/lib/commands/query.js
@@ -20,6 +20,7 @@ class QuerySelectorItem {
     this.dev = node.target.dev
     this.inBundle = node.target.inBundle
     this.deduped = this.from.length > 1
+    this.overridden = node.overridden
     for (const edge of node.target.edgesIn) {
       this.from.push(edge.from.location)
     }
diff --git a/deps/npm/lib/utils/explain-dep.js b/deps/npm/lib/utils/explain-dep.js
index 107f68549ef..cd53a226964 100644
--- a/deps/npm/lib/utils/explain-dep.js
+++ b/deps/npm/lib/utils/explain-dep.js
@@ -8,6 +8,7 @@ const nocolor = {
   magenta: s => s,
   blue: s => s,
   green: s => s,
+  gray: s => s,
 }
 
 const { relative } = require('path')
@@ -18,13 +19,14 @@ const explainNode = (node, depth, color) =>
   explainLinksIn(node, depth, color)
 
 const colorType = (type, color) => {
-  const { red, yellow, cyan, magenta, blue, green } = color ? chalk : nocolor
+  const { red, yellow, cyan, magenta, blue, green, gray } = color ? chalk : nocolor
   const style = type === 'extraneous' ? red
     : type === 'dev' ? yellow
     : type === 'optional' ? cyan
     : type === 'peer' ? magenta
     : type === 'bundled' ? blue
     : type === 'workspace' ? green
+    : type === 'overridden' ? gray
     : /* istanbul ignore next */ s => s
   return style(type)
 }
@@ -40,6 +42,7 @@ const printNode = (node, color) => {
     peer,
     bundled,
     isWorkspace,
+    overridden,
   } = node
   const { bold, dim, green } = color ? chalk : nocolor
   const extra = []
@@ -63,6 +66,10 @@ const printNode = (node, color) => {
     extra.push(' ' + bold(colorType('bundled', color)))
   }
 
+  if (overridden) {
+    extra.push(' ' + bold(colorType('overridden', color)))
+  }
+
   const pkgid = isWorkspace
     ? green(`${name}@${version}`)
     : `${bold(name)}@${bold(version)}`
@@ -112,11 +119,15 @@ const explainDependents = ({ name, dependents }, depth, color) => {
   return str.split('\n').join('\n  ')
 }
 
-const explainEdge = ({ name, type, bundled, from, spec }, depth, color) => {
+const explainEdge = ({ name, type, bundled, from, spec, rawSpec, overridden }, depth, color) => {
   const { bold } = color ? chalk : nocolor
-  const dep = type === 'workspace'
+  let dep = type === 'workspace'
     ? bold(relative(from.location, spec.slice('file:'.length)))
     : `${bold(name)}@"${bold(spec)}"`
+  if (overridden) {
+    dep = `${colorType('overridden', color)} ${dep} (was "${rawSpec}")`
+  }
+
   const fromMsg = ` from ${explainFrom(from, depth, color)}`
 
   return (type === 'prod' ? '' : `${colorType(type, color)} `) +
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index c67ea5cc40e..978ecaeabe0 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@8\.17\.0 /path/to/npm
+npm@8\.18\.0 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 04133f58070..f33103ee0a8 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -4,7 +4,7 @@
 .SS Synopsis
 .SS Version
 .P
-8\.17\.0
+8\.18\.0
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index d4f9723112b..7b4480fcc55 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -969,7 +969,7 @@ be found or fails to install, then you may put it in the
 \fBoptionalDependencies\fP object\.  This is a map of package name to version or
 url, just like the \fBdependencies\fP object\.  The difference is that build
 failures do not cause installation to fail\.  Running \fBnpm install
-\-\-no\-optional\fP will prevent these dependencies from being installed\.
+\-\-omit=optional\fP will prevent these dependencies from being installed\.
 .P
 It is still your program's responsibility to handle the lack of the
 dependency\.  For example, something like this:
diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7
index e885790641d..d6f53f4f4e6 100644
--- a/deps/npm/man/man7/dependency-selectors.7
+++ b/deps/npm/man/man7/dependency-selectors.7
@@ -87,7 +87,7 @@ the term "dependencies" is in reference to any \fBNode\fP found in a \fBtree\fP
 .IP \(bu 2
 \fB:deduped\fP when a dependency has been deduped (note that this does \fInot\fR always mean the dependency has been hoisted to the root of node_modules)
 .IP \(bu 2
-\fB:override\fP when a dependency is an override (not implemented yet)
+\fB:overridden\fP when a dependency has been overridden
 .IP \(bu 2
 \fB:extraneous\fP when a dependency exists but is not defined as a dependency of any node
 .IP \(bu 2
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
index be973565750..8ec90ff3c84 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
@@ -334,6 +334,10 @@ class Node {
     return `${myname}@${alias}${version}`
   }
 
+  get overridden () {
+    return !!(this.overrides && this.overrides.value && this.overrides.name === this.name)
+  }
+
   get package () {
     return this[_package]
   }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
index 6c540dea3c8..a3eac5ddc12 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
@@ -262,6 +262,10 @@ class Results {
       !internalSelector.has(node))
   }
 
+  overriddenPseudo () {
+    return this.initialItems.filter(node => node.overridden)
+  }
+
   pathPseudo () {
     return this.initialItems.filter(node => {
       if (!this.currentAstNode.pathValue) {
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index e76a87a32e8..86e36e486c8 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "5.5.0",
+  "version": "5.6.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js b/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
index 8fa18d5121e..3704aa6d18e 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/common/owner-sync.js
@@ -50,11 +50,15 @@ const update = (path, uid, gid) => {
     if (uid === stat.uid && gid === stat.gid) {
       return
     }
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 
   try {
     fs.chownSync(path, uid, gid)
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 }
 
 // accepts a `path` and the `owner` property of an options object and normalizes
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js b/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
index 3fe167cfc30..9f02d41a5e4 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/common/owner.js
@@ -50,11 +50,15 @@ const update = async (path, uid, gid) => {
     if (uid === stat.uid && gid === stat.gid) {
       return
     }
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 
   try {
     await fs.chown(path, uid, gid)
-  } catch (err) {}
+  } catch {
+    // ignore errors
+  }
 }
 
 // accepts a `path` and the `owner` property of an options object and normalizes
diff --git a/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js b/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
index ad08e6ee6e6..81db59dd054 100644
--- a/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
+++ b/deps/npm/node_modules/@npmcli/fs/lib/with-temp-dir.js
@@ -27,7 +27,9 @@ const withTempDir = async (root, fn, opts) => {
 
   try {
     await rm(target, { force: true, recursive: true })
-  } catch {}
+  } catch {
+    // ignore errors
+  }
 
   if (err) {
     throw err
diff --git a/deps/npm/node_modules/@npmcli/fs/package.json b/deps/npm/node_modules/@npmcli/fs/package.json
index 9e18028218d..1512fd6e4b0 100644
--- a/deps/npm/node_modules/@npmcli/fs/package.json
+++ b/deps/npm/node_modules/@npmcli/fs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/fs",
-  "version": "2.1.1",
+  "version": "2.1.2",
   "description": "filesystem utilities for the npm cli",
   "main": "lib/index.js",
   "files": [
diff --git a/deps/npm/node_modules/@npmcli/git/lib/which.js b/deps/npm/node_modules/@npmcli/git/lib/which.js
index a2f690e1bce..dc2a1ad2121 100644
--- a/deps/npm/node_modules/@npmcli/git/lib/which.js
+++ b/deps/npm/node_modules/@npmcli/git/lib/which.js
@@ -3,7 +3,9 @@ const which = require('which')
 let gitPath
 try {
   gitPath = which.sync('git')
-} catch (e) {}
+} catch {
+  // ignore errors
+}
 
 module.exports = (opts = {}) => {
   if (opts.git) {
diff --git a/deps/npm/node_modules/@npmcli/git/package.json b/deps/npm/node_modules/@npmcli/git/package.json
index 08525ae99e8..86b8e853992 100644
--- a/deps/npm/node_modules/@npmcli/git/package.json
+++ b/deps/npm/node_modules/@npmcli/git/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/git",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -31,7 +31,9 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
+    "npm-package-arg": "^9.1.0",
+    "rimraf": "^3.0.2",
     "slash": "^3.0.0",
     "tap": "^16.0.1"
   },
@@ -52,6 +54,6 @@
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/@npmcli/move-file/lib/index.js b/deps/npm/node_modules/@npmcli/move-file/lib/index.js
index ecc55f0171d..5789bb127e0 100644
--- a/deps/npm/node_modules/@npmcli/move-file/lib/index.js
+++ b/deps/npm/node_modules/@npmcli/move-file/lib/index.js
@@ -97,14 +97,19 @@ const moveFile = async (source, destination, options = {}, root = true, symlinks
       }
       // try to determine what the actual file is so we can create the correct
       // type of symlink in windows
-      let targetStat
+      let targetStat = 'file'
       try {
         targetStat = await stat(resolve(dirname(symSource), target))
-      } catch (err) {}
+        if (targetStat.isDirectory()) {
+          targetStat = 'junction'
+        }
+      } catch {
+        // targetStat remains 'file'
+      }
       await symlink(
         target,
         symDestination,
-        targetStat && targetStat.isDirectory() ? 'junction' : 'file'
+        targetStat
       )
     }))
     await rimraf(source)
@@ -157,14 +162,19 @@ const moveFileSync = (source, destination, options = {}, root = true, symlinks =
       }
       // try to determine what the actual file is so we can create the correct
       // type of symlink in windows
-      let targetStat
+      let targetStat = 'file'
       try {
         targetStat = statSync(resolve(dirname(symSource), target))
-      } catch (err) {}
+        if (targetStat.isDirectory()) {
+          targetStat = 'junction'
+        }
+      } catch {
+        // targetStat remains 'file'
+      }
       symlinkSync(
         target,
         symDestination,
-        targetStat && targetStat.isDirectory() ? 'junction' : 'file'
+        targetStat
       )
     }
     rimrafSync(source)
diff --git a/deps/npm/node_modules/@npmcli/move-file/package.json b/deps/npm/node_modules/@npmcli/move-file/package.json
index 1b1d377b0c7..58793b93a9c 100644
--- a/deps/npm/node_modules/@npmcli/move-file/package.json
+++ b/deps/npm/node_modules/@npmcli/move-file/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/move-file",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "files": [
     "bin/",
     "lib/"
@@ -13,7 +13,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
     "tap": "^16.0.1"
   },
   "scripts": {
@@ -42,6 +42,6 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/bin-links/lib/link-gently.js b/deps/npm/node_modules/bin-links/lib/link-gently.js
index 671ce38a586..d9ef25e7c5b 100644
--- a/deps/npm/node_modules/bin-links/lib/link-gently.js
+++ b/deps/npm/node_modules/bin-links/lib/link-gently.js
@@ -64,6 +64,8 @@ const linkGently = async ({ path, to, from, absFrom, force }) => {
         if (target.indexOf(path) === 0 || force) {
           return rm(to).then(() => CLOBBER)
         }
+        // neither skip nor clobber
+        return false
       })
     } else {
       // doesn't exist, dir might not either
diff --git a/deps/npm/node_modules/bin-links/lib/shim-bin.js b/deps/npm/node_modules/bin-links/lib/shim-bin.js
index 70259a49e5b..bde328e510c 100644
--- a/deps/npm/node_modules/bin-links/lib/shim-bin.js
+++ b/deps/npm/node_modules/bin-links/lib/shim-bin.js
@@ -56,12 +56,12 @@ const shimBin = ({ path, to, from, absFrom, force }) => {
     }
 
     if (force) {
-      return
+      return false
     }
 
     return Promise.all(shims.map((s, i) => [s, stats[i]]).map(([s, st]) => {
       if (!st) {
-        return
+        return false
       }
       return readCmdShim(s)
         .then(target => {
@@ -69,6 +69,7 @@ const shimBin = ({ path, to, from, absFrom, force }) => {
           if (target.indexOf(resolve(path)) !== 0) {
             return failEEXIST({ from, to, path })
           }
+          return false
         }, er => handleReadCmdShimError({ er, from, to }))
     }))
   })
diff --git a/deps/npm/node_modules/bin-links/package.json b/deps/npm/node_modules/bin-links/package.json
index a86948de153..aba3d8f6c09 100644
--- a/deps/npm/node_modules/bin-links/package.json
+++ b/deps/npm/node_modules/bin-links/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bin-links",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "description": "JavaScript package binary linker",
   "main": "./lib/index.js",
   "scripts": {
@@ -35,10 +35,10 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.2.2",
+    "@npmcli/template-oss": "3.5.0",
     "mkdirp": "^1.0.3",
     "require-inject": "^1.4.4",
-    "tap": "^15.0.10"
+    "tap": "^16.0.1"
   },
   "tap": {
     "check-coverage": true,
@@ -55,6 +55,6 @@
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "3.2.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/cacache/lib/content/read.js b/deps/npm/node_modules/cacache/lib/content/read.js
index 8367ccb205d..7c20c75257b 100644
--- a/deps/npm/node_modules/cacache/lib/content/read.js
+++ b/deps/npm/node_modules/cacache/lib/content/read.js
@@ -81,7 +81,7 @@ function readStream (cache, integrity, opts = {}) {
       return stream.emit('error', sizeError(size, stat.size))
     }
 
-    readPipeline(cpath, stat.size, sri, stream)
+    return readPipeline(cpath, stat.size, sri, stream)
   }).catch(err => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/lib/content/write.js b/deps/npm/node_modules/cacache/lib/content/write.js
index 62388dc81d0..0e8c0f49360 100644
--- a/deps/npm/node_modules/cacache/lib/content/write.js
+++ b/deps/npm/node_modules/cacache/lib/content/write.js
@@ -80,9 +80,11 @@ class CacacheWriteStream extends Flush {
         // defer this one tick by rejecting a promise on it.
         return Promise.reject(e).catch(cb)
       }
+      // eslint-disable-next-line promise/catch-or-return
       this.handleContentP.then(
         (res) => {
           res.integrity && this.emit('integrity', res.integrity)
+          // eslint-disable-next-line promise/always-return
           res.size !== null && this.emit('size', res.size)
           cb()
         },
diff --git a/deps/npm/node_modules/cacache/lib/entry-index.js b/deps/npm/node_modules/cacache/lib/entry-index.js
index cbfa619099f..1dc73a93f6b 100644
--- a/deps/npm/node_modules/cacache/lib/entry-index.js
+++ b/deps/npm/node_modules/cacache/lib/entry-index.js
@@ -285,6 +285,7 @@ function lsStream (cache) {
       }))
     }))
     stream.end()
+    return stream
   }).catch(err => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/lib/get.js b/deps/npm/node_modules/cacache/lib/get.js
index cc9d8f67966..254b4ecc38b 100644
--- a/deps/npm/node_modules/cacache/lib/get.js
+++ b/deps/npm/node_modules/cacache/lib/get.js
@@ -155,6 +155,7 @@ function getStream (cache, key, opts = {}) {
       stream.unshift(memoStream)
     }
     stream.unshift(src)
+    return stream
   }).catch((err) => stream.emit('error', err))
 
   return stream
diff --git a/deps/npm/node_modules/cacache/package.json b/deps/npm/node_modules/cacache/package.json
index bb5674dafca..3f19d07d441 100644
--- a/deps/npm/node_modules/cacache/package.json
+++ b/deps/npm/node_modules/cacache/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cacache",
-  "version": "16.1.1",
+  "version": "16.1.2",
   "cache-version": {
     "content": "2",
     "index": "5"
diff --git a/deps/npm/node_modules/libnpmexec/lib/index.js b/deps/npm/node_modules/libnpmexec/lib/index.js
index 15d5ba4eeca..45c75d47156 100644
--- a/deps/npm/node_modules/libnpmexec/lib/index.js
+++ b/deps/npm/node_modules/libnpmexec/lib/index.js
@@ -63,6 +63,9 @@ const missingFromTree = async ({ spec, tree, flatOptions }) => {
     // non-registry spec, or a specific tag.  Look up manifest and check
     // resolved to see if it's in the tree.
     const manifest = await getManifest(spec, flatOptions)
+    if (spec.type === 'directory') {
+      return { manifest }
+    }
     const nodesByManifest = tree.inventory.query('packageName', manifest.name)
     for (const node of nodesByManifest) {
       if (node.package.resolved === manifest._resolved) {
@@ -89,10 +92,10 @@ const exec = async (opts) => {
     path = '.',
     runPath = '.',
     scriptShell = isWindows ? process.env.ComSpec || 'cmd' : 'sh',
-    yes = undefined,
     ...flatOptions
   } = opts
 
+  let yes = opts.yes
   const run = () => runScript({
     args,
     call,
@@ -129,6 +132,16 @@ const exec = async (opts) => {
     packages.push(args[0])
   }
 
+  // Resolve any directory specs so that the npx directory is unique to the
+  // resolved directory, not the potentially relative one (i.e. "npx .")
+  for (const i in packages) {
+    const pkg = packages[i]
+    const spec = npa(pkg)
+    if (spec.type === 'directory') {
+      packages[i] = spec.fetchSpec
+    }
+  }
+
   const localArb = new Arborist({ ...flatOptions, path })
   const localTree = await localArb.loadActual()
 
@@ -153,6 +166,10 @@ const exec = async (opts) => {
   if (needPackageCommandSwap) {
     const spec = npa(args[0])
 
+    if (spec.type === 'directory') {
+      yes = true
+    }
+
     args[0] = getBinFromManifest(commandManifest)
 
     if (needInstall.length > 0 && globalPath) {
@@ -176,7 +193,15 @@ const exec = async (opts) => {
       throw new Error('Must provide a valid npxCache path')
     }
     const hash = crypto.createHash('sha512')
-      .update(packages.sort((a, b) => a.localeCompare(b, 'en')).join('\n'))
+      .update(packages.map(p => {
+        // Keeps the npx directory unique to the resolved directory, not the
+        // potentially relative one (i.e. "npx .")
+        const spec = npa(p)
+        if (spec.type === 'directory') {
+          return spec.fetchSpec
+        }
+        return p
+      }).sort((a, b) => a.localeCompare(b, 'en')).join('\n'))
       .digest('hex')
       .slice(0, 16)
     const installDir = resolve(npxCache, hash)
diff --git a/deps/npm/node_modules/libnpmexec/lib/run-script.js b/deps/npm/node_modules/libnpmexec/lib/run-script.js
index 18dcf7d8356..cee8ba45ae8 100644
--- a/deps/npm/node_modules/libnpmexec/lib/run-script.js
+++ b/deps/npm/node_modules/libnpmexec/lib/run-script.js
@@ -73,6 +73,7 @@ const run = async ({
       event: 'npx',
       args,
       stdio: 'inherit',
+      scriptShell,
     })
   } finally {
     npmlog.enableProgress()
diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json
index a83447d9ea6..4de7259071f 100644
--- a/deps/npm/node_modules/libnpmexec/package.json
+++ b/deps/npm/node_modules/libnpmexec/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmexec",
-  "version": "4.0.10",
+  "version": "4.0.11",
   "files": [
     "bin/",
     "lib/"
diff --git a/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js b/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
index 4307962b889..dba89d715d8 100644
--- a/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
+++ b/deps/npm/node_modules/make-fetch-happen/lib/cache/entry.js
@@ -288,6 +288,7 @@ class CacheEntry {
         // stick a flag on here so downstream users will know if they can expect integrity events
         tee.pipe(cacheStream)
         // TODO if the cache write fails, log a warning but return the response anyway
+        // eslint-disable-next-line promise/catch-or-return
         cacheStream.promise().then(cacheWriteResolve, cacheWriteReject)
         body.unshift(tee)
         body.unshift(this.response.body)
diff --git a/deps/npm/node_modules/make-fetch-happen/package.json b/deps/npm/node_modules/make-fetch-happen/package.json
index 8b21901f34f..fc491d1152e 100644
--- a/deps/npm/node_modules/make-fetch-happen/package.json
+++ b/deps/npm/node_modules/make-fetch-happen/package.json
@@ -1,6 +1,6 @@
 {
   "name": "make-fetch-happen",
-  "version": "10.2.0",
+  "version": "10.2.1",
   "description": "Opinionated, caching, retrying fetch client",
   "main": "lib/index.js",
   "files": [
diff --git a/deps/npm/node_modules/minipass-fetch/lib/body.js b/deps/npm/node_modules/minipass-fetch/lib/body.js
index c7ffa5babcb..58893309e63 100644
--- a/deps/npm/node_modules/minipass-fetch/lib/body.js
+++ b/deps/npm/node_modules/minipass-fetch/lib/body.js
@@ -10,7 +10,9 @@ const FetchError = require('./fetch-error.js')
 let convert
 try {
   convert = require('encoding').convert
-} catch (e) {}
+} catch (e) {
+  // defer error until textConverted is called
+}
 
 const INTERNALS = Symbol('Body internals')
 const CONSUME_BODY = Symbol('consumeBody')
@@ -69,16 +71,16 @@ class Body {
     ))
   }
 
-  json () {
-    return this[CONSUME_BODY]().then(buf => {
-      try {
-        return JSON.parse(buf.toString())
-      } catch (er) {
-        return Promise.reject(new FetchError(
-          `invalid json response body at ${
-            this.url} reason: ${er.message}`, 'invalid-json'))
-      }
-    })
+  async json () {
+    try {
+      const buf = await this[CONSUME_BODY]()
+      return JSON.parse(buf.toString())
+    } catch (er) {
+      throw new FetchError(
+        `invalid json response body at ${this.url} reason: ${er.message}`,
+        'invalid-json'
+      )
+    }
   }
 
   text () {
diff --git a/deps/npm/node_modules/minipass-fetch/package.json b/deps/npm/node_modules/minipass-fetch/package.json
index 1f663b9245d..b47077adc11 100644
--- a/deps/npm/node_modules/minipass-fetch/package.json
+++ b/deps/npm/node_modules/minipass-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "minipass-fetch",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "An implementation of window.fetch in Node.js using Minipass streams",
   "license": "MIT",
   "main": "lib/index.js",
@@ -23,10 +23,11 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "3.1.2",
+    "@npmcli/template-oss": "3.5.0",
     "@ungap/url-search-params": "^0.2.2",
     "abort-controller": "^3.0.0",
     "abortcontroller-polyfill": "~1.7.3",
+    "encoding": "^0.1.13",
     "form-data": "^4.0.0",
     "nock": "^13.2.4",
     "parted": "^0.1.1",
@@ -61,6 +62,6 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "3.1.2"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/node_modules/normalize-package-data/lib/extract_description.js b/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
index bf9896812e5..631966b5f29 100644
--- a/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
+++ b/deps/npm/node_modules/normalize-package-data/lib/extract_description.js
@@ -11,12 +11,14 @@ function extractDescription (d) {
   // the first block of text before the first heading
   // that isn't the first line heading
   d = d.trim().split('\n')
-  for (var s = 0; d[s] && d[s].trim().match(/^(#|$)/); s++) {
-    ;
+  let s = 0
+  while (d[s] && d[s].trim().match(/^(#|$)/)) {
+    s++
   }
-  var l = d.length
-  for (var e = s + 1; e < l && d[e].trim(); e++) {
-    ;
+  const l = d.length
+  let e = s + 1
+  while (e < l && d[e].trim()) {
+    e++
   }
   return d.slice(s, e).join(' ').trim()
 }
diff --git a/deps/npm/node_modules/normalize-package-data/lib/fixer.js b/deps/npm/node_modules/normalize-package-data/lib/fixer.js
index 0846f2c045a..bb78231d83c 100644
--- a/deps/npm/node_modules/normalize-package-data/lib/fixer.js
+++ b/deps/npm/node_modules/normalize-package-data/lib/fixer.js
@@ -121,17 +121,17 @@ module.exports = {
       this.warn('nonArrayBundleDependencies')
       delete data[bd]
     } else if (data[bd]) {
-      data[bd] = data[bd].filter(function (bd) {
-        if (!bd || typeof bd !== 'string') {
-          this.warn('nonStringBundleDependency', bd)
+      data[bd] = data[bd].filter(function (filtered) {
+        if (!filtered || typeof filtered !== 'string') {
+          this.warn('nonStringBundleDependency', filtered)
           return false
         } else {
           if (!data.dependencies) {
             data.dependencies = {}
           }
-          if (!Object.prototype.hasOwnProperty.call(data.dependencies, bd)) {
-            this.warn('nonDependencyBundleDependency', bd)
-            data.dependencies[bd] = '*'
+          if (!Object.prototype.hasOwnProperty.call(data.dependencies, filtered)) {
+            this.warn('nonDependencyBundleDependency', filtered)
+            data.dependencies[filtered] = '*'
           }
           return true
         }
@@ -389,28 +389,28 @@ function unParsePerson (person) {
   }
   var name = person.name || ''
   var u = person.url || person.web
-  var url = u ? (' (' + u + ')') : ''
+  var wrappedUrl = u ? (' (' + u + ')') : ''
   var e = person.email || person.mail
-  var email = e ? (' <' + e + '>') : ''
-  return name + email + url
+  var wrappedEmail = e ? (' <' + e + '>') : ''
+  return name + wrappedEmail + wrappedUrl
 }
 
 function parsePerson (person) {
   if (typeof person !== 'string') {
     return person
   }
-  var name = person.match(/^([^(<]+)/)
-  var url = person.match(/\(([^()]+)\)/)
-  var email = person.match(/<([^<>]+)>/)
+  var matchedName = person.match(/^([^(<]+)/)
+  var matchedUrl = person.match(/\(([^()]+)\)/)
+  var matchedEmail = person.match(/<([^<>]+)>/)
   var obj = {}
-  if (name && name[0].trim()) {
-    obj.name = name[0].trim()
+  if (matchedName && matchedName[0].trim()) {
+    obj.name = matchedName[0].trim()
   }
-  if (email) {
-    obj.email = email[1]
+  if (matchedEmail) {
+    obj.email = matchedEmail[1]
   }
-  if (url) {
-    obj.url = url[1]
+  if (matchedUrl) {
+    obj.url = matchedUrl[1]
   }
   return obj
 }
diff --git a/deps/npm/node_modules/normalize-package-data/package.json b/deps/npm/node_modules/normalize-package-data/package.json
index a6f1244eb5a..1bec9bb8645 100644
--- a/deps/npm/node_modules/normalize-package-data/package.json
+++ b/deps/npm/node_modules/normalize-package-data/package.json
@@ -1,12 +1,12 @@
 {
   "name": "normalize-package-data",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "author": "GitHub Inc.",
   "description": "Normalizes data that can be found in package.json files.",
   "license": "BSD-2-Clause",
   "repository": {
     "type": "git",
-    "url": "git://github.com/npm/normalize-package-data.git"
+    "url": "https://github.com/npm/normalize-package-data.git"
   },
   "main": "lib/normalize.js",
   "scripts": {
@@ -15,13 +15,13 @@
     "preversion": "npm test",
     "test": "tap",
     "npmclilint": "npmcli-lint",
-    "lint": "eslint '**/*.js'",
+    "lint": "eslint \"**/*.js\"",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint",
     "postsnap": "npm run lintfix --",
-    "postlint": "npm-template-check",
-    "template-copy": "npm-template-copy --force",
-    "snap": "tap"
+    "postlint": "template-oss-check",
+    "snap": "tap",
+    "template-oss-apply": "template-oss-apply --force"
   },
   "dependencies": {
     "hosted-git-info": "^5.0.0",
@@ -30,18 +30,20 @@
     "validate-npm-package-license": "^3.0.4"
   },
   "devDependencies": {
-    "@npmcli/template-oss": "^2.9.2",
-    "tap": "^15.0.9"
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.5.0",
+    "tap": "^16.0.1"
   },
   "files": [
-    "bin",
-    "lib"
+    "bin/",
+    "lib/"
   ],
   "engines": {
-    "node": "^12.13.0 || ^14.15.0 || >=16"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
   },
   "templateOSS": {
-    "version": "2.9.2"
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "3.5.0"
   },
   "tap": {
     "branches": 86,
diff --git a/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js b/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
index 714513908df..066ac3c3242 100644
--- a/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
+++ b/deps/npm/node_modules/npm-registry-fetch/lib/check-response.js
@@ -61,7 +61,9 @@ function checkErrors (method, res, startTime, opts) {
       let parsed = body
       try {
         parsed = JSON.parse(body.toString('utf8'))
-      } catch (e) {}
+      } catch {
+        // ignore errors
+      }
       if (res.status === 401 && res.headers.get('www-authenticate')) {
         const auth = res.headers.get('www-authenticate')
           .split(/,\s*/)
diff --git a/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js b/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
index ba31dc462f3..a419b47d6a3 100644
--- a/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
+++ b/deps/npm/node_modules/npm-registry-fetch/lib/clean-url.js
@@ -14,7 +14,9 @@ const cleanUrl = (str) => {
     if (url.password) {
       str = str.replace(url.password, replace)
     }
-  } catch {}
+  } catch {
+    // ignore errors
+  }
 
   return str
     .replace(tokenRegex, `npm_${replace}`)
diff --git a/deps/npm/node_modules/npm-registry-fetch/package.json b/deps/npm/node_modules/npm-registry-fetch/package.json
index 8a0189a9ef7..7a3885ae12e 100644
--- a/deps/npm/node_modules/npm-registry-fetch/package.json
+++ b/deps/npm/node_modules/npm-registry-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "npm-registry-fetch",
-  "version": "13.3.0",
+  "version": "13.3.1",
   "description": "Fetch-based http client for use with npm registry APIs",
   "main": "lib",
   "files": [
@@ -46,8 +46,10 @@
     "@npmcli/eslint-config": "^3.0.1",
     "@npmcli/template-oss": "3.5.0",
     "cacache": "^16.0.2",
+    "mkdirp": "^1.0.4",
     "nock": "^13.2.4",
     "require-inject": "^1.4.4",
+    "rimraf": "^3.0.2",
     "ssri": "^9.0.0",
     "tap": "^16.0.1"
   },
diff --git a/deps/npm/node_modules/pacote/lib/bin.js b/deps/npm/node_modules/pacote/lib/bin.js
index 4a1f911e42b..f35b62ca71a 100755
--- a/deps/npm/node_modules/pacote/lib/bin.js
+++ b/deps/npm/node_modules/pacote/lib/bin.js
@@ -18,10 +18,15 @@ const run = conf => {
     case 'tarball':
       if (!conf._[2] || conf._[2] === '-') {
         return pacote.tarball.stream(conf._[1], stream => {
-          stream.pipe(conf.testStdout ||
-          /* istanbul ignore next */ process.stdout)
+          stream.pipe(
+            conf.testStdout ||
+            /* istanbul ignore next */
+            process.stdout
+          )
           // make sure it resolves something falsey
-          return stream.promise().then(() => {})
+          return stream.promise().then(() => {
+            return false
+          })
         }, conf)
       } else {
         return pacote.tarball.file(conf._[1], conf._[2], conf)
diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
index 5f93e703bca..95b6d3ee432 100644
--- a/deps/npm/node_modules/pacote/lib/fetcher.js
+++ b/deps/npm/node_modules/pacote/lib/fetcher.js
@@ -254,6 +254,7 @@ class FetcherBase {
     cstream.on('error', err => stream.emit('error', err))
     stream.pipe(cstream)
 
+    // eslint-disable-next-line promise/catch-or-return
     cstream.promise().catch(() => {}).then(() => middleStream.end())
     return middleStream
   }
@@ -269,7 +270,10 @@ class FetcherBase {
   }
 
   // override the types getter
-  get types () {}
+  get types () {
+    return false
+  }
+
   [_assertType] () {
     if (this.types && !this.types.includes(this.spec.type)) {
       throw new TypeError(`Wrong spec type (${
diff --git a/deps/npm/node_modules/pacote/lib/git.js b/deps/npm/node_modules/pacote/lib/git.js
index 9d84d95fa62..c4819b4fdf4 100644
--- a/deps/npm/node_modules/pacote/lib/git.js
+++ b/deps/npm/node_modules/pacote/lib/git.js
@@ -239,7 +239,7 @@ class GitFetcher extends Fetcher {
     tarballOk = tarballOk &&
       h && resolved === repoUrl(h, { noCommittish: false }) && h.tarball
 
-    return cacache.tmp.withTmp(this.cache, o, tmp => {
+    return cacache.tmp.withTmp(this.cache, o, async tmp => {
       // if we're resolved, and have a tarball url, shell out to RemoteFetcher
       if (tarballOk) {
         const nameat = this.spec.name ? `${this.spec.name}@` : ''
@@ -259,16 +259,15 @@ class GitFetcher extends Fetcher {
         })
       }
 
-      return (
+      const sha = await (
         h ? this[_cloneHosted](ref, tmp)
         : this[_cloneRepo](this.spec.fetchSpec, ref, tmp)
-      ).then(sha => {
-        this.resolvedSha = sha
-        if (!this.resolved) {
-          this[_addGitSha](sha)
-        }
-      })
-        .then(() => handler(tmp))
+      )
+      this.resolvedSha = sha
+      if (!this.resolved) {
+        await this[_addGitSha](sha)
+      }
+      return handler(tmp)
     })
   }
 
diff --git a/deps/npm/node_modules/pacote/lib/remote.js b/deps/npm/node_modules/pacote/lib/remote.js
index 6759dbba3ed..a361a9e8978 100644
--- a/deps/npm/node_modules/pacote/lib/remote.js
+++ b/deps/npm/node_modules/pacote/lib/remote.js
@@ -41,6 +41,7 @@ class RemoteFetcher extends Fetcher {
       algorithms: [this.pickIntegrityAlgorithm()],
     }
 
+    // eslint-disable-next-line promise/always-return
     fetch(this.resolved, fetchOpts).then(res => {
       res.body.on('error',
         /* istanbul ignore next - exceedingly rare and hard to simulate */
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 696c925d353..960530ec0b3 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "13.6.1",
+  "version": "13.6.2",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
diff --git a/deps/npm/node_modules/write-file-atomic/lib/index.js b/deps/npm/node_modules/write-file-atomic/lib/index.js
index 118666d2ce6..9d79d797a55 100644
--- a/deps/npm/node_modules/write-file-atomic/lib/index.js
+++ b/deps/npm/node_modules/write-file-atomic/lib/index.js
@@ -39,7 +39,9 @@ function cleanupOnExit (tmpfile) {
   return () => {
     try {
       fs.unlinkSync(typeof tmpfile === 'function' ? tmpfile() : tmpfile)
-    } catch (_) {}
+    } catch {
+      // ignore errors
+    }
   }
 }
 
@@ -156,7 +158,7 @@ async function writeFileAsync (filename, data, options = {}) {
   }
 }
 
-function writeFile (filename, data, options, callback) {
+async function writeFile (filename, data, options, callback) {
   if (options instanceof Function) {
     callback = options
     options = {}
@@ -164,7 +166,12 @@ function writeFile (filename, data, options, callback) {
 
   const promise = writeFileAsync(filename, data, options)
   if (callback) {
-    promise.then(callback, callback)
+    try {
+      const result = await promise
+      return callback(result)
+    } catch (err) {
+      return callback(err)
+    }
   }
 
   return promise
diff --git a/deps/npm/node_modules/write-file-atomic/package.json b/deps/npm/node_modules/write-file-atomic/package.json
index 7219f90b97b..86e2a0fbadf 100644
--- a/deps/npm/node_modules/write-file-atomic/package.json
+++ b/deps/npm/node_modules/write-file-atomic/package.json
@@ -1,23 +1,23 @@
 {
   "name": "write-file-atomic",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "description": "Write files in an atomic fashion w/configurable ownership",
   "main": "./lib/index.js",
   "scripts": {
     "test": "tap",
     "posttest": "npm run lint",
-    "lint": "eslint '**/*.js'",
-    "postlint": "npm-template-check",
+    "lint": "eslint \"**/*.js\"",
+    "postlint": "template-oss-check",
     "preversion": "npm test",
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags",
     "lintfix": "npm run lint -- --fix",
     "snap": "tap",
-    "template-copy": "npm-template-copy --force"
+    "template-oss-apply": "template-oss-apply --force"
   },
   "repository": {
     "type": "git",
-    "url": "git://github.com/npm/write-file-atomic.git"
+    "url": "https://github.com/npm/write-file-atomic.git"
   },
   "keywords": [
     "writeFile",
@@ -34,20 +34,22 @@
     "signal-exit": "^3.0.7"
   },
   "devDependencies": {
-    "@npmcli/template-oss": "^2.7.1",
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.5.0",
     "mkdirp": "^1.0.4",
     "rimraf": "^3.0.2",
-    "tap": "^15.1.6"
+    "tap": "^16.0.1"
   },
   "files": [
-    "bin",
-    "lib"
+    "bin/",
+    "lib/"
   ],
   "engines": {
-    "node": "^12.13.0 || ^14.15.0 || >=16"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
   },
   "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
     "windowsCI": false,
-    "version": "2.7.1"
+    "version": "3.5.0"
   }
 }
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 3641c147518..f631c9f0683 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "8.17.0",
+  "version": "8.18.0",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
@@ -103,12 +103,12 @@
     "npm-package-arg": "^9.1.0",
     "npm-pick-manifest": "^7.0.1",
     "npm-profile": "^6.2.0",
-    "npm-registry-fetch": "^13.3.0",
+    "npm-registry-fetch": "^13.3.1",
     "npm-user-validate": "^1.0.1",
     "npmlog": "^6.0.2",
     "opener": "^1.5.2",
     "p-map": "^4.0.0",
-    "pacote": "^13.6.1",
+    "pacote": "^13.6.2",
     "parse-conflict-json": "^2.0.2",
     "proc-log": "^2.0.1",
     "qrcode-terminal": "^0.12.0",
diff --git a/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
index c56f8b162dc..84bfed4c915 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/ls.js.test.cjs
@@ -255,6 +255,12 @@ exports[`test/lib/commands/ls.js TAP ls --parseable no args > should output pars
 {CWD}/tap-testdir-ls-ls---parseable-no-args/node_modules/dog
 `
 
+exports[`test/lib/commands/ls.js TAP ls --parseable overridden dep > should contain overridden outout 1`] = `
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep:test-overridden@1.0.0
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep/node_modules/foo:foo@1.0.0
+{CWD}/tap-testdir-ls-ls---parseable-overridden-dep/node_modules/bar:bar@1.0.0:OVERRIDDEN
+`
+
 exports[`test/lib/commands/ls.js TAP ls --parseable resolved points to git ref > should output tree containing git refs 1`] = `
 {CWD}/tap-testdir-ls-ls---parseable-resolved-points-to-git-ref
 {CWD}/tap-testdir-ls-ls---parseable-resolved-points-to-git-ref/node_modules/abbrev
@@ -567,6 +573,20 @@ test-npm-ls@1.0.0 {CWD}/tap-testdir-ls-ls-no-args
 
 `
 
+exports[`test/lib/commands/ls.js TAP ls overridden dep > should contain overridden outout 1`] = `
+test-overridden@1.0.0 {CWD}/tap-testdir-ls-ls-overridden-dep
+\`-- foo@1.0.0
+  \`-- bar@1.0.0 overridden
+
+`
+
+exports[`test/lib/commands/ls.js TAP ls overridden dep w/ color > should contain overridden outout 1`] = `
+test-overridden@1.0.0 {CWD}/tap-testdir-ls-ls-overridden-dep-w-color
+\`-- foo@1.0.0
+  \`-- bar@1.0.0 overridden
+
+`
+
 exports[`test/lib/commands/ls.js TAP ls print deduped symlinks > should output tree containing linked deps 1`] = `
 print-deduped-symlinks@1.0.0 {CWD}/tap-testdir-ls-ls-print-deduped-symlinks
 +-- a@1.0.0
diff --git a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
index 0a2aa769ee6..d827b62eef7 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs
@@ -22,7 +22,8 @@ exports[`test/lib/commands/query.js TAP global > should return global package 1`
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -51,7 +52,8 @@ exports[`test/lib/commands/query.js TAP include-workspace-root > should return w
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "name": "c",
@@ -66,7 +68,8 @@ exports[`test/lib/commands/query.js TAP include-workspace-root > should return w
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -86,7 +89,8 @@ exports[`test/lib/commands/query.js TAP linked node > should return linked node
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -111,7 +115,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "a@",
@@ -125,7 +130,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "b@",
@@ -139,7 +145,8 @@ exports[`test/lib/commands/query.js TAP recursive tree > should return everythin
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -167,7 +174,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     ],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "a@",
@@ -181,7 +189,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   },
   {
     "pkgid": "b@",
@@ -195,7 +204,8 @@ exports[`test/lib/commands/query.js TAP simple query > should return root object
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
@@ -215,7 +225,8 @@ exports[`test/lib/commands/query.js TAP workspace query > should return workspac
     "to": [],
     "dev": false,
     "inBundle": false,
-    "deduped": false
+    "deduped": false,
+    "overridden": false
   }
 ]
 `
diff --git a/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
index 4d6f4686df8..8550617eb0a 100644
--- a/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/utils/explain-dep.js.test.cjs
@@ -156,6 +156,28 @@ optdep@1.0.0 optional
 node_modules/optdep
 `
 
+exports[`test/lib/utils/explain-dep.js TAP overridden > explain color deep 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+  overridden overridden-dep@"1.0.0" (was "^2.0.0") from the root project
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > explain nocolor shallow 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+  overridden overridden-dep@"1.0.0" (was "^2.0.0") from the root project
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > print color 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+`
+
+exports[`test/lib/utils/explain-dep.js TAP overridden > print nocolor 1`] = `
+overridden-root@1.0.0 overridden
+node_modules/overridden-root
+`
+
 exports[`test/lib/utils/explain-dep.js TAP peer > explain color deep 1`] = `
 peer@1.0.0 peer
 node_modules/peer
diff --git a/deps/npm/test/lib/commands/ls.js b/deps/npm/test/lib/commands/ls.js
index f4cd4ef33d5..764d95298ca 100644
--- a/deps/npm/test/lib/commands/ls.js
+++ b/deps/npm/test/lib/commands/ls.js
@@ -231,6 +231,88 @@ t.test('ls', t => {
     t.matchSnapshot(redactCwd(result), 'should output containing problems info')
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    t.teardown(() => {
+      config.all = false
+    })
+
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
+  t.test('overridden dep w/ color', async t => {
+    config.all = true
+    npm.color = true
+    t.teardown(() => {
+      config.all = false
+      npm.color = false
+    })
+
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
   t.test('with filter arg', async t => {
     npm.color = true
     npm.prefix = t.testdir({
@@ -1621,6 +1703,47 @@ t.test('ls --parseable', t => {
     t.matchSnapshot(redactCwd(result), 'should output containing problems info')
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    config.long = true
+    t.teardown(() => {
+      config.all = false
+      config.long = false
+    })
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.matchSnapshot(redactCwd(result), 'should contain overridden outout')
+  })
+
   t.test('with filter arg', async t => {
     npm.prefix = t.testdir({
       'package.json': JSON.stringify({
@@ -2413,14 +2536,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2448,6 +2574,7 @@ t.test('ls --json', t => {
           dog: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: dog@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/dog',
@@ -2456,6 +2583,7 @@ t.test('ls --json', t => {
           foo: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: foo@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/foo',
@@ -2469,6 +2597,7 @@ t.test('ls --json', t => {
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-package.json/node_modules/chai',
@@ -2503,15 +2632,18 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-extraneous-deps/node_modules/chai',
@@ -2523,6 +2655,58 @@ t.test('ls --json', t => {
     )
   })
 
+  t.test('overridden dep', async t => {
+    config.all = true
+    t.teardown(() => config.all = false)
+    npm.prefix = t.testdir({
+      'package.json': JSON.stringify({
+        name: 'test-overridden',
+        version: '1.0.0',
+        dependencies: {
+          foo: '^1.0.0',
+        },
+        overrides: {
+          bar: '1.0.0',
+        },
+      }),
+      node_modules: {
+        foo: {
+          'package.json': JSON.stringify({
+            name: 'foo',
+            version: '1.0.0',
+            dependencies: {
+              bar: '^2.0.0',
+            },
+          }),
+        },
+        bar: {
+          'package.json': JSON.stringify({
+            name: 'bar',
+            version: '1.0.0',
+          }),
+        },
+      },
+    })
+
+    await ls.exec([])
+    t.same(JSON.parse(result), {
+      name: 'test-overridden',
+      version: '1.0.0',
+      dependencies: {
+        foo: {
+          version: '1.0.0',
+          overridden: false,
+          dependencies: {
+            bar: {
+              version: '1.0.0',
+              overridden: true,
+            },
+          },
+        },
+      },
+    })
+  })
+
   t.test('missing deps --long', async t => {
     t.plan(3)
     config.long = true
@@ -2581,6 +2765,7 @@ t.test('ls --json', t => {
         dependencies: {
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2610,9 +2795,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
@@ -2653,14 +2840,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2717,9 +2907,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2752,9 +2944,11 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2787,14 +2981,17 @@ t.test('ls --json', t => {
         dependencies: {
           foo: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
+            overridden: false,
           },
         },
       },
@@ -2833,6 +3030,7 @@ t.test('ls --json', t => {
           foo: {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: foo@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-invalid-extraneous/node_modules/foo',
@@ -2840,12 +3038,14 @@ t.test('ls --json', t => {
             dependencies: {
               dog: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
           chai: {
             version: '1.0.0',
             extraneous: true,
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'extraneous: chai@1.0.0 {CWD}/tap-testdir-ls-ls---json-missing-invalid-extraneous/node_modules/chai',
@@ -2893,10 +3093,17 @@ t.test('ls --json', t => {
         dependencies: {
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
               },
             },
           },
@@ -2949,6 +3156,7 @@ t.test('ls --json', t => {
           'linked-dep': {
             version: '1.0.0',
             resolved: 'file:../linked-dep',
+            overridden: false,
           },
         },
       },
@@ -2986,9 +3194,24 @@ t.test('ls --json', t => {
         name: 'test-npm-ls',
         version: '1.0.0',
         dependencies: {
-          chai: { version: '1.0.0' },
-          'optional-dep': { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'optional-dep': {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
+              },
+            },
+          },
         },
       },
       'should output json containing production deps'
@@ -3111,6 +3334,7 @@ t.test('ls --json', t => {
         dependencies: {
           '@isaacs/dedupe-tests-a': {
             version: '1.0.1',
+            overridden: false,
             resolved:
               'https://registry.npmjs.org/@isaacs/dedupe-tests-a/-/dedupe-tests-a-1.0.1.tgz',
             dependencies: {
@@ -3118,6 +3342,7 @@ t.test('ls --json', t => {
                 resolved:
                   'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-1.0.0.tgz',
                 extraneous: true,
+                overridden: false,
                 problems: [
                   /* eslint-disable-next-line max-len */
                   'extraneous: @isaacs/dedupe-tests-b@ {CWD}/tap-testdir-ls-ls---json-from-lockfile/node_modules/@isaacs/dedupe-tests-a/node_modules/@isaacs/dedupe-tests-b',
@@ -3127,6 +3352,7 @@ t.test('ls --json', t => {
           },
           '@isaacs/dedupe-tests-b': {
             version: '2.0.0',
+            overridden: false,
             resolved:
               'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-2.0.0.tgz',
           },
@@ -3171,6 +3397,7 @@ t.test('ls --json', t => {
         dependencies: {
           'peer-dep': {
             name: 'peer-dep',
+            overridden: false,
             description: 'Peer-dep description here',
             version: '1.0.0',
             _id: 'peer-dep@1.0.0',
@@ -3182,15 +3409,18 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             name: 'dev-dep',
+            overridden: false,
             description: 'A DEV dep kind of dep',
             version: '1.0.0',
             dependencies: {
               foo: {
                 name: 'foo',
                 version: '1.0.0',
+                overridden: false,
                 dependencies: {
                   dog: {
                     name: 'dog',
+                    overridden: false,
                     version: '1.0.0',
                     _id: 'dog@1.0.0',
                     devDependencies: {},
@@ -3217,6 +3447,7 @@ t.test('ls --json', t => {
           },
           chai: {
             name: 'chai',
+            overridden: false,
             version: '1.0.0',
             _id: 'chai@1.0.0',
             devDependencies: {},
@@ -3227,6 +3458,7 @@ t.test('ls --json', t => {
           },
           'optional-dep': {
             name: 'optional-dep',
+            overridden: false,
             description: 'Maybe a dep?',
             version: '1.0.0',
             _id: 'optional-dep@1.0.0',
@@ -3238,11 +3470,13 @@ t.test('ls --json', t => {
           },
           'prod-dep': {
             name: 'prod-dep',
+            overridden: false,
             description: 'A PROD dep kind of dep',
             version: '1.0.0',
             dependencies: {
               dog: {
                 name: 'dog',
+                overridden: false,
                 description: 'A dep that bars',
                 version: '2.0.0',
                 _id: 'dog@2.0.0',
@@ -3308,6 +3542,7 @@ t.test('ls --json', t => {
         dependencies: {
           'peer-dep': {
             name: 'peer-dep',
+            overridden: false,
             description: 'Peer-dep description here',
             version: '1.0.0',
             _id: 'peer-dep@1.0.0',
@@ -3319,6 +3554,7 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             name: 'dev-dep',
+            overridden: false,
             description: 'A DEV dep kind of dep',
             version: '1.0.0',
             _id: 'dev-dep@1.0.0',
@@ -3330,6 +3566,7 @@ t.test('ls --json', t => {
           },
           chai: {
             name: 'chai',
+            overridden: false,
             version: '1.0.0',
             _id: 'chai@1.0.0',
             devDependencies: {},
@@ -3340,6 +3577,7 @@ t.test('ls --json', t => {
           },
           'optional-dep': {
             name: 'optional-dep',
+            overridden: false,
             description: 'Maybe a dep?',
             version: '1.0.0',
             _id: 'optional-dep@1.0.0',
@@ -3351,6 +3589,7 @@ t.test('ls --json', t => {
           },
           'prod-dep': {
             name: 'prod-dep',
+            overridden: false,
             description: 'A PROD dep kind of dep',
             version: '1.0.0',
             _id: 'prod-dep@1.0.0',
@@ -3439,6 +3678,7 @@ t.test('ls --json', t => {
           'peer-dep': {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: peer-dep@1.0.0 {CWD}/tap-testdir-ls-ls---json-unmet-peer-dep/node_modules/peer-dep',
@@ -3446,16 +3686,38 @@ t.test('ls --json', t => {
           },
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
+              },
+            },
+          },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'optional-dep': {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
               },
             },
           },
-          chai: { version: '1.0.0' },
-          'optional-dep': { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
         },
       },
       'should output json signaling missing peer dep in problems'
@@ -3502,6 +3764,7 @@ t.test('ls --json', t => {
           'optional-dep': {
             version: '1.0.0',
             invalid: '"^2.0.0" from the root project',
+            overridden: false,
             problems: [
               /* eslint-disable-next-line max-len */
               'invalid: optional-dep@1.0.0 {CWD}/tap-testdir-ls-ls---json-unmet-optional-dep/node_modules/optional-dep',
@@ -3509,18 +3772,38 @@ t.test('ls --json', t => {
           },
           'peer-dep': {
             version: '1.0.0',
+            overridden: false,
           },
           'dev-dep': {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               foo: {
                 version: '1.0.0',
-                dependencies: { dog: { version: '1.0.0' } },
+                overridden: false,
+                dependencies: {
+                  dog: {
+                    version: '1.0.0',
+                    overridden: false,
+                  },
+                },
+              },
+            },
+          },
+          chai: {
+            version: '1.0.0',
+            overridden: false,
+          },
+          'prod-dep': {
+            version: '1.0.0',
+            overridden: false,
+            dependencies: {
+              dog: {
+                version: '2.0.0',
+                overridden: false,
               },
             },
           },
-          chai: { version: '1.0.0' },
-          'prod-dep': { version: '1.0.0', dependencies: { dog: { version: '2.0.0' } } },
           'missing-optional-dep': {}, // missing optional dep has an empty entry in json output
         },
       },
@@ -3567,11 +3850,15 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               b: {
                 version: '1.0.0',
+                overridden: false,
                 dependencies: {
-                  a: { version: '1.0.0' },
+                  a: {
+                    version: '1.0.0',
+                  },
                 },
               },
             },
@@ -3623,6 +3910,7 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
             resolved: 'https://localhost:8080/abbrev/-/abbrev-1.1.1.tgz',
           },
         },
@@ -3683,6 +3971,7 @@ t.test('ls --json', t => {
         dependencies: {
           abbrev: {
             version: '1.1.1',
+            overridden: false,
             /* eslint-disable-next-line max-len */
             resolved: 'git+ssh://git@github.com/isaacs/abbrev-js.git#b8f3a2fc0c3bb8ffd8b0d0072cc6b5a3667e963c',
           },
@@ -3760,6 +4049,7 @@ t.test('ls --json', t => {
         dependencies: {
           'simple-output': {
             version: '2.1.1',
+            overridden: false,
             resolved: 'https://registry.npmjs.org/simple-output/-/simple-output-2.1.1.tgz',
           },
         },
@@ -3823,12 +4113,15 @@ t.test('ls --json', t => {
         dependencies: {
           a: {
             version: '1.0.0',
+            overridden: false,
           },
           b: {
             version: '1.0.0',
+            overridden: false,
             dependencies: {
               c: {
                 version: '1.0.0',
+                overridden: false,
               },
             },
           },
@@ -3934,14 +4227,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -3984,9 +4280,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4080,6 +4378,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4127,9 +4426,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4179,14 +4480,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4273,9 +4577,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4323,9 +4629,11 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4373,14 +4681,17 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
             chai: {
               version: '1.0.0',
+              overridden: false,
             },
           },
         },
@@ -4431,6 +4742,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             foo: {
               version: '1.0.0',
+              overridden: false,
               invalid: '"^2.0.0" from the root project',
               problems: [
                 /* eslint-disable-next-line max-len */
@@ -4439,6 +4751,7 @@ t.test('ls --package-lock-only', t => {
               dependencies: {
                 dog: {
                   version: '1.0.0',
+                  overridden: false,
                 },
               },
             },
@@ -4544,11 +4857,13 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             '@isaacs/dedupe-tests-a': {
               version: '1.0.1',
+              overridden: false,
               resolved:
                 'https://registry.npmjs.org/@isaacs/dedupe-tests-a/-/dedupe-tests-a-1.0.1.tgz',
               dependencies: {
                 '@isaacs/dedupe-tests-b': {
                   version: '1.0.0',
+                  overridden: false,
                   resolved:
                     'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-1.0.0.tgz',
                 },
@@ -4556,6 +4871,7 @@ t.test('ls --package-lock-only', t => {
             },
             '@isaacs/dedupe-tests-b': {
               version: '2.0.0',
+              overridden: false,
               resolved:
                 'https://registry.npmjs.org/@isaacs/dedupe-tests-b/-/dedupe-tests-b-2.0.0.tgz',
             },
@@ -4592,6 +4908,7 @@ t.test('ls --package-lock-only', t => {
           dependencies: {
             a: {
               version: '1.0.0',
+              overridden: false,
               resolved: 'https://localhost:8080/abbrev/-/abbrev-1.0.0.tgz',
             },
           },
@@ -4634,6 +4951,7 @@ t.test('ls --package-lock-only', t => {
             abbrev: {
               /* eslint-disable-next-line max-len */
               resolved: 'git+ssh://git@github.com/isaacs/abbrev-js.git#b8f3a2fc0c3bb8ffd8b0d0072cc6b5a3667e963c',
+              overridden: false,
             },
           },
         },
diff --git a/deps/npm/test/lib/utils/explain-dep.js b/deps/npm/test/lib/utils/explain-dep.js
index 000f5b8165a..ed006c01d78 100644
--- a/deps/npm/test/lib/utils/explain-dep.js
+++ b/deps/npm/test/lib/utils/explain-dep.js
@@ -129,6 +129,23 @@ const cases = {
     dependents: [],
     extraneous: true,
   },
+
+  overridden: {
+    name: 'overridden-root',
+    version: '1.0.0',
+    location: 'node_modules/overridden-root',
+    overridden: true,
+    dependents: [{
+      type: 'prod',
+      name: 'overridden-dep',
+      spec: '1.0.0',
+      rawSpec: '^2.0.0',
+      overridden: true,
+      from: {
+        location: '/path/to/project',
+      },
+    }],
+  },
 }
 
 cases.manyDeps = {