From 3496fd74699e43063b917aa9aefcfedc96c7f27c Mon Sep 17 00:00:00 2001 From: Darcy Clarke Date: Fri, 13 Nov 2020 15:30:43 -0500 Subject: [PATCH 1/2] deps: upgrade npm to 7.0.11 --- deps/npm/AUTHORS | 3 + deps/npm/CHANGELOG.md | 112 +++++++++ deps/npm/docs/content/commands/npm-exec.md | 3 +- deps/npm/docs/content/commands/npx.md | 16 +- deps/npm/docs/content/using-npm/developers.md | 2 +- deps/npm/docs/content/using-npm/scripts.md | 2 +- deps/npm/docs/output/commands/npm-exec.html | 3 +- deps/npm/docs/output/commands/npm-ls.html | 2 +- deps/npm/docs/output/commands/npm.html | 2 +- deps/npm/docs/output/commands/npx.html | 16 +- .../npm/docs/output/using-npm/developers.html | 2 +- deps/npm/docs/output/using-npm/scripts.html | 2 +- deps/npm/lib/adduser.js | 3 + deps/npm/lib/cache.js | 20 +- deps/npm/lib/ci.js | 2 +- deps/npm/lib/cli.js | 2 + deps/npm/lib/exec.js | 10 +- deps/npm/lib/npm.js | 20 ++ deps/npm/lib/run-script.js | 3 +- deps/npm/lib/utils/config.js | 2 + deps/npm/lib/utils/error-handler.js | 2 +- deps/npm/lib/utils/explain-dep.js | 2 +- deps/npm/lib/utils/flat-options.js | 1 + deps/npm/man/man1/npm-exec.1 | 3 +- deps/npm/man/man1/npm-ls.1 | 2 +- deps/npm/man/man1/npm.1 | 2 +- deps/npm/man/man1/npx.1 | 16 +- deps/npm/man/man7/developers.7 | 2 +- deps/npm/man/man7/scripts.7 | 2 +- .../arborist/lib/arborist/build-ideal-tree.js | 121 ++++++--- .../arborist/lib/arborist/load-virtual.js | 30 ++- .../@npmcli/arborist/lib/arborist/reify.js | 47 +++- .../node_modules/@npmcli/arborist/lib/node.js | 37 ++- .../@npmcli/arborist/package.json | 4 +- .../@npmcli/run-script/lib/run-script-pkg.js | 15 +- .../@npmcli/run-script/lib/run-script.js | 3 +- .../@npmcli/run-script/package.json | 2 +- .../node_modules/libnpmversion/lib/version.js | 2 +- .../node_modules/libnpmversion/package.json | 2 +- deps/npm/node_modules/pacote/lib/fetcher.js | 16 +- deps/npm/node_modules/pacote/package.json | 4 +- deps/npm/package.json | 16 +- deps/npm/scripts/install.sh | 170 ++++--------- .../test-lib-utils-config.js-TAP.test.js | 15 ++ .../test-lib-utils-explain-dep.js-TAP.test.js | 7 +- ...test-lib-utils-flat-options.js-TAP.test.js | 1 + deps/npm/test/lib/adduser.js | 13 +- deps/npm/test/lib/cache.js | 232 ++++++++++++++++++ deps/npm/test/lib/ci.js | 19 ++ deps/npm/test/lib/exec.js | 69 ++++++ deps/npm/test/lib/npm.js | 93 ++++++- deps/npm/test/lib/run-script.js | 29 ++- deps/npm/test/lib/utils/error-handler.js | 6 +- deps/npm/test/lib/utils/explain-dep.js | 89 +++---- deps/npm/test/lib/utils/flat-options.js | 12 + 55 files changed, 993 insertions(+), 320 deletions(-) create mode 100644 deps/npm/test/lib/cache.js diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS index 4209517f2a0ff8..c0986e8be2bf90 100644 --- a/deps/npm/AUTHORS +++ b/deps/npm/AUTHORS @@ -730,3 +730,6 @@ Michele Azzolari foxxyz Dr Jan Tojnar +Jason Attwood +Vlad GURDIGA +Sébastien Puech diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index 49d44ab10a09e0..8cafde1158491d 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,115 @@ +## 7.0.11 (2020-11-13) + +### DEPENDENCIES + +* [`629a667a9`](https://github.com/npm/cli/commit/629a667a9b30b0b870075da965606979622a5e2e) + `eslint@7.13.0` +* [`de9891bd2`](https://github.com/npm/cli/commit/de9891bd2a16fe890ff5cfb140c7b1209aeac0de) + `eslint-plugin-standard@4.1.0` +* [`c3e7aa31c`](https://github.com/npm/cli/commit/c3e7aa31c565dfe21cd1f55a8433bfbcf58aa289) + [#2123](https://github.com/npm/cli/issues/2123) + [#1957](https://github.com/npm/cli/issues/1957) + `@npmcli/arborist@1.0.11` + +### BUG FIXES + +* [`a8aa38513`](https://github.com/npm/cli/commit/a8aa38513ad5c4ad44e6bb3e1499bfc40c31e213) + [#2134](https://github.com/npm/cli/issues/2134) + [#2156](https://github.com/npm/cli/issues/2156) + Fix `cannot read property length of undefined` in `ERESOLVE` explanation code + ([@isaacs](https://github.com/isaacs)) +* [`1dbf0f9bb`](https://github.com/npm/cli/commit/1dbf0f9bb26ba70f4c6d0a807701d7652c31d7d4) + [#2150](https://github.com/npm/cli/issues/2150) + [#2155](https://github.com/npm/cli/issues/2155) + send json errors to stderr, not stdout + ([@isaacs](https://github.com/isaacs)) +* [`fd1d7a21b`](https://github.com/npm/cli/commit/fd1d7a21b247bb35d112c51ff8d8a06fd83c8b44) + [#1927](https://github.com/npm/cli/issues/1927) + [#2154](https://github.com/npm/cli/issues/2154) + Set process.title a bit more usefully + ([@isaacs](https://github.com/isaacs)) +* [`2a80c67ef`](https://github.com/npm/cli/commit/2a80c67ef8c12c3d9d254f5be6293a6461067d99) + [#2008](https://github.com/npm/cli/issues/2008) + [#2153](https://github.com/npm/cli/issues/2153) + Support legacy auth tokens for registries that use them + ([@ruyadorno](https://github.com/ruyadorno)) +* [`786e36404`](https://github.com/npm/cli/commit/786e36404068fd51657ddac766e066a98754edbf) + [#2017](https://github.com/npm/cli/issues/2017) + [#2159](https://github.com/npm/cli/issues/2159) + pass all options to Arborist for `npm ci` + ([@darcyclarke](https://github.com/darcyclarke)) +* [`b47ada7d1`](https://github.com/npm/cli/commit/b47ada7d1623e9ee586ee0cf781ee3ac5ea3c223) + [#2161](https://github.com/npm/cli/issues/2161) + fixed typo + ([@scarabedore](https://github.com/scarabedore)) + +## 7.0.10 (2020-11-10) + +### DOCUMENTATION + +* [`e48badb03`](https://github.com/npm/cli/commit/e48badb03058286a557584d7319db4143049cc6b) + [#2148](https://github.com/npm/cli/issues/2148) + Fix link in documentation + ([@gurdiga](https://github.com/gurdiga)) + +### BUG FIXES + +* [`8edbbdc70`](https://github.com/npm/cli/commit/8edbbdc706694fa32f52d0991c76ae9f207b7bbc) + [#1972](https://github.com/npm/cli/issues/1972) + Support exec auto pick bin when all bin is alias + ([@dr-js](https://github.com/dr-js)) + +### DEPENDENCIES + +* [`04a3e8c10`](https://github.com/npm/cli/commit/04a3e8c10c3f38e1c7a35976d77c2929bdc39868) + [#1962](https://github.com/npm/cli/issues/1962) + `@npmcli/arborist@1.0.10`: + * prevent self-assignment of parent/fsParent + * Support update options in global package space + +## 7.0.9 (2020-11-06) + +### BUG FIXES + +* [`96a0d2802`](https://github.com/npm/cli/commit/96a0d2802d3e619c6ea47290f5c460edfe94070a) + default the 'start' script when server.js present + ([@isaacs](https://github.com/isaacs)) +* [`7716e423e`](https://github.com/npm/cli/commit/7716e423ee92a81730c0dfe5b9ecb4bb41a3f947) + [#2075](https://github.com/npm/cli/issues/2075) + [#2071](https://github.com/npm/cli/issues/2071) print the registry when + using 'npm login' ([@Wicked7000](https://github.com/Wicked7000)) +* [`7046fe10c`](https://github.com/npm/cli/commit/7046fe10c5035ac57246a31ca8a6b09e3f5562bf) + [#2122](https://github.com/npm/cli/issues/2122) tests for `npm cache` + command ([@nlf](https://github.com/nlf)) + +### DEPENDENCIES + +* [`74325f53b`](https://github.com/npm/cli/commit/74325f53b9d813b0e42203c037189418fad2f64a) + [#2124](https://github.com/npm/cli/issues/2124) + `@npmcli/run-script@1.7.5`: + * Export the `isServerPackage` method + * Proxy signals to and from foreground child processes +* [`0e58e6f6b`](https://github.com/npm/cli/commit/0e58e6f6b8f0cd62294642a502c17561aaf46553) + [#1984](https://github.com/npm/cli/issues/1984) + [#2079](https://github.com/npm/cli/issues/2079) + [#1923](https://github.com/npm/cli/issues/1923) + [#606](https://github.com/npm/cli/issues/606) + [#2031](https://github.com/npm/cli/issues/2031) `@npmcli/arborist@1.0.9`: + * Process deps for all link nodes + * Use junctions instead of symlinks + * Use @npmcli/move-file instead of fs.rename +* [`1dad328a1`](https://github.com/npm/cli/commit/1dad328a17d93def7799545596b4eba9833b35aa) + [#1865](https://github.com/npm/cli/issues/1865) + [#2106](https://github.com/npm/cli/issues/2106) + [#2084](https://github.com/npm/cli/issues/2084) `pacote@11.1.13`: + * Properly set the installation command for `prepare` scripts when + installing git/dir deps +* [`e090d706c`](https://github.com/npm/cli/commit/e090d706ca637d4df96d28bff1660590aa3f3b62) + [#2097](https://github.com/npm/cli/issues/2097) `libnpmversion@1.0.7`: + * Do not crash when the package.json file lacks a 'version' field +* [`8fa541a10`](https://github.com/npm/cli/commit/8fa541a10dbdc09376175db7a378cc9b33e8b17b) + `cmark-gfm@0.8.4` + ## 7.0.8 (2020-11-03) ### DOCUMENTATION diff --git a/deps/npm/docs/content/commands/npm-exec.md b/deps/npm/docs/content/commands/npm-exec.md index 38fb1bf25af4be..c9de9933be3a55 100644 --- a/deps/npm/docs/content/commands/npm-exec.md +++ b/deps/npm/docs/content/commands/npm-exec.md @@ -54,7 +54,8 @@ the package specifier provided as the first positional argument according to the following heuristic: - If the package has a single entry in its `bin` field in `package.json`, - then that command will be used. + or if all entries are aliases of the same command, then that command + will be used. - If the package has multiple `bin` entries, and one of them matches the unscoped portion of the `name` field, then that command will be used. - If this does not result in exactly one option (either because there are diff --git a/deps/npm/docs/content/commands/npx.md b/deps/npm/docs/content/commands/npx.md index a5522c66e85aa4..625ac3d8cd6025 100644 --- a/deps/npm/docs/content/commands/npx.md +++ b/deps/npm/docs/content/commands/npx.md @@ -8,9 +8,9 @@ description: Run a command from a local or remote npm package ```bash npm exec -- [@] [args...] -npm exec -p [@] -- [args...] +npm exec --package=[@] -- [args...] npm exec -c ' [args...]' -npm exec -p foo -c ' [args...]' +npm exec --package=foo -c ' [args...]' npx [@] [args...] npx -p [@] [args...] @@ -19,7 +19,8 @@ npx -p [@] -c ' [args...]' alias: npm x, npx --p --package= (may be specified multiple times) +--package= (may be specified multiple times) +-p is a shorthand for --package only when using npx executable -c --call= (may not be mixed with positional arguments) ``` @@ -29,9 +30,9 @@ This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via `npm run`. -Whatever packages are specified by the `--package` or `-p` option will be +Whatever packages are specified by the `--package` option will be provided in the `PATH` of the executed command, along with any locally -installed package executables. The `--package` or `-p` option may be +installed package executables. The `--package` option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available. @@ -47,13 +48,14 @@ only be considered a match if they have the exact same name and version as the local dependency. If no `-c` or `--call` option is provided, then the positional arguments -are used to generate the command string. If no `-p` or `--package` options +are used to generate the command string. If no `--package` options are provided, then npm will attempt to determine the executable name from the package specifier provided as the first positional argument according to the following heuristic: - If the package has a single entry in its `bin` field in `package.json`, - then that command will be used. + or if all entries are aliases of the same command, then that command + will be used. - If the package has multiple `bin` entries, and one of them matches the unscoped portion of the `name` field, then that command will be used. - If this does not result in exactly one option (either because there are diff --git a/deps/npm/docs/content/using-npm/developers.md b/deps/npm/docs/content/using-npm/developers.md index d42c759d42cf1e..7e47b76f65aaf2 100644 --- a/deps/npm/docs/content/using-npm/developers.md +++ b/deps/npm/docs/content/using-npm/developers.md @@ -109,7 +109,7 @@ create an empty `.npmignore` file to override it. Like `git`, `npm` looks for `.npmignore` and `.gitignore` files in all subdirectories of your package, not only the root directory. -`.npmignore` files follow the [same pattern rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#Ignoring-Files) +`.npmignore` files follow the [same pattern rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring) as `.gitignore` files: * Blank lines or lines starting with `#` are ignored. diff --git a/deps/npm/docs/content/using-npm/scripts.md b/deps/npm/docs/content/using-npm/scripts.md index f86f9e88bc9ddf..c111aa3f3ab533 100644 --- a/deps/npm/docs/content/using-npm/scripts.md +++ b/deps/npm/docs/content/using-npm/scripts.md @@ -6,7 +6,7 @@ description: How npm handles the "scripts" field ### Description -The `"scripts"` property of of your `package.json` file supports a number of built-in scripts and their preset life cycle events as well as arbitrary scripts. These all can be executed by running `npm run-script ` or `npm run ` for short. *Pre* and *post* commands with matching names will be run for those as well (e.g. `premyscript`, `myscript`, `postmyscript`). Scripts from dependencies can be run with `npm explore -- npm run `. +The `"scripts"` property of your `package.json` file supports a number of built-in scripts and their preset life cycle events as well as arbitrary scripts. These all can be executed by running `npm run-script ` or `npm run ` for short. *Pre* and *post* commands with matching names will be run for those as well (e.g. `premyscript`, `myscript`, `postmyscript`). Scripts from dependencies can be run with `npm explore -- npm run `. ### Pre & Post Scripts diff --git a/deps/npm/docs/output/commands/npm-exec.html b/deps/npm/docs/output/commands/npm-exec.html index 6bd59f7a8ed674..6e50a1cb9af9dd 100644 --- a/deps/npm/docs/output/commands/npm-exec.html +++ b/deps/npm/docs/output/commands/npm-exec.html @@ -186,7 +186,8 @@

Description

to the following heuristic:

  • If the package has a single entry in its bin field in package.json, -then that command will be used.
  • +or if all entries are aliases of the same command, then that command +will be used.
  • If the package has multiple bin entries, and one of them matches the unscoped portion of the name field, then that command will be used.
  • If this does not result in exactly one option (either because there are diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 55722b8f1ce325..437f062c299e59 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -156,7 +156,7 @@

    Description

    limit the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm’s source tree will show:

    -
        npm@7.0.8 /path/to/npm
    +
        npm@7.0.11 /path/to/npm
         └─┬ init-package-json@0.0.4
           └── promzard@0.1.5
     
    diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html index e3f5ce28afc480..77cf24a8fb1e12 100644 --- a/deps/npm/docs/output/commands/npm.html +++ b/deps/npm/docs/output/commands/npm.html @@ -148,7 +148,7 @@

    Table of contents

    npm <command> [args]
     

    Version

    -

    7.0.8

    +

    7.0.11

    Description

    npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/docs/output/commands/npx.html b/deps/npm/docs/output/commands/npx.html index 61194a0aa31f12..36aad9f701fe8e 100644 --- a/deps/npm/docs/output/commands/npx.html +++ b/deps/npm/docs/output/commands/npx.html @@ -146,9 +146,9 @@

    Table of contents

    Synopsis

    npm exec -- <pkg>[@<version>] [args...]
    -npm exec -p <pkg>[@<version>] -- <cmd> [args...]
    +npm exec --package=<pkg>[@<version>] -- <cmd> [args...]
     npm exec -c '<cmd> [args...]'
    -npm exec -p foo -c '<cmd> [args...]'
    +npm exec --package=foo -c '<cmd> [args...]'
     
     npx <pkg>[@<specifier>] [args...]
     npx -p <pkg>[@<specifier>] <cmd> [args...]
    @@ -157,16 +157,17 @@ 

    Table of contents

    alias: npm x, npx --p <pkg> --package=<pkg> (may be specified multiple times) +--package=<pkg> (may be specified multiple times) +-p is a shorthand for --package only when using npx executable -c <cmd> --call=<cmd> (may not be mixed with positional arguments)

    Description

    This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

    -

    Whatever packages are specified by the --package or -p option will be +

    Whatever packages are specified by the --package option will be provided in the PATH of the executed command, along with any locally -installed package executables. The --package or -p option may be +installed package executables. The --package option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available.

    If any requested packages are not present in the local project @@ -179,13 +180,14 @@

    Description

    only be considered a match if they have the exact same name and version as the local dependency.

    If no -c or --call option is provided, then the positional arguments -are used to generate the command string. If no -p or --package options +are used to generate the command string. If no --package options are provided, then npm will attempt to determine the executable name from the package specifier provided as the first positional argument according to the following heuristic:

    • If the package has a single entry in its bin field in package.json, -then that command will be used.
    • +or if all entries are aliases of the same command, then that command +will be used.
    • If the package has multiple bin entries, and one of them matches the unscoped portion of the name field, then that command will be used.
    • If this does not result in exactly one option (either because there are diff --git a/deps/npm/docs/output/using-npm/developers.html b/deps/npm/docs/output/using-npm/developers.html index c0e7d4b95c558c..ae547d4f520ec5 100644 --- a/deps/npm/docs/output/using-npm/developers.html +++ b/deps/npm/docs/output/using-npm/developers.html @@ -238,7 +238,7 @@

      Keeping files out of your pa create an empty .npmignore file to override it. Like git, npm looks for .npmignore and .gitignore files in all subdirectories of your package, not only the root directory.

      -

      .npmignore files follow the same pattern rules +

      .npmignore files follow the same pattern rules as .gitignore files:

      • Blank lines or lines starting with # are ignored.
      • diff --git a/deps/npm/docs/output/using-npm/scripts.html b/deps/npm/docs/output/using-npm/scripts.html index dc9d952142dfd9..8d0ad5090789ef 100644 --- a/deps/npm/docs/output/using-npm/scripts.html +++ b/deps/npm/docs/output/using-npm/scripts.html @@ -145,7 +145,7 @@

        Table of contents

        Description

        -

        The "scripts" property of of your package.json file supports a number of built-in scripts and their preset life cycle events as well as arbitrary scripts. These all can be executed by running npm run-script <stage> or npm run <stage> for short. Pre and post commands with matching names will be run for those as well (e.g. premyscript, myscript, postmyscript). Scripts from dependencies can be run with npm explore <pkg> -- npm run <stage>.

        +

        The "scripts" property of your package.json file supports a number of built-in scripts and their preset life cycle events as well as arbitrary scripts. These all can be executed by running npm run-script <stage> or npm run <stage> for short. Pre and post commands with matching names will be run for those as well (e.g. premyscript, myscript, postmyscript). Scripts from dependencies can be run with npm explore <pkg> -- npm run <stage>.

        Pre & Post Scripts

        To create “pre” or “post” scripts for any scripts defined in the "scripts" section of the package.json, simply create another script with a matching name and add “pre” or “post” to the beginning of them.

        {
        diff --git a/deps/npm/lib/adduser.js b/deps/npm/lib/adduser.js
        index 895a677c019de3..5017f57a8ae906 100644
        --- a/deps/npm/lib/adduser.js
        +++ b/deps/npm/lib/adduser.js
        @@ -4,6 +4,7 @@ const log = require('npmlog')
         const npm = require('./npm.js')
         const output = require('./utils/output.js')
         const usageUtil = require('./utils/usage.js')
        +const replaceInfo = require('./utils/replace-info.js')
         const authTypes = {
           legacy: require('./auth/legacy.js'),
           oauth: require('./auth/oauth.js'),
        @@ -57,6 +58,8 @@ const adduser = async (args) => {
         
           log.disableProgress()
         
        +  log.notice('', `Log in on ${replaceInfo(registry)}`)
        +
           const { message, newCreds } = await auth({
             creds,
             registry,
        diff --git a/deps/npm/lib/cache.js b/deps/npm/lib/cache.js
        index bf788043ab6e68..30d6aef863ac29 100644
        --- a/deps/npm/lib/cache.js
        +++ b/deps/npm/lib/cache.js
        @@ -22,10 +22,11 @@ const usage = usageUtil('cache',
         const completion = (opts, cb) => {
           const argv = opts.conf.argv.remain
           if (argv.length === 2)
        -    return cb(null, ['add', 'clean'])
        +    return cb(null, ['add', 'clean', 'verify'])
         
           // TODO - eventually...
           switch (argv[2]) {
        +    case 'verify':
             case 'clean':
             case 'add':
               return cb(null, [])
        @@ -40,11 +41,11 @@ const cache = async (args) => {
             case 'rm': case 'clear': case 'clean':
               return await clean(args)
             case 'add':
        -      return await add(args, npm.prefix)
        +      return await add(args)
             case 'verify': case 'check':
               return await verify()
             default:
        -      throw usage
        +      throw Object.assign(new Error(usage), { code: 'EUSAGE' })
           }
         }
         
        @@ -77,22 +78,21 @@ with --force.`)
         // npm cache add  
         // npm cache add 
         // npm cache add 
        -const add = async (args, where) => {
        +const add = async (args) => {
           const usage = 'Usage:\n' +
             '    npm cache add \n' +
             '    npm cache add @\n' +
             '    npm cache add \n' +
             '    npm cache add \n'
           log.silly('cache add', 'args', args)
        -  const spec = args[0] +
        +  const spec = args[0] && args[0] +
             (args[1] === undefined || args[1] === null ? '' : `@${args[1]}`)
         
        -  log.verbose('cache add', 'spec', spec)
           if (!spec)
        -    throw new Error(usage)
        +    throw Object.assign(new Error(usage), { code: 'EUSAGE' })
         
        -  log.silly('cache add', 'parsed spec', spec)
        -  const opts = { ...npm.flatOptions, where }
        +  log.silly('cache add', 'spec', spec)
        +  const opts = { ...npm.flatOptions }
         
           // we ask pacote for the thing, and then just throw the data
           // away so that it tee-pipes it into the cache like it does
        @@ -109,7 +109,7 @@ const verify = async () => {
             ? `~${cache.substr(process.env.HOME.length)}`
             : cache
           const stats = await cacache.verify(cache)
        -  output(`Cache verified and compressed (${prefix}):`)
        +  output(`Cache verified and compressed (${prefix})`)
           output(`Content verified: ${stats.verifiedContent} (${stats.keptSize} bytes)`)
           stats.badContentCount && output(`Corrupted content removed: ${stats.badContentCount}`)
           stats.reclaimedCount && output(`Content garbage-collected: ${stats.reclaimedCount} (${stats.reclaimedSize} bytes)`)
        diff --git a/deps/npm/lib/ci.js b/deps/npm/lib/ci.js
        index a72e1c0cffba61..a1632e7e98064b 100644
        --- a/deps/npm/lib/ci.js
        +++ b/deps/npm/lib/ci.js
        @@ -34,7 +34,7 @@ const ci = async () => {
             rimraf(`${where}/node_modules/*`, { glob: { dot: true, nosort: true, silent: true } }),
           ])
           // npm ci should never modify the lockfile or package.json
        -  await arb.reify({ save: false })
        +  await arb.reify({ ...npm.flatOptions, save: false })
           reifyOutput(arb)
         }
         
        diff --git a/deps/npm/lib/cli.js b/deps/npm/lib/cli.js
        index f06abcd186f966..910b674eaa790f 100644
        --- a/deps/npm/lib/cli.js
        +++ b/deps/npm/lib/cli.js
        @@ -1,5 +1,7 @@
         // Separated out for easier unit testing
         module.exports = (process) => {
        +  // set it here so that regardless of what happens later, we don't
        +  // leak any private CLI configs to other programs
           process.title = 'npm'
         
           const {
        diff --git a/deps/npm/lib/exec.js b/deps/npm/lib/exec.js
        index 088a7c00eba314..6bcaf838ed327e 100644
        --- a/deps/npm/lib/exec.js
        +++ b/deps/npm/lib/exec.js
        @@ -226,15 +226,15 @@ const manifestMissing = (tree, mani) => {
         
         const getBinFromManifest = mani => {
           // if we have a bin matching (unscoped portion of) packagename, use that
        -  // otherwise if there's 1 bin, use that,
        +  // otherwise if there's 1 bin or all bin value is the same (alias), use that,
           // otherwise fail
        -  const bins = Object.entries(mani.bin || {})
        -  if (bins.length === 1)
        -    return bins[0][0]
        +  const bin = mani.bin || {}
        +  if (new Set(Object.values(bin)).size === 1)
        +    return Object.keys(bin)[0]
         
           // XXX probably a util to parse this better?
           const name = mani.name.replace(/^@[^/]+\//, '')
        -  if (mani.bin && mani.bin[name])
        +  if (bin[name])
             return name
         
           // XXX need better error message
        diff --git a/deps/npm/lib/npm.js b/deps/npm/lib/npm.js
        index d6eab9674fe186..4430b80539d031 100644
        --- a/deps/npm/lib/npm.js
        +++ b/deps/npm/lib/npm.js
        @@ -54,6 +54,7 @@ const _runCmd = Symbol('_runCmd')
         const _load = Symbol('_load')
         const _flatOptions = Symbol('_flatOptions')
         const _tmpFolder = Symbol('_tmpFolder')
        +const _title = Symbol('_title')
         const npm = module.exports = new class extends EventEmitter {
           constructor () {
             super()
        @@ -75,6 +76,7 @@ const npm = module.exports = new class extends EventEmitter {
               defaults,
               shorthands,
             })
        +    this[_title] = process.title
             this.updateNotification = null
           }
         
        @@ -156,6 +158,15 @@ const npm = module.exports = new class extends EventEmitter {
             return this.config.loaded
           }
         
        +  get title () {
        +    return this[_title]
        +  }
        +
        +  set title (t) {
        +    process.title = t
        +    this[_title] = t
        +  }
        +
           async [_load] () {
             const node = await which(process.argv[0]).catch(er => null)
             if (node && node.toUpperCase() !== process.execPath.toUpperCase()) {
        @@ -166,6 +177,15 @@ const npm = module.exports = new class extends EventEmitter {
         
             await this.config.load()
             this.argv = this.config.parsedArgv.remain
        +    // note: this MUST be shorter than the actual argv length, because it
        +    // uses the same memory, so node will truncate it if it's too long.
        +    // if it's a token revocation, then the argv contains a secret, so
        +    // don't show that.  (Regrettable historical choice to put it there.)
        +    // Any other secrets are configs only, so showing only the positional
        +    // args keeps those from being leaked.
        +    const tokrev = deref(this.argv[0]) === 'token' && this.argv[1] === 'revoke'
        +    this.title = tokrev ? 'npm token revoke' + (this.argv[2] ? ' ***' : '')
        +      : ['npm', ...this.argv].join(' ')
         
             this.color = setupLog(this.config, this)
             process.env.COLOR = this.color ? '1' : '0'
        diff --git a/deps/npm/lib/run-script.js b/deps/npm/lib/run-script.js
        index 4d27e8eed965e8..568a5712f6ac79 100644
        --- a/deps/npm/lib/run-script.js
        +++ b/deps/npm/lib/run-script.js
        @@ -1,4 +1,5 @@
         const run = require('@npmcli/run-script')
        +const { isServerPackage } = run
         const npm = require('./npm.js')
         const readJson = require('read-package-json-fast')
         const { resolve } = require('path')
        @@ -45,7 +46,7 @@ const runScript = async (args) => {
         
           pkg.scripts = scripts
         
        -  if (!scripts[event]) {
        +  if (!scripts[event] && !(event === 'start' && await isServerPackage(path))) {
             if (npm.config.get('if-present'))
               return
         
        diff --git a/deps/npm/lib/utils/config.js b/deps/npm/lib/utils/config.js
        index f9de6e9a79220c..6abb502e205724 100644
        --- a/deps/npm/lib/utils/config.js
        +++ b/deps/npm/lib/utils/config.js
        @@ -52,6 +52,7 @@ const defaults = {
           'always-auth': false,
           audit: true,
           'audit-level': null,
        +  _auth: null,
           'auth-type': 'legacy',
           before: null,
           'bin-links': true,
        @@ -191,6 +192,7 @@ const types = {
           all: Boolean,
           'allow-same-version': Boolean,
           also: [null, 'dev', 'development'],
        +  _auth: [null, String],
           'always-auth': Boolean,
           audit: Boolean,
           'audit-level': ['low', 'moderate', 'high', 'critical', 'none', null],
        diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js
        index dc9e2a26bcfa59..476ca9e917b366 100644
        --- a/deps/npm/lib/utils/error-handler.js
        +++ b/deps/npm/lib/utils/error-handler.js
        @@ -182,7 +182,7 @@ const errorHandler = (er) => {
                 detail: messageText(msg.detail),
               },
             }
        -    console.log(JSON.stringify(error, null, 2))
        +    console.error(JSON.stringify(error, null, 2))
           }
         
           exit(typeof er.errno === 'number' ? er.errno : typeof er.code === 'number' ? er.code : 1)
        diff --git a/deps/npm/lib/utils/explain-dep.js b/deps/npm/lib/utils/explain-dep.js
        index 096df97edfda32..ed69a02c143c0b 100644
        --- a/deps/npm/lib/utils/explain-dep.js
        +++ b/deps/npm/lib/utils/explain-dep.js
        @@ -64,7 +64,7 @@ const explainDependents = ({ name, dependents }, depth, color) => {
             const maxLen = 50
             const showNames = []
             for (let i = max; i < dependents.length; i++) {
        -      const { from: { name } } = dependents[i]
        +      const { from: { name = 'the root project' } } = dependents[i]
               len += name.length
               if (len >= maxLen && i < dependents.length - 1) {
                 showNames.push('...')
        diff --git a/deps/npm/lib/utils/flat-options.js b/deps/npm/lib/utils/flat-options.js
        index be62c5a4cdb589..8b6864aa823ff7 100644
        --- a/deps/npm/lib/utils/flat-options.js
        +++ b/deps/npm/lib/utils/flat-options.js
        @@ -50,6 +50,7 @@ const flatten = obj => ({
           alwaysAuth: obj['always-auth'],
           audit: obj.audit,
           auditLevel: obj['audit-level'],
        +  _auth: obj._auth,
           authType: obj['auth-type'],
           ssoType: obj['sso-type'],
           ssoPollFrequency: obj['sso-poll-frequency'],
        diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1
        index 6048388fd6e262..17d436812edba9 100644
        --- a/deps/npm/man/man1/npm-exec.1
        +++ b/deps/npm/man/man1/npm-exec.1
        @@ -53,7 +53,8 @@ to the following heuristic:
         .RS 0
         .IP \(bu 2
         If the package has a single entry in its \fBbin\fP field in \fBpackage\.json\fP,
        -then that command will be used\.
        +or if all entries are aliases of the same command, then that command
        +will be used\.
         .IP \(bu 2
         If the package has multiple \fBbin\fP entries, and one of them matches the
         unscoped portion of the \fBname\fP field, then that command will be used\.
        diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
        index afa7913b743853..67c5234ef446c0 100644
        --- a/deps/npm/man/man1/npm-ls.1
        +++ b/deps/npm/man/man1/npm-ls.1
        @@ -22,7 +22,7 @@ For example, running \fBnpm ls promzard\fP in npm's source tree will show:
         .P
         .RS 2
         .nf
        -    npm@7\.0\.8 /path/to/npm
        +    npm@7\.0\.11 /path/to/npm
             └─┬ init\-package\-json@0\.0\.4
               └── promzard@0\.1\.5
         .fi
        diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
        index 9197f45f0ad022..32e4a5b4254ae4 100644
        --- a/deps/npm/man/man1/npm.1
        +++ b/deps/npm/man/man1/npm.1
        @@ -10,7 +10,7 @@ npm  [args]
         .RE
         .SS Version
         .P
        -7\.0\.8
        +7\.0\.11
         .SS Description
         .P
         npm is the package manager for the Node JavaScript platform\.  It puts
        diff --git a/deps/npm/man/man1/npx.1 b/deps/npm/man/man1/npx.1
        index 88b597de523502..d87c4a946d592c 100644
        --- a/deps/npm/man/man1/npx.1
        +++ b/deps/npm/man/man1/npx.1
        @@ -6,9 +6,9 @@
         .RS 2
         .nf
         npm exec \-\- [@] [args\.\.\.]
        -npm exec \-p [@] \-\-  [args\.\.\.]
        +npm exec \-\-package=[@] \-\-  [args\.\.\.]
         npm exec \-c ' [args\.\.\.]'
        -npm exec \-p foo \-c ' [args\.\.\.]'
        +npm exec \-\-package=foo \-c ' [args\.\.\.]'
         
         npx [@] [args\.\.\.]
         npx \-p [@]  [args\.\.\.]
        @@ -17,7 +17,8 @@ npx \-p [@] \-c ' [args\.\.\.]'
         
         alias: npm x, npx
         
        -\-p  \-\-package= (may be specified multiple times)
        +\-\-package= (may be specified multiple times)
        +\-p is a shorthand for \-\-package only when using npx executable
         \-c  \-\-call= (may not be mixed with positional arguments)
         .fi
         .RE
        @@ -27,9 +28,9 @@ This command allows you to run an arbitrary command from an npm package
         (either one installed locally, or fetched remotely), in a similar context
         as running it via \fBnpm run\fP\|\.
         .P
        -Whatever packages are specified by the \fB\-\-package\fP or \fB\-p\fP option will be
        +Whatever packages are specified by the \fB\-\-package\fP option will be
         provided in the \fBPATH\fP of the executed command, along with any locally
        -installed package executables\.  The \fB\-\-package\fP or \fB\-p\fP option may be
        +installed package executables\.  The \fB\-\-package\fP option may be
         specified multiple times, to execute the supplied command in an environment
         where all specified packages are available\.
         .P
        @@ -45,14 +46,15 @@ only be considered a match if they have the exact same name and version as
         the local dependency\.
         .P
         If no \fB\-c\fP or \fB\-\-call\fP option is provided, then the positional arguments
        -are used to generate the command string\.  If no \fB\-p\fP or \fB\-\-package\fP options
        +are used to generate the command string\.  If no \fB\-\-package\fP options
         are provided, then npm will attempt to determine the executable name from
         the package specifier provided as the first positional argument according
         to the following heuristic:
         .RS 0
         .IP \(bu 2
         If the package has a single entry in its \fBbin\fP field in \fBpackage\.json\fP,
        -then that command will be used\.
        +or if all entries are aliases of the same command, then that command
        +will be used\.
         .IP \(bu 2
         If the package has multiple \fBbin\fP entries, and one of them matches the
         unscoped portion of the \fBname\fP field, then that command will be used\.
        diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7
        index 9a34bf3edb0505..1af140b44233fb 100644
        --- a/deps/npm/man/man7/developers.7
        +++ b/deps/npm/man/man7/developers.7
        @@ -114,7 +114,7 @@ create an empty \fB\|\.npmignore\fP file to override it\. Like \fBgit\fP, \fBnpm
         for \fB\|\.npmignore\fP and \fB\|\.gitignore\fP files in all subdirectories of your
         package, not only the root directory\.
         .P
        -\fB\|\.npmignore\fP files follow the same pattern rules \fIhttps://git\-scm\.com/book/en/v2/Git\-Basics\-Recording\-Changes\-to\-the\-Repository#Ignoring\-Files\fR
        +\fB\|\.npmignore\fP files follow the same pattern rules \fIhttps://git\-scm\.com/book/en/v2/Git\-Basics\-Recording\-Changes\-to\-the\-Repository#_ignoring\fR
         as \fB\|\.gitignore\fP files:
         .RS 0
         .IP \(bu 2
        diff --git a/deps/npm/man/man7/scripts.7 b/deps/npm/man/man7/scripts.7
        index 522e32cb80e158..2067fe45d92383 100644
        --- a/deps/npm/man/man7/scripts.7
        +++ b/deps/npm/man/man7/scripts.7
        @@ -3,7 +3,7 @@
         \fBscripts\fR \- How npm handles the "scripts" field
         .SS Description
         .P
        -The \fB"scripts"\fP property of of your \fBpackage\.json\fP file supports a number of built\-in scripts and their preset life cycle events as well as arbitrary scripts\. These all can be executed by running \fBnpm run\-script \fP or \fBnpm run \fP for short\. \fIPre\fR and \fIpost\fR commands with matching names will be run for those as well (e\.g\. \fBpremyscript\fP, \fBmyscript\fP, \fBpostmyscript\fP)\. Scripts from dependencies can be run with \fBnpm explore  \-\- npm run \fP\|\.
        +The \fB"scripts"\fP property of your \fBpackage\.json\fP file supports a number of built\-in scripts and their preset life cycle events as well as arbitrary scripts\. These all can be executed by running \fBnpm run\-script \fP or \fBnpm run \fP for short\. \fIPre\fR and \fIpost\fR commands with matching names will be run for those as well (e\.g\. \fBpremyscript\fP, \fBmyscript\fP, \fBpostmyscript\fP)\. Scripts from dependencies can be run with \fBnpm explore  \-\- npm run \fP\|\.
         .SS Pre & Post Scripts
         .P
         To create "pre" or "post" scripts for any scripts defined in the \fB"scripts"\fP section of the \fBpackage\.json\fP, simply create another script \fIwith a matching name\fR and add "pre" or "post" to the beginning of them\.
        diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
        index 54a6ff33751a1f..579d5740da4f75 100644
        --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
        +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
        @@ -7,6 +7,10 @@ const semver = require('semver')
         const promiseCallLimit = require('promise-call-limit')
         const getPeerSet = require('../peer-set.js')
         const realpath = require('../../lib/realpath.js')
        +const walkUpPath = require('walk-up-path')
        +const { dirname, resolve } = require('path')
        +const { promisify } = require('util')
        +const readdir = promisify(require('readdir-scoped-modules'))
         
         const debug = require('../debug.js')
         const fromPath = require('../from-path.js')
        @@ -182,8 +186,10 @@ module.exports = cls => class IdealTreeBuilder extends cls {
         
             process.emit('time', 'idealTree')
         
        -    if (!options.add && !options.rm && this[_global])
        -      return Promise.reject(new Error('global requires an add or rm option'))
        +    if (!options.add && !options.rm && !options.update && this[_global]) {
        +      const er = new Error('global requires add, rm, or update option')
        +      return Promise.reject(er)
        +    }
         
             // first get the virtual tree, if possible.  If there's a lockfile, then
             // that defines the ideal tree, unless the root package.json is not
        @@ -305,7 +311,6 @@ module.exports = cls => class IdealTreeBuilder extends cls {
               // cases we don't use a lockfile anyway.
               // Load on a new Arborist object, so the Nodes aren't the same,
               // or else it'll get super confusing when we change them!
        -      // Only have to mapWorkspaces if we didn't get it from actual or virtual
               .then(async root => {
                 if (!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk)
                   await new this.constructor(this.options).loadActual({ root })
        @@ -322,10 +327,10 @@ module.exports = cls => class IdealTreeBuilder extends cls {
           }
         
           [_globalRootNode] () {
        -    const root = this[_rootNodeFromPackage]({})
        +    const root = this[_rootNodeFromPackage]({ dependencies: {} })
             // this is a gross kludge to handle the fact that we don't save
             // metadata on the root node in global installs, because the "root"
        -    // node is something like /usr/local/lib/node_modules.
        +    // node is something like /usr/local/lib.
             const meta = new Shrinkwrap({ path: this.path })
             meta.reset()
             root.meta = meta
        @@ -353,9 +358,19 @@ module.exports = cls => class IdealTreeBuilder extends cls {
             // If we have a list of package names to update, and we know it's
             // going to update them wherever they are, add any paths into those
             // named nodes to the buildIdealTree queue.
        -    if (this[_updateNames].length)
        +    if (!this[_global] && this[_updateNames].length)
               this[_queueNamedUpdates]()
         
        +    // global updates only update the globalTop nodes, but we need to know
        +    // that they're there, and not reinstall the world unnecessarily.
        +    if (this[_global] && (this[_updateAll] || this[_updateNames].length)) {
        +      const nm = resolve(this.path, 'node_modules')
        +      for (const name of await readdir(nm)) {
        +        if (this[_updateAll] || this[_updateNames].includes(name))
        +          this.idealTree.package.dependencies[name] = '*'
        +      }
        +    }
        +
             if (this.auditReport && this.auditReport.size > 0)
               this[_queueVulnDependents](options)
         
        @@ -563,7 +578,8 @@ module.exports = cls => class IdealTreeBuilder extends cls {
             const { meta, inventory } = this.idealTree
             const ancient = meta.ancientLockfile
             const old = meta.loadedFromDisk && !(meta.originalLockfileVersion >= 2)
        -    if (inventory.size === 0 || !(ancient || old && this[_complete]))
        +
        +    if (inventory.size === 0 || !ancient && !(old && this[_complete]))
               return
         
             // if the lockfile is from node v5 or earlier, then we'll have to reload
        @@ -604,6 +620,10 @@ This is a one-time fix-up, please be patient...
               })
             }
             await promiseCallLimit(queue)
        +    // yes, yes, this isn't the "original" version, but now that it's been
        +    // upgraded, we need to make sure we don't do the work to upgrade it
        +    // again, since it's now as new as can be.
        +    meta.originalLockfileVersion = 2
             this.finishTracker('idealTree:inflate')
             process.emit('timeEnd', 'idealTree:inflate')
           }
        @@ -790,6 +810,11 @@ This is a one-time fix-up, please be patient...
             }
             await Promise.all(promises)
         
        +    for (const { to } of node.edgesOut.values()) {
        +      if (to && to.isLink)
        +        this[_linkNodes].add(to)
        +    }
        +
             return this[_buildDepStep]()
           }
         
        @@ -1065,14 +1090,22 @@ This is a one-time fix-up, please be patient...
         
             let target
             let canPlace = null
        +    let isSource = false
        +    const source = this[_peerSetSource].get(dep)
             for (let check = start; check; check = check.resolveParent) {
        +      // we always give the FIRST place we possibly *can* put this a little
        +      // extra prioritization with peer dep overrides and deduping
        +      if (check === source)
        +        isSource = true
        +
               // if the current location has a peerDep on it, then we can't place here
               // this is pretty rare to hit, since we always prefer deduping peers.
               const checkEdge = check.edgesOut.get(edge.name)
               if (!check.isTop && checkEdge && checkEdge.peer)
                 continue
         
        -      const cp = this[_canPlaceDep](dep, check, edge, peerEntryEdge, peerPath)
        +      const cp = this[_canPlaceDep](dep, check, edge, peerEntryEdge, peerPath, isSource)
        +      isSource = false
         
               // anything other than a conflict is fine to proceed with
               if (cp !== CONFLICT) {
        @@ -1144,7 +1177,7 @@ This is a one-time fix-up, please be patient...
               const oldDeps = []
               for (const [name, edge] of oldChild.edgesOut.entries()) {
                 if (!newDep.edgesOut.has(name) && edge.to)
        -          oldDeps.push(edge.to)
        +          oldDeps.push(...gatherDepSet([edge.to], e => e.to !== edge.to))
               }
               newDep.replace(oldChild)
               this[_pruneForReplacement](newDep, oldDeps)
        @@ -1245,14 +1278,17 @@ This is a one-time fix-up, please be patient...
             // deps that the new node doesn't depend on but the old one did.
             const invalidDeps = new Set([...node.edgesOut.values()]
               .filter(e => e.to && !e.valid).map(e => e.to))
        -    for (const dep of oldDeps)
        -      invalidDeps.add(dep)
        +    for (const dep of oldDeps) {
        +      const set = gatherDepSet([dep], e => e.to !== dep && e.valid)
        +      for (const dep of set)
        +        invalidDeps.add(dep)
        +    }
         
             // ignore dependency edges from the node being replaced, but
             // otherwise filter the set down to just the set with no
             // dependencies from outside the set, except the node in question.
             const deps = gatherDepSet(invalidDeps, edge =>
        -      edge.from !== node && edge.to !== node)
        +      edge.from !== node && edge.to !== node && edge.valid)
         
             // now just delete whatever's left, because it's junk
             for (const dep of deps)
        @@ -1279,7 +1315,7 @@ This is a one-time fix-up, please be patient...
           // checking, because either we're leaving it alone, or it won't work anyway.
           // When we check peers, we pass along the peerEntryEdge to track the
           // original edge that caused us to load the family of peer dependencies.
        -  [_canPlaceDep] (dep, target, edge, peerEntryEdge = null, peerPath = []) {
        +  [_canPlaceDep] (dep, target, edge, peerEntryEdge = null, peerPath = [], isSource = false) {
             /* istanbul ignore next */
             debug(() => {
               if (!dep)
        @@ -1287,8 +1323,16 @@ This is a one-time fix-up, please be patient...
             })
             const entryEdge = peerEntryEdge || edge
             const source = this[_peerSetSource].get(dep)
        -    const isSource = target === source
        -    const { isRoot, isWorkspace } = source || {}
        +    isSource = isSource || target === source
        +    // if we're overriding the source, then we care if the *target* is
        +    // ours, even if it wasn't actually the original source, since we
        +    // are depending on something that has a dep that can't go in its own
        +    // folder.  for example, a -> b, b -> PEER(a).  Even though a is the
        +    // source, b has to be installed up a level, and if the root package
        +    // depends on a, and it has a conflict, it's our problem.  So, the root
        +    // (or whatever is bringing in a) becomes the "effective source" for
        +    // the purposes of this calculation.
        +    const { isRoot, isWorkspace } = isSource ? target : source || {}
             const isMine = isRoot || isWorkspace
         
             // Useful testing thingie right here.
        @@ -1313,7 +1357,7 @@ This is a one-time fix-up, please be patient...
               const { version: newVer } = dep
               const tryReplace = curVer && newVer && semver.gte(newVer, curVer)
               if (tryReplace && dep.canReplace(current)) {
        -        const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath)
        +        const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath, isSource)
                 /* istanbul ignore else - It's extremely rare that a replaceable
                  * node would be a conflict, if the current one wasn't a conflict,
                  * but it is theoretically possible if peer deps are pinned.  In
        @@ -1333,7 +1377,7 @@ This is a one-time fix-up, please be patient...
               // a bit harder to be singletons.
               const preferDedupe = this[_preferDedupe] || edge.peer
               if (preferDedupe && !tryReplace && dep.canReplace(current)) {
        -        const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath)
        +        const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath, isSource)
                 /* istanbul ignore else - It's extremely rare that a replaceable
                  * node would be a conflict, if the current one wasn't a conflict,
                  * but it is theoretically possible if peer deps are pinned.  In
        @@ -1401,7 +1445,7 @@ This is a one-time fix-up, please be patient...
                   }
                 }
                 if (canReplace) {
        -          const ret = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath)
        +          const ret = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath, isSource)
                   /* istanbul ignore else - extremely rare that the peer set would
                    * conflict if we can replace the node in question, but theoretically
                    * possible, if peer deps are pinned aggressively. */
        @@ -1462,14 +1506,14 @@ This is a one-time fix-up, please be patient...
             }
         
             // no objections!  ok to place here
        -    return this[_canPlacePeers](dep, target, edge, OK, peerEntryEdge, peerPath)
        +    return this[_canPlacePeers](dep, target, edge, OK, peerEntryEdge, peerPath, isSource)
           }
         
           // make sure the family of peer deps can live here alongside it.
           // this doesn't guarantee that THIS solution will be the one we take,
           // but it does establish that SOME solution exists at this level in
           // the tree.
        -  [_canPlacePeers] (dep, target, edge, ret, peerEntryEdge, peerPath) {
        +  [_canPlacePeers] (dep, target, edge, ret, peerEntryEdge, peerPath, isSource) {
             // do not go in cycles when we're resolving a peer group
             if (!dep.parent || peerEntryEdge && peerPath.includes(dep))
               return ret
        @@ -1481,7 +1525,7 @@ This is a one-time fix-up, please be patient...
               if (!peerEdge.peer || !peerEdge.to)
                 continue
               const peer = peerEdge.to
        -      const canPlacePeer = this[_canPlaceDep](peer, target, peerEdge, entryEdge, peerPath)
        +      const canPlacePeer = this[_canPlaceDep](peer, target, peerEdge, entryEdge, peerPath, isSource)
               if (canPlacePeer !== CONFLICT)
                 continue
         
        @@ -1514,34 +1558,35 @@ This is a one-time fix-up, please be patient...
         
               const external = /^\.\.(\/|$)/.test(loc)
         
        -      if (external && !this[_follow]) {
        -        // outside the root, somebody else's problem, ignore it
        -        continue
        -      }
        -
               if (!link.target.parent && !link.target.fsParent) {
        -        // the fsParent MUST be some node in the tree, possibly the root.
        -        // find it by walking up.  Note that this is where its deps may
        -        // end up being installed, if possible.
        -        const parts = loc.split('/')
        -        for (let p = parts.length - 1; p > -1; p--) {
        -          const path = parts.slice(0, p).join('/')
        -          if (!path && external)
        -            break
        +        // the fsParent likely some node in the tree, possibly the root,
        +        // unless it is external.  find it by walking up.  Note that this
        +        // is where its deps may end up being installed, if possible.
        +        for (const p of walkUpPath(dirname(realpath))) {
        +          const path = relpath(this.path, p)
                   const node = !path ? this.idealTree
                     : this.idealTree.inventory.get(path)
                   if (node) {
                     link.target.fsParent = node
                     this.addTracker('idealTree', link.target.name, link.target.location)
                     this[_depsQueue].push(link.target)
        -            p = -1
        +            break
                   }
                 }
               }
         
        -      // didn't find a parent for it, but we're filling in external
        -      // link targets, so go ahead and process it.
        -      if (this[_follow] && !link.target.parent && !link.target.fsParent) {
        +      // outside the root, somebody else's problem, ignore it
        +      if (external && !this[_follow])
        +        continue
        +
        +      // didn't find a parent for it or it has not been seen yet
        +      // so go ahead and process it.
        +      const unseenLink = (link.target.parent || link.target.fsParent)
        +        && !this[_depsSeen].has(link.target)
        +      if (this[_follow]
        +        && !link.target.parent
        +        && !link.target.fsParent
        +        || unseenLink) {
                 this.addTracker('idealTree', link.target.name, link.target.location)
                 this[_depsQueue].push(link.target)
               }
        diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
        index 14c96092753fc9..e335bdadd45413 100644
        --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
        +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js
        @@ -185,12 +185,6 @@ module.exports = cls => class VirtualLoader extends cls {
           // links is the set of metadata, and nodes is the map of non-Link nodes
           // Set the targets to nodes in the set, if we have them (we might not)
           async [resolveLinks] (links, nodes) {
        -    // now we've loaded the root, and all real nodes
        -    // link up the links
        -    const {meta} = this.virtualTree
        -    const {loadedFromDisk, originalLockfileVersion} = meta
        -    const oldLockfile = loadedFromDisk && !(originalLockfileVersion >= 2)
        -
             for (const [location, meta] of links.entries()) {
               const targetPath = resolve(this.path, meta.resolved)
               const targetLoc = relpath(this.path, targetPath)
        @@ -198,27 +192,31 @@ module.exports = cls => class VirtualLoader extends cls {
               const link = this[loadLink](location, targetLoc, target, meta)
               nodes.set(location, link)
               nodes.set(targetLoc, link.target)
        -      // legacy shrinkwraps do not store all the info we need for the target.
        -      // if we're loading from disk, and have a link in place, we need to
        -      // look in that actual folder (or at least try to) in order to get
        -      // the dependencies of the link target and load it properly.
        -      if (oldLockfile) {
        -        const pj = link.realpath + '/package.json'
        -        const pkg = await rpj(pj).catch(() => null)
        -        if (pkg)
        -          link.target.package = pkg
        -      }
        +
        +      // we always need to read the package.json for link targets
        +      // because they can be changed by the local user
        +      const pj = link.realpath + '/package.json'
        +      const pkg = await rpj(pj).catch(() => null)
        +      if (pkg)
        +        link.target.package = pkg
             }
           }
         
           [assignParentage] (nodes) {
             for (const [location, node] of nodes) {
        +      // Skip assignment of parentage for the root package
        +      if (!location)
        +        continue
               const { path, name } = node
               for (const p of walkUp(dirname(path))) {
                 const ploc = relpath(this.path, p)
                 const parent = nodes.get(ploc)
                 if (!parent)
                   continue
        +        // Safety check: avoid self-assigning nodes as their own parents
        +        /* istanbul ignore if - should be obviated by parentage skip check */
        +        if (parent === node)
        +          continue
         
                 const locTest = `${ploc}/node_modules/${name}`.replace(/^\//, '')
                 const ptype = location === locTest
        diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
        index 57ecf071fbaff6..92943554b474e5 100644
        --- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
        +++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
        @@ -10,10 +10,10 @@ const {dirname, resolve, relative} = require('path')
         const {depth: dfwalk} = require('treeverse')
         const fs = require('fs')
         const {promisify} = require('util')
        -const rename = promisify(fs.rename)
         const symlink = promisify(fs.symlink)
         const writeFile = promisify(fs.writeFile)
         const mkdirp = require('mkdirp-infer-owner')
        +const moveFile = require('@npmcli/move-file')
         const rimraf = promisify(require('rimraf'))
         const packageContents = require('@npmcli/installed-package-contents')
         
        @@ -60,6 +60,7 @@ const _rollbackRetireShallowNodes = Symbol.for('rollbackRetireShallowNodes')
         const _rollbackCreateSparseTree = Symbol.for('rollbackCreateSparseTree')
         const _rollbackMoveBackRetiredUnchanged = Symbol.for('rollbackMoveBackRetiredUnchanged')
         const _saveIdealTree = Symbol.for('saveIdealTree')
        +const _saveLockFile = Symbol('saveLockFile')
         const _copyIdealToActual = Symbol('copyIdealToActual')
         const _addOmitsToTrashList = Symbol('addOmitsToTrashList')
         const _packageLockOnly = Symbol('packageLockOnly')
        @@ -172,7 +173,7 @@ module.exports = cls => class Reifier extends cls {
               ignoreMissing: true,
               global: true,
               filter: (node, kid) => !node.isRoot ? true
        -      : this[_explicitRequests].has(kid),
        +      : (node.edgesOut.has(kid) || this[_explicitRequests].has(kid)),
             } : { ignoreMissing: true }
         
             if (!this[_global]) {
        @@ -182,7 +183,9 @@ module.exports = cls => class Reifier extends cls {
         
             // the global install space tends to have a lot of stuff in it.  don't
             // load all of it, just what we care about.  we won't be saving a
        -    // hidden lockfile in there anyway.
        +    // hidden lockfile in there anyway.  Note that we have to load ideal
        +    // BEFORE loading actual, so that the actualOpt can use the
        +    // explicitRequests which is set during buildIdealTree
             return this.buildIdealTree(bitOpt)
               .then(() => this.loadActual(actualOpt))
               .then(() => process.emit('timeEnd', 'reify:loadTrees'))
        @@ -251,7 +254,7 @@ module.exports = cls => class Reifier extends cls {
           }
         
           [_renamePath] (from, to, didMkdirp = false) {
        -    return rename(from, to)
        +    return moveFile(from, to)
               .catch(er => {
                 // Occasionally an expected bin file might not exist in the package,
                 // or a shim/symlink might have been moved aside.  If we've already
        @@ -261,7 +264,7 @@ module.exports = cls => class Reifier extends cls {
                   return didMkdirp ? null : mkdirp(dirname(to)).then(() =>
                     this[_renamePath](from, to, true))
                 } else if (er.code === 'EEXIST')
        -          return rimraf(to).then(() => rename(from, to))
        +          return rimraf(to).then(() => moveFile(from, to))
                 else
                   throw er
               })
        @@ -427,7 +430,7 @@ module.exports = cls => class Reifier extends cls {
             const dir = dirname(node.path)
             const target = node.realpath
             const rel = relative(dir, target)
        -    return symlink(rel, node.path, 'dir')
        +    return symlink(rel, node.path, 'junction')
           }
         
           [_warnDeprecated] (node) {
        @@ -436,23 +439,29 @@ module.exports = cls => class Reifier extends cls {
               this.log.warn('deprecated', `${_id}: ${deprecated}`)
           }
         
        -  [_loadAncientPackageDetails] (node) {
        +  async [_loadAncientPackageDetails] (node, forceReload = false) {
             // If we're loading from a v1 lockfile, load details from the package.json
             // that weren't recorded in the old format.
             const {meta} = this.idealTree
             const ancient = meta.ancientLockfile
             const old = meta.loadedFromDisk && !(meta.originalLockfileVersion >= 2)
        +
             // already replaced with the manifest if it's truly ancient
        -    if (old && !ancient) {
        +    if (node.path && (forceReload || (old && !ancient))) {
               // XXX should have a shared location where package.json is read,
               // so we don't ever read the same pj more than necessary.
        -      return rpj(node.path + '/package.json').then(pkg => {
        +      let pkg
        +      try {
        +        pkg = await rpj(node.path + '/package.json')
        +      } catch (err) {}
        +
        +      if (pkg) {
                 node.package.bin = pkg.bin
                 node.package.os = pkg.os
                 node.package.cpu = pkg.cpu
                 node.package.engines = pkg.engines
                 meta.add(node)
        -      })
        +      }
             }
           }
         
        @@ -839,12 +848,28 @@ module.exports = cls => class Reifier extends cls {
               format: (this[_formatPackageLock] && format) ? format
               : this[_formatPackageLock],
             }
        +
             return Promise.all([
        -      this[_usePackageLock] && this.idealTree.meta.save(saveOpt),
        +      this[_saveLockFile](saveOpt),
               writeFile(pj, json),
             ]).then(() => process.emit('timeEnd', 'reify:save'))
           }
         
        +  async [_saveLockFile] (saveOpt) {
        +    if (!this[_usePackageLock])
        +      return
        +
        +    const { meta } = this.idealTree
        +
        +    // might have to update metadata for bins and stuff that gets lost
        +    if (meta.loadedFromDisk && !(meta.originalLockfileVersion >= 2)) {
        +      for (const node of this.idealTree.inventory.values())
        +        await this[_loadAncientPackageDetails](node, true)
        +    }
        +
        +    return meta.save(saveOpt)
        +  }
        +
           [_copyIdealToActual] () {
             // save the ideal's meta as a hidden lockfile after we actualize it
             this.idealTree.meta.filename =
        diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
        index a783ce9c975722..e4ba3ac42bfc5f 100644
        --- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
        +++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
        @@ -35,6 +35,7 @@ const {normalize} = require('read-package-json-fast')
         const {getPaths: getBinPaths} = require('bin-links')
         const npa = require('npm-package-arg')
         const debug = require('./debug.js')
        +const gatherDepSet = require('./gather-dep-set.js')
         
         const {resolve, relative, dirname, basename} = require('path')
         const _package = Symbol('_package')
        @@ -566,13 +567,32 @@ class Node {
             }
         
             debug(() => {
        -      if (!this.fsParent && this.realpath.indexOf(fsParent.realpath) !== 0)
        -        throw new Error('attempting to set fsParent improperly')
        +      if (fsParent === this)
        +        throw new Error('setting node to its own fsParent')
        +
        +      if (fsParent.realpath === this.realpath)
        +        throw new Error('setting fsParent to same path')
        +
        +      // the initial set MUST be an actual walk-up from the realpath
        +      // subsequent sets will re-root on the new fsParent's path.
        +      if (!this[_fsParent] && this.realpath.indexOf(fsParent.realpath) !== 0) {
        +        throw Object.assign(new Error('setting fsParent improperly'), {
        +          path: this.path,
        +          realpath: this.realpath,
        +          fsParent: {
        +            path: fsParent.path,
        +            realpath: fsParent.realpath,
        +          },
        +        })
        +      }
         
               if (fsParent.isLink)
        -        throw new Error('attempting to set fsParent to link node')
        +        throw new Error('setting fsParent to link node')
             })
         
        +    if (this === fsParent || fsParent.realpath === this.realpath)
        +      return
        +
             // prune off the original location, so we don't leave edges lying around
             if (current)
               this.fsParent = null
        @@ -621,8 +641,14 @@ class Node {
             if (node.name !== this.name)
               return false
         
        +    // gather up all the deps of this node and that are only depended
        +    // upon by deps of this node.  those ones don't count, since
        +    // they'll be replaced if this node is replaced anyway.
        +    const depSet = gatherDepSet([this], e => e.to !== this && e.valid)
        +
             for (const edge of this.edgesIn) {
        -      if (!edge.satisfiedBy(node))
        +      // only care about edges that don't originate from this node
        +      if (!depSet.has(edge.from) && !edge.satisfiedBy(node))
                 return false
             }
         
        @@ -731,6 +757,9 @@ class Node {
           set parent (parent) {
             const oldParent = this[_parent]
         
        +    if (this === parent)
        +      return
        +
             // link nodes can't contain children directly.
             // children go under the link target.
             if (parent) {
        diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
        index fe72f409c4a457..6dca9abe50110b 100644
        --- a/deps/npm/node_modules/@npmcli/arborist/package.json
        +++ b/deps/npm/node_modules/@npmcli/arborist/package.json
        @@ -1,11 +1,12 @@
         {
           "name": "@npmcli/arborist",
        -  "version": "1.0.8",
        +  "version": "1.0.11",
           "description": "Manage node_modules trees",
           "dependencies": {
             "@npmcli/installed-package-contents": "^1.0.5",
             "@npmcli/map-workspaces": "^1.0.1",
             "@npmcli/metavuln-calculator": "^1.0.0",
        +    "@npmcli/move-file": "^1.0.1",
             "@npmcli/name-from-folder": "^1.0.1",
             "@npmcli/node-gyp": "^1.0.0",
             "@npmcli/run-script": "^1.7.2",
        @@ -68,6 +69,7 @@
             "node-arg": [
               "--unhandled-rejections=strict"
             ],
        +    "after": "test/fixtures/cleanup.js",
             "coverage-map": "map.js",
             "esm": false,
             "timeout": "120"
        diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js b/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
        index 5980376f558f42..47f386304e4596 100644
        --- a/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
        +++ b/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
        @@ -20,6 +20,9 @@ const runScriptPkg = async options => {
             stdioString = false,
             // note: only used when stdio:inherit
             banner = true,
        +    // how long to wait for a process.kill signal
        +    // only exposed here so that we can make the test go a bit faster.
        +    signalTimeout = 500,
           } = options
         
           const {scripts = {}, gypfile} = pkg
        @@ -68,7 +71,17 @@ const runScriptPkg = async options => {
           if (p.stdin)
             p.stdin.end()
         
        -  return p
        +  return p.catch(er => {
        +    const { signal } = er
        +    if (stdio === 'inherit' && signal) {
        +      process.kill(process.pid, signal)
        +      // just in case we don't die, reject after 500ms
        +      // this also keeps the node process open long enough to actually
        +      // get the signal, rather than terminating gracefully.
        +      return new Promise((res, rej) => setTimeout(() => rej(er), signalTimeout))
        +    } else
        +      throw er
        +  })
         }
         
         module.exports = runScriptPkg
        diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js b/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
        index 3be39b0ba8076f..af33d2113f9ef0 100644
        --- a/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
        +++ b/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
        @@ -1,6 +1,7 @@
         const rpj = require('read-package-json-fast')
         const runScriptPkg = require('./run-script-pkg.js')
         const validateOptions = require('./validate-options.js')
        +const isServerPackage = require('./is-server-package.js')
         
         const runScript = options => {
           validateOptions(options)
        @@ -9,4 +10,4 @@ const runScript = options => {
             : rpj(path + '/package.json').then(pkg => runScriptPkg({...options, pkg}))
         }
         
        -module.exports = runScript
        +module.exports = Object.assign(runScript, { isServerPackage })
        diff --git a/deps/npm/node_modules/@npmcli/run-script/package.json b/deps/npm/node_modules/@npmcli/run-script/package.json
        index 5ec3bb5b66876e..c8a052f036763b 100644
        --- a/deps/npm/node_modules/@npmcli/run-script/package.json
        +++ b/deps/npm/node_modules/@npmcli/run-script/package.json
        @@ -1,6 +1,6 @@
         {
           "name": "@npmcli/run-script",
        -  "version": "1.7.4",
        +  "version": "1.7.5",
           "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
           "author": "Isaac Z. Schlueter  (https://izs.me)",
           "license": "ISC",
        diff --git a/deps/npm/node_modules/libnpmversion/lib/version.js b/deps/npm/node_modules/libnpmversion/lib/version.js
        index ee02fb7ffb9d0a..309b9c2b9504f0 100644
        --- a/deps/npm/node_modules/libnpmversion/lib/version.js
        +++ b/deps/npm/node_modules/libnpmversion/lib/version.js
        @@ -34,7 +34,7 @@ module.exports = async (newversion, opts) => {
           } = opts
         
           const { valid, clean, inc } = semver
        -  const current = pkg.version
        +  const current = pkg.version || '0.0.0'
           const currentClean = clean(current)
         
           const newV = valid(newversion, { loose: true }) ? clean(newversion, { loose: true })
        diff --git a/deps/npm/node_modules/libnpmversion/package.json b/deps/npm/node_modules/libnpmversion/package.json
        index 856e36da6d564d..d7e8d5fa586476 100644
        --- a/deps/npm/node_modules/libnpmversion/package.json
        +++ b/deps/npm/node_modules/libnpmversion/package.json
        @@ -1,6 +1,6 @@
         {
           "name": "libnpmversion",
        -  "version": "1.0.6",
        +  "version": "1.0.7",
           "main": "lib/index.js",
           "files": [
             "lib/*.js"
        diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
        index 01058acb2bfef7..5142bb280a70c7 100644
        --- a/deps/npm/node_modules/pacote/lib/fetcher.js
        +++ b/deps/npm/node_modules/pacote/lib/fetcher.js
        @@ -91,18 +91,11 @@ class FetcherBase {
         
             // command to run 'prepare' scripts on directories and git dirs
             // To use pacote with yarn, for example, set npmBin to 'yarn'
        -    // and npmInstallCmd to ['add'], and npmCliConfig with yarn's equivalents.
        +    // and npmCliConfig with yarn's equivalents.
             this.npmBin = opts.npmBin || 'npm'
         
             // command to install deps for preparing
        -    this.npmInstallCmd = opts.npmInstallCmd || [
        -      'install',
        -      '--only=dev',
        -      '--prod',
        -      '--ignore-prepublish',
        -      '--no-progress',
        -      '--no-save',
        -    ]
        +    this.npmInstallCmd = opts.npmInstallCmd || [ 'install' ]
         
             // XXX fill more of this in based on what we know from this.opts
             // we explicitly DO NOT fill in --tag, though, since we are often
        @@ -113,7 +106,10 @@ class FetcherBase {
               `--prefer-offline=${!!this.preferOffline}`,
               `--prefer-online=${!!this.preferOnline}`,
               `--offline=${!!this.offline}`,
        -      `--before=${this.before ? this.before.toISOString() : ''}`,
        +      ...(this.before ? [`--before=${this.before.toISOString()}`] : []),
        +      '--no-progress',
        +      '--no-save',
        +      '--no-audit',
             ]
           }
         
        diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
        index 7f38a193f7cb94..bef19b66228a66 100644
        --- a/deps/npm/node_modules/pacote/package.json
        +++ b/deps/npm/node_modules/pacote/package.json
        @@ -1,6 +1,6 @@
         {
           "name": "pacote",
        -  "version": "11.1.12",
        +  "version": "11.1.13",
           "description": "JavaScript package downloader",
           "author": "Isaac Z. Schlueter  (https://izs.me)",
           "bin": {
        @@ -47,7 +47,7 @@
             "minipass": "^3.1.3",
             "mkdirp": "^1.0.3",
             "npm-package-arg": "^8.0.1",
        -    "npm-packlist": "^2.1.0",
        +    "npm-packlist": "^2.1.4",
             "npm-pick-manifest": "^6.0.0",
             "npm-registry-fetch": "^9.0.0",
             "promise-retry": "^1.1.1",
        diff --git a/deps/npm/package.json b/deps/npm/package.json
        index d0ca0bf91a7dd5..5dfcd6807f2653 100644
        --- a/deps/npm/package.json
        +++ b/deps/npm/package.json
        @@ -1,5 +1,5 @@
         {
        -  "version": "7.0.8",
        +  "version": "7.0.11",
           "name": "npm",
           "description": "a package manager for JavaScript",
           "keywords": [
        @@ -42,10 +42,10 @@
             "./package.json": "./package.json"
           },
           "dependencies": {
        -    "@npmcli/arborist": "^1.0.8",
        +    "@npmcli/arborist": "^1.0.11",
             "@npmcli/ci-detect": "^1.2.0",
             "@npmcli/config": "^1.2.1",
        -    "@npmcli/run-script": "^1.7.4",
        +    "@npmcli/run-script": "^1.7.5",
             "abbrev": "~1.1.1",
             "ansicolors": "~0.3.2",
             "ansistyles": "~0.1.3",
        @@ -76,7 +76,7 @@
             "libnpmpublish": "^4.0.0",
             "libnpmsearch": "^3.0.1",
             "libnpmteam": "^2.0.2",
        -    "libnpmversion": "^1.0.6",
        +    "libnpmversion": "^1.0.7",
             "make-fetch-happen": "^8.0.9",
             "mkdirp": "^1.0.4",
             "mkdirp-infer-owner": "^2.0.0",
        @@ -92,7 +92,7 @@
             "npm-user-validate": "^1.0.1",
             "npmlog": "~4.1.2",
             "opener": "^1.5.2",
        -    "pacote": "^11.1.12",
        +    "pacote": "^11.1.13",
             "parse-conflict-json": "^1.1.1",
             "qrcode-terminal": "^0.12.0",
             "read": "~1.0.7",
        @@ -180,12 +180,12 @@
             "write-file-atomic"
           ],
           "devDependencies": {
        -    "cmark-gfm": "^0.8.3",
        -    "eslint": "^7.12.1",
        +    "cmark-gfm": "^0.8.4",
        +    "eslint": "^7.13.0",
             "eslint-plugin-import": "^2.22.1",
             "eslint-plugin-node": "^11.1.0",
             "eslint-plugin-promise": "^4.2.1",
        -    "eslint-plugin-standard": "^4.0.2",
        +    "eslint-plugin-standard": "^4.1.0",
             "jsdom": "^16.4.0",
             "marked-man": "^0.7.0",
             "require-inject": "^1.4.4",
        diff --git a/deps/npm/scripts/install.sh b/deps/npm/scripts/install.sh
        index 7f66151daea033..4458de87faefbe 100755
        --- a/deps/npm/scripts/install.sh
        +++ b/deps/npm/scripts/install.sh
        @@ -8,7 +8,7 @@
         # shell living at /bin/sh.
         #
         # See this helpful document on writing portable shell scripts:
        -# https://www.gnu.org/s/hello/manual/autoconf/Portable-Shell.html
        +# http://www.gnu.org/s/hello/manual/autoconf/Portable-Shell.html
         #
         # The only shell it won't ever work on is cmd.exe.
         
        @@ -23,32 +23,27 @@ if [ "x$0" = "xsh" ]; then
           if [ $ret -eq 0 ]; then
             (exit 0)
           else
        -    echo "Uninstalling npm-install-$$.sh" >&2
             rm npm-install-$$.sh
        -    echo "Failed to download script" >&2
        +    echo "failed to download script" >&2
             exit $ret
           fi
           sh npm-install-$$.sh
           ret=$?
        -  echo "Uninstalling npm-install-$$.sh" >&2
           rm npm-install-$$.sh
           exit $ret
         fi
         
        -# See what "npm_config_*" things there are in the env,
        -# and make them permanent.
        -# If this fails, it's not such a big deal.
        -configures="`env | grep 'npm_config_' | sed -e 's|^npm_config_||g'`"
        -
        +debug=0
         npm_config_loglevel="error"
         if [ "x$npm_debug" = "x" ]; then
           (exit 0)
         else
        -  echo "Running in debug mode."
        -  echo "Note that this requires bash or zsh."
        +  echo "running in debug mode."
        +  echo "note that this requires bash or zsh."
           set -o xtrace
           set -o pipefail
           npm_config_loglevel="verbose"
        +  debug=1
         fi
         export npm_config_loglevel
         
        @@ -61,33 +56,20 @@ if [ $ret -ne 0 ]; then
           ret=$?
         fi
         if [ $ret -eq 0 ] && [ -x "$node" ]; then
        +  if [ $debug -eq 1 ]; then
        +    echo "found 'node' at: $node"
        +    echo -n "version: "
        +    $node --version
        +    echo ""
        +  fi
           (exit 0)
         else
           echo "npm cannot be installed without node.js." >&2
        -  echo "Install node first, and then try again." >&2
        +  echo "install node first, and then try again." >&2
           echo "" >&2
        -  echo "Maybe node is installed, but not in the PATH?" >&2
        -  echo "Note that running as sudo can change envs." >&2
        -  echo ""
        -  echo "PATH=$PATH" >&2
           exit $ret
         fi
         
        -# set the temp dir
        -TMP="${TMPDIR}"
        -if [ "x$TMP" = "x" ]; then
        -  TMP="/tmp"
        -fi
        -TMP="${TMP}/npm.$$"
        -rm -rf "$TMP" || true
        -mkdir "$TMP"
        -if [ $? -ne 0 ]; then
        -  echo "failed to mkdir $TMP" >&2
        -  exit 1
        -fi
        -
        -BACK="$PWD"
        -
         ret=0
         tar="${TAR}"
         if [ -z "$tar" ]; then
        @@ -99,10 +81,11 @@ if [ -z "$tar" ]; then
         fi
         
         if [ $ret -eq 0 ] && [ -x "$tar" ]; then
        -  echo "tar=$tar"
        -  if [ $tar --version > /dev/null 2>&1 ]; then
        -    echo "version:"
        +  if [ $debug -eq 1 ]; then
        +    echo "found 'tar' at: $tar"
        +    echo -n "version: "
             $tar --version
        +    echo ""
           fi
           ret=$?
         fi
        @@ -110,76 +93,43 @@ fi
         if [ $ret -eq 0 ]; then
           (exit 0)
         else
        -  echo "No suitable tar program found."
        +  echo "this script requires 'tar', please install it and try again."
           exit 1
         fi
         
        -
        -
        -# Try to find a suitable make
        -# If the MAKE environment var is set, use that.
        -# otherwise, try to find gmake, and then make.
        -# If no make is found, then just execute the necessary commands.
        -
        -# XXX For some reason, make is building all the docs every time.  This
        -# is an annoying source of bugs. Figure out why this happens.
        -MAKE=NOMAKE
        -
        -if [ "x$MAKE" = "x" ]; then
        -  make=`which gmake 2>&1`
        -  if [ $? -eq 0 ] && [ -x "$make" ]; then
        -    (exit 0)
        -  else
        -    make=`which make 2>&1`
        -    if [ $? -eq 0 ] && [ -x "$make" ]; then
        -      (exit 0)
        -    else
        -      make=NOMAKE
        -    fi
        +curl=`which curl 2>&1`
        +ret=$?
        +if [ $ret -eq 0 ]; then
        +  if [ $debug -eq 1 ]; then
        +    echo "found 'curl' at: $curl"
        +    echo -n "version: "
        +    $curl --version | head -n 1
        +    echo ""
           fi
        -else
        -  make="$MAKE"
        -fi
        -
        -if [ -x "$make" ]; then
           (exit 0)
         else
        -  # echo "Installing without make. This may fail." >&2
        -  make=NOMAKE
        +  echo "this script requires 'curl', please install it and try again."
        +  exit 1
         fi
         
        -# If there's no bash, then don't even try to clean
        -if [ -x "/bin/bash" ]; then
        -  (exit 0)
        -else
        -  clean="no"
        +# set the temp dir
        +TMP="${TMPDIR}"
        +if [ "x$TMP" = "x" ]; then
        +  TMP="/tmp"
         fi
        -
        -node_version=`"$node" --version 2>&1`
        -ret=$?
        -if [ $ret -ne 0 ]; then
        -  echo "You need node to run this program." >&2
        -  echo "node --version reports: $node_version" >&2
        -  echo "with exit code = $ret" >&2
        -  echo "Please install node before continuing." >&2
        -  exit $ret
        +TMP="${TMP}/npm.$$"
        +rm -rf "$TMP" || true
        +mkdir "$TMP"
        +if [ $? -ne 0 ]; then
        +  echo "failed to mkdir $TMP" >&2
        +  exit 1
         fi
         
        +BACK="$PWD"
        +
         t="${npm_install}"
         if [ -z "$t" ]; then
        -  # switch based on node version.
        -  # note that we can only use strict sh-compatible patterns here.
        -  case $node_version in
        -    0.[01234567].* | v0.[01234567].*)
        -      echo "You are using an outdated and unsupported version of" >&2
        -      echo "node ($node_version).  Please update node and try again." >&2
        -      exit 99
        -      ;;
        -    *)
        -      echo "install npm@latest"
        -      t="latest"
        -      ;;
        -  esac
        +  t="latest"
         fi
         
         # need to echo "" after, because Posix sed doesn't treat EOF
        @@ -201,7 +151,7 @@ if [ "x$url" = "x" ]; then
           fi
         fi
         if [ $ret -ne 0 ]; then
        -  echo "Failed to get tarball url for npm/$t" >&2
        +  echo "failed to get tarball url for npm/$t" >&2
           exit $ret
         fi
         
        @@ -209,37 +159,19 @@ fi
         echo "fetching: $url" >&2
         
         cd "$TMP" \
        -  && curl -SsL "$url" \
        -     | $tar -xzf - \
        -  && cd "$TMP"/* \
        -  && (ret=0
        -      if [ $ret -ne 0 ]; then
        -        echo "Aborted 0.x cleanup.  Exiting." >&2
        -        exit $ret
        -      fi) \
        -  && (if [ "x$configures" = "x" ]; then
        -        (exit 0)
        -      else
        -        echo "./configure $configures"
        -        echo "$configures" > npmrc
        -      fi) \
        -  && (if [ "$make" = "NOMAKE" ]; then
        -        (exit 0)
        -      elif "$make" uninstall install; then
        -        (exit 0)
        -      else
        -        make="NOMAKE"
        -      fi
        -      if [ "$make" = "NOMAKE" ]; then
        -        "$node" bin/npm-cli.js rm npm -gf
        -        "$node" bin/npm-cli.js install -gf $("$node" bin/npm-cli.js pack | tail -1)
        -      fi) \
        +  && curl -SsL -o npm.tgz "$url" \
        +  && $tar -xzf npm.tgz \
        +  && cd "$TMP"/package \
        +  && echo "removing existing npm" \
        +  && "$node" bin/npm-cli.js rm npm -gf --loglevel=silent \
        +  && echo "installing npm@$t" \
        +  && "$node" bin/npm-cli.js install -gf ../npm.tgz \
           && cd "$BACK" \
           && rm -rf "$TMP" \
        -  && echo "It worked"
        +  && echo "successfully installed npm@$t"
         
         ret=$?
         if [ $ret -ne 0 ]; then
        -  echo "It failed" >&2
        +  echo "failed!" >&2
         fi
         exit $ret
        diff --git a/deps/npm/tap-snapshots/test-lib-utils-config.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-utils-config.js-TAP.test.js
        index 5190a5604a2407..3bdf905d869e6a 100644
        --- a/deps/npm/tap-snapshots/test-lib-utils-config.js-TAP.test.js
        +++ b/deps/npm/tap-snapshots/test-lib-utils-config.js-TAP.test.js
        @@ -8,6 +8,7 @@
         exports[`test/lib/utils/config.js TAP no process.umask() method > must match snapshot 1`] = `
         Object {
           "defaults": Object {
        +    "_auth": null,
             "access": null,
             "all": false,
             "allow-same-version": false,
        @@ -267,6 +268,10 @@ Object {
             ],
           },
           "types": Object {
        +    "_auth": Array [
        +      null,
        +      "{String TYPE}",
        +    ],
             "access": Array [
               null,
               "restricted",
        @@ -537,6 +542,7 @@ Object {
         exports[`test/lib/utils/config.js TAP no working network interfaces, on windows > must match snapshot 1`] = `
         Object {
           "defaults": Object {
        +    "_auth": null,
             "access": null,
             "all": false,
             "allow-same-version": false,
        @@ -796,6 +802,10 @@ Object {
             ],
           },
           "types": Object {
        +    "_auth": Array [
        +      null,
        +      "{String TYPE}",
        +    ],
             "access": Array [
               null,
               "restricted",
        @@ -1066,6 +1076,7 @@ Object {
         exports[`test/lib/utils/config.js TAP working network interfaces, not windows > must match snapshot 1`] = `
         Object {
           "defaults": Object {
        +    "_auth": null,
             "access": null,
             "all": false,
             "allow-same-version": false,
        @@ -1325,6 +1336,10 @@ Object {
             ],
           },
           "types": Object {
        +    "_auth": Array [
        +      null,
        +      "{String TYPE}",
        +    ],
             "access": Array [
               null,
               "restricted",
        diff --git a/deps/npm/tap-snapshots/test-lib-utils-explain-dep.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-utils-explain-dep.js-TAP.test.js
        index 48f84e5111821f..54a77bc122b4db 100644
        --- a/deps/npm/tap-snapshots/test-lib-utils-explain-dep.js-TAP.test.js
        +++ b/deps/npm/tap-snapshots/test-lib-utils-explain-dep.js-TAP.test.js
        @@ -10,7 +10,7 @@ manydep@1.0.0
           manydep@"1.0.0" from prod-dep@1.2.3
           node_modules/prod-dep
             prod-dep@"1.x" from the root project
        -  6 more (optdep, extra-neos, deep-dev, peer, ...)
        +  7 more (optdep, extra-neos, deep-dev, peer, the root project, ...)
         `
         
         exports[`test/lib/utils/explain-dep.js TAP > ellipses test two 1`] = `
        @@ -18,7 +18,7 @@ manydep@1.0.0
           manydep@"1.0.0" from prod-dep@1.2.3
           node_modules/prod-dep
             prod-dep@"1.x" from the root project
        -  5 more (optdep, extra-neos, deep-dev, peer, a package with a pretty long name)
        +  6 more (optdep, extra-neos, deep-dev, peer, the root project, a package with a pretty long name)
         `
         
         exports[`test/lib/utils/explain-dep.js TAP deepDev > explain color deep 1`] = `
        @@ -90,6 +90,7 @@ exports[`test/lib/utils/explain-dep.js TAP manyDeps > explain color deep 1`] = `
           peer manydep@">1.0.0-beta <1.0.1" from peer@1.0.0 peer
           node_modules/peer
             peer peer@"1.0.0" from the root project
        +  manydep@">1.0.0-beta <1.0.1" from the root project
           manydep@"1" from a package with a pretty long name@1.2.3
           manydep@"1" from another package with a pretty long name@1.2.3
           manydep@"1" from yet another a package with a pretty long name@1.2.3
        @@ -100,7 +101,7 @@ manydep@1.0.0
           manydep@"1.0.0" from prod-dep@1.2.3
           node_modules/prod-dep
             prod-dep@"1.x" from the root project
        -  7 more (optdep, extra-neos, deep-dev, peer, ...)
        +  8 more (optdep, extra-neos, deep-dev, peer, the root project, ...)
         `
         
         exports[`test/lib/utils/explain-dep.js TAP manyDeps > print color 1`] = `
        diff --git a/deps/npm/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js
        index 0e6c053b2f452e..6890338a131115 100644
        --- a/deps/npm/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js
        +++ b/deps/npm/tap-snapshots/test-lib-utils-flat-options.js-TAP.test.js
        @@ -7,6 +7,7 @@
         'use strict'
         exports[`test/lib/utils/flat-options.js TAP basic > flat options 1`] = `
         Object {
        +  "_auth": undefined,
           "@scope:registry": "@scope:registry",
           "//nerf.dart:_authToken": "//nerf.dart:_authToken",
           "access": "access",
        diff --git a/deps/npm/test/lib/adduser.js b/deps/npm/test/lib/adduser.js
        index 4d2233b18ce6c0..22c7c49cfaeafd 100644
        --- a/deps/npm/test/lib/adduser.js
        +++ b/deps/npm/test/lib/adduser.js
        @@ -13,6 +13,7 @@ const _flatOptions = {
         
         let failSave = false
         let deletedConfig = {}
        +let registryOutput = ''
         let setConfig = {}
         const authDummy = () => Promise.resolve({
           message: 'success',
        @@ -32,7 +33,10 @@ const deleteMock = (key, where) => {
         }
         const adduser = requireInject('../../lib/adduser.js', {
           npmlog: {
        -    disableProgress: () => null
        +    disableProgress: () => null,
        +    notice: (_, msg) => {
        +      registryOutput = msg
        +    },
           },
           '../../lib/npm.js': {
             flatOptions: _flatOptions,
        @@ -69,6 +73,12 @@ test('simple login', (t) => {
           adduser([], (err) => {
             t.ifError(err, 'npm adduser')
         
        +    t.equal(
        +      registryOutput,
        +      'Log in on https://registry.npmjs.org/',
        +      'should have correct message result'
        +    )
        +
             t.deepEqual(
               deletedConfig,
               {
        @@ -102,6 +112,7 @@ test('simple login', (t) => {
               'should output auth success msg'
             )
         
        +    registryOutput = ''
             deletedConfig = {}
             setConfig = {}
             result = ''
        diff --git a/deps/npm/test/lib/cache.js b/deps/npm/test/lib/cache.js
        new file mode 100644
        index 00000000000000..9c27386ed8fe19
        --- /dev/null
        +++ b/deps/npm/test/lib/cache.js
        @@ -0,0 +1,232 @@
        +const t = require('tap')
        +const requireInject = require('require-inject')
        +const path = require('path')
        +
        +const usageUtil = () => 'usage instructions'
        +
        +const flatOptions = {
        +  force: false
        +}
        +
        +const npm = {
        +  flatOptions,
        +  cache: '/fake/path'
        +}
        +
        +let rimrafPath = ''
        +const rimraf = (path, cb) => {
        +  rimrafPath = path
        +  return cb()
        +}
        +
        +let logOutput = []
        +const npmlog = {
        +  silly: (...args) => {
        +    logOutput.push(['silly', ...args])
        +  }
        +}
        +
        +let tarballStreamSpec = ''
        +let tarballStreamOpts = {}
        +const pacote = {
        +  tarball: {
        +    stream: (spec, cb, opts) => {
        +      tarballStreamSpec = spec
        +      tarballStreamOpts = opts
        +      return cb({
        +        resume: () => {},
        +        promise: () => Promise.resolve()
        +      })
        +    }
        +  }
        +}
        +
        +let outputOutput = []
        +const output = (msg) => {
        +  outputOutput.push(msg)
        +}
        +
        +let cacacheVerifyPath = ''
        +const cacacheVerifyStats = {
        +  keptSize: 100,
        +  verifiedContent: 1,
        +  totalEntries: 1,
        +  runTime: { total: 2000 }
        +}
        +const cacache = {
        +  verify: (path) => {
        +    cacacheVerifyPath = path
        +    return cacacheVerifyStats
        +  }
        +}
        +
        +const mocks = {
        +  cacache,
        +  npmlog,
        +  pacote,
        +  rimraf,
        +  '../../lib/npm.js': npm,
        +  '../../lib/utils/output.js': output,
        +  '../../lib/utils/usage.js': usageUtil
        +}
        +
        +const cache = requireInject('../../lib/cache.js', mocks)
        +
        +t.test('cache no args', t => {
        +  cache([], err => {
        +    t.equal(err.message, 'usage instructions', 'should throw usage instructions')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache clean', t => {
        +  cache(['clean'], err => {
        +    t.match(err.message, 'the npm cache self-heals', 'should throw warning')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache clean (force)', t => {
        +  flatOptions.force = true
        +  t.teardown(() => {
        +    rimrafPath = ''
        +    flatOptions.force = false
        +  })
        +
        +  cache(['clear'], err => {
        +    t.ifError(err)
        +    t.equal(rimrafPath, path.join(npm.cache, '_cacache'))
        +    t.end()
        +  })
        +})
        +
        +t.test('cache clean with arg', t => {
        +  cache(['rm', 'pkg'], err => {
        +    t.match(err.message, 'does not accept arguments', 'should throw error')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache add no arg', t => {
        +  t.teardown(() => {
        +    logOutput = []
        +  })
        +
        +  cache(['add'], err => {
        +    t.strictSame(logOutput, [
        +      ['silly', 'cache add', 'args', []],
        +    ], 'logs correctly')
        +    t.equal(err.code, 'EUSAGE', 'throws usage error')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache add pkg only', t => {
        +  t.teardown(() => {
        +    logOutput = []
        +    tarballStreamSpec = ''
        +    tarballStreamOpts = {}
        +  })
        +
        +  cache(['add', 'mypkg'], err => {
        +    t.ifError(err)
        +    t.strictSame(logOutput, [
        +      ['silly', 'cache add', 'args', ['mypkg']],
        +      ['silly', 'cache add', 'spec', 'mypkg']
        +    ], 'logs correctly')
        +    t.equal(tarballStreamSpec, 'mypkg', 'passes the correct spec to pacote')
        +    t.same(tarballStreamOpts, flatOptions, 'passes the correct options to pacote')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache add pkg w/ spec modifier', t => {
        +  t.teardown(() => {
        +    logOutput = []
        +    tarballStreamSpec = ''
        +    tarballStreamOpts = {}
        +  })
        +
        +  cache(['add', 'mypkg', 'latest'], err => {
        +    t.ifError(err)
        +    t.strictSame(logOutput, [
        +      ['silly', 'cache add', 'args', ['mypkg', 'latest']],
        +      ['silly', 'cache add', 'spec', 'mypkg@latest']
        +    ], 'logs correctly')
        +    t.equal(tarballStreamSpec, 'mypkg@latest', 'passes the correct spec to pacote')
        +    t.same(tarballStreamOpts, flatOptions, 'passes the correct options to pacote')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache verify', t => {
        +  t.teardown(() => {
        +    outputOutput = []
        +    cacacheVerifyPath = ''
        +  })
        +
        +  cache(['verify'], err => {
        +    t.ifError(err)
        +    t.match(outputOutput, [
        +      `Cache verified and compressed (${path.join(npm.cache, '_cacache')})`,
        +      'Content verified: 1 (100 bytes)',
        +      'Index entries: 1',
        +      'Finished in 2s'
        +    ], 'prints correct output')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache verify w/ extra output', t => {
        +  npm.cache = `${process.env.HOME}/fake/path`
        +  cacacheVerifyStats.badContentCount = 1
        +  cacacheVerifyStats.reclaimedCount = 2
        +  cacacheVerifyStats.reclaimedSize = 200
        +  cacacheVerifyStats.missingContent = 3
        +  t.teardown(() => {
        +    npm.cache = '/fake/path'
        +    outputOutput = []
        +    cacacheVerifyPath = ''
        +    delete cacacheVerifyStats.badContentCount
        +    delete cacacheVerifyStats.reclaimedCount
        +    delete cacacheVerifyStats.reclaimedSize
        +    delete cacacheVerifyStats.missingContent
        +  })
        +
        +  cache(['check'], err => {
        +    t.ifError(err)
        +    t.match(outputOutput, [
        +      `Cache verified and compressed (~${path.join('/fake/path', '_cacache')})`,
        +      'Content verified: 1 (100 bytes)',
        +      'Corrupted content removed: 1',
        +      'Content garbage-collected: 2 (200 bytes)',
        +      'Missing content: 3',
        +      'Index entries: 1',
        +      'Finished in 2s'
        +    ], 'prints correct output')
        +    t.end()
        +  })
        +})
        +
        +t.test('cache completion', t => {
        +  const { completion } = cache
        +
        +  const testComp = (argv, expect) => {
        +    completion({ conf: { argv: { remain: argv } } }, (err, res) => {
        +      t.ifError(err)
        +      t.strictSame(res, expect, argv.join(' '))
        +    })
        +  }
        +
        +  testComp(['npm', 'cache'], [
        +    'add',
        +    'clean',
        +    'verify'
        +  ])
        +
        +  testComp(['npm', 'cache', 'add'], [])
        +  testComp(['npm', 'cache', 'clean'], [])
        +  testComp(['npm', 'cache', 'verify'], [])
        +
        +  t.end()
        +})
        diff --git a/deps/npm/test/lib/ci.js b/deps/npm/test/lib/ci.js
        index 645fc6aed97e4f..43ad2783b02d76 100644
        --- a/deps/npm/test/lib/ci.js
        +++ b/deps/npm/test/lib/ci.js
        @@ -42,6 +42,25 @@ test('should use Arborist', (t) => {
           })
         })
         
        +test('should pass flatOptions to Arborist.reify', (t) => {
        +  const ci = requireInject('../../lib/ci.js', {
        +    '../../lib/npm.js': {
        +      prefix: 'foo',
        +      flatOptions: {
        +        production: true
        +      }
        +    },
        +    '@npmcli/arborist': function () {
        +      this.loadVirtual = () => Promise.resolve(true)
        +      this.reify = async (options) => {
        +        t.equal(options.production, true, 'should pass flatOptions to Arborist.reify')
        +        t.end()
        +      }
        +    }
        +  })
        +  ci(null, () => {})
        +})
        +
         test('should throw if package-lock.json or npm-shrinkwrap missing', (t) => {
           const testDir = t.testdir({
             'index.js': 'some contents',
        diff --git a/deps/npm/test/lib/exec.js b/deps/npm/test/lib/exec.js
        index fb89776b55eaf9..08592353ce36c2 100644
        --- a/deps/npm/test/lib/exec.js
        +++ b/deps/npm/test/lib/exec.js
        @@ -386,6 +386,75 @@ t.test('npm exec @foo/bar -- --some=arg, locally installed', async t => {
           }])
         })
         
        +t.test('npm exec @foo/bar, with same bin alias and no unscoped named bin, locally installed', async t => {
        +  const foobarManifest = {
        +    name: '@foo/bar',
        +    version: '1.2.3',
        +    bin: {
        +      baz: 'corge', // pick the first one
        +      qux: 'corge',
        +      quux: 'corge',
        +    }
        +  }
        +  const path = t.testdir({
        +    node_modules: {
        +      '@foo/bar': {
        +        'package.json': JSON.stringify(foobarManifest)
        +      }
        +    }
        +  })
        +  npm.localPrefix = path
        +  ARB_ACTUAL_TREE[path] = {
        +    children: new Map([['@foo/bar', { name: '@foo/bar', version: '1.2.3' }]])
        +  }
        +  MANIFESTS['@foo/bar'] = foobarManifest
        +  await exec(['@foo/bar'], er => {
        +    if (er) {
        +      throw er
        +    }
        +  })
        +  t.strictSame(MKDIRPS, [], 'no need to make any dirs')
        +  t.match(ARB_CTOR, [ { package: ['@foo/bar'], path } ])
        +  t.strictSame(ARB_REIFY, [], 'no need to reify anything')
        +  t.equal(PROGRESS_ENABLED, true, 'progress re-enabled')
        +  t.match(RUN_SCRIPTS, [{
        +    pkg: { scripts: { npx: 'baz' } },
        +    banner: false,
        +    path: process.cwd(),
        +    stdioString: true,
        +    event: 'npx',
        +    env: { PATH: process.env.PATH },
        +    stdio: 'inherit'
        +  }])
        +})
        +
        +t.test('npm exec @foo/bar, with different bin alias and no unscoped named bin, locally installed', t => {
        +  const path = t.testdir()
        +  npm.localPrefix = path
        +  ARB_ACTUAL_TREE[path] = {
        +    children: new Map([['@foo/bar', { name: '@foo/bar', version: '1.2.3' }]])
        +  }
        +  MANIFESTS['@foo/bar'] = {
        +    name: '@foo/bar',
        +    version: '1.2.3',
        +    bin: {
        +      foo: 'qux',
        +      corge: 'qux',
        +      baz: 'quux',
        +    },
        +    _from: 'foo@',
        +    _id: '@foo/bar@1.2.3'
        +  }
        +  return t.rejects(exec(['@foo/bar'], er => {
        +    if (er) {
        +      throw er
        +    }
        +  }), {
        +    message: 'could not determine executable to run',
        +    pkgid: '@foo/bar@1.2.3'
        +  })
        +})
        +
         t.test('run command with 2 packages, need install, verify sort', t => {
           // test both directions, should use same install dir both times
           // also test the read() call here, verify that the prompts match
        diff --git a/deps/npm/test/lib/npm.js b/deps/npm/test/lib/npm.js
        index b2be5543fa1ea6..f6a13b90fa5e3c 100644
        --- a/deps/npm/test/lib/npm.js
        +++ b/deps/npm/test/lib/npm.js
        @@ -256,7 +256,10 @@ t.test('npm.load', t => {
               '--prefix', dir,
               '--userconfig', `${dir}/.npmrc`,
               '--usage',
        -      '--scope=foo'
        +      '--scope=foo',
        +      'token',
        +      'revoke',
        +      'blergggg',
             ]
         
             freshConfig()
        @@ -353,3 +356,91 @@ t.test('loading as main will load the cli', t => {
             t.end()
           })
         })
        +
        +t.test('set process.title', t => {
        +  const { execPath, argv: processArgv } = process
        +  const { log } = console
        +  const titleDesc = Object.getOwnPropertyDescriptor(process, 'title')
        +  Object.defineProperty(process, 'title', {
        +    value: '',
        +    settable: true,
        +    enumerable: true,
        +    configurable: true,
        +  })
        +  const consoleLogs = []
        +  console.log = (...msg) => consoleLogs.push(msg)
        +
        +  t.teardown(() => {
        +    console.log = log
        +    process.argv = processArgv
        +    Object.defineProperty(process, 'title', titleDesc)
        +    freshConfig()
        +  })
        +
        +  t.afterEach(cb => {
        +    consoleLogs.length = 0
        +    cb()
        +  })
        +
        +  t.test('basic title setting', async t => {
        +    freshConfig({
        +      argv: [
        +        process.execPath,
        +        process.argv[1],
        +        '--metrics-registry', 'http://example.com',
        +        '--usage',
        +        '--scope=foo',
        +        'ls',
        +      ],
        +    })
        +    await npm.load(er => {
        +      if (er)
        +        throw er
        +      t.equal(npm.title, 'npm ls')
        +      t.equal(process.title, 'npm ls')
        +    })
        +  })
        +
        +  t.test('do not expose token being revoked', async t => {
        +    freshConfig({
        +      argv: [
        +        process.execPath,
        +        process.argv[1],
        +        '--metrics-registry', 'http://example.com',
        +        '--usage',
        +        '--scope=foo',
        +        'token',
        +        'revoke',
        +        'deadbeefcafebad',
        +      ],
        +    })
        +    await npm.load(er => {
        +      if (er)
        +        throw er
        +      t.equal(npm.title, 'npm token revoke ***')
        +      t.equal(process.title, 'npm token revoke ***')
        +    })
        +  })
        +
        +  t.test('do show *** unless a token is actually being revoked', async t => {
        +    freshConfig({
        +      argv: [
        +        process.execPath,
        +        process.argv[1],
        +        '--metrics-registry', 'http://example.com',
        +        '--usage',
        +        '--scope=foo',
        +        'token',
        +        'revoke',
        +      ],
        +    })
        +    await npm.load(er => {
        +      if (er)
        +        throw er
        +      t.equal(npm.title, 'npm token revoke')
        +      t.equal(process.title, 'npm token revoke')
        +    })
        +  })
        +
        +  t.end()
        +})
        diff --git a/deps/npm/test/lib/run-script.js b/deps/npm/test/lib/run-script.js
        index 7a034aff01561b..7ddb6ff6f63a56 100644
        --- a/deps/npm/test/lib/run-script.js
        +++ b/deps/npm/test/lib/run-script.js
        @@ -25,9 +25,11 @@ const output = []
         
         const npmlog = { level: 'warn' }
         const getRS = windows => requireInject('../../lib/run-script.js', {
        -  '@npmcli/run-script': async opts => {
        +  '@npmcli/run-script': Object.assign(async opts => {
             RUN_SCRIPTS.push(opts)
        -  },
        +  }, {
        +    isServerPackage: require('@npmcli/run-script').isServerPackage,
        +  }),
           npmlog,
           '../../lib/npm.js': npm,
           '../../lib/utils/is-windows-shell.js': windows,
        @@ -90,10 +92,29 @@ t.test('fail if no package.json', async t => {
           await runScript(['test'], er => t.match(er, { code: 'ENOENT' }))
         })
         
        -t.test('default env and restart scripts', async t => {
        +t.test('default env, start, and restart scripts', async t => {
           npm.localPrefix = t.testdir({
        -    'package.json': JSON.stringify({ name: 'x', version: '1.2.3' })
        +    'package.json': JSON.stringify({ name: 'x', version: '1.2.3' }),
        +    'server.js': 'console.log("hello, world")',
        +  })
        +
        +  await runScript(['start'], er => {
        +    if (er) {
        +      throw er
        +    }
        +    t.match(RUN_SCRIPTS, [
        +      {
        +        path: npm.localPrefix,
        +        args: [],
        +        scriptShell: undefined,
        +        stdio: 'inherit',
        +        stdioString: true,
        +        pkg: { name: 'x', version: '1.2.3', _id: 'x@1.2.3', scripts: {}},
        +        event: 'start'
        +      }
        +    ])
           })
        +  RUN_SCRIPTS.length = 0
         
           await runScript(['env'], er => {
             if (er) {
        diff --git a/deps/npm/test/lib/utils/error-handler.js b/deps/npm/test/lib/utils/error-handler.js
        index 840b3a35650313..9e32dfc5ff8dbf 100644
        --- a/deps/npm/test/lib/utils/error-handler.js
        +++ b/deps/npm/test/lib/utils/error-handler.js
        @@ -218,8 +218,8 @@ t.test('console.log output using --json', (t) => {
         
           config.values.json = true
         
        -  const _log = console.log
        -  console.log = (jsonOutput) => {
        +  const _error = console.error
        +  console.error = (jsonOutput) => {
             t.deepEqual(
               JSON.parse(jsonOutput),
               {
        @@ -236,7 +236,7 @@ t.test('console.log output using --json', (t) => {
           errorHandler(new Error('Error: EBADTHING Something happened'))
         
           t.teardown(() => {
        -    console.log = _log
        +    console.error = _error
             delete config.values.json
           })
         })
        diff --git a/deps/npm/test/lib/utils/explain-dep.js b/deps/npm/test/lib/utils/explain-dep.js
        index e0305348653af0..9a205e3c39ce27 100644
        --- a/deps/npm/test/lib/utils/explain-dep.js
        +++ b/deps/npm/test/lib/utils/explain-dep.js
        @@ -2,7 +2,7 @@ const t = require('tap')
         const requireInject = require('require-inject')
         const npm = {}
         const { explainNode, printNode } = requireInject('../../../lib/utils/explain-dep.js', {
        -  '../../../lib/npm.js': npm
        +  '../../../lib/npm.js': npm,
         })
         
         const cases = {
        @@ -16,10 +16,10 @@ const cases = {
                 name: 'prod-dep',
                 spec: '1.x',
                 from: {
        -          location: '/path/to/project'
        -        }
        -      }
        -    ]
        +          location: '/path/to/project',
        +        },
        +      },
        +    ],
           },
         
           deepDev: {
        @@ -51,16 +51,16 @@ const cases = {
                             name: 'topdev',
                             spec: '4.x',
                             from: {
        -                      location: '/path/to/project'
        -                    }
        -                  }
        -                ]
        -              }
        -            }
        -          ]
        -        }
        -      }
        -    ]
        +                      location: '/path/to/project',
        +                    },
        +                  },
        +                ],
        +              },
        +            },
        +          ],
        +        },
        +      },
        +    ],
           },
         
           optional: {
        @@ -74,10 +74,10 @@ const cases = {
                 name: 'optdep',
                 spec: '1.0.0',
                 from: {
        -          location: '/path/to/project'
        -        }
        -      }
        -    ]
        +          location: '/path/to/project',
        +        },
        +      },
        +    ],
           },
         
           peer: {
        @@ -91,10 +91,10 @@ const cases = {
                 name: 'peer',
                 spec: '1.0.0',
                 from: {
        -          location: '/path/to/project'
        -        }
        -      }
        -    ]
        +          location: '/path/to/project',
        +        },
        +      },
        +    ],
           },
         
           extraneous: {
        @@ -102,8 +102,8 @@ const cases = {
             version: '1337.420.69-lol',
             location: 'node_modules/extra-neos',
             dependents: [],
        -    extraneous: true
        -  }
        +    extraneous: true,
        +  },
         }
         
         cases.manyDeps = {
        @@ -114,31 +114,39 @@ cases.manyDeps = {
               type: 'prod',
               name: 'manydep',
               spec: '1.0.0',
        -      from: cases.prodDep
        +      from: cases.prodDep,
             },
             {
               type: 'optional',
               name: 'manydep',
               spec: '1.x',
        -      from: cases.optional
        +      from: cases.optional,
             },
             {
               type: 'prod',
               name: 'manydep',
               spec: '1.0.x',
        -      from: cases.extraneous
        +      from: cases.extraneous,
             },
             {
               type: 'dev',
               name: 'manydep',
               spec: '*',
        -      from: cases.deepDev
        +      from: cases.deepDev,
             },
             {
               type: 'peer',
               name: 'manydep',
               spec: '>1.0.0-beta <1.0.1',
        -      from: cases.peer
        +      from: cases.peer,
        +    },
        +    {
        +      type: 'prod',
        +      name: 'manydep',
        +      spec:'>1.0.0-beta <1.0.1',
        +      from: {
        +        location: '/path/to/project',
        +      },
             },
             {
               type: 'prod',
        @@ -148,9 +156,9 @@ cases.manyDeps = {
                 name: 'a package with a pretty long name',
                 version: '1.2.3',
                 dependents: {
        -          location: '/path/to/project'
        -        }
        -      }
        +          location: '/path/to/project',
        +        },
        +      },
             },
             {
               type: 'prod',
        @@ -160,9 +168,9 @@ cases.manyDeps = {
                 name: 'another package with a pretty long name',
                 version: '1.2.3',
                 dependents: {
        -          location: '/path/to/project'
        -        }
        -      }
        +          location: '/path/to/project',
        +        },
        +      },
             },
             {
               type: 'prod',
        @@ -172,14 +180,13 @@ cases.manyDeps = {
                 name: 'yet another a package with a pretty long name',
                 version: '1.2.3',
                 dependents: {
        -          location: '/path/to/project'
        -        }
        -      }
        +          location: '/path/to/project',
        +        },
        +      },
             },
        -  ]
        +  ],
         }
         
        -
         for (const [name, expl] of Object.entries(cases)) {
           t.test(name, t => {
             npm.color = true
        diff --git a/deps/npm/test/lib/utils/flat-options.js b/deps/npm/test/lib/utils/flat-options.js
        index d3b8b89bc865ab..7601c78d27a285 100644
        --- a/deps/npm/test/lib/utils/flat-options.js
        +++ b/deps/npm/test/lib/utils/flat-options.js
        @@ -291,6 +291,18 @@ t.test('various default values and falsey fallbacks', t => {
           t.end()
         })
         
        +t.test('legacy _auth token', t => {
        +  const npm = new Mocknpm({
        +    _auth: 'asdfasdf',
        +  })
        +  t.strictSame(
        +    flatOptions(npm)._auth,
        +    'asdfasdf',
        +    'should set legacy _auth token',
        +  )
        +  t.end()
        +})
        +
         t.test('save-type', t => {
           const base = {
             'save-optional': false,
        
        From dea803abda04ed2f05480e84af604eb72f2874f8 Mon Sep 17 00:00:00 2001
        From: Darcy Clarke 
        Date: Fri, 11 Dec 2020 16:01:54 -0500
        Subject: [PATCH 2/2] deps: upgrade npm to 7.1.2
        
        ---
         deps/npm/.eslintrc.json                       |    2 +-
         deps/npm/AUTHORS                              |    6 +
         deps/npm/CHANGELOG.md                         |  232 ++
         deps/npm/docs/content/commands/npm-audit.md   |    4 +-
         .../npm/docs/content/commands/npm-dist-tag.md |    4 +-
         deps/npm/docs/content/commands/npm-exec.md    |    7 +
         deps/npm/docs/content/commands/npm-explain.md |    4 +-
         deps/npm/docs/content/commands/npm-link.md    |   69 +-
         deps/npm/docs/content/commands/npm-logout.md  |   12 +-
         deps/npm/docs/content/commands/npm-ls.md      |   60 +-
         deps/npm/docs/content/commands/npm-org.md     |    7 +-
         .../npm/docs/content/commands/npm-outdated.md |   62 +-
         deps/npm/docs/content/commands/npm-owner.md   |   22 +-
         deps/npm/docs/content/commands/npm-pack.md    |   12 +-
         deps/npm/docs/content/commands/npm-ping.md    |    1 +
         deps/npm/docs/content/commands/npm-profile.md |   41 +-
         deps/npm/docs/content/commands/npm-prune.md   |   25 +-
         deps/npm/docs/content/commands/npm-publish.md |  100 +-
         deps/npm/docs/content/commands/npm-rebuild.md |   15 +-
         deps/npm/docs/content/commands/npm-repo.md    |    6 +-
         deps/npm/docs/content/commands/npm-restart.md |   23 +-
         deps/npm/docs/content/commands/npm-root.md    |   10 +
         .../docs/content/commands/npm-run-script.md   |   43 +-
         .../docs/content/commands/npm-set-script.md   |   34 +
         deps/npm/docs/content/commands/npm-star.md    |   17 +-
         deps/npm/docs/content/commands/npm-stars.md   |    1 +
         deps/npm/docs/content/commands/npm-unstar.md  |   37 +
         deps/npm/docs/content/using-npm/config.md     |    4 +-
         deps/npm/docs/content/using-npm/developers.md |   75 +-
         deps/npm/docs/content/using-npm/scripts.md    |    6 +-
         deps/npm/docs/content/using-npm/workspaces.md |    4 +-
         deps/npm/docs/output/commands/npm-audit.html  |    4 +-
         .../docs/output/commands/npm-dist-tag.html    |    3 +-
         deps/npm/docs/output/commands/npm-exec.html   |    6 +
         .../npm/docs/output/commands/npm-explain.html |    4 +-
         deps/npm/docs/output/commands/npm-link.html   |   64 +-
         deps/npm/docs/output/commands/npm-logout.html |   12 +-
         deps/npm/docs/output/commands/npm-ls.html     |   53 +-
         deps/npm/docs/output/commands/npm-org.html    |    7 +-
         .../docs/output/commands/npm-outdated.html    |   61 +-
         deps/npm/docs/output/commands/npm-owner.html  |   22 +-
         deps/npm/docs/output/commands/npm-pack.html   |   12 +-
         deps/npm/docs/output/commands/npm-ping.html   |    1 +
         .../npm/docs/output/commands/npm-profile.html |   39 +-
         deps/npm/docs/output/commands/npm-prune.html  |   24 +-
         .../npm/docs/output/commands/npm-publish.html |  104 +-
         .../npm/docs/output/commands/npm-rebuild.html |   14 +-
         deps/npm/docs/output/commands/npm-repo.html   |    6 +-
         .../npm/docs/output/commands/npm-restart.html |   21 +-
         deps/npm/docs/output/commands/npm-root.html   |    6 +
         .../docs/output/commands/npm-run-script.html  |   40 +-
         .../docs/output/commands/npm-set-script.html  |  184 ++
         deps/npm/docs/output/commands/npm-star.html   |   13 +-
         deps/npm/docs/output/commands/npm-stars.html  |    1 +
         deps/npm/docs/output/commands/npm-unstar.html |  181 ++
         deps/npm/docs/output/commands/npm.html        |    2 +-
         deps/npm/docs/output/using-npm/config.html    |    4 +-
         .../npm/docs/output/using-npm/developers.html |   74 +-
         deps/npm/docs/output/using-npm/scripts.html   |    6 +-
         .../npm/docs/output/using-npm/workspaces.html |    4 +-
         deps/npm/lib/access.js                        |    2 -
         deps/npm/lib/adduser.js                       |    2 -
         deps/npm/lib/audit.js                         |    4 +-
         deps/npm/lib/auth/legacy.js                   |    2 -
         deps/npm/lib/auth/sso.js                      |    2 -
         deps/npm/lib/ci.js                            |   27 +-
         deps/npm/lib/completion.js                    |   32 +-
         deps/npm/lib/dedupe.js                        |    4 +-
         deps/npm/lib/deprecate.js                     |  114 +-
         deps/npm/lib/dist-tag.js                      |    2 -
         deps/npm/lib/doctor.js                        |    4 +-
         deps/npm/lib/exec.js                          |   48 +-
         deps/npm/lib/explore.js                       |   76 +-
         deps/npm/lib/init.js                          |   14 +-
         deps/npm/lib/install.js                       |   64 +-
         deps/npm/lib/link.js                          |   17 +-
         deps/npm/lib/logout.js                        |    2 -
         deps/npm/lib/ls.js                            |    2 -
         deps/npm/lib/org.js                           |    2 -
         deps/npm/lib/outdated.js                      |    2 -
         deps/npm/lib/owner.js                         |    2 -
         deps/npm/lib/profile.js                       |    2 -
         deps/npm/lib/prune.js                         |    4 +-
         deps/npm/lib/publish.js                       |    2 -
         deps/npm/lib/rebuild.js                       |    7 +-
         deps/npm/lib/run-script.js                    |    2 +-
         deps/npm/lib/search.js                        |   75 +-
         deps/npm/lib/search/format-package-stream.js  |    2 -
         deps/npm/lib/search/package-filter.js         |    2 -
         deps/npm/lib/set-script.js                    |   53 +
         deps/npm/lib/shrinkwrap.js                    |   10 +-
         deps/npm/lib/star.js                          |  122 +-
         deps/npm/lib/stars.js                         |   11 +-
         deps/npm/lib/team.js                          |   17 +-
         deps/npm/lib/token.js                         |    2 -
         deps/npm/lib/uninstall.js                     |   41 +-
         deps/npm/lib/unpublish.js                     |   53 +-
         deps/npm/lib/unstar.js                        |    9 +
         deps/npm/lib/update.js                        |    7 +-
         deps/npm/lib/utils/child-path.js              |    1 -
         deps/npm/lib/utils/cmd-list.js                |    3 +-
         .../lib/utils/completion/installed-deep.js    |    3 +-
         deps/npm/lib/utils/deep-sort-object.js        |    1 -
         deps/npm/lib/utils/depr-check.js              |   22 -
         deps/npm/lib/utils/error-handler.js           |    2 -
         deps/npm/lib/utils/error-message.js           |    2 -
         deps/npm/lib/utils/escape-arg.js              |   18 -
         deps/npm/lib/utils/escape-exec-path.js        |   21 -
         deps/npm/lib/utils/flat-options.js            |   10 +-
         deps/npm/lib/utils/git.js                     |    2 -
         deps/npm/lib/utils/is-windows-bash.js         |    1 -
         deps/npm/lib/utils/is-windows-shell.js        |    1 -
         deps/npm/lib/utils/is-windows.js              |    1 -
         deps/npm/lib/utils/metrics-launch.js          |    1 -
         deps/npm/lib/utils/metrics.js                 |    1 -
         deps/npm/lib/utils/module-name.js             |    1 -
         .../lib/utils/no-progress-while-running.js    |    1 -
         deps/npm/lib/utils/open-url.js                |    1 -
         deps/npm/lib/utils/otplease.js                |    2 -
         deps/npm/lib/utils/package-id.js              |   15 -
         .../pick-manifest-from-registry-metadata.js   |   26 -
         deps/npm/lib/utils/pulse-till-done.js         |    1 -
         deps/npm/lib/utils/read-local-package.js      |    2 -
         deps/npm/lib/utils/read-user-info.js          |    1 -
         deps/npm/lib/utils/reify-finish.js            |   31 +
         deps/npm/lib/utils/replace-info.js            |    2 -
         deps/npm/lib/utils/save-stack.js              |   16 -
         deps/npm/lib/utils/unix-format-path.js        |    5 -
         deps/npm/lib/utils/usage.js                   |    1 -
         deps/npm/lib/utils/warn-deprecated.js         |   28 -
         deps/npm/lib/version.js                       |    2 +-
         deps/npm/man/man1/npm-access.1                |    2 +-
         deps/npm/man/man1/npm-adduser.1               |    2 +-
         deps/npm/man/man1/npm-audit.1                 |    6 +-
         deps/npm/man/man1/npm-bin.1                   |    2 +-
         deps/npm/man/man1/npm-bugs.1                  |    2 +-
         deps/npm/man/man1/npm-cache.1                 |    2 +-
         deps/npm/man/man1/npm-ci.1                    |    2 +-
         deps/npm/man/man1/npm-completion.1            |    2 +-
         deps/npm/man/man1/npm-config.1                |    2 +-
         deps/npm/man/man1/npm-dedupe.1                |    2 +-
         deps/npm/man/man1/npm-deprecate.1             |    2 +-
         deps/npm/man/man1/npm-dist-tag.1              |    6 +-
         deps/npm/man/man1/npm-docs.1                  |    2 +-
         deps/npm/man/man1/npm-doctor.1                |    2 +-
         deps/npm/man/man1/npm-edit.1                  |    2 +-
         deps/npm/man/man1/npm-exec.1                  |    9 +-
         deps/npm/man/man1/npm-explain.1               |    6 +-
         deps/npm/man/man1/npm-explore.1               |    2 +-
         deps/npm/man/man1/npm-fund.1                  |    2 +-
         deps/npm/man/man1/npm-help-search.1           |    2 +-
         deps/npm/man/man1/npm-help.1                  |    2 +-
         deps/npm/man/man1/npm-hook.1                  |    2 +-
         deps/npm/man/man1/npm-init.1                  |    2 +-
         deps/npm/man/man1/npm-install-ci-test.1       |    2 +-
         deps/npm/man/man1/npm-install-test.1          |    2 +-
         deps/npm/man/man1/npm-install.1               |    2 +-
         deps/npm/man/man1/npm-link.1                  |   70 +-
         deps/npm/man/man1/npm-logout.1                |   14 +-
         deps/npm/man/man1/npm-ls.1                    |   65 +-
         deps/npm/man/man1/npm-org.1                   |   10 +-
         deps/npm/man/man1/npm-outdated.1              |   64 +-
         deps/npm/man/man1/npm-owner.1                 |   25 +-
         deps/npm/man/man1/npm-pack.1                  |   15 +-
         deps/npm/man/man1/npm-ping.1                  |    4 +-
         deps/npm/man/man1/npm-prefix.1                |    2 +-
         deps/npm/man/man1/npm-profile.1               |   43 +-
         deps/npm/man/man1/npm-prune.1                 |   27 +-
         deps/npm/man/man1/npm-publish.1               |  103 +-
         deps/npm/man/man1/npm-rebuild.1               |   18 +-
         deps/npm/man/man1/npm-repo.1                  |    8 +-
         deps/npm/man/man1/npm-restart.1               |   36 +-
         deps/npm/man/man1/npm-root.1                  |   13 +-
         deps/npm/man/man1/npm-run-script.1            |   45 +-
         deps/npm/man/man1/npm-search.1                |    2 +-
         deps/npm/man/man1/npm-set-script.1            |   43 +
         deps/npm/man/man1/npm-shrinkwrap.1            |    2 +-
         deps/npm/man/man1/npm-star.1                  |   18 +-
         deps/npm/man/man1/npm-stars.1                 |    4 +-
         deps/npm/man/man1/npm-start.1                 |    2 +-
         deps/npm/man/man1/npm-stop.1                  |    2 +-
         deps/npm/man/man1/npm-team.1                  |    2 +-
         deps/npm/man/man1/npm-test.1                  |    2 +-
         deps/npm/man/man1/npm-token.1                 |    2 +-
         deps/npm/man/man1/npm-uninstall.1             |    2 +-
         deps/npm/man/man1/npm-unpublish.1             |    2 +-
         deps/npm/man/man1/npm-unstar.1                |   37 +
         deps/npm/man/man1/npm-update.1                |    2 +-
         deps/npm/man/man1/npm-version.1               |    2 +-
         deps/npm/man/man1/npm-view.1                  |    2 +-
         deps/npm/man/man1/npm-whoami.1                |    2 +-
         deps/npm/man/man1/npm.1                       |    4 +-
         deps/npm/man/man1/npx.1                       |    2 +-
         deps/npm/man/man5/folders.5                   |    2 +-
         deps/npm/man/man5/install.5                   |    2 +-
         deps/npm/man/man5/npmrc.5                     |    2 +-
         deps/npm/man/man5/package-json.5              |    2 +-
         deps/npm/man/man5/package-lock-json.5         |    2 +-
         deps/npm/man/man5/package-locks.5             |    2 +-
         deps/npm/man/man5/shrinkwrap-json.5           |    2 +-
         deps/npm/man/man7/config.7                    |    6 +-
         deps/npm/man/man7/developers.7                |   77 +-
         deps/npm/man/man7/disputes.7                  |    2 +-
         deps/npm/man/man7/orgs.7                      |    2 +-
         deps/npm/man/man7/registry.7                  |    2 +-
         deps/npm/man/man7/removal.7                   |    2 +-
         deps/npm/man/man7/scope.7                     |    2 +-
         deps/npm/man/man7/scripts.7                   |    8 +-
         deps/npm/man/man7/semver.7                    |    2 +-
         deps/npm/man/man7/workspaces.7                |    2 +-
         .../@npmcli/arborist/CHANGELOG.md             |   19 +
         .../arborist/lib/arborist/build-ideal-tree.js |   79 +-
         .../arborist/lib/arborist/load-actual.js      |   26 +-
         .../arborist/lib/arborist/load-virtual.js     |   81 +-
         .../@npmcli/arborist/lib/arborist/reify.js    |   20 +-
         .../@npmcli/arborist/lib/audit-report.js      |    9 +-
         .../@npmcli/arborist/lib/debug.js             |   10 +-
         .../@npmcli/arborist/lib/dep-valid.js         |    4 +-
         .../@npmcli/arborist/lib/inventory.js         |   23 +-
         .../node_modules/@npmcli/arborist/lib/link.js |   80 +-
         .../node_modules/@npmcli/arborist/lib/node.js |  658 +++---
         .../@npmcli/arborist/lib/shrinkwrap.js        |   20 +-
         .../@npmcli/arborist/lib/tree-check.js        |  104 +
         .../arborist/lib/update-root-package-json.js  |   48 +
         .../@npmcli/arborist/lib/yarn-lock.js         |    2 +-
         .../@npmcli/arborist/package.json             |   20 +-
         .../@npmcli/config/lib/parse-field.js         |    4 +-
         .../@npmcli/config/lib/set-envs.js            |    4 +-
         .../@npmcli/config/lib/type-defs.js           |    8 +
         .../node_modules/@npmcli/config/package.json  |    7 +-
         .../@npmcli/run-script/lib/make-spawn-args.js |   20 +-
         .../@npmcli/run-script/lib/run-script-pkg.js  |    3 +-
         .../@npmcli/run-script/lib/set-path.js        |    4 +-
         .../@npmcli/run-script/package.json           |    3 +-
         deps/npm/node_modules/aws4/aws4.js            |   16 +
         deps/npm/node_modules/aws4/package.json       |    2 +-
         .../debug/node_modules/ms/index.js            |  162 ++
         .../debug/node_modules/ms/license.md          |   21 +
         .../debug/node_modules/ms/package.json        |   37 +
         .../debug/node_modules/ms/readme.md           |   60 +
         deps/npm/node_modules/debug/package.json      |    2 +-
         deps/npm/node_modules/debug/src/browser.js    |   10 +
         deps/npm/node_modules/debug/src/common.js     |   45 +-
         deps/npm/node_modules/debug/src/node.js       |    8 +-
         .../node_modules/function-bind/.editorconfig  |   20 +
         .../npm/node_modules/function-bind/.jscs.json |  176 ++
         .../npm/node_modules/function-bind/.npmignore |   22 +
         .../node_modules/function-bind/.travis.yml    |  168 ++
         deps/npm/node_modules/function-bind/LICENSE   |   20 +
         deps/npm/node_modules/function-bind/README.md |   48 +
         .../function-bind/implementation.js           |   52 +
         deps/npm/node_modules/function-bind/index.js  |    5 +
         .../node_modules/function-bind/package.json   |   63 +
         .../node_modules/function-bind/test/index.js  |  252 +++
         deps/npm/node_modules/has/LICENSE-MIT         |   22 +
         deps/npm/node_modules/has/README.md           |   18 +
         deps/npm/node_modules/has/package.json        |   48 +
         deps/npm/node_modules/has/src/index.js        |    5 +
         deps/npm/node_modules/has/test/index.js       |   10 +
         deps/npm/node_modules/ini/ini.js              |   86 +-
         deps/npm/node_modules/ini/package.json        |   23 +-
         .../node_modules/is-core-module/.eslintignore |    1 +
         .../is-core-module/.github/FUNDING.yml        |   12 +
         .../.github/workflows/node-4+.yml             |   54 +
         .../.github/workflows/node-iojs.yml           |   58 +
         .../.github/workflows/node-pretest.yml        |   26 +
         .../.github/workflows/node-zero.yml           |   58 +
         .../.github/workflows/rebase.yml              |   15 +
         .../.github/workflows/require-allow-edits.yml |   14 +
         deps/npm/node_modules/is-core-module/.nycrc   |   13 +
         .../node_modules/is-core-module/CHANGELOG.md  |   58 +
         deps/npm/node_modules/is-core-module/LICENSE  |   20 +
         .../npm/node_modules/is-core-module/README.md |   37 +
         .../npm/node_modules/is-core-module/core.json |   83 +
         deps/npm/node_modules/is-core-module/index.js |   69 +
         .../node_modules/is-core-module/package.json  |   66 +
         .../node_modules/is-core-module/test/index.js |   83 +
         deps/npm/node_modules/libnpmfund/package.json |    4 +-
         deps/npm/node_modules/libnpmsearch/index.js   |    1 +
         .../node_modules/libnpmsearch/package.json    |   13 +-
         .../node_modules/make-fetch-happen/agent.js   |   52 +-
         .../node_modules/make-fetch-happen/cache.js   |   63 +-
         .../node_modules/make-fetch-happen/index.js   |   79 +-
         .../make-fetch-happen/package.json            |   29 +-
         .../utils/configure-options.js                |    7 +-
         .../utils/is-header-conditional.js            |    5 +-
         .../utils/iterable-to-object.js               |    4 +-
         .../make-fetch-happen/utils/make-policy.js    |    4 +-
         deps/npm/node_modules/ms/index.js             |    2 +-
         deps/npm/node_modules/ms/license.md           |    2 +-
         deps/npm/node_modules/ms/package.json         |    9 +-
         deps/npm/node_modules/ms/readme.md            |    3 +-
         deps/npm/node_modules/puka/CHANGELOG.md       |   31 +
         deps/npm/node_modules/puka/LICENSE.txt        |   18 +
         deps/npm/node_modules/puka/README.md          |  411 ++++
         deps/npm/node_modules/puka/index.js           |  804 +++++++
         deps/npm/node_modules/puka/package.json       |   38 +
         .../node_modules}/tough-cookie/LICENSE        |    0
         .../node_modules}/tough-cookie/README.md      |    0
         .../node_modules}/tough-cookie/lib/cookie.js  |    0
         .../tough-cookie/lib/memstore.js              |    0
         .../tough-cookie/lib/pathMatch.js             |    0
         .../tough-cookie/lib/permuteDomain.js         |    0
         .../tough-cookie/lib/pubsuffix-psl.js         |    0
         .../node_modules}/tough-cookie/lib/store.js   |    0
         .../node_modules}/tough-cookie/lib/version.js |    0
         .../node_modules}/tough-cookie/package.json   |    0
         deps/npm/node_modules/resolve/.editorconfig   |   24 +-
         deps/npm/node_modules/resolve/.travis.yml     |    8 -
         deps/npm/node_modules/resolve/appveyor.yml    |   42 +-
         deps/npm/node_modules/resolve/lib/async.js    |   11 +-
         deps/npm/node_modules/resolve/lib/core.js     |    4 +-
         deps/npm/node_modules/resolve/lib/core.json   |    9 +-
         deps/npm/node_modules/resolve/lib/is-core.js  |    4 +-
         deps/npm/node_modules/resolve/lib/sync.js     |   11 +-
         deps/npm/node_modules/resolve/package.json    |   18 +-
         deps/npm/node_modules/resolve/readme.markdown |   28 +-
         deps/npm/node_modules/resolve/test/core.js    |   12 +-
         .../resolve/test/shadowed_core.js             |   16 +
         .../npm/node_modules/resolve/test/symlinks.js |    5 +-
         .../node_modules/semver/classes/comparator.js |    8 +-
         deps/npm/node_modules/semver/classes/range.js |   63 +-
         .../npm/node_modules/semver/classes/semver.js |    9 +-
         .../node_modules/semver/functions/parse.js    |    8 +-
         .../semver/internal/parse-options.js          |   11 +
         deps/npm/node_modules/semver/package.json     |    7 +-
         .../node_modules/semver/ranges/min-version.js |    7 +-
         .../npm/node_modules/semver/ranges/outside.js |    2 +-
         deps/npm/node_modules/semver/ranges/subset.js |   15 +-
         .../socks/build/client/socksclient.js         |   38 +-
         .../socks/build/client/socksclient.js.map     |    2 +-
         deps/npm/node_modules/socks/package.json      |   16 +-
         .../node_modules/spdx-license-ids/index.json  |    6 +
         .../spdx-license-ids/package.json             |    3 +-
         deps/npm/node_modules/uuid/CHANGELOG.md       |    6 +
         deps/npm/node_modules/uuid/README.md          |   21 +-
         .../node_modules/uuid/dist/esm-browser/rng.js |   13 +-
         .../npm/node_modules/uuid/dist/rng-browser.js |   13 +-
         .../node_modules/uuid/dist/umd/uuid.min.js    |    2 +-
         .../node_modules/uuid/dist/umd/uuidv1.min.js  |    2 +-
         .../node_modules/uuid/dist/umd/uuidv4.min.js  |    2 +-
         deps/npm/node_modules/uuid/package.json       |    2 +-
         deps/npm/package.json                         |   43 +-
         .../test-lib-init.js-TAP.test.js              |   19 +
         .../test-lib-search.js-TAP.test.js            |   20 +
         .../test-lib-stars.js-TAP.test.js             |   15 +
         .../test-lib-team.js-TAP.test.js              |   85 +
         .../test-lib-utils-cmd-list.js-TAP.test.js    |    4 +-
         ...test-lib-utils-flat-options.js-TAP.test.js |    4 +-
         ...test-lib-utils-reify-finish.js-TAP.test.js |   15 +
         deps/npm/test/bin/npm-cli.js                  |    2 +-
         deps/npm/test/bin/npx-cli.js                  |   18 +-
         deps/npm/test/coverage-map.js                 |    5 +-
         .../fixtures/libnpmsearch-stream-result.js    |  277 +++
         deps/npm/test/lib/access.js                   |  166 +-
         deps/npm/test/lib/adduser.js                  |   32 +-
         deps/npm/test/lib/audit.js                    |   55 +-
         deps/npm/test/lib/auth/legacy.js              |   70 +-
         deps/npm/test/lib/auth/oauth.js               |    8 +-
         deps/npm/test/lib/auth/saml.js                |    8 +-
         deps/npm/test/lib/auth/sso.js                 |   34 +-
         deps/npm/test/lib/bin.js                      |    6 +-
         deps/npm/test/lib/birthday.js                 |    2 +
         deps/npm/test/lib/bugs.js                     |   68 +-
         deps/npm/test/lib/cache.js                    |   36 +-
         deps/npm/test/lib/ci.js                       |   87 +-
         deps/npm/test/lib/cli.js                      |   47 +-
         deps/npm/test/lib/completion.js               |  587 +++++
         deps/npm/test/lib/config.js                   |   68 +-
         deps/npm/test/lib/dedupe.js                   |   20 +-
         deps/npm/test/lib/deprecate.js                |  134 ++
         deps/npm/test/lib/dist-tag.js                 |   59 +-
         deps/npm/test/lib/docs.js                     |   48 +-
         deps/npm/test/lib/doctor.js                   |  943 ++++++++
         deps/npm/test/lib/exec.js                     |  388 ++--
         deps/npm/test/lib/explain.js                  |   60 +-
         deps/npm/test/lib/explore.js                  |  333 +--
         deps/npm/test/lib/find-dupes.js               |    4 +-
         deps/npm/test/lib/fund.js                     |  294 +--
         deps/npm/test/lib/get.js                      |    6 +-
         deps/npm/test/lib/init.js                     |  236 ++
         deps/npm/test/lib/install.js                  |  114 +-
         deps/npm/test/lib/link.js                     |  127 +-
         deps/npm/test/lib/ll.js                       |    8 +-
         deps/npm/test/lib/load-all-commands.js        |    3 +-
         deps/npm/test/lib/load-all.js                 |    4 +-
         deps/npm/test/lib/logout.js                   |   18 +-
         deps/npm/test/lib/ls.js                       | 1944 +++++++++--------
         deps/npm/test/lib/npm.js                      |   81 +-
         deps/npm/test/lib/outdated.js                 |  175 +-
         deps/npm/test/lib/owner.js                    |  131 +-
         deps/npm/test/lib/pack.js                     |   69 +-
         deps/npm/test/lib/ping.js                     |   14 +-
         deps/npm/test/lib/prefix.js                   |    2 +-
         deps/npm/test/lib/prune.js                    |   14 +-
         deps/npm/test/lib/rebuild.js                  |  222 ++
         deps/npm/test/lib/repo.js                     |  186 +-
         deps/npm/test/lib/root.js                     |    2 +-
         deps/npm/test/lib/run-script.js               |  260 +--
         deps/npm/test/lib/search.js                   |  193 ++
         deps/npm/test/lib/set-script.js               |  154 ++
         deps/npm/test/lib/shrinkwrap.js               |  329 +++
         deps/npm/test/lib/star.js                     |  144 ++
         deps/npm/test/lib/stars.js                    |  151 ++
         deps/npm/test/lib/team.js                     |  572 +++++
         deps/npm/test/lib/test.js                     |    8 +-
         deps/npm/test/lib/token.js                    |  293 ++-
         deps/npm/test/lib/uninstall.js                |  253 +++
         deps/npm/test/lib/unpublish.js                |  506 +++++
         deps/npm/test/lib/unstar.js                   |   28 +
         deps/npm/test/lib/update.js                   |  162 ++
         deps/npm/test/lib/utils/audit-error.js        |   34 +-
         deps/npm/test/lib/utils/cleanup-log-files.js  |   20 +-
         .../lib/utils/completion/installed-deep.js    |  122 +-
         .../lib/utils/completion/installed-shallow.js |   56 +-
         deps/npm/test/lib/utils/completion/none.js    |    2 +-
         deps/npm/test/lib/utils/config.js             |   49 +-
         deps/npm/test/lib/utils/error-handler.js      |   52 +-
         deps/npm/test/lib/utils/error-message.js      |  102 +-
         deps/npm/test/lib/utils/escape-arg.js         |   15 -
         deps/npm/test/lib/utils/escape-exec-path.js   |   15 -
         deps/npm/test/lib/utils/explain-dep.js        |    2 +-
         deps/npm/test/lib/utils/explain-eresolve.js   |    2 +-
         deps/npm/test/lib/utils/file-exists.js        |    4 +-
         deps/npm/test/lib/utils/flat-options.js       |   76 +-
         deps/npm/test/lib/utils/get-identity.js       |   34 +-
         deps/npm/test/lib/utils/get-project-scope.js  |   10 +-
         .../utils/hosted-git-info-from-manifest.js    |    6 +-
         deps/npm/test/lib/utils/is-windows-bash.js    |    4 +-
         deps/npm/test/lib/utils/is-windows-shell.js   |    2 +-
         deps/npm/test/lib/utils/is-windows.js         |    2 +-
         deps/npm/test/lib/utils/lifecycle-cmd.js      |    6 +-
         deps/npm/test/lib/utils/path.js               |    2 +-
         deps/npm/test/lib/utils/perf.js               |   10 +-
         deps/npm/test/lib/utils/ping.js               |    4 +-
         deps/npm/test/lib/utils/proc-log-listener.js  |   16 +-
         deps/npm/test/lib/utils/read-local-package.js |   16 +-
         deps/npm/test/lib/utils/reify-finish.js       |   80 +
         deps/npm/test/lib/utils/reify-output.js       |  154 +-
         deps/npm/test/lib/utils/setup-log.js          |   85 +-
         deps/npm/test/lib/utils/tar.js                |   55 +-
         deps/npm/test/lib/utils/unsupported.js        |    6 +-
         deps/npm/test/lib/utils/update-notifier.js    |   33 +-
         deps/npm/test/lib/version.js                  |  160 ++
         deps/npm/test/lib/view.js                     |  451 ++--
         deps/npm/test/lib/whoami.js                   |    4 +-
         446 files changed, 15908 insertions(+), 5480 deletions(-)
         create mode 100644 deps/npm/docs/content/commands/npm-set-script.md
         create mode 100644 deps/npm/docs/content/commands/npm-unstar.md
         create mode 100644 deps/npm/docs/output/commands/npm-set-script.html
         create mode 100644 deps/npm/docs/output/commands/npm-unstar.html
         create mode 100644 deps/npm/lib/set-script.js
         create mode 100644 deps/npm/lib/unstar.js
         delete mode 100644 deps/npm/lib/utils/depr-check.js
         delete mode 100644 deps/npm/lib/utils/escape-arg.js
         delete mode 100644 deps/npm/lib/utils/escape-exec-path.js
         delete mode 100644 deps/npm/lib/utils/package-id.js
         delete mode 100644 deps/npm/lib/utils/pick-manifest-from-registry-metadata.js
         create mode 100644 deps/npm/lib/utils/reify-finish.js
         delete mode 100644 deps/npm/lib/utils/save-stack.js
         delete mode 100644 deps/npm/lib/utils/unix-format-path.js
         delete mode 100644 deps/npm/lib/utils/warn-deprecated.js
         create mode 100644 deps/npm/man/man1/npm-set-script.1
         create mode 100644 deps/npm/man/man1/npm-unstar.1
         create mode 100644 deps/npm/node_modules/@npmcli/arborist/CHANGELOG.md
         create mode 100644 deps/npm/node_modules/@npmcli/arborist/lib/tree-check.js
         create mode 100644 deps/npm/node_modules/@npmcli/arborist/lib/update-root-package-json.js
         create mode 100644 deps/npm/node_modules/debug/node_modules/ms/index.js
         create mode 100644 deps/npm/node_modules/debug/node_modules/ms/license.md
         create mode 100644 deps/npm/node_modules/debug/node_modules/ms/package.json
         create mode 100644 deps/npm/node_modules/debug/node_modules/ms/readme.md
         create mode 100644 deps/npm/node_modules/function-bind/.editorconfig
         create mode 100644 deps/npm/node_modules/function-bind/.jscs.json
         create mode 100644 deps/npm/node_modules/function-bind/.npmignore
         create mode 100644 deps/npm/node_modules/function-bind/.travis.yml
         create mode 100644 deps/npm/node_modules/function-bind/LICENSE
         create mode 100644 deps/npm/node_modules/function-bind/README.md
         create mode 100644 deps/npm/node_modules/function-bind/implementation.js
         create mode 100644 deps/npm/node_modules/function-bind/index.js
         create mode 100644 deps/npm/node_modules/function-bind/package.json
         create mode 100644 deps/npm/node_modules/function-bind/test/index.js
         create mode 100644 deps/npm/node_modules/has/LICENSE-MIT
         create mode 100644 deps/npm/node_modules/has/README.md
         create mode 100644 deps/npm/node_modules/has/package.json
         create mode 100644 deps/npm/node_modules/has/src/index.js
         create mode 100644 deps/npm/node_modules/has/test/index.js
         create mode 100644 deps/npm/node_modules/is-core-module/.eslintignore
         create mode 100644 deps/npm/node_modules/is-core-module/.github/FUNDING.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/node-4+.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/node-iojs.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/node-pretest.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/node-zero.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/rebase.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.github/workflows/require-allow-edits.yml
         create mode 100644 deps/npm/node_modules/is-core-module/.nycrc
         create mode 100644 deps/npm/node_modules/is-core-module/CHANGELOG.md
         create mode 100644 deps/npm/node_modules/is-core-module/LICENSE
         create mode 100644 deps/npm/node_modules/is-core-module/README.md
         create mode 100644 deps/npm/node_modules/is-core-module/core.json
         create mode 100644 deps/npm/node_modules/is-core-module/index.js
         create mode 100644 deps/npm/node_modules/is-core-module/package.json
         create mode 100644 deps/npm/node_modules/is-core-module/test/index.js
         create mode 100644 deps/npm/node_modules/puka/CHANGELOG.md
         create mode 100644 deps/npm/node_modules/puka/LICENSE.txt
         create mode 100644 deps/npm/node_modules/puka/README.md
         create mode 100644 deps/npm/node_modules/puka/index.js
         create mode 100644 deps/npm/node_modules/puka/package.json
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/LICENSE (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/README.md (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/cookie.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/memstore.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/pathMatch.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/permuteDomain.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/pubsuffix-psl.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/store.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/lib/version.js (100%)
         rename deps/npm/node_modules/{ => request/node_modules}/tough-cookie/package.json (100%)
         delete mode 100644 deps/npm/node_modules/resolve/.travis.yml
         create mode 100644 deps/npm/node_modules/semver/internal/parse-options.js
         create mode 100644 deps/npm/tap-snapshots/test-lib-init.js-TAP.test.js
         create mode 100644 deps/npm/tap-snapshots/test-lib-search.js-TAP.test.js
         create mode 100644 deps/npm/tap-snapshots/test-lib-stars.js-TAP.test.js
         create mode 100644 deps/npm/tap-snapshots/test-lib-team.js-TAP.test.js
         create mode 100644 deps/npm/tap-snapshots/test-lib-utils-reify-finish.js-TAP.test.js
         create mode 100644 deps/npm/test/fixtures/libnpmsearch-stream-result.js
         create mode 100644 deps/npm/test/lib/completion.js
         create mode 100644 deps/npm/test/lib/deprecate.js
         create mode 100644 deps/npm/test/lib/doctor.js
         create mode 100644 deps/npm/test/lib/init.js
         create mode 100644 deps/npm/test/lib/rebuild.js
         create mode 100644 deps/npm/test/lib/search.js
         create mode 100644 deps/npm/test/lib/set-script.js
         create mode 100644 deps/npm/test/lib/shrinkwrap.js
         create mode 100644 deps/npm/test/lib/star.js
         create mode 100644 deps/npm/test/lib/stars.js
         create mode 100644 deps/npm/test/lib/team.js
         create mode 100644 deps/npm/test/lib/uninstall.js
         create mode 100644 deps/npm/test/lib/unpublish.js
         create mode 100644 deps/npm/test/lib/unstar.js
         create mode 100644 deps/npm/test/lib/update.js
         delete mode 100644 deps/npm/test/lib/utils/escape-arg.js
         delete mode 100644 deps/npm/test/lib/utils/escape-exec-path.js
         create mode 100644 deps/npm/test/lib/utils/reify-finish.js
         create mode 100644 deps/npm/test/lib/version.js
        
        diff --git a/deps/npm/.eslintrc.json b/deps/npm/.eslintrc.json
        index 6232a8f82187ff..139716eefd85a0 100644
        --- a/deps/npm/.eslintrc.json
        +++ b/deps/npm/.eslintrc.json
        @@ -133,7 +133,7 @@
             "no-shadow-restricted-names": "error",
             "no-sparse-arrays": "error",
             "no-tabs": "error",
        -    "no-template-curly-in-string": "error",
        +    "no-template-curly-in-string": "off",
             "no-this-before-super": "error",
             "no-throw-literal": "off",
             "no-trailing-spaces": "error",
        diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS
        index c0986e8be2bf90..008d9099561199 100644
        --- a/deps/npm/AUTHORS
        +++ b/deps/npm/AUTHORS
        @@ -733,3 +733,9 @@ Jan Tojnar 
         Jason Attwood 
         Vlad GURDIGA 
         Sébastien Puech 
        +Jannis Hell 
        +Hollow Man 
        +kai zhu 
        +Alex Woollam 
        +Daniel Fischer 
        +Yash-Singh1 
        diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
        index 8cafde1158491d..0922176c6bacd3 100644
        --- a/deps/npm/CHANGELOG.md
        +++ b/deps/npm/CHANGELOG.md
        @@ -1,3 +1,235 @@
        +## 7.1.2 (2020-12-11)
        +
        +### DEPENDENCIES
        +
        +* [`c3ba1daf7`](https://github.com/npm/cli/commit/c3ba1daf7cd335d72aeba80ae0e9f9d215ca9ea5)
        +  [#2033](https://github.com/npm/cli/issues/2033) `@npmcli/config@1.2.6`:
        +    * Set `INIT_CWD` to initial current working directory
        +    * Set `NODE` to initial process.execPath
        +* [`8029608b9`](https://github.com/npm/cli/commit/8029608b914fe5ba35a7cd37ae95ab93b0532e2e)
        +  `json-parse-even-better-errors@2.3.1`
        +* [`0233818e6`](https://github.com/npm/cli/commit/0233818e606888b80881b17a2c6aca9f10a619b2)
        +  [#2332](https://github.com/npm/cli/issues/2332) `treeverse@1.0.4`
        +* [`e401d6bb3`](https://github.com/npm/cli/commit/e401d6bb37ffc767b4fefe89878dd3c3ef490b2c)
        +  `ini@1.3.8`
        +* [`011bb1220`](https://github.com/npm/cli/commit/011bb122035dcd43769ec35982662cca41635068)
        +  [#2320](https://github.com/npm/cli/issues/2320) `@npmcli/arborist@2.0.1`:
        +    * Do not save with `^` and no version
        +
        +### BUGFIXES
        +
        +* [`244c2069f`](https://github.com/npm/cli/commit/244c2069fd093f053d3061c85575ac13e72e2454)
        +  [#2325](https://github.com/npm/cli/issues/2325) npm search
        +  include/exclude ([@ruyadorno](https://github.com/ruyadorno))
        +* [`d825e901e`](https://github.com/npm/cli/commit/d825e901eceea4cf8d860e35238dc30008eb4da4)
        +  [#1905](https://github.com/npm/cli/issues/1905)
        +  [#2316](https://github.com/npm/cli/issues/2316) run install scripts for
        +  root project
        +* [`315449142`](https://github.com/npm/cli/commit/31544914294948085a84097af7f0f5de2a2e8f7e)
        +  [#2331](https://github.com/npm/cli/issues/2331)
        +  [#2021](https://github.com/npm/cli/issues/2021) Set `NODE_ENV=production`
        +  if 'dev' is on the omit list ([@isaacs](https://github.com/isaacs))
        +
        +### TESTING
        +
        +* [`c243e3b9d`](https://github.com/npm/cli/commit/c243e3b9d9bda0580a0fc1b3e230b4d47412176e)
        +  [#2313](https://github.com/npm/cli/issues/2313) tests: completion
        +  ([@nlf](https://github.com/nlf))
        +* [`7ff6efbb8`](https://github.com/npm/cli/commit/7ff6efbb866591b2330b967215cef8146dff3ebf)
        +  [#2314](https://github.com/npm/cli/issues/2314) npm team
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +* [`7a4f0c96c`](https://github.com/npm/cli/commit/7a4f0c96c2ab9f264f7bda2caf7e72c881571270)
        +  [#2323](https://github.com/npm/cli/issues/2323) npm doctor
        +  ([@nlf](https://github.com/nlf))
        +
        +### DOCUMENTATION
        +
        +* [`e340cf64b`](https://github.com/npm/cli/commit/e340cf64ba31ef329a9049b60c32ffd0342cfb7d)
        +  [#2330](https://github.com/npm/cli/issues/2330) explain through
        +  run-script ([@isaacs](https://github.com/isaacs))
        +
        +## 7.1.1 (2020-12-08)
        +
        +### DEPENDENCIES
        +
        +* [`bf09e719c`](https://github.com/npm/cli/commit/bf09e719c7f563a255b1e9af6b1237ebc5598db6)
        +  `@npmcli/arborist@2.0.0`
        +    * Much stricter tree integrity guarantees
        +    * Fix issues where the root project is a symlink, or linked as a
        +      workspace
        +* [`7ceb5b728`](https://github.com/npm/cli/commit/7ceb5b728b9f326c567f5ffe5831c9eccf013aa0)
        +  `ini@1.3.6`
        +* [`77c6ced2a`](https://github.com/npm/cli/commit/77c6ced2a6daaadbff715c8f05b2e61ba76e9bab)
        +  `make-fetch-happen@8.0.11`
        +    * Avoid caching headers that are hazardous or unnecessary to leave
        +      lying around (authorization, npm-session, etc.)
        +    * [#38](https://github.com/npm/make-fetch-happen/pull/38) Include query
        +      string in cache key ([@jpb](https://github.com/jpb))
        +* [`0ef25b6cd`](https://github.com/npm/cli/commit/0ef25b6cd2921794d36f066e2b11c406342cf167)
        +  `libnpmsearch@3.1.0`:
        +    * Update to accept query params as options, so we can paginate.
        +      ([@nlf](https://github.com/nlf))
        +* [`518a66450`](https://github.com/npm/cli/commit/518a664500bcde30475788e8c1c3e651f23e881b)
        +  `@npmcli/config@1.2.4`:
        +    * Do not allow path options to be set to a boolean `false` value
        +* [`3d7aff9d8`](https://github.com/npm/cli/commit/3d7aff9d8dd1cf29956aa306464cd44fbc2af426)
        +  update all dependencies using latest npm to install them
        +
        +### TESTS
        +
        +* [`2848f5940`](https://github.com/npm/cli/commit/2848f594034b87939bfc5546e3e603f123d98a01)
        +  [npm/statusboard#173](https://github.com/npm/statusboard/issues/173)
        +  [#2293](https://github.com/npm/cli/issues/2293) npm shrinkwrap
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +* [`f6824459a`](https://github.com/npm/cli/commit/f6824459ae0c86e2fa9c84b3dcec85f572ae8e1b)
        +  [#2302](https://github.com/npm/cli/issues/2302) npm deprecate
        +  ([@nlf](https://github.com/nlf))
        +* [`b7d74b627`](https://github.com/npm/cli/commit/b7d74b627859f08fca23209d6e0d3ec6657a4489)
        +  [npm/statusboard#180](https://github.com/npm/statusboard/issues/180)
        +  [#2304](https://github.com/npm/cli/issues/2304) npm unpublish
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +
        +### FEATURES
        +
        +* [`3db90d944`](https://github.com/npm/cli/commit/3db90d94474f673591811fdab5eb6a5bfdeba261)
        +  [#2303](https://github.com/npm/cli/issues/2303) allow for passing object
        +  keys to searchopts to allow pagination ([@nlf](https://github.com/nlf))
        +
        +## 7.1.0 (2020-12-04)
        +
        +### FEATURES
        +
        +* [`6b1575110`](https://github.com/npm/cli/commit/6b15751106beb99234aa4bf39ae05cf40076d42a)
        +  [#2237](https://github.com/npm/cli/pull/2237)
        +  add `npm set-script` command
        +  ([@Yash-Singh1](https://github.com/Yash-Singh1))
        +* [`15d7333f8`](https://github.com/npm/cli/commit/15d7333f832e3d68ae16895569f27a27ef86573e)
        +  add interactive `npm exec`
        +  ([@isaacs](https://github.com/isaacs))
        +
        +### BUG FIXES
        +
        +* [`2a1192e4b`](https://github.com/npm/cli/commit/2a1192e4b03acdf6e6e24e58de68f736ab9bb35f)
        +  [#2202](https://github.com/npm/cli/pull/2202)
        +  Do not run interactive `npm exec` in CI when a TTY
        +  ([@isaacs](https://github.com/isaacs))
        +
        +### DOCUMENTATION
        +
        +* [`0599cc37d`](https://github.com/npm/cli/commit/0599cc37df453bf79d47490eb4fca3cd63f67f80)
        +  [#2271](https://github.com/npm/cli/pull/2271)
        +  don't wrap code block
        +  ([@ethomson](https://github.com/ethomson))
        +
        +### DEPENDENCIES
        +
        +* [`def85c726`](https://github.com/npm/cli/commit/def85c72640ffe2d27977c56b7aa06c6f6346ca9)
        +  `@npmcli/arborist@1.0.14`
        +    * fixes running `npm exec` from file system root folder
        +* [`4c94673ab`](https://github.com/npm/cli/commit/4c94673ab5399d27e5a48e52f7a65b038a456265)
        +  `semver@7.3.4`
        +
        +## 7.0.15 (2020-11-27)
        +
        +### DEPENDENCIES
        +
        +* [`00e6028ef`](https://github.com/npm/cli/commit/00e6028ef83bf76eaae10241fd7ba59e39768603)
        +  `@npmcli/arborist@1.0.13`
        +    * do not override user-defined shorthand values when saving `package.json`
        +
        +### BUG FIXES
        +
        +* [`9c3413fbc`](https://github.com/npm/cli/commit/9c3413fbcb37e79fc0b3d980e0b5810d7961277c)
        +  [#2034](https://github.com/npm/cli/issues/2034)
        +  [#2245](https://github.com/npm/cli/issues/2245)
        +  `npm link ` should not save `package.json`
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +
        +### DOCUMENTATION
        +
        +* [`1875347f9`](https://github.com/npm/cli/commit/1875347f9f4f2b50c28fe8857c5533eeebf42da2)
        +  [#2196](https://github.com/npm/cli/issues/2196)
        +  remove doc on obsolete `unsafe-perm` flag
        +  ([@kaizhu256](https://github.com/kaizhu256))
        +* [`f51e50603`](https://github.com/npm/cli/commit/f51e5060340c783a8a00dadd98e5786960caf43f)
        +  [#2200](https://github.com/npm/cli/issues/2200)
        +  `config.md` cleanup
        +  ([@alexwoollam](https://github.com/alexwoollam))
        +* [`997cbdb40`](https://github.com/npm/cli/commit/997cbdb400bcd22e457e8a06b69a7be697cfd66d)
        +  [#2238](https://github.com/npm/cli/issues/2238)
        +  Fix broken link to `package.json` documentation
        +  ([@d-fischer](https://github.com/d-fischer))
        +* [`9da972dc4`](https://github.com/npm/cli/commit/9da972dc44c21cf0e337f1c3fca44eb9df3e40d5)
        +  [#2241](https://github.com/npm/cli/issues/2241)
        +  `npm star` docs cleanup
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +
        +## 7.0.14 (2020-11-23)
        +
        +### DEPENDENCIES
        +* [`09d21ab90`](https://github.com/npm/cli/commit/09d21ab903dcfebdfd446b8b29ad46c425b6510e)
        +  `@npmcli/run-script@1.8.1`
        +    - fix a regression in how scripts are escaped
        +
        +## 7.0.13 (2020-11-20)
        +
        +### BUG FIXES
        +* [`5fc56b6db`](https://github.com/npm/cli/commit/5fc56b6dbcc7d7d1463a761abb67d2fc16ad3657)
        +  [npm/statusboard#174](https://github.com/npm/statusboard/issues/174)
        +  [#2204](https://github.com/npm/cli/issues/2204)
        +  fix npm unstar command
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +* [`7842b4d4d`](https://github.com/npm/cli/commit/7842b4d4dca1e076b0d26d554f9dce67484cd7be)
        +  [npm/statusboard#182](https://github.com/npm/statusboard/issues/182)
        +  [#2205](https://github.com/npm/cli/issues/2205)
        +  fix npm version usage output
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +* [`a0adbf9f8`](https://github.com/npm/cli/commit/a0adbf9f8f77531fcf81ae31bbc7102698765ee3)
        +  [#2206](https://github.com/npm/cli/issues/2206)
        +  [#2213](https://github.com/npm/cli/issues/2213)
        +  fix: fix flatOptions usage in npm init
        +  ([@ruyadorno](https://github.com/ruyadorno))
        +
        +### DEPENDENCIES
        +
        +* [`3daaf000a`](https://github.com/npm/cli/commit/3daaf000aee0ba81af855977d7011850e79099e6)
        +  `@npmcli/arborist@1.0.12`
        +    - fixes some windows specific bugs in how paths are handled and compared
        +
        +### DOCUMENTATION
        +
        +* [`084a7b6ad`](https://github.com/npm/cli/commit/084a7b6ad6eaf9f2d92eb05da93e745f5357cce2)
        +  [#2210](https://github.com/npm/cli/issues/2210)
        +  docs: Fix typo
        +  ([@HollowMan6](https://github.com/HollowMan6))
        +
        +## 7.0.12 (2020-11-17)
        +
        +### BUG FIXES
        +
        +* [`7b89576bd`](https://github.com/npm/cli/commit/7b89576bd1fa557a312a841afa66b895558d1b12)
        +  [#2174](https://github.com/npm/cli/issues/2174)
        +  fix running empty scripts with `npm run-script`
        +  ([@nlf](https://github.com/nlf))
        +* [`bc9afb195`](https://github.com/npm/cli/commit/bc9afb195f5aad7c06bc96049c0f00dc8e752dee)
        +  [#2002](https://github.com/npm/cli/issues/2002)
        +  [#2184](https://github.com/npm/cli/issues/2184)
        +  Preserve builtin conf when installing npm globally
        +  ([@isaacs](https://github.com/isaacs))
        +
        +### DEPENDENCIES
        +
        +* [`b74c05d88`](https://github.com/npm/cli/commit/b74c05d88dc48fabef031ea66ffaa4e548845655)
        +  `@npmcli/run-script@1.8.0`
        +    * fix windows command-line argument escaping
        +
        +### DOCUMENTATION
        +
        +* [`4e522fdc9`](https://github.com/npm/cli/commit/4e522fdc917bc85af2ca8ff7669a0178e2f35123)
        +  [#2179](https://github.com/npm/cli/issues/2179)
        +  remove mention to --parseable option from `npm audit` docs
        +  ([@Primajin](https://github.com/Primajin))
        +
         ## 7.0.11 (2020-11-13)
         
         ### DEPENDENCIES
        diff --git a/deps/npm/docs/content/commands/npm-audit.md b/deps/npm/docs/content/commands/npm-audit.md
        index 645ab87b157e17..2c0a8f58047ca2 100644
        --- a/deps/npm/docs/content/commands/npm-audit.md
        +++ b/deps/npm/docs/content/commands/npm-audit.md
        @@ -7,8 +7,8 @@ description: Run a security audit
         ### Synopsis
         
         ```bash
        -npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
        -npm audit fix [--force|--package-lock-only|--dry-run]
        +npm audit [--json] [--production] [--audit-level=(low|moderate|high|critical)]
        +npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=(dev|prod)]
         
         common options: [--production] [--only=(dev|prod)]
         ```
        diff --git a/deps/npm/docs/content/commands/npm-dist-tag.md b/deps/npm/docs/content/commands/npm-dist-tag.md
        index 65ce22a179fc7f..585da16ad2d2c4 100644
        --- a/deps/npm/docs/content/commands/npm-dist-tag.md
        +++ b/deps/npm/docs/content/commands/npm-dist-tag.md
        @@ -78,8 +78,8 @@ This command used to be known as `npm tag`, which only created new tags,
         and so had a different syntax.
         
         Tags must share a namespace with version numbers, because they are
        -specified in the same slot: `npm install @` vs `npm install
        -@`.
        +specified in the same slot: `npm install @` vs
        +`npm install @`.
         
         Tags that can be interpreted as valid semver ranges will be rejected. For
         example, `v1.4` cannot be used as a tag, because it is interpreted by
        diff --git a/deps/npm/docs/content/commands/npm-exec.md b/deps/npm/docs/content/commands/npm-exec.md
        index c9de9933be3a55..3ae30fa0cba9a7 100644
        --- a/deps/npm/docs/content/commands/npm-exec.md
        +++ b/deps/npm/docs/content/commands/npm-exec.md
        @@ -16,9 +16,11 @@ npx [@] [args...]
         npx -p [@]  [args...]
         npx -c ' [args...]'
         npx -p [@] -c ' [args...]'
        +Run without --call or positional args to open interactive subshell
         
         alias: npm x, npx
         
        +common options:
         --package= (may be specified multiple times)
         -p is a shorthand for --package only when using npx executable
         -c  --call= (may not be mixed with positional arguments)
        @@ -30,6 +32,11 @@ This command allows you to run an arbitrary command from an npm package
         (either one installed locally, or fetched remotely), in a similar context
         as running it via `npm run`.
         
        +Run without positional arguments or `--call`, this allows you to
        +interactively run commands in the same sort of shell environment that
        +`package.json` scripts are run.  Interactive mode is not supported in CI
        +environments when standard input is a TTY, to prevent hangs.
        +
         Whatever packages are specified by the `--package` option will be
         provided in the `PATH` of the executed command, along with any locally
         installed package executables.  The `--package` option may be
        diff --git a/deps/npm/docs/content/commands/npm-explain.md b/deps/npm/docs/content/commands/npm-explain.md
        index a68bd7d1c252f9..ec63ec34f26d8a 100644
        --- a/deps/npm/docs/content/commands/npm-explain.md
        +++ b/deps/npm/docs/content/commands/npm-explain.md
        @@ -8,6 +8,8 @@ description: Explain installed packages
         
         ```bash
         npm explain 
        +
        +alias: why
         ```
         
         ### Description
        @@ -56,7 +58,7 @@ node_modules/nyc/node_modules/find-up
         #### json
         
         * Default: false
        -* Type: Bolean
        +* Type: Boolean
         
         Show information in JSON format.
         
        diff --git a/deps/npm/docs/content/commands/npm-link.md b/deps/npm/docs/content/commands/npm-link.md
        index 7c55f18c5a431d..1a835001fc64f8 100644
        --- a/deps/npm/docs/content/commands/npm-link.md
        +++ b/deps/npm/docs/content/commands/npm-link.md
        @@ -15,41 +15,44 @@ alias: npm ln
         
         ### Description
         
        +This is handy for installing your own stuff, so that you can work on it and
        +test iteratively without having to continually rebuild.
        +
         Package linking is a two-step process.
         
        -First, `npm link` in a package folder will create a symlink in the global folder
        -`{prefix}/lib/node_modules/` that links to the package where the `npm
        -link` command was executed. It will also link any bins in the package to `{prefix}/bin/{name}`.
        -Note that `npm link` uses the global prefix (see `npm prefix -g` for its value).
        +First, `npm link` in a package folder will create a symlink in the global
        +folder `{prefix}/lib/node_modules/` that links to the package
        +where the `npm link` command was executed. It will also link any bins in
        +the package to `{prefix}/bin/{name}`.  Note that `npm link` uses the global
        +prefix (see `npm prefix -g` for its value).
         
         Next, in some other location, `npm link package-name` will create a
        -symbolic link from globally-installed `package-name` to `node_modules/`
        -of the current folder.
        +symbolic link from globally-installed `package-name` to `node_modules/` of
        +the current folder.
         
        -Note that `package-name` is taken from `package.json`,
        -not from directory name.
        +Note that `package-name` is taken from `package.json`, _not_ from the
        +directory name.
         
        -The package name can be optionally prefixed with a scope. See [`scope`](/using-npm/scope).
        -The scope must be preceded by an @-symbol and followed by a slash.
        +The package name can be optionally prefixed with a scope. See
        +[`scope`](/using-npm/scope).  The scope must be preceded by an @-symbol and
        +followed by a slash.
         
         When creating tarballs for `npm publish`, the linked packages are
        -"snapshotted" to their current state by resolving the symbolic links.
        -
        -This is handy for installing your own stuff, so that you can work on it and
        -test it iteratively without having to continually rebuild.
        +"snapshotted" to their current state by resolving the symbolic links, if
        +they are included in `bundleDependencies`.
         
         For example:
         
         ```bash
        -    cd ~/projects/node-redis    # go into the package directory
        -    npm link                    # creates global link
        -    cd ~/projects/node-bloggy   # go into some other package directory.
        -    npm link redis              # link-install the package
        +cd ~/projects/node-redis    # go into the package directory
        +npm link                    # creates global link
        +cd ~/projects/node-bloggy   # go into some other package directory.
        +npm link redis              # link-install the package
         ```
         
        -Now, any changes to ~/projects/node-redis will be reflected in
        -~/projects/node-bloggy/node_modules/node-redis/. Note that the link should
        -be to the package name, not the directory name for that package.
        +Now, any changes to `~/projects/node-redis` will be reflected in
        +`~/projects/node-bloggy/node_modules/node-redis/`. Note that the link
        +should be to the package name, not the directory name for that package.
         
         You may also shortcut the two steps in one.  For example, to do the
         above use-case in a shorter way:
        @@ -69,15 +72,33 @@ npm link redis
         That is, it first creates a global link, and then links the global
         installation target into your project's `node_modules` folder.
         
        -Note that in this case, you are referring to the directory name, `node-redis`,
        -rather than the package name `redis`.
        +Note that in this case, you are referring to the directory name,
        +`node-redis`, rather than the package name `redis`.
         
        -If your linked package is scoped (see [`scope`](/using-npm/scope)) your link command must include that scope, e.g.
        +If your linked package is scoped (see [`scope`](/using-npm/scope)) your
        +link command must include that scope, e.g.
         
         ```bash
         npm link @myorg/privatepackage
         ```
         
        +### Caveat
        +
        +Note that package dependencies linked in this way are _not_ saved to
        +`package.json` by default, on the assumption that the intention is to have
        +a link stand in for a regular non-link dependency.  Otherwise, for example,
        +if you depend on `redis@^3.0.1`, and ran `npm link redis`, it would replace
        +the `^3.0.1` dependency with `file:../path/to/node-redis`, which you
        +probably don't want!  Additionally, other users or developers on your
        +project would run into issues if they do not have their folders set up
        +exactly the same as yours.
        +
        +If you are adding a _new_ dependency as a link, you should add it to the
        +relevant metadata by running `npm install  --package-lock-only`.
        +
        +If you _want_ to save the `file:` reference in your `package.json` and
        +`package-lock.json` files, you can use `npm link  --save` to do so.
        +
         ### See Also
         
         * [npm developers](/using-npm/developers)
        diff --git a/deps/npm/docs/content/commands/npm-logout.md b/deps/npm/docs/content/commands/npm-logout.md
        index b1f344af576f34..7fa858a99993d2 100644
        --- a/deps/npm/docs/content/commands/npm-logout.md
        +++ b/deps/npm/docs/content/commands/npm-logout.md
        @@ -12,13 +12,13 @@ npm logout [--registry=] [--scope=<@scope>]
         
         ### Description
         
        -When logged into a registry that supports token-based authentication, tell the
        -server to end this token's session. This will invalidate the token everywhere
        -you're using it, not just for the current environment.
        +When logged into a registry that supports token-based authentication, tell
        +the server to end this token's session. This will invalidate the token
        +everywhere you're using it, not just for the current environment.
         
        -When logged into a legacy registry that uses username and password authentication, this will
        -clear the credentials in your user configuration. In this case, it will _only_ affect
        -the current environment.
        +When logged into a legacy registry that uses username and password
        +authentication, this will clear the credentials in your user configuration.
        +In this case, it will _only_ affect the current environment.
         
         If `--scope` is provided, this will find the credentials for the registry
         connected to that scope, if set.
        diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md
        index c6e2af3314bfbd..54787bd6389c6c 100644
        --- a/deps/npm/docs/content/commands/npm-ls.md
        +++ b/deps/npm/docs/content/commands/npm-ls.md
        @@ -15,17 +15,21 @@ aliases: list, la, ll
         ### Description
         
         This command will print to stdout all the versions of packages that are
        -installed, as well as their dependencies, in a tree-structure.
        +installed, as well as their dependencies when `--all` is specified, in a
        +tree structure.
         
        -Positional arguments are `name@version-range` identifiers, which will
        -limit the results to only the paths to the packages named.  Note that
        -nested packages will *also* show the paths to the specified packages.
        -For example, running `npm ls promzard` in npm's source tree will show:
        +Note: to get a "bottoms up" view of why a given package is included in the
        +tree at all, use [`npm explain`](/commands/npm-explain).
        +
        +Positional arguments are `name@version-range` identifiers, which will limit
        +the results to only the paths to the packages named.  Note that nested
        +packages will *also* show the paths to the specified packages.  For
        +example, running `npm ls promzard` in npm's source tree will show:
         
         ```bash
        -    npm@@VERSION@ /path/to/npm
        -    └─┬ init-package-json@0.0.4
        -      └── promzard@0.1.5
        +npm@@VERSION@ /path/to/npm
        +└─┬ init-package-json@0.0.4
        +  └── promzard@0.1.5
         ```
         
         It will print out extraneous, missing, and invalid packages.
        @@ -35,12 +39,49 @@ in parentheses after the name@version to make it easier for users to
         recognize potential forks of a project.
         
         The tree shown is the logical dependency tree, based on package
        -dependencies, not the physical layout of your node_modules folder.
        +dependencies, not the physical layout of your `node_modules` folder.
         
         When run as `ll` or `la`, it shows extended information by default.
         
        +### Note: Design Changes Pending
        +
        +The `npm ls` command's output and behavior made a _ton_ of sense when npm
        +created a `node_modules` folder that naively nested every dependency.  In
        +such a case, the logical dependency graph and physical tree of packages on
        +disk would be roughly identical.
        +
        +With the advent of automatic install-time deduplication of dependencies in
        +npm v3, the `ls` output was modified to display the logical dependency
        +graph as a tree structure, since this was more useful to most users.
        +However, without using `npm ls -l`, it became impossible show _where_ a
        +package was actually installed much of the time!
        +
        +With the advent of automatic installation of `peerDependencies` in npm v7,
        +this gets even more curious, as `peerDependencies` are logically
        +"underneath" their dependents in the dependency graph, but are always
        +physically at or above their location on disk.
        +
        +Also, in the years since npm got an `ls` command (in version 0.0.2!),
        +dependency graphs have gotten much larger as a general rule.  Therefor, in
        +order to avoid dumping an excessive amount of content to the terminal, `npm
        +ls` now only shows the _top_ level dependencies, unless `--all` is
        +provided.
        +
        +A thorough re-examination of the use cases, intention, behavior, and output
        +of this command, is currently underway.  Expect significant changes to at
        +least the default human-readable `npm ls` output in npm v8.
        +
         ### Configuration
         
        +#### all
        +
        +* Default: `false`
        +* Type: Boolean
        +
        +When running `npm outdated` and `npm ls`, setting `--all` will show all
        +outdated or installed packages, rather than only those directly depended
        +upon by the current project.
        +
         #### json
         
         * Default: false
        @@ -115,6 +156,7 @@ Set it to false in order to use all-ansi output.
         
         ### See Also
         
        +* [npm explain](/commands/npm-explain)
         * [npm config](/commands/npm-config)
         * [npmrc](/configuring-npm/npmrc)
         * [npm folders](/configuring-npm/folders)
        diff --git a/deps/npm/docs/content/commands/npm-org.md b/deps/npm/docs/content/commands/npm-org.md
        index 2f3c6b48088669..18047d109cc0b0 100644
        --- a/deps/npm/docs/content/commands/npm-org.md
        +++ b/deps/npm/docs/content/commands/npm-org.md
        @@ -52,10 +52,11 @@ $ npm org ls my-org @mx-santos
         
         ### Description
         
        -You can use the `npm org` commands to manage and view users of an organization.
        -It supports adding and removing users, changing their roles, listing them, and
        -finding specific ones and their roles.
        +You can use the `npm org` commands to manage and view users of an
        +organization.  It supports adding and removing users, changing their roles,
        +listing them, and finding specific ones and their roles.
         
         ### See Also
         
        +* [using orgs](/using-npm/orgs)
         * [Documentation on npm Orgs](https://docs.npmjs.com/orgs/)
        diff --git a/deps/npm/docs/content/commands/npm-outdated.md b/deps/npm/docs/content/commands/npm-outdated.md
        index 01ad780867d057..ee1157f332de08 100644
        --- a/deps/npm/docs/content/commands/npm-outdated.md
        +++ b/deps/npm/docs/content/commands/npm-outdated.md
        @@ -15,25 +15,34 @@ npm outdated [[<@scope>/] ...]
         This command will check the registry to see if any (or, specific) installed
         packages are currently outdated.
         
        +By default, only the direct dependencies of the root project are shown.
        +Use `--all` to find all outdated meta-dependencies as well.
        +
         In the output:
         
         * `wanted` is the maximum version of the package that satisfies the semver
        -  range specified in `package.json`. If there's no available semver range (i.e.
        -  you're running `npm outdated --global`, or the package isn't included in
        -  `package.json`), then `wanted` shows the currently-installed version.
        +  range specified in `package.json`. If there's no available semver range
        +  (i.e.  you're running `npm outdated --global`, or the package isn't
        +  included in `package.json`), then `wanted` shows the currently-installed
        +  version.
         * `latest` is the version of the package tagged as latest in the registry.
        -  Running `npm publish` with no special configuration will publish the package
        -  with a dist-tag of `latest`. This may or may not be the maximum version of
        -  the package, or the most-recently published version of the package, depending
        -  on how the package's developer manages the latest [dist-tag](npm-dist-tag).
        +  Running `npm publish` with no special configuration will publish the
        +  package with a dist-tag of `latest`. This may or may not be the maximum
        +  version of the package, or the most-recently published version of the
        +  package, depending on how the package's developer manages the latest
        +  [dist-tag](/commands/npm-dist-tag).
         * `location` is where in the physical tree the package is located.
         * `depended by` shows which package depends on the displayed dependency
        -* `package type` (when using `--long` / `-l`) tells you whether this package is
        -  a `dependency` or a dev/peer/optional dependency. Packages not included in `package.json`
        -  are always marked `dependencies`.
        -* `homepage` (when using `--long` / `-l`) is the `homepage` value contained in the package's packument
        -* Red means there's a newer version matching your semver requirements, so you should update now.
        -* Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0.x minor) so proceed with caution.
        +* `package type` (when using `--long` / `-l`) tells you whether this
        +  package is a `dependency` or a dev/peer/optional dependency. Packages not
        +  included in `package.json` are always marked `dependencies`.
        +* `homepage` (when using `--long` / `-l`) is the `homepage` value contained
        +  in the package's packument
        +* Red means there's a newer version matching your semver requirements, so
        +  you should update now.
        +* Yellow indicates that there's a newer version _above_ your semver
        +  requirements (usually new major, or new 0.x minor) so proceed with
        +  caution.
         
         ### An example
         
        @@ -59,19 +68,20 @@ With these `dependencies`:
         
         A few things to note:
         
        -* `glob` requires `^5`, which prevents npm from installing `glob@6`, which is
        -  outside the semver range.
        -* Git dependencies will always be reinstalled, because of how they're specified.
        -  The installed committish might satisfy the dependency specifier (if it's
        -  something immutable, like a commit SHA), or it might not, so `npm outdated` and
        -  `npm update` have to fetch Git repos to check. This is why currently doing a
        -  reinstall of a Git dependency always forces a new clone and install.
        -* `npm@3.5.2` is marked as "wanted", but "latest" is `npm@3.5.1` because npm
        -  uses dist-tags to manage its `latest` and `next` release channels. `npm update`
        -  will install the _newest_ version, but `npm install npm` (with no semver range)
        -  will install whatever's tagged as `latest`.
        -* `once` is just plain out of date. Reinstalling `node_modules` from scratch or
        -  running `npm update` will bring it up to spec.
        +* `glob` requires `^5`, which prevents npm from installing `glob@6`, which
        +  is outside the semver range.
        +* Git dependencies will always be reinstalled, because of how they're
        +  specified.  The installed committish might satisfy the dependency
        +  specifier (if it's something immutable, like a commit SHA), or it might
        +  not, so `npm outdated` and `npm update` have to fetch Git repos to check.
        +  This is why currently doing a reinstall of a Git dependency always forces
        +  a new clone and install.
        +* `npm@3.5.2` is marked as "wanted", but "latest" is `npm@3.5.1` because
        +  npm uses dist-tags to manage its `latest` and `next` release channels.
        +  `npm update` will install the _newest_ version, but `npm install npm`
        +  (with no semver range) will install whatever's tagged as `latest`.
        +* `once` is just plain out of date. Reinstalling `node_modules` from
        +  scratch or running `npm update` will bring it up to spec.
         
         ### Configuration
         
        diff --git a/deps/npm/docs/content/commands/npm-owner.md b/deps/npm/docs/content/commands/npm-owner.md
        index 3c984ebd856201..6479f3bdd11f42 100644
        --- a/deps/npm/docs/content/commands/npm-owner.md
        +++ b/deps/npm/docs/content/commands/npm-owner.md
        @@ -18,26 +18,24 @@ aliases: author
         
         Manage ownership of published packages.
         
        -* ls:
        -  List all the users who have access to modify a package and push new versions.
        -  Handy when you need to know who to bug for help.
        -* add:
        -  Add a new user as a maintainer of a package.  This user is enabled to modify
        -  metadata, publish new versions, and add other owners.
        -* rm:
        -  Remove a user from the package owner list.  This immediately revokes their
        -  privileges.
        +* ls: List all the users who have access to modify a package and push new
        +  versions.  Handy when you need to know who to bug for help.
        +* add: Add a new user as a maintainer of a package.  This user is enabled
        +  to modify metadata, publish new versions, and add other owners.
        +* rm: Remove a user from the package owner list.  This immediately revokes
        +  their privileges.
         
         Note that there is only one level of access.  Either you can modify a package,
         or you can't.  Future versions may contain more fine-grained access levels, but
         that is not implemented at this time.
         
        -If you have two-factor authentication enabled with `auth-and-writes` then
        -you'll need to include an otp on the command line when changing ownership
        -with `--otp`.
        +If you have two-factor authentication enabled with `auth-and-writes` (see
        +[`npm-profile`](/commands/npm-profile)) then you'll need to include an otp
        +on the command line when changing ownership with `--otp`.
         
         ### See Also
         
        +* [npm profile](/commands/npm-profile)
         * [npm publish](/commands/npm-publish)
         * [npm registry](/using-npm/registry)
         * [npm adduser](/commands/npm-adduser)
        diff --git a/deps/npm/docs/content/commands/npm-pack.md b/deps/npm/docs/content/commands/npm-pack.md
        index adb5d30832cb8f..cc6b669efb1ef6 100644
        --- a/deps/npm/docs/content/commands/npm-pack.md
        +++ b/deps/npm/docs/content/commands/npm-pack.md
        @@ -13,10 +13,10 @@ npm pack [[<@scope>/]...] [--dry-run]
         ### Description
         
         For anything that's installable (that is, a package folder, tarball,
        -tarball url, name@tag, name@version, name, or scoped name), this
        -command will fetch it to the cache, and then copy the tarball to the
        -current working directory as `-.tgz`, and then write
        -the filenames out to stdout.
        +tarball url, git url, name@tag, name@version, name, or scoped name), this
        +command will fetch it to the cache, copy the tarball to the current working
        +directory as `-.tgz`, and then write the filenames out to
        +stdout.
         
         If the same package is specified multiple times, then the file will be
         overwritten the second time.
        @@ -24,10 +24,12 @@ overwritten the second time.
         If no arguments are supplied, then npm packs the current package folder.
         
         The `--dry-run` argument will do everything that pack usually does without
        -actually packing anything. Reports on what would have gone into the tarball.
        +actually packing anything.  That is, it reports on what would have gone
        +into the tarball, but nothing else.
         
         ### See Also
         
        +* [npm-packlist package](http://npm.im/npm-packlist)
         * [npm cache](/commands/npm-cache)
         * [npm publish](/commands/npm-publish)
         * [npm config](/commands/npm-config)
        diff --git a/deps/npm/docs/content/commands/npm-ping.md b/deps/npm/docs/content/commands/npm-ping.md
        index bc2233da74f0c2..8de06aa1848361 100644
        --- a/deps/npm/docs/content/commands/npm-ping.md
        +++ b/deps/npm/docs/content/commands/npm-ping.md
        @@ -25,5 +25,6 @@ Ping error: {*Detail about error}
         
         ### See Also
         
        +* [npm doctor](/commands/npm-doctor)
         * [npm config](/commands/npm-config)
         * [npmrc](/configuring-npm/npmrc)
        diff --git a/deps/npm/docs/content/commands/npm-profile.md b/deps/npm/docs/content/commands/npm-profile.md
        index d44c994167f053..88edf26d87c410 100644
        --- a/deps/npm/docs/content/commands/npm-profile.md
        +++ b/deps/npm/docs/content/commands/npm-profile.md
        @@ -16,12 +16,12 @@ npm profile disable-2fa
         
         ### Description
         
        -Change your profile information on the registry.  This not be available if
        -you're using a non-npmjs registry.
        +Change your profile information on the registry.  Note that this command
        +depends on the registry implementation, so third-party registries may not
        +support this interface.
         
        -* `npm profile get []`:
        -  Display all of the properties of your profile, or one or more specific
        -  properties.  It looks like:
        +* `npm profile get []`: Display all of the properties of your
        +  profile, or one or more specific properties.  It looks like:
         
         ```bash
         +-----------------+---------------------------+
        @@ -46,27 +46,26 @@ you're using a non-npmjs registry.
         | updated         | 2017-10-02T21:29:45.922Z  |
         +-----------------+---------------------------+
         ```
        -  
        -* `npm profile set  `:
        -  Set the value of a profile property. You can set the following properties this way:
        -    email, fullname, homepage, freenode, twitter, github
         
        -* `npm profile set password`:
        -  Change your password.  This is interactive, you'll be prompted for your
        -  current password and a new password.  You'll also be prompted for an OTP
        -  if you have two-factor authentication enabled.
        +* `npm profile set  `: Set the value of a profile
        +  property. You can set the following properties this way: email, fullname,
        +  homepage, freenode, twitter, github
         
        -* `npm profile enable-2fa [auth-and-writes|auth-only]`:
        -  Enables two-factor authentication. Defaults to `auth-and-writes` mode. Modes are:
        +* `npm profile set password`: Change your password.  This is interactive,
        +  you'll be prompted for your current password and a new password.  You'll
        +  also be prompted for an OTP if you have two-factor authentication
        +  enabled.
        +
        +* `npm profile enable-2fa [auth-and-writes|auth-only]`: Enables two-factor
        +  authentication. Defaults to `auth-and-writes` mode. Modes are:
           * `auth-only`: Require an OTP when logging in or making changes to your
             account's authentication.  The OTP will be required on both the website
             and the command line.
        -  * `auth-and-writes`: Requires an OTP at all the times `auth-only` does, and also requires one when
        -    publishing a module, setting the `latest` dist-tag, or changing access
        -    via `npm access` and `npm owner`.
        +  * `auth-and-writes`: Requires an OTP at all the times `auth-only` does,
        +    and also requires one when publishing a module, setting the `latest`
        +    dist-tag, or changing access via `npm access` and `npm owner`.
         
        -* `npm profile disable-2fa`:
        -  Disables two-factor authentication.
        +* `npm profile disable-2fa`: Disables two-factor authentication.
         
         ### Details
         
        @@ -76,4 +75,6 @@ available on non npmjs.com registries.
         
         ### See Also
         
        +* [npm adduser](/commands/npm-adduser)
        +* [npm logout](/commands/npm-logout)
         * [npm config](/commands/npm-config)
        diff --git a/deps/npm/docs/content/commands/npm-prune.md b/deps/npm/docs/content/commands/npm-prune.md
        index 1a100e9d88ad75..088c1c3470fafa 100644
        --- a/deps/npm/docs/content/commands/npm-prune.md
        +++ b/deps/npm/docs/content/commands/npm-prune.md
        @@ -12,29 +12,26 @@ npm prune [[<@scope>/]...] [--production] [--dry-run] [--json]
         
         ### Description
         
        -This command removes "extraneous" packages.  If a package name is
        -provided, then only packages matching one of the supplied names are
        -removed.
        +This command removes "extraneous" packages.  If a package name is provided,
        +then only packages matching one of the supplied names are removed.
         
        -Extraneous packages are packages that are not listed on the parent
        -package's dependencies list.
        +Extraneous packages are those present in the `node_modules` folder that are
        +not listed as any package's dependency list.
         
         If the `--production` flag is specified or the `NODE_ENV` environment
         variable is set to `production`, this command will remove the packages
        -specified in your `devDependencies`. Setting `--no-production` will
        -negate `NODE_ENV` being set to `production`.
        +specified in your `devDependencies`. Setting `--no-production` will negate
        +`NODE_ENV` being set to `production`.
         
         If the `--dry-run` flag is used then no changes will actually be made.
         
        -If the `--json` flag is used then the changes `npm prune` made (or would
        +If the `--json` flag is used, then the changes `npm prune` made (or would
         have made with `--dry-run`) are printed as a JSON object.
         
        -In normal operation with package-locks enabled, extraneous modules are
        -pruned automatically when modules are installed and you'll only need
        -this command with the `--production` flag.
        -
        -If you've disabled package-locks then extraneous modules will not be removed
        -and it's up to you to run `npm prune` from time-to-time to remove them.
        +In normal operation, extraneous modules are pruned automatically, so you'll
        +only need this command with the `--production` flag.  However, in the real
        +world, operation is not always "normal".  When crashes or mistakes happen,
        +this command can help clean up any resulting garbage.
         
         ### See Also
         
        diff --git a/deps/npm/docs/content/commands/npm-publish.md b/deps/npm/docs/content/commands/npm-publish.md
        index 3dcdc6f3022ed4..fc13e672223589 100644
        --- a/deps/npm/docs/content/commands/npm-publish.md
        +++ b/deps/npm/docs/content/commands/npm-publish.md
        @@ -15,59 +15,91 @@ Sets tag 'latest' if no --tag specified
         
         ### Description
         
        -Publishes a package to the registry so that it can be installed by name. All
        -files in the package directory are included if no local `.gitignore` or
        -`.npmignore` file exists. If both files exist and a file is ignored by
        -`.gitignore` but not by `.npmignore` then it will be included.  See
        -[`developers`](/using-npm/developers) for full details on what's included in the published package, as well as details on how the package is built.
        +Publishes a package to the registry so that it can be installed by name.
         
        -By default npm will publish to the public registry. This can be overridden by
        -specifying a different default registry or using a [`scope`](/using-npm/scope) in the name (see [`package.json`](/configuring-npm/package-json)).
        +By default npm will publish to the public registry. This can be overridden
        +by specifying a different default registry or using a
        +[`scope`](/using-npm/scope) in the name (see
        +[`package.json`](/configuring-npm/package-json)).
         
        -* ``:
        -  A folder containing a package.json file
        +* ``: A folder containing a package.json file
         
        -* ``:
        -  A url or file path to a gzipped tar archive containing a single folder
        -  with a package.json file inside.
        +* ``: A url or file path to a gzipped tar archive containing a
        +  single folder with a package.json file inside.
         
        -* `[--tag ]`
        -  Registers the published package with the given tag, such that
        -  `npm install @` will install this version.  By default,
        +* `[--tag ]`: Registers the published package with the given tag, such
        +  that `npm install @` will install this version.  By default,
           `npm publish` updates and `npm install` installs the `latest` tag. See
           [`npm-dist-tag`](npm-dist-tag) for details about tags.
         
        -* `[--access ]`
        -  Tells the registry whether this package should be published as public or
        -  restricted. Only applies to scoped packages, which default to `restricted`.
        -  If you don't have a paid account, you must publish with `--access public`
        -  to publish scoped packages.
        +* `[--access ]`: Tells the registry whether this package
        +  should be published as public or restricted. Only applies to scoped
        +  packages, which default to `restricted`.  If you don't have a paid
        +  account, you must publish with `--access public` to publish scoped
        +  packages.
         
        -* `[--otp ]`
        -  If you have two-factor authentication enabled in `auth-and-writes` mode
        -  then you can provide a code from your authenticator with this. If you
        -  don't include this and you're running from a TTY then you'll be prompted.
        +* `[--otp ]`: If you have two-factor authentication enabled in
        +  `auth-and-writes` mode then you can provide a code from your
        +  authenticator with this. If you don't include this and you're running
        +  from a TTY then you'll be prompted.
         
        -* `[--dry-run]`
        -  As of `npm@6`, does everything publish would do except actually publishing
        -  to the registry. Reports the details of what would have been published.
        +* `[--dry-run]`: As of `npm@6`, does everything publish would do except
        +  actually publishing to the registry. Reports the details of what would
        +  have been published.
         
        -Fails if the package name and version combination already exists in
        -the specified registry.
        +The publish will fail if the package name and version combination already
        +exists in the specified registry.
         
        -Once a package is published with a given name and version, that
        -specific name and version combination can never be used again, even if
        -it is removed with [`npm unpublish`](/commands/npm-unpublish).
        +Once a package is published with a given name and version, that specific
        +name and version combination can never be used again, even if it is removed
        +with [`npm unpublish`](/commands/npm-unpublish).
         
         As of `npm@5`, both a sha1sum and an integrity field with a sha512sum of the
         tarball will be submitted to the registry during publication. Subsequent
         installs will use the strongest supported algorithm to verify downloads.
         
        -Similar to `--dry-run` see [`npm pack`](/commands/npm-pack), which figures out the files to be
        -included and packs them into a tarball to be uploaded to the registry.
        +Similar to `--dry-run` see [`npm pack`](/commands/npm-pack), which figures
        +out the files to be included and packs them into a tarball to be uploaded
        +to the registry.
        +
        +### Files included in package
        +
        +To see what will be included in your package, run `npx npm-packlist`.  All
        +files are included by default, with the following exceptions:
        +
        +- Certain files that are relevant to package installation and distribution
        +  are always included.  For example, `package.json`, `README.md`,
        +  `LICENSE`, and so on.
        +
        +- If there is a "files" list in
        +  [`package.json`](/configuring-npm/package-json), then only the files
        +  specified will be included.  (If directories are specified, then they
        +  will be walked recursively and their contents included, subject to the
        +  same ignore rules.)
        +
        +- If there is a `.gitignore` or `.npmignore` file, then ignored files in
        +  that and all child directories will be excluded from the package.  If
        +  _both_ files exist, then the `.gitignore` is ignored, and only the
        +  `.npmignore` is used.
        +
        +  `.npmignore` files follow the [same pattern
        +  rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring)
        +  as `.gitignore` files
        +
        +- If the file matches certain patterns, then it will _never_ be included,
        +  unless explicitly added to the `"files"` list in `package.json`, or
        +  un-ignored with a `!` rule in a `.npmignore` or `.gitignore` file.
        +
        +- Symbolic links are never included in npm packages.
        +
        +
        +See [`developers`](/using-npm/developers) for full details on what's
        +included in the published package, as well as details on how the package is
        +built.
         
         ### See Also
         
        +* [npm-packlist package](http://npm.im/npm-packlist)
         * [npm registry](/using-npm/registry)
         * [npm scope](/using-npm/scope)
         * [npm adduser](/commands/npm-adduser)
        diff --git a/deps/npm/docs/content/commands/npm-rebuild.md b/deps/npm/docs/content/commands/npm-rebuild.md
        index 5b6b816f68bd96..0a7ade6b165b46 100644
        --- a/deps/npm/docs/content/commands/npm-rebuild.md
        +++ b/deps/npm/docs/content/commands/npm-rebuild.md
        @@ -7,16 +7,23 @@ description: Rebuild a package
         ### Synopsis
         
         ```bash
        -npm rebuild [[<@scope>/]...]
        +npm rebuild [[<@scope>/][@] ...]
         
        -alias: npm rb
        +alias: rb
         ```
         
         ### Description
         
        -This command runs the `npm build` command on the matched folders.  This is useful when you install a new version of node, and must recompile all your C++ addons with the new binary.
        +This command runs the `npm build` command on the matched folders.  This is
        +useful when you install a new version of node, and must recompile all your
        +C++ addons with the new binary.  It is also useful when installing with
        +`--ignore-scripts` and `--no-bin-links`, to explicitly choose which
        +packages to build and/or link bins.
        +
        +If one or more package names (and optionally version ranges) are provided,
        +then only packages with a name and version matching one of the specifiers
        +will be rebuilt.
         
         ### See Also
         
        -* [npm build](/commands/npm-build)
         * [npm install](/commands/npm-install)
        diff --git a/deps/npm/docs/content/commands/npm-repo.md b/deps/npm/docs/content/commands/npm-repo.md
        index c6fdf36f1d0c44..670345bece5c59 100644
        --- a/deps/npm/docs/content/commands/npm-repo.md
        +++ b/deps/npm/docs/content/commands/npm-repo.md
        @@ -13,9 +13,9 @@ npm repo [ [ ...]]
         ### Description
         
         This command tries to guess at the likely location of a package's
        -repository URL, and then tries to open it using the `--browser`
        -config param. If no package name is provided, it will search for
        -a `package.json` in the current folder and use the `name` property.
        +repository URL, and then tries to open it using the `--browser` config
        +param. If no package name is provided, it will search for a `package.json`
        +in the current folder and use the `repository` property.
         
         ### Configuration
         
        diff --git a/deps/npm/docs/content/commands/npm-restart.md b/deps/npm/docs/content/commands/npm-restart.md
        index a80c54273df970..097c9fee7c9c3b 100644
        --- a/deps/npm/docs/content/commands/npm-restart.md
        +++ b/deps/npm/docs/content/commands/npm-restart.md
        @@ -12,29 +12,28 @@ npm restart [-- ]
         
         ### Description
         
        -This restarts a package.
        +This restarts a project.  It is equivalent to running `npm run-script
        +restart`.
         
        -This runs a package's "stop", "restart", and "start" scripts, and associated
        -pre- and post- scripts, in the order given below:
        +If the current project has a `"restart"` script specified in
        +`package.json`, then the following scripts will be run:
        +
        +1. prerestart
        +2. restart
        +3. postrestart
        +
        +If it does _not_ have a `"restart"` script specified, but it does have
        +`stop` and/or `start` scripts, then the following scripts will be run:
         
         1. prerestart
         2. prestop
         3. stop
         4. poststop
        -5. restart
         6. prestart
         7. start
         8. poststart
         9. postrestart
         
        -### Note
        -
        -Note that the "restart" script is run **in addition to** the "stop"
        -and "start" scripts, not instead of them.
        -
        -This is the behavior as of `npm` major version 2.  A change in this
        -behavior will be accompanied by an increase in major version number
        -
         ### See Also
         
         * [npm run-script](/commands/npm-run-script)
        diff --git a/deps/npm/docs/content/commands/npm-root.md b/deps/npm/docs/content/commands/npm-root.md
        index 317ef9d85a5066..0d694ac876e92b 100644
        --- a/deps/npm/docs/content/commands/npm-root.md
        +++ b/deps/npm/docs/content/commands/npm-root.md
        @@ -5,6 +5,7 @@ description: Display npm root
         ---
         
         ### Synopsis
        +
         ```bash
         npm root [-g]
         ```
        @@ -13,6 +14,15 @@ npm root [-g]
         
         Print the effective `node_modules` folder to standard out.
         
        +Useful for using npm in shell scripts that do things with the
        +`node_modules` folder.  For example:
        +
        +```bash
        +#!/bin/bash
        +global_node_modules="$(npm root --global)"
        +echo "Global packages installed in: ${global_node_modules}"
        +```
        +
         ### See Also
         
         * [npm prefix](/commands/npm-prefix)
        diff --git a/deps/npm/docs/content/commands/npm-run-script.md b/deps/npm/docs/content/commands/npm-run-script.md
        index 06b6e9383e7fe6..05f6380c2b3268 100644
        --- a/deps/npm/docs/content/commands/npm-run-script.md
        +++ b/deps/npm/docs/content/commands/npm-run-script.md
        @@ -7,23 +7,25 @@ description: Run arbitrary package scripts
         ### Synopsis
         
         ```bash
        -npm run-script  [--silent] [-- ...]
        +npm run-script  [--if-present] [--silent] [-- ]
         
        -alias: npm run
        +aliases: run, rum, urn
         ```
         
         ### Description
         
         This runs an arbitrary command from a package's `"scripts"` object.  If no
        -`"command"` is provided, it will list the available scripts.  `run[-script]` is
        -used by the test, start, restart, and stop commands, but can be called
        -directly, as well. When the scripts in the package are printed out, they're
        -separated into lifecycle (test, start, restart) and directly-run scripts.
        +`"command"` is provided, it will list the available scripts.
         
        -As of [`npm@2.0.0`](https://blog.npmjs.org/post/98131109725/npm-2-0-0), you can
        -use custom arguments when executing scripts. The special option `--` is used by
        -[getopt](https://goo.gl/KxMmtG) to delimit the end of the options. npm will pass
        -all the arguments after the `--` directly to your script:
        +`run[-script]` is used by the test, start, restart, and stop commands, but
        +can be called directly, as well. When the scripts in the package are
        +printed out, they're separated into lifecycle (test, start, restart) and
        +directly-run scripts.
        +
        +Any positional arguments are passed to the specified script.  Use `--` to
        +pass `-`-prefixed flags and options which would otherwise be parsed by npm.
        +
        +For example:
         
         ```bash
         npm run test -- --grep="pattern"
        @@ -38,31 +40,28 @@ environment variables that will be available to the script at runtime. If an
         built-in.
         
         In addition to the shell's pre-existing `PATH`, `npm run` adds
        -`node_modules/.bin` to the `PATH` provided to scripts. Any binaries provided by
        -locally-installed dependencies can be used without the `node_modules/.bin`
        -prefix. For example, if there is a `devDependency` on `tap` in your package,
        -you should write:
        +`node_modules/.bin` to the `PATH` provided to scripts. Any binaries
        +provided by locally-installed dependencies can be used without the
        +`node_modules/.bin` prefix. For example, if there is a `devDependency` on
        +`tap` in your package, you should write:
         
         ```bash
        -"scripts": {"test": "tap test/\*.js"}
        +"scripts": {"test": "tap test/*.js"}
         ```
         
         instead of
         
         ```bash
        -"scripts": {"test": "node_modules/.bin/tap test/\*.js"}
        +"scripts": {"test": "node_modules/.bin/tap test/*.js"}
         ```
         
        -to run your tests.
        -
         The actual shell your script is run within is platform dependent. By default,
         on Unix-like systems it is the `/bin/sh` command, on Windows it is the `cmd.exe`.
         The actual shell referred to by `/bin/sh` also depends on the system.
        -As of [`npm@5.1.0`](https://github.com/npm/npm/releases/tag/v5.1.0) you can
        -customize the shell with the `script-shell` configuration.
        +You can customize the shell with the `script-shell` configuration.
         
        -Scripts are run from the root of the module, regardless of what your current
        -working directory is when you call `npm run`. If you want your script to
        +Scripts are run from the root of the module, regardless of what the current
        +working directory is when `npm run` is called. If you want your script to
         use different behavior based on what subdirectory you're in, you can use the
         `INIT_CWD` environment variable, which holds the full path you were in when
         you ran `npm run`.
        diff --git a/deps/npm/docs/content/commands/npm-set-script.md b/deps/npm/docs/content/commands/npm-set-script.md
        new file mode 100644
        index 00000000000000..7bc8f75d236537
        --- /dev/null
        +++ b/deps/npm/docs/content/commands/npm-set-script.md
        @@ -0,0 +1,34 @@
        +---
        +title: npm-set-script
        +section: 1
        +description: Set tasks in the scripts section of package.json
        +---
        +
        +### Synopsis
        +An npm command that lets you create a task in the scripts section of the package.json.
        +
        +```bash
        +npm set-script [