diff --git a/node_modules/read-package-json-fast/index.js b/node_modules/read-package-json-fast/index.js
index cf373029ddf68..bc1c059272c04 100644
--- a/node_modules/read-package-json-fast/index.js
+++ b/node_modules/read-package-json-fast/index.js
@@ -3,13 +3,20 @@ const fs = require('fs')
 const readFile = promisify(fs.readFile)
 const parse = require('json-parse-even-better-errors')
 const rpj = path => readFile(path, 'utf8')
-  .then(data => normalize(parse(data)))
+  .then(data => normalize(stripUnderscores(parse(data))))
   .catch(er => {
     er.path = path
     throw er
   })
 const normalizePackageBin = require('npm-normalize-package-bin')
 
+// do not preserve _fields set in files, they are sus
+const stripUnderscores = data => {
+  for (const key of Object.keys(data).filter(k => /^_/.test(k)))
+    delete data[key]
+  return data
+}
+
 const normalize = data => {
   add_id(data)
   fixBundled(data)
diff --git a/node_modules/read-package-json-fast/package.json b/node_modules/read-package-json-fast/package.json
index aa5f5d87007b8..388e76595833e 100644
--- a/node_modules/read-package-json-fast/package.json
+++ b/node_modules/read-package-json-fast/package.json
@@ -1,6 +1,6 @@
 {
   "name": "read-package-json-fast",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "Like read-package-json, but faster",
   "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)",
   "license": "ISC",
diff --git a/node_modules/read-package-json/CHANGELOG.md b/node_modules/read-package-json/CHANGELOG.md
index e63fd10f7703e..929900482f110 100644
--- a/node_modules/read-package-json/CHANGELOG.md
+++ b/node_modules/read-package-json/CHANGELOG.md
@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+<a name="3.0.1"></a>
+## [3.0.1](https://github.com/npm/read-package-json/compare/v3.0.0...v3.0.1) (2021-02-22)
+
+
+### Bug Fixes
+
+* Strip underscore prefixed fields from file contents ([ac771d8](https://github.com/npm/read-package-json/commit/ac771d8))
+
+
+
 <a name="3.0.0"></a>
 # [3.0.0](https://github.com/npm/read-package-json/compare/v2.1.2...v3.0.0) (2020-10-13)
 
diff --git a/node_modules/read-package-json/package.json b/node_modules/read-package-json/package.json
index 755dd3747a56a..50feca72fb51d 100644
--- a/node_modules/read-package-json/package.json
+++ b/node_modules/read-package-json/package.json
@@ -1,6 +1,6 @@
 {
   "name": "read-package-json",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",
   "description": "The thing npm uses to read package.json files with semantics and defaults and validation",
   "repository": {
diff --git a/node_modules/read-package-json/read-json.js b/node_modules/read-package-json/read-json.js
index 0e91e784ec4fd..64cc3fe194c1a 100644
--- a/node_modules/read-package-json/read-json.js
+++ b/node_modules/read-package-json/read-json.js
@@ -37,7 +37,7 @@ function readJson (file, log_, strict_, cb_) {
   }
 
   if (!log) log = function () {}
-  cb = arguments[ arguments.length - 1 ]
+  cb = arguments[arguments.length - 1]
 
   readJson_(file, log, strict, cb)
 }
@@ -95,6 +95,11 @@ function parseJson (file, er, d, log, strict, cb) {
 
   try {
     data = safeJSON(stripBOM(d))
+    for (var key in data) {
+      if (/^_/.test(key)) {
+        delete data[key]
+      }
+    }
   } catch (er) {
     data = parseIndex(d)
     if (!data) return cb(parseError(er, file))
diff --git a/package-lock.json b/package-lock.json
index 62e754b40f624..138d10e93b084 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -305,8 +305,8 @@
         "parse-conflict-json": "^1.1.1",
         "qrcode-terminal": "^0.12.0",
         "read": "~1.0.7",
-        "read-package-json": "^3.0.0",
-        "read-package-json-fast": "^2.0.1",
+        "read-package-json": "^3.0.1",
+        "read-package-json-fast": "^2.0.2",
         "readdir-scoped-modules": "^1.1.0",
         "rimraf": "^3.0.2",
         "semver": "^7.3.4",
@@ -6421,9 +6421,9 @@
       "inBundle": true
     },
     "node_modules/read-package-json": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-3.0.0.tgz",
-      "integrity": "sha512-4TnJZ5fnDs+/3deg1AuMExL4R1SFNRLQeOhV9c8oDKm3eoG6u8xU0r0mNNRJHi3K6B+jXmT7JOhwhAklWw9SSQ==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-3.0.1.tgz",
+      "integrity": "sha512-aLcPqxovhJTVJcsnROuuzQvv6oziQx4zd3JvG0vGCL5MjTONUc4uJ90zCBC6R7W7oUKBNoR/F8pkyfVwlbxqng==",
       "inBundle": true,
       "dependencies": {
         "glob": "^7.1.1",
@@ -6436,9 +6436,9 @@
       }
     },
     "node_modules/read-package-json-fast": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/read-package-json-fast/-/read-package-json-fast-2.0.1.tgz",
-      "integrity": "sha512-bp6z0tdgLy9KzdfENDIw/53HWAolOVoQTRWXv7PUiqAo3YvvoUVeLr7RWPWq+mu7KUOu9kiT4DvxhUgNUBsvug==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/read-package-json-fast/-/read-package-json-fast-2.0.2.tgz",
+      "integrity": "sha512-5fyFUyO9B799foVk4n6ylcoAktG/FbE3jwRKxvwaeSrIunaoMc0u81dzXxjeAFKOce7O5KncdfwpGvvs6r5PsQ==",
       "inBundle": true,
       "dependencies": {
         "json-parse-even-better-errors": "^2.3.0",
@@ -15405,9 +15405,9 @@
       "integrity": "sha512-HJpV9bQpkl6KwjxlJcBoqu9Ba0PQg8TqSNIOrulGt54a0uup0HtevreFHzYzkm0lpnleRdNBzXznKrgxglEHQw=="
     },
     "read-package-json": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-3.0.0.tgz",
-      "integrity": "sha512-4TnJZ5fnDs+/3deg1AuMExL4R1SFNRLQeOhV9c8oDKm3eoG6u8xU0r0mNNRJHi3K6B+jXmT7JOhwhAklWw9SSQ==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/read-package-json/-/read-package-json-3.0.1.tgz",
+      "integrity": "sha512-aLcPqxovhJTVJcsnROuuzQvv6oziQx4zd3JvG0vGCL5MjTONUc4uJ90zCBC6R7W7oUKBNoR/F8pkyfVwlbxqng==",
       "requires": {
         "glob": "^7.1.1",
         "json-parse-even-better-errors": "^2.3.0",
@@ -15416,9 +15416,9 @@
       }
     },
     "read-package-json-fast": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/read-package-json-fast/-/read-package-json-fast-2.0.1.tgz",
-      "integrity": "sha512-bp6z0tdgLy9KzdfENDIw/53HWAolOVoQTRWXv7PUiqAo3YvvoUVeLr7RWPWq+mu7KUOu9kiT4DvxhUgNUBsvug==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/read-package-json-fast/-/read-package-json-fast-2.0.2.tgz",
+      "integrity": "sha512-5fyFUyO9B799foVk4n6ylcoAktG/FbE3jwRKxvwaeSrIunaoMc0u81dzXxjeAFKOce7O5KncdfwpGvvs6r5PsQ==",
       "requires": {
         "json-parse-even-better-errors": "^2.3.0",
         "npm-normalize-package-bin": "^1.0.1"
diff --git a/package.json b/package.json
index 7cbdeac109677..81c1d6a1b9ba1 100644
--- a/package.json
+++ b/package.json
@@ -95,8 +95,8 @@
     "parse-conflict-json": "^1.1.1",
     "qrcode-terminal": "^0.12.0",
     "read": "~1.0.7",
-    "read-package-json": "^3.0.0",
-    "read-package-json-fast": "^2.0.1",
+    "read-package-json": "^3.0.1",
+    "read-package-json-fast": "^2.0.2",
     "readdir-scoped-modules": "^1.1.0",
     "rimraf": "^3.0.2",
     "semver": "^7.3.4",