diff --git a/deps/npm/docs/content/commands/npm-install.md b/deps/npm/docs/content/commands/npm-install.md index cb7f45102577ab..06659035d03366 100644 --- a/deps/npm/docs/content/commands/npm-install.md +++ b/deps/npm/docs/content/commands/npm-install.md @@ -99,6 +99,8 @@ Even if you never publish your package, you can still get a lot of benefits of u In most cases, this will install the version of the modules tagged as `latest` on the npm registry. + **Note:** When installing by name without specifying a version or tag, npm prioritizes versions that match the current Node.js version based on the package's `engines` field. If the `latest` tag points to a version incompatible with your current Node.js version, npm will install the newest compatible version instead. To install a specific version regardless of `engines` compatibility, explicitly specify the version or tag: `npm install @latest`. + Example: ```bash @@ -202,6 +204,15 @@ Even if you never publish your package, you can still get a lot of benefits of u npm install @myorg/privatepackage@"16 - 17" ``` + **Prerelease versions:** By default, version ranges only match stable versions. To include prerelease versions, they must be explicitly specified in the range. Prerelease versions are tied to a specific version triple (major.minor.patch). For example, `^1.2.3-beta.1` will only match prereleases for `1.2.x`, not `1.3.x`. To match all prereleases for a major version, use a range like `^1.0.0-0`, which will include all `1.x.x` prereleases. + + Example: + + ```bash + npm install package@^1.2.3-beta.1 # Matches 1.2.3-beta.1, 1.2.3-beta.2, 1.2.4-beta.1, etc. + npm install package@^1.0.0-0 # Matches all 1.x.x prereleases and stable versions + ``` + * `npm install `: Installs the package from the hosted git provider, cloning it with `git`. @@ -319,6 +330,8 @@ npm install sax@">=0.1.0 <0.2.0" bench supervisor The `--tag` argument will apply to all of the specified install targets. If a tag with the given name exists, the tagged version is preferred over newer versions. +**Note:** The `--tag` option only affects packages specified on the command line. It does not override version ranges specified in `package.json`. For example, if `package.json` specifies `"foo": "^1.0.0"` and you run `npm install --tag beta`, npm will still install a version matching `^1.0.0` even if the `beta` tag points to a different version. To install a tagged version, specify the package explicitly: `npm install foo@beta`. + The `--dry-run` argument will report in the usual way what the install would have done without actually installing anything. The `--package-lock-only` argument will only update the `package-lock.json`, instead of checking `node_modules` and downloading dependencies. diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index 7269227274649b..a11d32a80026d1 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@11.6.4 /path/to/npm +npm@11.7.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` diff --git a/deps/npm/docs/content/commands/npm-token.md b/deps/npm/docs/content/commands/npm-token.md index 42dfed6086cea7..3c8e08d7fc38ad 100644 --- a/deps/npm/docs/content/commands/npm-token.md +++ b/deps/npm/docs/content/commands/npm-token.md @@ -9,7 +9,7 @@ description: Manage your authentication tokens ```bash npm token list npm token revoke -npm token create --name= [--token-description=] [--packages=] [--packages-all] [--scopes=] [--orgs=] [--packages-and-scopes-permission=] [--orgs-permission=] [--expires=] [--cidr=] [--bypass-2fa] [--password=] +npm token create ``` Note: This command is unaware of workspaces. @@ -18,37 +18,21 @@ Note: This command is unaware of workspaces. This lets you list, create and revoke authentication tokens. -* `npm token list`: - Shows a table of all active authentication tokens. - You can request this as JSON with `--json` or tab-separated values with `--parseable`. +#### Listing tokens -``` -Read only token npm_1f… with id 7f3134 created 2017-10-21 - -Publish token npm_af… with id c03241 created 2017-10-02 -with IP Whitelist: 192.168.0.1/24 +When listing tokens, an abbreviated token will be displayed. For security purposes the full token is not displayed. -Publish token npm_… with id e0cf92 created 2017-10-02 +#### Generating tokens -``` +When generating tokens, you will be prompted you for your password and, if you have two-factor authentication enabled, an otp. -* `npm token create [--read-only] [--cidr=]`: - Create a new authentication token. - It can be `--read-only`, or accept a list of [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) ranges with which to limit use of this token. - This will prompt you for your password, and, if you have two-factor authentication enabled, an otp. +Please refer to the [docs website](https://docs.npmjs.com/creating-and-viewing-access-tokens) for more information on generating tokens for CI/CD. - Currently, the cli cannot generate automation tokens. - Please refer to the [docs website](https://docs.npmjs.com/creating-and-viewing-access-tokens) for more information on generating automation tokens. +#### Revoking tokens -``` -Created publish token a73c9572-f1b9-8983-983d-ba3ac3cc913d -``` +When revoking a token, you can use the full token (e.g. what you get back from `npm token create`, or as can be found in an `.npmrc` file), or a truncated id. If the given truncated id is not distinct enough to differentiate between multiple existing tokens, you will need to use enough of the id to allow npm to distinguish between them. Full token ids can be found on the [npm website](https://www.npmjs.com), or in the `--parseable` or `--json` output of `npm token list`. This command will NOT accept the truncated token found in the normal `npm token list` output. -* `npm token revoke `: - Immediately removes an authentication token from the registry. - You will no longer be able to use it. - This can accept both complete tokens (such as those you get back from `npm token create`, and those found in your `.npmrc`), and ids as seen in the parseable or json output of `npm token list`. - This will NOT accept the truncated token found in the normal `npm token list` output. +A revoked token will immediately be removed from the registry and you will no longer be able to use it. ### Configuration @@ -88,8 +72,7 @@ expiration. * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific packages. Provide a comma-separated list of -package names. +the token access to specific packages. @@ -109,8 +92,8 @@ token access to all packages instead of limiting to specific packages. * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific scopes. Provide a comma-separated list of scope -names (with or without @ prefix). +the token access to specific scopes. Provide a scope name (with or without @ +prefix). @@ -120,8 +103,7 @@ names (with or without @ prefix). * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific organizations. Provide a comma-separated list -of organization names. +the token access to specific organizations. diff --git a/deps/npm/docs/content/commands/npm-version.md b/deps/npm/docs/content/commands/npm-version.md index 89c3441a48e8ea..cd504b37b7f5eb 100644 --- a/deps/npm/docs/content/commands/npm-version.md +++ b/deps/npm/docs/content/commands/npm-version.md @@ -180,10 +180,14 @@ The `newversion` argument should be a valid semver string, a valid second argume In the second case, the existing version will be incremented by 1 in the specified field. `from-git` will try to read the latest git tag, and use that as the new npm version. +**Note:** If the current version is a prerelease version, `patch` will simply remove the prerelease suffix without incrementing the patch version number. For example, `1.2.0-5` becomes `1.2.0` with `npm version patch`, not `1.2.1`. + If run in a git repo, it will also create a version commit and tag. This behavior is controlled by `git-tag-version` (see below), and can be disabled on the command line by running `npm --no-git-tag-version version`. It will fail if the working directory is not clean, unless the `-f` or `--force` flag is set. +**Note:** Git integration requires a reasonably recent version of git (2.0.0 or later is recommended). If you encounter issues with git commands, ensure your git installation is up to date. + If supplied with `-m` or [`--message` config](/using-npm/config#message) option, npm will use it as a commit message when creating a version commit. If the `message` config contains `%s` then that will be replaced with the resulting version number. For example: diff --git a/deps/npm/docs/content/commands/npm-view.md b/deps/npm/docs/content/commands/npm-view.md index 6353b3c359f6da..3b4fa50976d260 100644 --- a/deps/npm/docs/content/commands/npm-view.md +++ b/deps/npm/docs/content/commands/npm-view.md @@ -74,6 +74,22 @@ If the field value you are querying for is a property of an object, you should r npm view express time'[4.8.0]' ``` +Note: When accessing object properties that contain special characters or numeric keys, you need to use quotes around the key name. +For example, to get the publish time of a specific version: + +```bash +npm view express "time[4.17.1]" +``` + +Without quotes, the shell may interpret the square brackets as glob patterns, causing the command to fail. +You can also access the time field for a specific version by specifying the version in the package descriptor: + +```bash +npm view express@4.17.1 time +``` + +This will return all version-time pairs, but the context will be for that specific version. + Multiple fields may be specified, and will be printed one after another. For example, to get all the contributor names and email addresses, you can do this: @@ -102,6 +118,56 @@ To show the `connect` package version history, you can do this: npm view connect versions ``` +### Field Access Patterns + +The `npm view` command supports different ways to access nested fields and array elements in package metadata. Understanding these patterns makes it easier to extract specific information. + +#### Nested Object Fields + +Use dot notation to access nested object fields: + +```bash +# Access nested properties +npm view npm repository.url +npm view express bugs.url +``` + +#### Array Element Access + +For arrays, use numeric indices in square brackets to access specific elements: + +```bash +# Get the first contributor's email +npm view express contributors[0].email + +# Get the second maintainer's name +npm view express maintainers[1].name +``` + +#### Object Property Access + +For object properties (like accessing specific versions in the `time` field), use bracket notation with the property name in quotes: + +```bash +# Get publish time for a specific version +npm view express "time[4.17.1]" + +# Get dist-tags +npm view express "dist-tags.latest" +``` + +#### Extracting Fields from Arrays + +Request a non-numeric field on an array to get all values from objects in the list: + +```bash +# Get all contributor emails +npm view express contributors.email + +# Get all contributor names +npm view express contributors.name +``` + ### Configuration #### `json` diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index 795245e1bb86d6..dfd97adb237349 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. ### Version -11.6.4 +11.7.0 ### Description diff --git a/deps/npm/docs/content/commands/npx.md b/deps/npm/docs/content/commands/npx.md index 83fcf326fbceb3..2f24477f93bda4 100644 --- a/deps/npm/docs/content/commands/npx.md +++ b/deps/npm/docs/content/commands/npx.md @@ -17,6 +17,8 @@ npx --package=foo -c ' [args...]' This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via `npm run`. +Run this command to execute a package's binary. Any options and arguments after the package name are passed directly to the executed command, not to npx itself. For example, `npx create-react-app my-app --template typescript` will pass `my-app` and `--template typescript` to the `create-react-app` command. To see what options a specific package accepts, consult that package's documentation (e.g., at npmjs.com or in its repository). + Whatever packages are specified by the `--package` option will be provided in the `PATH` of the executed command, along with any locally installed package executables. The `--package` option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available. diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md index 623e8e1194fbcf..972845cd3c15d5 100644 --- a/deps/npm/docs/content/configuring-npm/package-json.md +++ b/deps/npm/docs/content/configuring-npm/package-json.md @@ -335,6 +335,12 @@ For most modules, it makes the most sense to have a main script and often not mu If `main` is not set, it defaults to `index.js` in the package's root folder. +### type + +The `type` field defines how Node.js should interpret `.js` files in your package. This field is not used by npm. + +See the [Node.js documentation on the type field](https://nodejs.org/api/packages.html#type) for more information. + ### browser If your module is meant to be used client-side the browser field should be used instead of the main field. @@ -502,6 +508,19 @@ For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the same } ``` +**Note on normalization:** When you publish a package, npm normalizes the `repository` field to the full object format with a `url` property. If you use a shorthand format (like `"npm/example"`), you'll see a warning during `npm publish` indicating that the field was auto-corrected. While the shorthand format currently works, it's recommended to use the full object format in your `package.json` to avoid warnings and ensure future compatibility: + +```json +{ + "repository": { + "type": "git", + "url": "git+https://github.com/npm/example.git" + } +} +``` + +You can run `npm pkg fix` to automatically convert shorthand formats to the normalized object format. + If the `package.json` for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives: ```json @@ -521,6 +540,20 @@ The key is the lifecycle event, and the value is the command to run at that poin See [`scripts`](/using-npm/scripts) to find out more about writing package scripts. +### gypfile + +If you have a binding.gyp file in the root of your package and you have not defined your own `install` or `preinstall` scripts, npm will default to building your module using node-gyp. + +To prevent npm from automatically building your module with node-gyp, set `gypfile` to `false`: + +```json +{ + "gypfile": false +} +``` + +This is useful for packages that include native addons but want to handle the build process differently, or packages that have a binding.gyp file but should not be built as a native addon. + ### config A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades. @@ -926,6 +959,53 @@ To make this limitation easier to deal with, overrides may also be defined as a } ``` +#### Replacing a dependency with a fork + +You can replace a package with a different package or fork using several methods: + +**Using the `npm:` prefix to replace with a different package name:** + +```json +{ + "overrides": { + "package-name": "npm:@scope/forked-package@1.0.0" + } +} +``` + +**Using a GitHub repository (supports branches, tags, or commit hashes):** + +```json +{ + "overrides": { + "package-name": "github:username/repo#branch-name" + } +} +``` + +**Using a local file path:** + +```json +{ + "overrides": { + "package-name": "file:../local-fork" + } +} +``` + +These replacement methods work for both top-level overrides and nested overrides. +For example, to replace a transitive dependency with a fork: + +```json +{ + "overrides": { + "parent-package": { + "vulnerable-dep": "github:username/patched-fork#v2.0.1" + } + } +} +``` + ### engines You can specify the version of node that your stuff works on: diff --git a/deps/npm/docs/content/configuring-npm/package-lock-json.md b/deps/npm/docs/content/configuring-npm/package-lock-json.md index 813db23fd370b9..4d81156bd9c3c7 100644 --- a/deps/npm/docs/content/configuring-npm/package-lock-json.md +++ b/deps/npm/docs/content/configuring-npm/package-lock-json.md @@ -136,6 +136,7 @@ npm v7 ignores this section entirely if a `packages` section is present, but doe Dependency objects have the following fields: * version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it. + Note that for peer dependencies that are not installed, or optional dependencies that are not installed, this field may be omitted. * bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes. * registry sources: This is a version number. @@ -149,6 +150,8 @@ Dependency objects have the following fields: * local link sources: This is the file URL of the link. (eg `file:libs/our-module`) + **Note:** The `version` field may be omitted for certain types of dependencies, such as optional peer dependencies that are not installed. In these cases, only metadata fields like `dev`, `optional`, and `peer` will be present. + * integrity: A `sha512` or `sha1` [Standard Subresource Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) string for the artifact that was unpacked in this location. For git dependencies, this is the commit sha. diff --git a/deps/npm/docs/content/using-npm/config.md b/deps/npm/docs/content/using-npm/config.md index 06b0722abf957b..91dc8765a32c9b 100644 --- a/deps/npm/docs/content/using-npm/config.md +++ b/deps/npm/docs/content/using-npm/config.md @@ -20,6 +20,14 @@ Using `--flag` without specifying any value will set the value to `true`. Example: `--flag1 --flag2` will set both configuration parameters to `true`, while `--flag1 --flag2 bar` will set `flag1` to `true`, and `flag2` to `bar`. Finally, `--flag1 --flag2 -- bar` will set both configuration parameters to `true`, and the `bar` is taken as a command argument. +**Common examples:** + +* `npm install --prefix /path/to/dir` - Runs npm commands in a different directory without changing the current working directory +* `npm install --global` - Installs packages globally (shorthand: `-g`) +* `npm install --save-dev` - Saves to devDependencies (shorthand: `-D`) + +Any configuration option documented in the [Config Settings](#config-settings) section below can be set via command line flags using `--option-name value` syntax. + #### Environment Variables Any environment variables that start with `npm_config_` will be interpreted as a configuration parameter. @@ -1138,8 +1146,7 @@ time. * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific organizations. Provide a comma-separated list -of organization names. +the token access to specific organizations. @@ -1227,8 +1234,7 @@ For `list` this means the output will be based on the tree described by the * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific packages. Provide a comma-separated list of -package names. +the token access to specific packages. @@ -1564,8 +1570,8 @@ npm init --scope=@foo --yes * Type: null or String (can be set multiple times) When creating a Granular Access Token with `npm token create`, this limits -the token access to specific scopes. Provide a comma-separated list of scope -names (with or without @ prefix). +the token access to specific scopes. Provide a scope name (with or without @ +prefix). diff --git a/deps/npm/docs/content/using-npm/package-spec.md b/deps/npm/docs/content/using-npm/package-spec.md index f4a3c191987421..eb074a801895f7 100644 --- a/deps/npm/docs/content/using-npm/package-spec.md +++ b/deps/npm/docs/content/using-npm/package-spec.md @@ -37,9 +37,9 @@ The `` is the name of the package as it is reified in the `node_modules` See `Package name` above for more info on referring to a package by name, and [registry](/using-npm/config#registry) for configuring which registry is used when referring to a package by name. Examples: -* `semver:@npm:@npmcli/semver-with-patch` -* `semver:@npm:semver@7.2.2` -* `semver:@npm:semver@legacy` +* `semver@npm:@npmcli/semver-with-patch` +* `semver@npm:semver@7.2.2` +* `semver@npm:semver@legacy` ### Folders diff --git a/deps/npm/docs/content/using-npm/scripts.md b/deps/npm/docs/content/using-npm/scripts.md index eaf760e33e4c93..cf4a4284e4cc96 100644 --- a/deps/npm/docs/content/using-npm/scripts.md +++ b/deps/npm/docs/content/using-npm/scripts.md @@ -42,7 +42,7 @@ These scripts happen in addition to the `pre`, `post`, and **prepare** (since `npm@4.0.0`) * Runs BEFORE the package is packed, i.e. during `npm publish` and `npm pack` -* Runs on local `npm install` without any arguments +* Runs on local `npm install` without package arguments (runs with flags like `--production` or `--omit=dev`, but does not run when installing specific packages like `npm install express`) * Runs AFTER `prepublishOnly` and `prepack`, but BEFORE `postpack` * Runs for a package if it's being installed as a link through `npm install ` @@ -51,6 +51,8 @@ during `npm publish` and `npm pack` * As of `npm@7` these scripts run in the background. To see the output, run with: `--foreground-scripts`. +* **In workspaces, prepare scripts run concurrently** across all packages. If you have interdependent packages where one must build before another, consider using `--foreground-scripts` (which can be set in `.npmrc` with `foreground-scripts=true`) to run scripts sequentially, or structure your build differently. + **prepublish** (DEPRECATED) * Does not run during `npm publish`, but does run during `npm ci` and `npm install`. See below for more info. @@ -82,17 +84,17 @@ See for a much lengthier justification **Use Cases** -If you need to perform operations on your package before it is used, in a way that is not dependent on the operating system or architecture of the target system, use a `prepublish` script. +Use a `prepare` script to perform build tasks that are platform-independent and need to run before your package is used. This includes tasks such as: -* Compiling CoffeeScript source code into JavaScript. +* Compiling TypeScript or other source code into JavaScript. * Creating minified versions of JavaScript source code. * Fetching remote resources that your package will use. -The advantage of doing these things at `prepublish` time is that they can be done once, in a single place, thus reducing complexity and variability. +Running these build tasks in the `prepare` script ensures they happen once, in a single place, reducing complexity and variability. Additionally, this means that: -* You can depend on `coffee-script` as a `devDependency`, and thus your users don't need to have it installed. +* You can depend on build tools as `devDependencies`, and thus your users don't need to have them installed. * You don't need to include minifiers in your package, reducing the size for your users. * You don't need to rely on your users having `curl` or `wget` or other system tools on the target machines. @@ -268,8 +270,27 @@ then you could run `npm start` to execute the `bar` script, which is exported in #### package.json vars -The package.json fields are tacked onto the `npm_package_` prefix. -So, for instance, if you had `{"name":"foo", "version":"1.2.5"}` in your package.json file, then your package scripts would have the `npm_package_name` environment variable set to "foo", and the `npm_package_version` set to "1.2.5". You can access these variables in your code with `process.env.npm_package_name` and `process.env.npm_package_version`, and so on for other fields. +npm sets the following environment variables from the package.json: + +* `npm_package_name` - The package name +* `npm_package_version` - The package version +* `npm_package_bin_*` - Each executable defined in the bin field +* `npm_package_engines_*` - Each engine defined in the engines field +* `npm_package_config_*` - Each config value defined in the config field +* `npm_package_json` - The full path to the package.json file + +Additionally, for install scripts (`preinstall`, `install`, `postinstall`), npm sets these environment variables: + +* `npm_package_resolved` - The resolved URL for the package +* `npm_package_integrity` - The integrity hash for the package +* `npm_package_optional` - Set to `"true"` if the package is optional +* `npm_package_dev` - Set to `"true"` if the package is a dev dependency +* `npm_package_peer` - Set to `"true"` if the package is a peer dependency +* `npm_package_dev_optional` - Set to `"true"` if the package is both dev and optional + +For example, if you had `{"name":"foo", "version":"1.2.5"}` in your package.json file, then your package scripts would have the `npm_package_name` environment variable set to "foo", and the `npm_package_version` set to "1.2.5". You can access these variables in your code with `process.env.npm_package_name` and `process.env.npm_package_version`. + +**Note:** In npm 7 and later, most package.json fields are no longer provided as environment variables. Scripts that need access to other package.json fields should read the package.json file directly. The `npm_package_json` environment variable provides the path to the file for this purpose. See [`package.json`](/configuring-npm/package-json) for more on package configs. @@ -292,25 +313,24 @@ For example, if your package.json contains this: ```json { "scripts" : { - "install" : "scripts/install.js", - "postinstall" : "scripts/install.js" + "prepare" : "scripts/build.js", + "test" : "scripts/test.js" } } ``` -then `scripts/install.js` will be called for the install and post-install stages of the lifecycle. -Since `scripts/install.js` is running for two different phases, it would be wise in this case to look at the -`npm_lifecycle_event` environment variable. +then `scripts/build.js` will be called for the prepare stage of the lifecycle, and you can check the +`npm_lifecycle_event` environment variable if your script needs to behave differently in different contexts. -If you want to run a make command, you can do so. +If you want to run build commands, you can do so. This works just fine: ```json { "scripts" : { - "preinstall" : "./configure", - "install" : "make && make install", - "test" : "make test" + "prepare" : "npm run build", + "build" : "tsc", + "test" : "jest" } } ``` diff --git a/deps/npm/docs/output/commands/npm-access.html b/deps/npm/docs/output/commands/npm-access.html index fcbe936f3dd3eb..195681af3693be 100644 --- a/deps/npm/docs/output/commands/npm-access.html +++ b/deps/npm/docs/output/commands/npm-access.html @@ -141,9 +141,9 @@
-

+

npm-access - @11.6.4 + @11.7.0

Set access level on published packages
diff --git a/deps/npm/docs/output/commands/npm-adduser.html b/deps/npm/docs/output/commands/npm-adduser.html index 967d5c89ae94ec..53abba7912a65c 100644 --- a/deps/npm/docs/output/commands/npm-adduser.html +++ b/deps/npm/docs/output/commands/npm-adduser.html @@ -141,9 +141,9 @@
-

+

npm-adduser - @11.6.4 + @11.7.0

Add a registry user account
diff --git a/deps/npm/docs/output/commands/npm-audit.html b/deps/npm/docs/output/commands/npm-audit.html index 97a8b5e2a437bf..c54dca59e2b904 100644 --- a/deps/npm/docs/output/commands/npm-audit.html +++ b/deps/npm/docs/output/commands/npm-audit.html @@ -141,9 +141,9 @@
-

+

npm-audit - @11.6.4 + @11.7.0

Run a security audit
diff --git a/deps/npm/docs/output/commands/npm-bugs.html b/deps/npm/docs/output/commands/npm-bugs.html index 3c2f42803d5eaa..6b1655ffa6178b 100644 --- a/deps/npm/docs/output/commands/npm-bugs.html +++ b/deps/npm/docs/output/commands/npm-bugs.html @@ -141,9 +141,9 @@
-

+

npm-bugs - @11.6.4 + @11.7.0

Report bugs for a package in a web browser
diff --git a/deps/npm/docs/output/commands/npm-cache.html b/deps/npm/docs/output/commands/npm-cache.html index e1331c3358c391..e981e87cd3c154 100644 --- a/deps/npm/docs/output/commands/npm-cache.html +++ b/deps/npm/docs/output/commands/npm-cache.html @@ -141,9 +141,9 @@
-

+

npm-cache - @11.6.4 + @11.7.0

Manipulates packages cache
diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html index ce959653073f4b..7c61a7d882b3d8 100644 --- a/deps/npm/docs/output/commands/npm-ci.html +++ b/deps/npm/docs/output/commands/npm-ci.html @@ -141,9 +141,9 @@
-

+

npm-ci - @11.6.4 + @11.7.0

Clean install a project
diff --git a/deps/npm/docs/output/commands/npm-completion.html b/deps/npm/docs/output/commands/npm-completion.html index 69ebaffec1b381..fa450ac4421618 100644 --- a/deps/npm/docs/output/commands/npm-completion.html +++ b/deps/npm/docs/output/commands/npm-completion.html @@ -141,9 +141,9 @@
-

+

npm-completion - @11.6.4 + @11.7.0

Tab Completion for npm
diff --git a/deps/npm/docs/output/commands/npm-config.html b/deps/npm/docs/output/commands/npm-config.html index cb626c89f493e5..08798146c3537b 100644 --- a/deps/npm/docs/output/commands/npm-config.html +++ b/deps/npm/docs/output/commands/npm-config.html @@ -141,9 +141,9 @@
-

+

npm-config - @11.6.4 + @11.7.0

Manage the npm configuration files
diff --git a/deps/npm/docs/output/commands/npm-dedupe.html b/deps/npm/docs/output/commands/npm-dedupe.html index ba137d390eb1fd..42899a4560b7bd 100644 --- a/deps/npm/docs/output/commands/npm-dedupe.html +++ b/deps/npm/docs/output/commands/npm-dedupe.html @@ -141,9 +141,9 @@
-

+

npm-dedupe - @11.6.4 + @11.7.0

Reduce duplication in the package tree
diff --git a/deps/npm/docs/output/commands/npm-deprecate.html b/deps/npm/docs/output/commands/npm-deprecate.html index 88523b6425513c..609064ffaed62b 100644 --- a/deps/npm/docs/output/commands/npm-deprecate.html +++ b/deps/npm/docs/output/commands/npm-deprecate.html @@ -141,9 +141,9 @@
-

+

npm-deprecate - @11.6.4 + @11.7.0

Deprecate a version of a package
diff --git a/deps/npm/docs/output/commands/npm-diff.html b/deps/npm/docs/output/commands/npm-diff.html index c19336f3b415b8..fe49cff65fb271 100644 --- a/deps/npm/docs/output/commands/npm-diff.html +++ b/deps/npm/docs/output/commands/npm-diff.html @@ -141,9 +141,9 @@
-

+

npm-diff - @11.6.4 + @11.7.0

The registry diff command
diff --git a/deps/npm/docs/output/commands/npm-dist-tag.html b/deps/npm/docs/output/commands/npm-dist-tag.html index e129f35e4b5102..ec4ed8f1e172c3 100644 --- a/deps/npm/docs/output/commands/npm-dist-tag.html +++ b/deps/npm/docs/output/commands/npm-dist-tag.html @@ -141,9 +141,9 @@
-

+

npm-dist-tag - @11.6.4 + @11.7.0

Modify package distribution tags
diff --git a/deps/npm/docs/output/commands/npm-docs.html b/deps/npm/docs/output/commands/npm-docs.html index 171b4fb8b54130..6d3e6774f5853e 100644 --- a/deps/npm/docs/output/commands/npm-docs.html +++ b/deps/npm/docs/output/commands/npm-docs.html @@ -141,9 +141,9 @@
-

+

npm-docs - @11.6.4 + @11.7.0

Open documentation for a package in a web browser
diff --git a/deps/npm/docs/output/commands/npm-doctor.html b/deps/npm/docs/output/commands/npm-doctor.html index 05cea3c4716d44..1c5c5a8cff3652 100644 --- a/deps/npm/docs/output/commands/npm-doctor.html +++ b/deps/npm/docs/output/commands/npm-doctor.html @@ -141,9 +141,9 @@
-

+

npm-doctor - @11.6.4 + @11.7.0

Check the health of your npm environment
diff --git a/deps/npm/docs/output/commands/npm-edit.html b/deps/npm/docs/output/commands/npm-edit.html index 4f9df6f89db5b7..56a94020dfe3a0 100644 --- a/deps/npm/docs/output/commands/npm-edit.html +++ b/deps/npm/docs/output/commands/npm-edit.html @@ -141,9 +141,9 @@
-

+

npm-edit - @11.6.4 + @11.7.0

Edit an installed package
diff --git a/deps/npm/docs/output/commands/npm-exec.html b/deps/npm/docs/output/commands/npm-exec.html index 7a8dcfce32a500..b6037997c09090 100644 --- a/deps/npm/docs/output/commands/npm-exec.html +++ b/deps/npm/docs/output/commands/npm-exec.html @@ -141,9 +141,9 @@
-

+

npm-exec - @11.6.4 + @11.7.0

Run a command from a local or remote npm package
diff --git a/deps/npm/docs/output/commands/npm-explain.html b/deps/npm/docs/output/commands/npm-explain.html index e3c74d0275ef77..dd2fa78955f6df 100644 --- a/deps/npm/docs/output/commands/npm-explain.html +++ b/deps/npm/docs/output/commands/npm-explain.html @@ -141,9 +141,9 @@
-

+

npm-explain - @11.6.4 + @11.7.0

Explain installed packages
diff --git a/deps/npm/docs/output/commands/npm-explore.html b/deps/npm/docs/output/commands/npm-explore.html index fabb1a9a5b9881..ae3fa3ebf2b14b 100644 --- a/deps/npm/docs/output/commands/npm-explore.html +++ b/deps/npm/docs/output/commands/npm-explore.html @@ -141,9 +141,9 @@
-

+

npm-explore - @11.6.4 + @11.7.0

Browse an installed package
diff --git a/deps/npm/docs/output/commands/npm-find-dupes.html b/deps/npm/docs/output/commands/npm-find-dupes.html index 1b8d714e97c5dd..d4ec011e79b3ba 100644 --- a/deps/npm/docs/output/commands/npm-find-dupes.html +++ b/deps/npm/docs/output/commands/npm-find-dupes.html @@ -141,9 +141,9 @@
-

+

npm-find-dupes - @11.6.4 + @11.7.0

Find duplication in the package tree
diff --git a/deps/npm/docs/output/commands/npm-fund.html b/deps/npm/docs/output/commands/npm-fund.html index a55a454bbde169..f12b6c52447a19 100644 --- a/deps/npm/docs/output/commands/npm-fund.html +++ b/deps/npm/docs/output/commands/npm-fund.html @@ -141,9 +141,9 @@
-

+

npm-fund - @11.6.4 + @11.7.0

Retrieve funding information
diff --git a/deps/npm/docs/output/commands/npm-help-search.html b/deps/npm/docs/output/commands/npm-help-search.html index dbf0651abebd51..e1d24260ff706b 100644 --- a/deps/npm/docs/output/commands/npm-help-search.html +++ b/deps/npm/docs/output/commands/npm-help-search.html @@ -141,9 +141,9 @@
-

+

npm-help-search - @11.6.4 + @11.7.0

Search npm help documentation
diff --git a/deps/npm/docs/output/commands/npm-help.html b/deps/npm/docs/output/commands/npm-help.html index 90637b0b06f558..eb5ea89ace3ad2 100644 --- a/deps/npm/docs/output/commands/npm-help.html +++ b/deps/npm/docs/output/commands/npm-help.html @@ -141,9 +141,9 @@
-

+

npm-help - @11.6.4 + @11.7.0

Get help on npm
diff --git a/deps/npm/docs/output/commands/npm-init.html b/deps/npm/docs/output/commands/npm-init.html index f448755481eefa..bfa5478fdd8848 100644 --- a/deps/npm/docs/output/commands/npm-init.html +++ b/deps/npm/docs/output/commands/npm-init.html @@ -141,9 +141,9 @@
-

+

npm-init - @11.6.4 + @11.7.0

Create a package.json file
diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html index 3a2aa7c7672c58..526a2d839b69bd 100644 --- a/deps/npm/docs/output/commands/npm-install-ci-test.html +++ b/deps/npm/docs/output/commands/npm-install-ci-test.html @@ -141,9 +141,9 @@
-

+

npm-install-ci-test - @11.6.4 + @11.7.0

Install a project with a clean slate and run tests
diff --git a/deps/npm/docs/output/commands/npm-install-test.html b/deps/npm/docs/output/commands/npm-install-test.html index 2fa0f7340cefbd..63cf5fb8640217 100644 --- a/deps/npm/docs/output/commands/npm-install-test.html +++ b/deps/npm/docs/output/commands/npm-install-test.html @@ -141,9 +141,9 @@
-

+

npm-install-test - @11.6.4 + @11.7.0

Install package(s) and run tests
diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html index f02c446820ebb2..3915e34ab07f71 100644 --- a/deps/npm/docs/output/commands/npm-install.html +++ b/deps/npm/docs/output/commands/npm-install.html @@ -141,9 +141,9 @@
-

+

npm-install - @11.6.4 + @11.7.0

Install a package
@@ -231,6 +231,7 @@

Description

(See config. The config's default value is latest.)

In most cases, this will install the version of the modules tagged as latest on the npm registry.

+

Note: When installing by name without specifying a version or tag, npm prioritizes versions that match the current Node.js version based on the package's engines field. If the latest tag points to a version incompatible with your current Node.js version, npm will install the newest compatible version instead. To install a specific version regardless of engines compatibility, explicitly specify the version or tag: npm install <name>@latest.

Example:

npm install sax
@@ -321,6 +322,11 @@

Description

npm install sax@">=0.1.0 <0.2.0"
 npm install @myorg/privatepackage@"16 - 17"
+

Prerelease versions: By default, version ranges only match stable versions. To include prerelease versions, they must be explicitly specified in the range. Prerelease versions are tied to a specific version triple (major.minor.patch). For example, ^1.2.3-beta.1 will only match prereleases for 1.2.x, not 1.3.x. To match all prereleases for a major version, use a range like ^1.0.0-0, which will include all 1.x.x prereleases.

+

Example:

+
npm install package@^1.2.3-beta.1  # Matches 1.2.3-beta.1, 1.2.3-beta.2, 1.2.4-beta.1, etc.
+npm install package@^1.0.0-0       # Matches all 1.x.x prereleases and stable versions
+

  • npm install <git remote url>:

    @@ -409,6 +415,7 @@

    Description

    The --tag argument will apply to all of the specified install targets. If a tag with the given name exists, the tagged version is preferred over newer versions.

    +

    Note: The --tag option only affects packages specified on the command line. It does not override version ranges specified in package.json. For example, if package.json specifies "foo": "^1.0.0" and you run npm install --tag beta, npm will still install a version matching ^1.0.0 even if the beta tag points to a different version. To install a tagged version, specify the package explicitly: npm install foo@beta.

    The --dry-run argument will report in the usual way what the install would have done without actually installing anything.

    The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.

    The -f or --force argument will force npm to fetch remote resources even if a local copy exists on disk.

    diff --git a/deps/npm/docs/output/commands/npm-link.html b/deps/npm/docs/output/commands/npm-link.html index 976466712a94f4..b3aa3f4d10dcba 100644 --- a/deps/npm/docs/output/commands/npm-link.html +++ b/deps/npm/docs/output/commands/npm-link.html @@ -141,9 +141,9 @@
    -

    +

    npm-link - @11.6.4 + @11.7.0

    Symlink a package folder
    diff --git a/deps/npm/docs/output/commands/npm-login.html b/deps/npm/docs/output/commands/npm-login.html index a229d34416bd03..b006eb10857a68 100644 --- a/deps/npm/docs/output/commands/npm-login.html +++ b/deps/npm/docs/output/commands/npm-login.html @@ -141,9 +141,9 @@
    -

    +

    npm-login - @11.6.4 + @11.7.0

    Login to a registry user account
    diff --git a/deps/npm/docs/output/commands/npm-logout.html b/deps/npm/docs/output/commands/npm-logout.html index 1a4ba0429ec85f..35383e7a423518 100644 --- a/deps/npm/docs/output/commands/npm-logout.html +++ b/deps/npm/docs/output/commands/npm-logout.html @@ -141,9 +141,9 @@
    -

    +

    npm-logout - @11.6.4 + @11.7.0

    Log out of the registry
    diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index 990422ba10991b..90861185c402e5 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -141,9 +141,9 @@
    -

    +

    npm-ls - @11.6.4 + @11.7.0

    List installed packages
    @@ -164,7 +164,7 @@

    Description

    Positional arguments are name@version-range identifiers, which will limit the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

    -
    npm@11.6.4 /path/to/npm
+
    npm@11.7.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
    
diff --git a/deps/npm/docs/output/commands/npm-org.html b/deps/npm/docs/output/commands/npm-org.html
index 7928f904603023..02255e5e793d0f 100644
--- a/deps/npm/docs/output/commands/npm-org.html
+++ b/deps/npm/docs/output/commands/npm-org.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-org
-    @11.6.4
+    @11.7.0
 
    
 Manage orgs
 
    
diff --git a/deps/npm/docs/output/commands/npm-outdated.html b/deps/npm/docs/output/commands/npm-outdated.html
index 581a636d293768..6ea0b004145cd2 100644
--- a/deps/npm/docs/output/commands/npm-outdated.html
+++ b/deps/npm/docs/output/commands/npm-outdated.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-outdated
-    @11.6.4
+    @11.7.0
 
    
 Check for outdated packages
 
    
diff --git a/deps/npm/docs/output/commands/npm-owner.html b/deps/npm/docs/output/commands/npm-owner.html
index 142bf586f5635f..4f15b4e08d0d53 100644
--- a/deps/npm/docs/output/commands/npm-owner.html
+++ b/deps/npm/docs/output/commands/npm-owner.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-owner
-    @11.6.4
+    @11.7.0
 
    
 Manage package owners
 
    
diff --git a/deps/npm/docs/output/commands/npm-pack.html b/deps/npm/docs/output/commands/npm-pack.html
index 2f7c57a9a4d12c..aca14d30af2372 100644
--- a/deps/npm/docs/output/commands/npm-pack.html
+++ b/deps/npm/docs/output/commands/npm-pack.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-pack
-    @11.6.4
+    @11.7.0
 
    
 Create a tarball from a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-ping.html b/deps/npm/docs/output/commands/npm-ping.html
index 63a67442b1c32d..24d15552bfd73c 100644
--- a/deps/npm/docs/output/commands/npm-ping.html
+++ b/deps/npm/docs/output/commands/npm-ping.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-ping
-    @11.6.4
+    @11.7.0
 
    
 Ping npm registry
 
    
diff --git a/deps/npm/docs/output/commands/npm-pkg.html b/deps/npm/docs/output/commands/npm-pkg.html
index 372e2ef4da8667..d733de75a9bcea 100644
--- a/deps/npm/docs/output/commands/npm-pkg.html
+++ b/deps/npm/docs/output/commands/npm-pkg.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-pkg
-    @11.6.4
+    @11.7.0
 
    
 Manages your package.json
 
    
diff --git a/deps/npm/docs/output/commands/npm-prefix.html b/deps/npm/docs/output/commands/npm-prefix.html
index 89ac6d0ace81c2..c4d8f342fabdd6 100644
--- a/deps/npm/docs/output/commands/npm-prefix.html
+++ b/deps/npm/docs/output/commands/npm-prefix.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-prefix
-    @11.6.4
+    @11.7.0
 
    
 Display prefix
 
    
diff --git a/deps/npm/docs/output/commands/npm-profile.html b/deps/npm/docs/output/commands/npm-profile.html
index 57965f5ab51de9..9635c4791ba220 100644
--- a/deps/npm/docs/output/commands/npm-profile.html
+++ b/deps/npm/docs/output/commands/npm-profile.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-profile
-    @11.6.4
+    @11.7.0
 
    
 Change settings on your registry profile
 
    
diff --git a/deps/npm/docs/output/commands/npm-prune.html b/deps/npm/docs/output/commands/npm-prune.html
index b53a97d48f124a..6fe4dc9df388be 100644
--- a/deps/npm/docs/output/commands/npm-prune.html
+++ b/deps/npm/docs/output/commands/npm-prune.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-prune
-    @11.6.4
+    @11.7.0
 
    
 Remove extraneous packages
 
    
diff --git a/deps/npm/docs/output/commands/npm-publish.html b/deps/npm/docs/output/commands/npm-publish.html
index 5792e0bbeced35..902fc998eb89be 100644
--- a/deps/npm/docs/output/commands/npm-publish.html
+++ b/deps/npm/docs/output/commands/npm-publish.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-publish
-    @11.6.4
+    @11.7.0
 
    
 Publish a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-query.html b/deps/npm/docs/output/commands/npm-query.html
index e3e2fe6ec21fc3..e292db70829e47 100644
--- a/deps/npm/docs/output/commands/npm-query.html
+++ b/deps/npm/docs/output/commands/npm-query.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-query
-    @11.6.4
+    @11.7.0
 
    
 Dependency selector query
 
    
diff --git a/deps/npm/docs/output/commands/npm-rebuild.html b/deps/npm/docs/output/commands/npm-rebuild.html
index 282283caae7a49..7c110a2ad955b0 100644
--- a/deps/npm/docs/output/commands/npm-rebuild.html
+++ b/deps/npm/docs/output/commands/npm-rebuild.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-rebuild
-    @11.6.4
+    @11.7.0
 
    
 Rebuild a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-repo.html b/deps/npm/docs/output/commands/npm-repo.html
index 41d23c87badc18..450878c0734775 100644
--- a/deps/npm/docs/output/commands/npm-repo.html
+++ b/deps/npm/docs/output/commands/npm-repo.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-repo
-    @11.6.4
+    @11.7.0
 
    
 Open package repository page in the browser
 
    
diff --git a/deps/npm/docs/output/commands/npm-restart.html b/deps/npm/docs/output/commands/npm-restart.html
index a28e6aae9471c9..f1764f873aae82 100644
--- a/deps/npm/docs/output/commands/npm-restart.html
+++ b/deps/npm/docs/output/commands/npm-restart.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-restart
-    @11.6.4
+    @11.7.0
 
    
 Restart a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-root.html b/deps/npm/docs/output/commands/npm-root.html
index 3ad0daf63a8b6e..186548602859ec 100644
--- a/deps/npm/docs/output/commands/npm-root.html
+++ b/deps/npm/docs/output/commands/npm-root.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-root
-    @11.6.4
+    @11.7.0
 
    
 Display npm root
 
    
diff --git a/deps/npm/docs/output/commands/npm-run.html b/deps/npm/docs/output/commands/npm-run.html
index 37cccd748b69d3..a2e78de43fe9b0 100644
--- a/deps/npm/docs/output/commands/npm-run.html
+++ b/deps/npm/docs/output/commands/npm-run.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-run
-    @11.6.4
+    @11.7.0
 
    
 Run arbitrary package scripts
 
    
diff --git a/deps/npm/docs/output/commands/npm-sbom.html b/deps/npm/docs/output/commands/npm-sbom.html
index c1592f5bc49f41..07972e5783f6ac 100644
--- a/deps/npm/docs/output/commands/npm-sbom.html
+++ b/deps/npm/docs/output/commands/npm-sbom.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-sbom
-    @11.6.4
+    @11.7.0
 
    
 Generate a Software Bill of Materials (SBOM)
 
    
diff --git a/deps/npm/docs/output/commands/npm-search.html b/deps/npm/docs/output/commands/npm-search.html
index 8a39e84b4f46ba..64ef87b7973c0e 100644
--- a/deps/npm/docs/output/commands/npm-search.html
+++ b/deps/npm/docs/output/commands/npm-search.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-search
-    @11.6.4
+    @11.7.0
 
    
 Search for packages
 
    
diff --git a/deps/npm/docs/output/commands/npm-shrinkwrap.html b/deps/npm/docs/output/commands/npm-shrinkwrap.html
index 30b49687935001..b92d9786c71452 100644
--- a/deps/npm/docs/output/commands/npm-shrinkwrap.html
+++ b/deps/npm/docs/output/commands/npm-shrinkwrap.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-shrinkwrap
-    @11.6.4
+    @11.7.0
 
    
 Lock down dependency versions for publication
 
    
diff --git a/deps/npm/docs/output/commands/npm-star.html b/deps/npm/docs/output/commands/npm-star.html
index 55f62211ca2ae5..b81b5250b90a20 100644
--- a/deps/npm/docs/output/commands/npm-star.html
+++ b/deps/npm/docs/output/commands/npm-star.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-star
-    @11.6.4
+    @11.7.0
 
    
 Mark your favorite packages
 
    
diff --git a/deps/npm/docs/output/commands/npm-stars.html b/deps/npm/docs/output/commands/npm-stars.html
index 42b954257854a0..5df59861cda55f 100644
--- a/deps/npm/docs/output/commands/npm-stars.html
+++ b/deps/npm/docs/output/commands/npm-stars.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-stars
-    @11.6.4
+    @11.7.0
 
    
 View packages marked as favorites
 
    
diff --git a/deps/npm/docs/output/commands/npm-start.html b/deps/npm/docs/output/commands/npm-start.html
index 054cffa76151bb..466f107eb62f73 100644
--- a/deps/npm/docs/output/commands/npm-start.html
+++ b/deps/npm/docs/output/commands/npm-start.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-start
-    @11.6.4
+    @11.7.0
 
    
 Start a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-stop.html b/deps/npm/docs/output/commands/npm-stop.html
index af220ec2761411..7a56dd1d92cc91 100644
--- a/deps/npm/docs/output/commands/npm-stop.html
+++ b/deps/npm/docs/output/commands/npm-stop.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-stop
-    @11.6.4
+    @11.7.0
 
    
 Stop a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-team.html b/deps/npm/docs/output/commands/npm-team.html
index dc0c189e9f9322..31263891e24bef 100644
--- a/deps/npm/docs/output/commands/npm-team.html
+++ b/deps/npm/docs/output/commands/npm-team.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-team
-    @11.6.4
+    @11.7.0
 
    
 Manage organization teams and team memberships
 
    
diff --git a/deps/npm/docs/output/commands/npm-test.html b/deps/npm/docs/output/commands/npm-test.html
index 18c53cce57e58b..025d4d5d0f8e2e 100644
--- a/deps/npm/docs/output/commands/npm-test.html
+++ b/deps/npm/docs/output/commands/npm-test.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-test
-    @11.6.4
+    @11.7.0
 
    
 Test a package
 
    
diff --git a/deps/npm/docs/output/commands/npm-token.html b/deps/npm/docs/output/commands/npm-token.html
index d5cb8bce10285f..2948ec6b23db99 100644
--- a/deps/npm/docs/output/commands/npm-token.html
+++ b/deps/npm/docs/output/commands/npm-token.html
@@ -141,58 +141,34 @@
 
 
    
 
    
-
    
+
    
     npm-token
-    @11.6.4
+    @11.7.0
 
    
 Manage your authentication tokens
 
    
 
 
    
 
    Table of contents
    
-
    
+
    
 
    
 
 
    Synopsis
    
 
    npm token list
 npm token revoke <id|token>
-npm token create --name=<name> [--token-description=<desc>] [--packages=<pkg1,pkg2>] [--packages-all] [--scopes=<scope1,scope2>] [--orgs=<org1,org2>] [--packages-and-scopes-permission=<read-only|read-write|no-access>] [--orgs-permission=<read-only|read-write|no-access>] [--expires=<days>] [--cidr=<ip-range>] [--bypass-2fa] [--password=<pass>]
+npm token create
 
    
 
    Note: This command is unaware of workspaces.
    
 
    Description
    
 
    This lets you list, create and revoke authentication tokens.
    
-
      
-
    • npm token list:
-Shows a table of all active authentication tokens.
-You can request this as JSON with --json or tab-separated values with --parseable.
      • 
-
    
-
    Read only token npm_1f… with id 7f3134 created 2017-10-21
-
-Publish token npm_af…  with id c03241 created 2017-10-02
-with IP Whitelist: 192.168.0.1/24
-
-Publish token npm_… with id e0cf92 created 2017-10-02
-
-
    
-
      
-
    • 
-
      npm token create [--read-only] [--cidr=<cidr-ranges>]:
-Create a new authentication token.
-It can be --read-only, or accept a list of CIDR ranges with which to limit use of this token.
-This will prompt you for your password, and, if you have two-factor authentication enabled, an otp.
      
-
      Currently, the cli cannot generate automation tokens.
-Please refer to the docs website for more information on generating automation tokens.
      
-
      • 
-
    
-
    Created publish token a73c9572-f1b9-8983-983d-ba3ac3cc913d
-
    
-
      
-
    • npm token revoke <token|id>:
-Immediately removes an authentication token from the registry.
-You will no longer be able to use it.
-This can accept both complete tokens (such as those you get back from npm token create, and those found in your .npmrc), and ids as seen in the parseable or json output of npm token list.
-This will NOT accept the truncated token found in the normal npm token list output.
      • 
-
    
+
    Listing tokens
    
+
    When listing tokens, an abbreviated token will be displayed.  For security purposes the full token is not displayed.
    
+
    Generating tokens
    
+
    When generating tokens, you will be prompted you for your password and, if you have two-factor authentication enabled, an otp.
    
+
    Please refer to the docs website for more information on generating tokens for CI/CD.
    
+
    Revoking tokens
    
+
    When revoking a token, you can use the full token (e.g. what you get back from npm token create, or as can be found in an .npmrc file), or a truncated id.  If the given truncated id is not distinct enough to differentiate between multiple existing tokens, you will need to use enough of the id to allow npm to distinguish between them.  Full token ids can be found on the npm website, or in the --parseable or --json output of npm token list.  This command will NOT accept the truncated token found in the normal npm token list output.
    
+
    A revoked token will immediately be removed from the registry and you will no longer be able to use it.
    
 
    Configuration
    
 
    name
    
 
      
@@ -221,8 +197,7 @@ 
      packages
      
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific packages. Provide a comma-separated list of
-package names.
    
+the token access to specific packages.
    
 
    packages-all
    
 
      
 
    • Default: false
      • 
@@ -236,16 +211,15 @@ 
      scopes
      
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific scopes. Provide a comma-separated list of scope
-names (with or without @ prefix).
    
+the token access to specific scopes. Provide a scope name (with or without @
+prefix).
    
 
    orgs
    
 
      
 
    • Default: null
      • 
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific organizations. Provide a comma-separated list
-of organization names.
    
+the token access to specific organizations.
    
 
    packages-and-scopes-permission
    
 
      
 
    • Default: null
      • 
diff --git a/deps/npm/docs/output/commands/npm-undeprecate.html b/deps/npm/docs/output/commands/npm-undeprecate.html
index 7068949dadf40b..66d8ce0a900ba9 100644
--- a/deps/npm/docs/output/commands/npm-undeprecate.html
+++ b/deps/npm/docs/output/commands/npm-undeprecate.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-undeprecate
-    @11.6.4
+    @11.7.0
 
      
 Undeprecate a version of a package
 
      
diff --git a/deps/npm/docs/output/commands/npm-uninstall.html b/deps/npm/docs/output/commands/npm-uninstall.html
index 095362ca96bda1..4f678e7ad2f39c 100644
--- a/deps/npm/docs/output/commands/npm-uninstall.html
+++ b/deps/npm/docs/output/commands/npm-uninstall.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-uninstall
-    @11.6.4
+    @11.7.0
 
      
 Remove a package
 
      
diff --git a/deps/npm/docs/output/commands/npm-unpublish.html b/deps/npm/docs/output/commands/npm-unpublish.html
index 34e0ea36bb1b7c..74090e9106689e 100644
--- a/deps/npm/docs/output/commands/npm-unpublish.html
+++ b/deps/npm/docs/output/commands/npm-unpublish.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-unpublish
-    @11.6.4
+    @11.7.0
 
      
 Remove a package from the registry
 
      
diff --git a/deps/npm/docs/output/commands/npm-unstar.html b/deps/npm/docs/output/commands/npm-unstar.html
index f73d629cb0d402..afb9d0f9f1b02a 100644
--- a/deps/npm/docs/output/commands/npm-unstar.html
+++ b/deps/npm/docs/output/commands/npm-unstar.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-unstar
-    @11.6.4
+    @11.7.0
 
      
 Remove an item from your favorite packages
 
      
diff --git a/deps/npm/docs/output/commands/npm-update.html b/deps/npm/docs/output/commands/npm-update.html
index 369f3ff8f4951a..ee3e56021d3557 100644
--- a/deps/npm/docs/output/commands/npm-update.html
+++ b/deps/npm/docs/output/commands/npm-update.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-update
-    @11.6.4
+    @11.7.0
 
      
 Update packages
 
      
diff --git a/deps/npm/docs/output/commands/npm-version.html b/deps/npm/docs/output/commands/npm-version.html
index a27f4b87adb5d9..1c782c4f312e60 100644
--- a/deps/npm/docs/output/commands/npm-version.html
+++ b/deps/npm/docs/output/commands/npm-version.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npm-version
-    @11.6.4
+    @11.7.0
 
      
 Bump a package version
 
      
@@ -283,9 +283,11 @@ 
      Description
      
 
      The newversion argument should be a valid semver string, a valid second argument to semver.inc (one of patch, minor, major, prepatch, preminor, premajor, prerelease), or from-git.
 In the second case, the existing version will be incremented by 1 in the specified field.
 from-git will try to read the latest git tag, and use that as the new npm version.
      
+
      Note: If the current version is a prerelease version, patch will simply remove the prerelease suffix without incrementing the patch version number. For example, 1.2.0-5 becomes 1.2.0 with npm version patch, not 1.2.1.
      
 
      If run in a git repo, it will also create a version commit and tag.
 This behavior is controlled by git-tag-version (see below), and can be disabled on the command line by running npm --no-git-tag-version version.
 It will fail if the working directory is not clean, unless the -f or --force flag is set.
      
+
      Note: Git integration requires a reasonably recent version of git (2.0.0 or later is recommended). If you encounter issues with git commands, ensure your git installation is up to date.
      
 
      If supplied with -m or --message config option, npm will use it as a commit message when creating a version commit.
 If the message config contains %s then that will be replaced with the resulting version number.
 For example:
      
diff --git a/deps/npm/docs/output/commands/npm-view.html b/deps/npm/docs/output/commands/npm-view.html
index 0fe31305c5ee76..8a9587ea7a5dac 100644
--- a/deps/npm/docs/output/commands/npm-view.html
+++ b/deps/npm/docs/output/commands/npm-view.html
@@ -141,16 +141,16 @@
 
 
      
 
      
-
      
+
      
     npm-view
-    @11.6.4
+    @11.7.0
 
      
 View registry info
 
      
 
 
      
 
      Table of contents
      
-
      
+
      
 
      
 
 
      Synopsis
      
@@ -193,6 +193,15 @@ 
      Description
      
 
      If the field value you are querying for is a property of an object, you should run:
      
 
      npm view express time'[4.8.0]'
 
      
+
      Note: When accessing object properties that contain special characters or numeric keys, you need to use quotes around the key name.
+For example, to get the publish time of a specific version:
      
+
      npm view express "time[4.17.1]"
+
      
+
      Without quotes, the shell may interpret the square brackets as glob patterns, causing the command to fail.
+You can also access the time field for a specific version by specifying the version in the package descriptor:
      
+
      npm view express@4.17.1 time
+
      
+
      This will return all version-time pairs, but the context will be for that specific version.
      
 
      Multiple fields may be specified, and will be printed one after another.
 For example, to get all the contributor names and email addresses, you can do this:
      
 
      npm view express contributors.name contributors.email
@@ -209,6 +218,38 @@ 
      Description
      
 
      To show the connect package version history, you can do this:
      
 
      npm view connect versions
 
      
+
      Field Access Patterns
      
+
      The npm view command supports different ways to access nested fields and array elements in package metadata. Understanding these patterns makes it easier to extract specific information.
      
+
      Nested Object Fields
      
+
      Use dot notation to access nested object fields:
      
+
      # Access nested properties
+npm view npm repository.url
+npm view express bugs.url
+
      
+
      Array Element Access
      
+
      For arrays, use numeric indices in square brackets to access specific elements:
      
+
      # Get the first contributor's email
+npm view express contributors[0].email
+
+# Get the second maintainer's name
+npm view express maintainers[1].name
+
      
+
      Object Property Access
      
+
      For object properties (like accessing specific versions in the time field), use bracket notation with the property name in quotes:
      
+
      # Get publish time for a specific version
+npm view express "time[4.17.1]"
+
+# Get dist-tags
+npm view express "dist-tags.latest"
+
      
+
      Extracting Fields from Arrays
      
+
      Request a non-numeric field on an array to get all values from objects in the list:
      
+
      # Get all contributor emails
+npm view express contributors.email
+
+# Get all contributor names
+npm view express contributors.name
+
      
 
      Configuration
      
 
      json
      
 
        
diff --git a/deps/npm/docs/output/commands/npm-whoami.html b/deps/npm/docs/output/commands/npm-whoami.html
index 5ef1a296fd70a2..e6d50a4a56ab9b 100644
--- a/deps/npm/docs/output/commands/npm-whoami.html
+++ b/deps/npm/docs/output/commands/npm-whoami.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     npm-whoami
-    @11.6.4
+    @11.7.0
 
        
 Display npm username
 
        
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index f20ecb734ea2ce..83b9183caabb10 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     npm
-    @11.6.4
+    @11.7.0
 
        
 javascript package manager
 
        
@@ -158,7 +158,7 @@ 
        Table of contents
        
 
      
 
      Note: This command is unaware of workspaces.
      
 
      Version
      
-
      11.6.4
      
+
      11.7.0
      
 
      Description
      
 
      npm is the package manager for the Node JavaScript platform.
 It puts modules in place so that node can find them, and manages dependency conflicts intelligently.
      
diff --git a/deps/npm/docs/output/commands/npx.html b/deps/npm/docs/output/commands/npx.html
index 195e35f7e059a2..ac84c4ce43f555 100644
--- a/deps/npm/docs/output/commands/npx.html
+++ b/deps/npm/docs/output/commands/npx.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     npx
-    @11.6.4
+    @11.7.0
 
      
 Run a command from a local or remote npm package
 
      
@@ -161,6 +161,7 @@ 
      Table of contents

    Description

    This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via npm run.

    +

    Run this command to execute a package's binary. Any options and arguments after the package name are passed directly to the executed command, not to npx itself. For example, npx create-react-app my-app --template typescript will pass my-app and --template typescript to the create-react-app command. To see what options a specific package accepts, consult that package's documentation (e.g., at npmjs.com or in its repository).

    Whatever packages are specified by the --package option will be provided in the PATH of the executed command, along with any locally installed package executables. The --package option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available.

    If any requested packages are not present in the local project dependencies, then they are installed to a folder in the npm cache, which is added to the PATH environment variable in the executed process. diff --git a/deps/npm/docs/output/configuring-npm/folders.html b/deps/npm/docs/output/configuring-npm/folders.html index b6252c822148ae..5b2ca1e00307b5 100644 --- a/deps/npm/docs/output/configuring-npm/folders.html +++ b/deps/npm/docs/output/configuring-npm/folders.html @@ -141,9 +141,9 @@

    -

    +

    folders - @11.6.4 + @11.7.0

    Folder Structures Used by npm
    diff --git a/deps/npm/docs/output/configuring-npm/install.html b/deps/npm/docs/output/configuring-npm/install.html index 818d13132a0892..f0bfe9e47cdef8 100644 --- a/deps/npm/docs/output/configuring-npm/install.html +++ b/deps/npm/docs/output/configuring-npm/install.html @@ -141,9 +141,9 @@
    -

    +

    install - @11.6.4 + @11.7.0

    Download and install node and npm
    diff --git a/deps/npm/docs/output/configuring-npm/npm-global.html b/deps/npm/docs/output/configuring-npm/npm-global.html index b6252c822148ae..5b2ca1e00307b5 100644 --- a/deps/npm/docs/output/configuring-npm/npm-global.html +++ b/deps/npm/docs/output/configuring-npm/npm-global.html @@ -141,9 +141,9 @@
    -

    +

    folders - @11.6.4 + @11.7.0

    Folder Structures Used by npm
    diff --git a/deps/npm/docs/output/configuring-npm/npm-json.html b/deps/npm/docs/output/configuring-npm/npm-json.html index e4772e23079134..26ce88646cedfb 100644 --- a/deps/npm/docs/output/configuring-npm/npm-json.html +++ b/deps/npm/docs/output/configuring-npm/npm-json.html @@ -141,16 +141,16 @@
    -

    +

    package.json - @11.6.4 + @11.7.0

    Specifics of npm's package.json handling

    Table of contents

    -
    +

    Description

    @@ -399,6 +399,9 @@

    main

    This should be a module relative to the root of your package folder.

    For most modules, it makes the most sense to have a main script and often not much else.

    If main is not set, it defaults to index.js in the package's root folder.

    +

    type

    +

    The type field defines how Node.js should interpret .js files in your package. This field is not used by npm.

    +

    See the Node.js documentation on the type field for more information.

    browser

    If your module is meant to be used client-side the browser field should be used instead of the main field. This is helpful to hint users that it might rely on primitives that aren't available in Node.js modules. @@ -516,6 +519,15 @@

    repository

    "repository": "gitlab:user/repo" }     +

    Note on normalization: When you publish a package, npm normalizes the repository field to the full object format with a url property. If you use a shorthand format (like "npm/example"), you'll see a warning during npm publish indicating that the field was auto-corrected. While the shorthand format currently works, it's recommended to use the full object format in your package.json to avoid warnings and ensure future compatibility:

    +
    {
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/example.git"
+  }
+}
+
    +

    You can run npm pkg fix to automatically convert shorthand formats to the normalized object format.

    If the package.json for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives:

    {
   "repository": {
@@ -529,6 +541,14 @@ 
    scripts
    
 
    The "scripts" property is a dictionary containing script commands that are run at various times in the lifecycle of your package.
 The key is the lifecycle event, and the value is the command to run at that point.
    
 
    See scripts to find out more about writing package scripts.
    
+
    gypfile
    
+
    If you have a binding.gyp file in the root of your package and you have not defined your own install or preinstall scripts, npm will default to building your module using node-gyp.
    
+
    To prevent npm from automatically building your module with node-gyp, set gypfile to false:
    
+
    {
+  "gypfile": false
+}
+
    
+
    This is useful for packages that include native addons but want to handle the build process differently, or packages that have a binding.gyp file but should not be built as a native addon.
    
 
    config
    
 
    A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades.
 For instance, if a package had the following:
    
@@ -833,6 +853,39 @@ 
    overrides
    
   }
 }
    +

    Replacing a dependency with a fork

    +

    You can replace a package with a different package or fork using several methods:

    +

    Using the npm: prefix to replace with a different package name:

    +
    {
+  "overrides": {
+    "package-name": "npm:@scope/forked-package@1.0.0"
+  }
+}
+
    +

    Using a GitHub repository (supports branches, tags, or commit hashes):

    +
    {
+  "overrides": {
+    "package-name": "github:username/repo#branch-name"
+  }
+}
+
    +

    Using a local file path:

    +
    {
+  "overrides": {
+    "package-name": "file:../local-fork"
+  }
+}
+
    +

    These replacement methods work for both top-level overrides and nested overrides. +For example, to replace a transitive dependency with a fork:

    +
    {
+  "overrides": {
+    "parent-package": {
+      "vulnerable-dep": "github:username/patched-fork#v2.0.1"
+    }
+  }
+}
+

    engines

    You can specify the version of node that your stuff works on:

    {
diff --git a/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html b/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
index 3a57f84d915256..c46b3e0237405e 100644
--- a/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
+++ b/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npm-shrinkwrap.json
-    @11.6.4
+    @11.7.0
 
    
 A publishable lockfile
 
    
diff --git a/deps/npm/docs/output/configuring-npm/npmrc.html b/deps/npm/docs/output/configuring-npm/npmrc.html
index 6dba3722837386..289cc7e902e564 100644
--- a/deps/npm/docs/output/configuring-npm/npmrc.html
+++ b/deps/npm/docs/output/configuring-npm/npmrc.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     npmrc
-    @11.6.4
+    @11.7.0
 
    
 The npm config files
 
    
diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html
index e4772e23079134..26ce88646cedfb 100644
--- a/deps/npm/docs/output/configuring-npm/package-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-json.html
@@ -141,16 +141,16 @@
 
 
    
 
    
-
    
+
    
     package.json
-    @11.6.4
+    @11.7.0
 
    
 Specifics of npm's package.json handling
 
    
 
 
    
 
    Table of contents
    
-
    
+
    
 
    
 
 
    Description
    
@@ -399,6 +399,9 @@ 
    main
    
 
    This should be a module relative to the root of your package folder.
    
 
    For most modules, it makes the most sense to have a main script and often not much else.
    
 
    If main is not set, it defaults to index.js in the package's root folder.
    
+
    type
    
+
    The type field defines how Node.js should interpret .js files in your package. This field is not used by npm.
    
+
    See the Node.js documentation on the type field for more information.
    
 
    browser
    
 
    If your module is meant to be used client-side the browser field should be used instead of the main field.
 This is helpful to hint users that it might rely on primitives that aren't available in Node.js modules.
@@ -516,6 +519,15 @@ 
    repository
    
   "repository": "gitlab:user/repo"
 }
    +

    Note on normalization: When you publish a package, npm normalizes the repository field to the full object format with a url property. If you use a shorthand format (like "npm/example"), you'll see a warning during npm publish indicating that the field was auto-corrected. While the shorthand format currently works, it's recommended to use the full object format in your package.json to avoid warnings and ensure future compatibility:

    +
    {
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/example.git"
+  }
+}
+
    +

    You can run npm pkg fix to automatically convert shorthand formats to the normalized object format.

    If the package.json for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives:

    {
   "repository": {
@@ -529,6 +541,14 @@ 
    scripts
    
 
    The "scripts" property is a dictionary containing script commands that are run at various times in the lifecycle of your package.
 The key is the lifecycle event, and the value is the command to run at that point.
    
 
    See scripts to find out more about writing package scripts.
    
+
    gypfile
    
+
    If you have a binding.gyp file in the root of your package and you have not defined your own install or preinstall scripts, npm will default to building your module using node-gyp.
    
+
    To prevent npm from automatically building your module with node-gyp, set gypfile to false:
    
+
    {
+  "gypfile": false
+}
+
    
+
    This is useful for packages that include native addons but want to handle the build process differently, or packages that have a binding.gyp file but should not be built as a native addon.
    
 
    config
    
 
    A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades.
 For instance, if a package had the following:
    
@@ -833,6 +853,39 @@ 
    overrides
    
   }
 }
    +

    Replacing a dependency with a fork

    +

    You can replace a package with a different package or fork using several methods:

    +

    Using the npm: prefix to replace with a different package name:

    +
    {
+  "overrides": {
+    "package-name": "npm:@scope/forked-package@1.0.0"
+  }
+}
+
    +

    Using a GitHub repository (supports branches, tags, or commit hashes):

    +
    {
+  "overrides": {
+    "package-name": "github:username/repo#branch-name"
+  }
+}
+
    +

    Using a local file path:

    +
    {
+  "overrides": {
+    "package-name": "file:../local-fork"
+  }
+}
+
    +

    These replacement methods work for both top-level overrides and nested overrides. +For example, to replace a transitive dependency with a fork:

    +
    {
+  "overrides": {
+    "parent-package": {
+      "vulnerable-dep": "github:username/patched-fork#v2.0.1"
+    }
+  }
+}
+

    engines

    You can specify the version of node that your stuff works on:

    {
diff --git a/deps/npm/docs/output/configuring-npm/package-lock-json.html b/deps/npm/docs/output/configuring-npm/package-lock-json.html
index e500d85285115c..6ca747d5e159a2 100644
--- a/deps/npm/docs/output/configuring-npm/package-lock-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-lock-json.html
@@ -141,9 +141,9 @@
 
 
    
 
    
-
    
+
    
     package-lock.json
-    @11.6.4
+    @11.7.0
 
    
 A manifestation of the manifest
 
    
@@ -276,7 +276,8 @@ 
    dependencies
    
 
    Dependency objects have the following fields:
    
 
      
 
    • 
-
      version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it.
      
+
      version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it.
+Note that for peer dependencies that are not installed, or optional dependencies that are not installed, this field may be omitted.
      
 
        
 
      • bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.
        • 
 
      • registry sources: This is a version number.
@@ -290,6 +291,7 @@ 
        dependencies
        
 
      • local link sources: This is the file URL of the link.
 (eg file:libs/our-module)
        • 
 
      
+
      Note: The version field may be omitted for certain types of dependencies, such as optional peer dependencies that are not installed. In these cases, only metadata fields like dev, optional, and peer will be present.
      
 
      • 
 
    • 
 
      integrity: A sha512 or sha1 Standard Subresource Integrity string for the artifact that was unpacked in this location.
diff --git a/deps/npm/docs/output/using-npm/config.html b/deps/npm/docs/output/using-npm/config.html
index a8ebf1eda4204b..5d12d804cb4f8d 100644
--- a/deps/npm/docs/output/using-npm/config.html
+++ b/deps/npm/docs/output/using-npm/config.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     config
-    @11.6.4
+    @11.7.0
 
      
 More than you probably want to know about npm configuration
 
      
@@ -163,6 +163,13 @@ 
      Command Line Flags
      
 Using --flag without specifying any value will set the value to true.
      
 
      Example: --flag1 --flag2 will set both configuration parameters to true, while --flag1 --flag2 bar will set flag1 to true, and flag2 to bar.
 Finally, --flag1 --flag2 -- bar will set both configuration parameters to true, and the bar is taken as a command argument.
      
+
      Common examples:
      
+
        
+
      • npm install --prefix /path/to/dir - Runs npm commands in a different directory without changing the current working directory
        • 
+
      • npm install --global - Installs packages globally (shorthand: -g)
        • 
+
      • npm install --save-dev - Saves to devDependencies (shorthand: -D)
        • 
+
      
+
      Any configuration option documented in the Config Settings section below can be set via command line flags using --option-name value syntax.
      
 
      Environment Variables
      
 
      Any environment variables that start with npm_config_ will be interpreted as a configuration parameter.
 For example, putting npm_config_foo=bar in your environment will set the foo configuration parameter to bar.
@@ -971,8 +978,7 @@ 
      orgs
      
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific organizations. Provide a comma-separated list
-of organization names.
    
+the token access to specific organizations.
    
 
    orgs-permission
    
 
      
 
    • Default: null
      • 
@@ -1033,8 +1039,7 @@ 
      packages
      
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific packages. Provide a comma-separated list of
-package names.
    
+the token access to specific packages.
    
 
    packages-all
    
 
      
 
    • Default: false
      • 
@@ -1273,8 +1278,8 @@ 
      scopes
      
 
    • Type: null or String (can be set multiple times)
      • 
 
    
 
    When creating a Granular Access Token with npm token create, this limits
-the token access to specific scopes. Provide a comma-separated list of scope
-names (with or without @ prefix).
    
+the token access to specific scopes. Provide a scope name (with or without @
+prefix).
    
 
    script-shell
    
 
      
 
    • Default: '/bin/sh' on POSIX systems, 'cmd.exe' on Windows
      • 
diff --git a/deps/npm/docs/output/using-npm/dependency-selectors.html b/deps/npm/docs/output/using-npm/dependency-selectors.html
index 012f534b989ee5..b14b7b41c977c9 100644
--- a/deps/npm/docs/output/using-npm/dependency-selectors.html
+++ b/deps/npm/docs/output/using-npm/dependency-selectors.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     Dependency Selector Syntax & Querying
-    @11.6.4
+    @11.7.0
 
      
 Dependency Selector Syntax & Querying
 
      
diff --git a/deps/npm/docs/output/using-npm/developers.html b/deps/npm/docs/output/using-npm/developers.html
index a08bf85a410e6e..a0671c71fa5b7d 100644
--- a/deps/npm/docs/output/using-npm/developers.html
+++ b/deps/npm/docs/output/using-npm/developers.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     developers
-    @11.6.4
+    @11.7.0
 
      
 Developer Guide
 
      
diff --git a/deps/npm/docs/output/using-npm/logging.html b/deps/npm/docs/output/using-npm/logging.html
index 5cd865a9d40187..7f1f90fce204e6 100644
--- a/deps/npm/docs/output/using-npm/logging.html
+++ b/deps/npm/docs/output/using-npm/logging.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     Logging
-    @11.6.4
+    @11.7.0
 
      
 Why, What & How We Log
 
      
diff --git a/deps/npm/docs/output/using-npm/orgs.html b/deps/npm/docs/output/using-npm/orgs.html
index 8c1d0c8ee3e676..90da0dee76ec4e 100644
--- a/deps/npm/docs/output/using-npm/orgs.html
+++ b/deps/npm/docs/output/using-npm/orgs.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     orgs
-    @11.6.4
+    @11.7.0
 
      
 Working with Teams & Orgs
 
      
diff --git a/deps/npm/docs/output/using-npm/package-spec.html b/deps/npm/docs/output/using-npm/package-spec.html
index 7694c2e80d4369..f9dc50bf35a279 100644
--- a/deps/npm/docs/output/using-npm/package-spec.html
+++ b/deps/npm/docs/output/using-npm/package-spec.html
@@ -141,9 +141,9 @@
 
 
      
 
      
-
      
+
      
     package-spec
-    @11.6.4
+    @11.7.0
 
      
 Package name specifier
 
      
@@ -183,9 +183,9 @@ 
      Aliases
      
 
      See Package name above for more info on referring to a package by name, and registry for configuring which registry is used when referring to a package by name.
      
 
      Examples:
      
 
        
-
      • semver:@npm:@npmcli/semver-with-patch
        • 
-
      • semver:@npm:semver@7.2.2
        • 
-
      • semver:@npm:semver@legacy
        • 
+
      • semver@npm:@npmcli/semver-with-patch
        • 
+
      • semver@npm:semver@7.2.2
        • 
+
      • semver@npm:semver@legacy
        • 
 
      
 
      Folders
      
 
        
diff --git a/deps/npm/docs/output/using-npm/registry.html b/deps/npm/docs/output/using-npm/registry.html
index 1b2ae2895b126e..987744d051e3a3 100644
--- a/deps/npm/docs/output/using-npm/registry.html
+++ b/deps/npm/docs/output/using-npm/registry.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     registry
-    @11.6.4
+    @11.7.0
 
        
 The JavaScript Package Registry
 
        
diff --git a/deps/npm/docs/output/using-npm/removal.html b/deps/npm/docs/output/using-npm/removal.html
index cbd63714c0603f..8db083ac1fe712 100644
--- a/deps/npm/docs/output/using-npm/removal.html
+++ b/deps/npm/docs/output/using-npm/removal.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     removal
-    @11.6.4
+    @11.7.0
 
        
 Cleaning the Slate
 
        
diff --git a/deps/npm/docs/output/using-npm/scope.html b/deps/npm/docs/output/using-npm/scope.html
index ea89d4396bc96a..1b2aea8e957c3b 100644
--- a/deps/npm/docs/output/using-npm/scope.html
+++ b/deps/npm/docs/output/using-npm/scope.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     scope
-    @11.6.4
+    @11.7.0
 
        
 Scoped packages
 
        
diff --git a/deps/npm/docs/output/using-npm/scripts.html b/deps/npm/docs/output/using-npm/scripts.html
index 8d23261d8d4d09..74038bacf43764 100644
--- a/deps/npm/docs/output/using-npm/scripts.html
+++ b/deps/npm/docs/output/using-npm/scripts.html
@@ -141,9 +141,9 @@
 
 
        
 
        
-
        
+
        
     scripts
-    @11.6.4
+    @11.7.0
 
        
 How npm handles the "scripts" field
 
        
@@ -187,7 +187,7 @@ 
        Life Cycle Scripts
        
 during npm publish and npm pack
        
 
 
      • 
-
        Runs on local npm install without any arguments
        
+
        Runs on local npm install without package arguments (runs with flags like --production or --omit=dev, but does not run when installing specific packages like npm install express)
        
 
        • 
 
      • 
 
        Runs AFTER prepublishOnly and prepack, but BEFORE postpack
        
@@ -202,6 +202,9 @@ 
        Life Cycle Scripts
        
 
        As of npm@7 these scripts run in the background.
 To see the output, run with: --foreground-scripts.
        
 
        • 
+
      • 
+
        In workspaces, prepare scripts run concurrently across all packages. If you have interdependent packages where one must build before another, consider using --foreground-scripts (which can be set in .npmrc with foreground-scripts=true) to run scripts sequentially, or structure your build differently.
        
+
        • 
 
      
 
      prepublish (DEPRECATED)
      
 
        
@@ -234,17 +237,17 @@ 
        Prepare and Prepublish
        
 A new event, prepublishOnly has been added as a transitional strategy to allow users to avoid the confusing behavior of existing npm versions and only run on npm publish (for instance, running the tests one last time to ensure they're in good shape).
        
 
        See https://github.com/npm/npm/issues/10074 for a much lengthier justification, with further reading, for this change.
        
 
        Use Cases
        
-
        If you need to perform operations on your package before it is used, in a way that is not dependent on the operating system or architecture of the target system, use a prepublish script.
+
        Use a prepare script to perform build tasks that are platform-independent and need to run before your package is used.
 This includes tasks such as:
        
 
          
-
        • Compiling CoffeeScript source code into JavaScript.
          • 
+
        • Compiling TypeScript or other source code into JavaScript.
          • 
 
        • Creating minified versions of JavaScript source code.
          • 
 
        • Fetching remote resources that your package will use.
          • 
 
        
-
        The advantage of doing these things at prepublish time is that they can be done once, in a single place, thus reducing complexity and variability.
+
        Running these build tasks in the prepare script ensures they happen once, in a single place, reducing complexity and variability.
 Additionally, this means that:
        
 
          
-
        • You can depend on coffee-script as a devDependency, and thus your users don't need to have it installed.
          • 
+
        • You can depend on build tools as devDependencies, and thus your users don't need to have them installed.
          • 
 
        • You don't need to include minifiers in your package, reducing the size for your users.
          • 
 
        • You don't need to rely on your users having curl or wget or other system tools on the target machines.
          • 
 
        
@@ -392,8 +395,26 @@ 
        path

    then you could run npm start to execute the bar script, which is exported into the node_modules/.bin directory on npm install.

    package.json vars

    -

    The package.json fields are tacked onto the npm_package_ prefix. -So, for instance, if you had {"name":"foo", "version":"1.2.5"} in your package.json file, then your package scripts would have the npm_package_name environment variable set to "foo", and the npm_package_version set to "1.2.5". You can access these variables in your code with process.env.npm_package_name and process.env.npm_package_version, and so on for other fields.

    +

    npm sets the following environment variables from the package.json:

    +
      +
    • npm_package_name - The package name
      • +
    • npm_package_version - The package version
      • +
    • npm_package_bin_* - Each executable defined in the bin field
      • +
    • npm_package_engines_* - Each engine defined in the engines field
      • +
    • npm_package_config_* - Each config value defined in the config field
      • +
    • npm_package_json - The full path to the package.json file
      • +
    +

    Additionally, for install scripts (preinstall, install, postinstall), npm sets these environment variables:

    +
      +
    • npm_package_resolved - The resolved URL for the package
      • +
    • npm_package_integrity - The integrity hash for the package
      • +
    • npm_package_optional - Set to "true" if the package is optional
      • +
    • npm_package_dev - Set to "true" if the package is a dev dependency
      • +
    • npm_package_peer - Set to "true" if the package is a peer dependency
      • +
    • npm_package_dev_optional - Set to "true" if the package is both dev and optional
      • +
    +

    For example, if you had {"name":"foo", "version":"1.2.5"} in your package.json file, then your package scripts would have the npm_package_name environment variable set to "foo", and the npm_package_version set to "1.2.5". You can access these variables in your code with process.env.npm_package_name and process.env.npm_package_version.

    +

    Note: In npm 7 and later, most package.json fields are no longer provided as environment variables. Scripts that need access to other package.json fields should read the package.json file directly. The npm_package_json environment variable provides the path to the file for this purpose.

    See package.json for more on package configs.

    current lifecycle event

    Lastly, the npm_lifecycle_event environment variable is set to whichever stage of the cycle is being executed. @@ -406,21 +427,20 @@

    Examples

    For example, if your package.json contains this:

    {
   "scripts" : {
-    "install" : "scripts/install.js",
-    "postinstall" : "scripts/install.js"
+    "prepare" : "scripts/build.js",
+    "test" : "scripts/test.js"
   }
 }
    -

    then scripts/install.js will be called for the install and post-install stages of the lifecycle. -Since scripts/install.js is running for two different phases, it would be wise in this case to look at the -npm_lifecycle_event environment variable.

    -

    If you want to run a make command, you can do so. +

    then scripts/build.js will be called for the prepare stage of the lifecycle, and you can check the +npm_lifecycle_event environment variable if your script needs to behave differently in different contexts.

    +

    If you want to run build commands, you can do so. This works just fine:

    {
   "scripts" : {
-    "preinstall" : "./configure",
-    "install" : "make && make install",
-    "test" : "make test"
+    "prepare" : "npm run build",
+    "build" : "tsc",
+    "test" : "jest"
   }
 }
    diff --git a/deps/npm/docs/output/using-npm/workspaces.html b/deps/npm/docs/output/using-npm/workspaces.html index b00cdfbff26802..28054a434033a3 100644 --- a/deps/npm/docs/output/using-npm/workspaces.html +++ b/deps/npm/docs/output/using-npm/workspaces.html @@ -141,9 +141,9 @@
    -

    +

    workspaces - @11.6.4 + @11.7.0

    Working with workspaces
    diff --git a/deps/npm/lib/commands/query.js b/deps/npm/lib/commands/query.js index 74a50fc581d43e..5e70e25f32e629 100644 --- a/deps/npm/lib/commands/query.js +++ b/deps/npm/lib/commands/query.js @@ -57,16 +57,16 @@ class Query extends BaseCommand { } async exec (args) { - const packageLock = this.npm.config.get('package-lock-only') + const packageLockOnly = this.npm.config.get('package-lock-only') const Arborist = require('@npmcli/arborist') const arb = new Arborist({ ...this.npm.flatOptions, // one dir up from wherever node_modules lives path: resolve(this.npm.dir, '..'), - forceActual: !packageLock, + forceActual: !packageLockOnly, }) let tree - if (packageLock) { + if (packageLockOnly) { try { tree = await arb.loadVirtual() } catch (err) { @@ -84,20 +84,33 @@ class Query extends BaseCommand { async execWorkspaces (args) { await this.setWorkspaces() + const packageLockOnly = this.npm.config.get('package-lock-only') const Arborist = require('@npmcli/arborist') const arb = new Arborist({ ...this.npm.flatOptions, path: this.npm.prefix, + forceActual: !packageLockOnly, }) - // FIXME: Workspace support in query does not work as expected so this does not - // do the same package-lock-only check as this.exec(). - // https://github.com/npm/cli/pull/6732#issuecomment-1708804921 - const tree = await arb.loadActual() + let tree + if (packageLockOnly) { + try { + tree = await arb.loadVirtual() + } catch (err) { + log.verbose('loadVirtual', err.stack) + throw this.usageError( + 'A package lock or shrinkwrap file is required in package-lock-only mode' + ) + } + } else { + tree = await arb.loadActual() + } for (const path of this.workspacePaths) { const wsTree = path === tree.root.path ? tree // --includes-workspace-root - : await tree.querySelectorAll(`.workspace:path(${path})`).then(r => r[0].target) - await this.#queryTree(wsTree, args[0]) + : await tree.querySelectorAll(`.workspace:path(${path})`).then(r => r[0]?.target) + if (wsTree) { + await this.#queryTree(wsTree, args[0]) + } } this.#output() } diff --git a/deps/npm/lib/commands/token.js b/deps/npm/lib/commands/token.js index 9cc04f83e7dd24..b248d6a789a1f8 100644 --- a/deps/npm/lib/commands/token.js +++ b/deps/npm/lib/commands/token.js @@ -16,7 +16,7 @@ async function paginate (href, opts, items = []) { class Token extends BaseCommand { static description = 'Manage your authentication tokens' static name = 'token' - static usage = ['list', 'revoke ', 'create --name= [--token-description=] [--packages=] [--packages-all] [--scopes=] [--orgs=] [--packages-and-scopes-permission=] [--orgs-permission=] [--expires=] [--cidr=] [--bypass-2fa] [--password=]'] + static usage = ['list', 'revoke ', 'create'] static params = ['name', 'token-description', 'expires', @@ -95,9 +95,8 @@ class Token extends BaseCommand { this.generateTokenIds(tokens, 6) const chalk = this.npm.chalk for (const token of tokens) { - const level = token.readonly ? 'Read only token' : 'Publish token' const created = String(token.created).slice(0, 10) - output.standard(`${chalk.blue(level)} ${token.token}… with id ${chalk.cyan(token.id)} created ${created}`) + output.standard(`${chalk.blue('Token')} ${token.token}… with id ${chalk.cyan(token.id)} created ${created}`) if (token.cidr_whitelist) { output.standard(`with IP whitelist: ${chalk.green(token.cidr_whitelist.join(','))}`) } @@ -231,10 +230,7 @@ class Token extends BaseCommand { Object.keys(result).forEach(k => output.standard(k + '\t' + result[k])) } else { const chalk = this.npm.chalk - // Display based on access level - // Identical to list? XXX - const level = result.access === 'read-only' || result.readonly ? 'read only' : 'publish' - output.standard(`Created ${chalk.blue(level)} token ${result.token}`, { [META]: true, redact: false }) + output.standard(`Created token ${result.token}`, { [META]: true, redact: false }) if (result.cidr_whitelist?.length) { output.standard(`with IP whitelist: ${chalk.green(result.cidr_whitelist.join(','))}`) } diff --git a/deps/npm/lib/utils/auth.js b/deps/npm/lib/utils/auth.js index 747271169124b3..a617ab9430b2ab 100644 --- a/deps/npm/lib/utils/auth.js +++ b/deps/npm/lib/utils/auth.js @@ -51,7 +51,7 @@ const adduser = async (npm, { creds, ...opts }) => { if (!res) { const username = await read.username('Username:', creds.username) const password = await read.password('Password:', creds.password) - const email = await read.email('Email: (this IS public) ', creds.email) + const email = await read.email('Email (this will be public):', creds.email) // npm registry quirk: If you "add" an existing user with their current // password, it's effectively a login, and if that account has otp you'll // be prompted for it. diff --git a/deps/npm/lib/utils/display.js b/deps/npm/lib/utils/display.js index 01ad55d4ce30c3..dff16ceebef6fd 100644 --- a/deps/npm/lib/utils/display.js +++ b/deps/npm/lib/utils/display.js @@ -177,6 +177,8 @@ class Display { #stdout #stderr + #seenNotices = new Set() + constructor ({ stdout, stderr }) { this.#stdout = setBlocking(stdout) this.#stderr = setBlocking(stderr) @@ -195,6 +197,7 @@ class Display { this.#outputState.buffer.length = 0 process.off('input', this.#inputHandler) this.#progress.off() + this.#seenNotices.clear() } get chalk () { @@ -330,20 +333,37 @@ class Display { this.#progress.off() break - case input.KEYS.end: + case input.KEYS.end: { log.resume() + // For silent prompts (like password), add newline to preserve output + if (meta?.silent) { + output.standard('') + } output.flush() this.#progress.resume() break + } case input.KEYS.read: { - // The convention when calling input.read is to pass in a single fn that returns the promise to await. resolve and reject are provided by proc-log. + // The convention when calling input.read is to pass in a single fn that returns the promise to await. Resolve and reject are provided by proc-log. const [res, rej, p] = args - return input.start(() => p() - .then(res) - .catch(rej) - // Any call to procLog.input.read will render a prompt to the user, so we always add a single newline of output to stdout to move the cursor to the next line. - .finally(() => output.standard(''))) + + // Use sequential input management to avoid race condition which causes issues with spinner and adding newlines. + input.start() + + return p() + .then((result) => { + // If user hits enter, process end event and return input. + input.end({ [META]: true, silent: meta?.silent }) + res(result) + return result + }) + .catch((error) => { + // If user hits ctrl+c, add newline to preserve output. + output.standard('') + input.end() + rej(error) + }) } } }) @@ -404,6 +424,14 @@ class Display { // notice logs typically come from `npm-notice` headers in responses. Some of them have 2fa login links so we skip redaction. if (level === 'notice') { writeOpts.redact = false + // Deduplicate notices within a single command execution, unless in verbose mode + if (this.#levelIndex < LEVEL_OPTIONS.verbose.index) { + const noticeKey = JSON.stringify([title, ...args]) + if (this.#seenNotices.has(noticeKey)) { + return + } + this.#seenNotices.add(noticeKey) + } } this.#write(this.#stderr, writeOpts, ...args) } diff --git a/deps/npm/lib/utils/read-user-info.js b/deps/npm/lib/utils/read-user-info.js index a9a50f8263ff63..9b89f9e4382b13 100644 --- a/deps/npm/lib/utils/read-user-info.js +++ b/deps/npm/lib/utils/read-user-info.js @@ -1,6 +1,6 @@ const { read: _read } = require('read') const userValidate = require('npm-user-validate') -const { log, input } = require('proc-log') +const { log, input, META } = require('proc-log') const otpPrompt = `This command requires a one-time password (OTP) from your authenticator app. Enter one below. You can also pass one on the command line by appending --otp=123456. @@ -9,9 +9,11 @@ https://docs.npmjs.com/getting-started/using-two-factor-authentication Enter OTP: ` const passwordPrompt = 'npm password: ' const usernamePrompt = 'npm username: ' -const emailPrompt = 'email (this IS public): ' +const emailPrompt = 'email (this will be public): ' -const read = (...args) => input.read(() => _read(...args)) +// Pass options through so we can differentiate between regular and silent prompts +const read = (options) => + input.read(() => _read(options), { [META]: true, silent: options?.silent }) function readOTP (msg = otpPrompt, otp, isRetry) { if (isRetry && otp && /^[\d ]+$|^[A-Fa-f0-9]{64,64}$/.test(otp)) { diff --git a/deps/npm/man/man1/npm-access.1 b/deps/npm/man/man1/npm-access.1 index b99d60dcad0d59..221928483a0fee 100644 --- a/deps/npm/man/man1/npm-access.1 +++ b/deps/npm/man/man1/npm-access.1 @@ -1,4 +1,4 @@ -.TH "NPM-ACCESS" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-ACCESS" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-access\fR - Set access level on published packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-adduser.1 b/deps/npm/man/man1/npm-adduser.1 index 8ac09b95277124..fffdc420d5c469 100644 --- a/deps/npm/man/man1/npm-adduser.1 +++ b/deps/npm/man/man1/npm-adduser.1 @@ -1,4 +1,4 @@ -.TH "NPM-ADDUSER" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-ADDUSER" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-adduser\fR - Add a registry user account .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1 index 081bd892ec3c1a..1c5d7bf1fb7d88 100644 --- a/deps/npm/man/man1/npm-audit.1 +++ b/deps/npm/man/man1/npm-audit.1 @@ -1,4 +1,4 @@ -.TH "NPM-AUDIT" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-AUDIT" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-audit\fR - Run a security audit .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-bugs.1 b/deps/npm/man/man1/npm-bugs.1 index b32f4f87596274..4edc2f0b42f8fc 100644 --- a/deps/npm/man/man1/npm-bugs.1 +++ b/deps/npm/man/man1/npm-bugs.1 @@ -1,4 +1,4 @@ -.TH "NPM-BUGS" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-BUGS" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-bugs\fR - Report bugs for a package in a web browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-cache.1 b/deps/npm/man/man1/npm-cache.1 index 12098defff33cf..34af9c2130c988 100644 --- a/deps/npm/man/man1/npm-cache.1 +++ b/deps/npm/man/man1/npm-cache.1 @@ -1,4 +1,4 @@ -.TH "NPM-CACHE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-CACHE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-cache\fR - Manipulates packages cache .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1 index d57a7323892b2f..d150ca25c243ed 100644 --- a/deps/npm/man/man1/npm-ci.1 +++ b/deps/npm/man/man1/npm-ci.1 @@ -1,4 +1,4 @@ -.TH "NPM-CI" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-CI" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-ci\fR - Clean install a project .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-completion.1 b/deps/npm/man/man1/npm-completion.1 index 0832c98866f791..a479e3415f6ab1 100644 --- a/deps/npm/man/man1/npm-completion.1 +++ b/deps/npm/man/man1/npm-completion.1 @@ -1,4 +1,4 @@ -.TH "NPM-COMPLETION" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-COMPLETION" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-completion\fR - Tab Completion for npm .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-config.1 b/deps/npm/man/man1/npm-config.1 index 0eda763cd84377..d440315b2036ce 100644 --- a/deps/npm/man/man1/npm-config.1 +++ b/deps/npm/man/man1/npm-config.1 @@ -1,4 +1,4 @@ -.TH "NPM-CONFIG" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-CONFIG" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-config\fR - Manage the npm configuration files .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-dedupe.1 b/deps/npm/man/man1/npm-dedupe.1 index 617d9f5768c9f6..95655df0f8964c 100644 --- a/deps/npm/man/man1/npm-dedupe.1 +++ b/deps/npm/man/man1/npm-dedupe.1 @@ -1,4 +1,4 @@ -.TH "NPM-DEDUPE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DEDUPE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-dedupe\fR - Reduce duplication in the package tree .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-deprecate.1 b/deps/npm/man/man1/npm-deprecate.1 index f8d34b5a0238d9..2e94119a1066e4 100644 --- a/deps/npm/man/man1/npm-deprecate.1 +++ b/deps/npm/man/man1/npm-deprecate.1 @@ -1,4 +1,4 @@ -.TH "NPM-DEPRECATE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DEPRECATE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-deprecate\fR - Deprecate a version of a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-diff.1 b/deps/npm/man/man1/npm-diff.1 index d4611531e71e11..2f971f2ade16d5 100644 --- a/deps/npm/man/man1/npm-diff.1 +++ b/deps/npm/man/man1/npm-diff.1 @@ -1,4 +1,4 @@ -.TH "NPM-DIFF" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DIFF" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-diff\fR - The registry diff command .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-dist-tag.1 b/deps/npm/man/man1/npm-dist-tag.1 index 5a18cdaad78155..92d9cd416bd2c2 100644 --- a/deps/npm/man/man1/npm-dist-tag.1 +++ b/deps/npm/man/man1/npm-dist-tag.1 @@ -1,4 +1,4 @@ -.TH "NPM-DIST-TAG" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DIST-TAG" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-dist-tag\fR - Modify package distribution tags .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-docs.1 b/deps/npm/man/man1/npm-docs.1 index 6645a2c57f9214..c8443c7b4cc32a 100644 --- a/deps/npm/man/man1/npm-docs.1 +++ b/deps/npm/man/man1/npm-docs.1 @@ -1,4 +1,4 @@ -.TH "NPM-DOCS" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DOCS" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-docs\fR - Open documentation for a package in a web browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-doctor.1 b/deps/npm/man/man1/npm-doctor.1 index 9aeba561e01dd2..25666701aae35c 100644 --- a/deps/npm/man/man1/npm-doctor.1 +++ b/deps/npm/man/man1/npm-doctor.1 @@ -1,4 +1,4 @@ -.TH "NPM-DOCTOR" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-DOCTOR" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-doctor\fR - Check the health of your npm environment .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-edit.1 b/deps/npm/man/man1/npm-edit.1 index f0a0792b23d2e6..34934c0e12e1d9 100644 --- a/deps/npm/man/man1/npm-edit.1 +++ b/deps/npm/man/man1/npm-edit.1 @@ -1,4 +1,4 @@ -.TH "NPM-EDIT" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-EDIT" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-edit\fR - Edit an installed package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1 index 701c9ede8684aa..af56f7392e9f0c 100644 --- a/deps/npm/man/man1/npm-exec.1 +++ b/deps/npm/man/man1/npm-exec.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXEC" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-EXEC" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-exec\fR - Run a command from a local or remote npm package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1 index fd7db608be71ac..3181c5fb5a9109 100644 --- a/deps/npm/man/man1/npm-explain.1 +++ b/deps/npm/man/man1/npm-explain.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXPLAIN" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-EXPLAIN" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-explain\fR - Explain installed packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-explore.1 b/deps/npm/man/man1/npm-explore.1 index 3d5b786780b400..80820cbb7c8b04 100644 --- a/deps/npm/man/man1/npm-explore.1 +++ b/deps/npm/man/man1/npm-explore.1 @@ -1,4 +1,4 @@ -.TH "NPM-EXPLORE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-EXPLORE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-explore\fR - Browse an installed package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-find-dupes.1 b/deps/npm/man/man1/npm-find-dupes.1 index 9f15fe60e76267..a286fbd0e9e389 100644 --- a/deps/npm/man/man1/npm-find-dupes.1 +++ b/deps/npm/man/man1/npm-find-dupes.1 @@ -1,4 +1,4 @@ -.TH "NPM-FIND-DUPES" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-FIND-DUPES" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-find-dupes\fR - Find duplication in the package tree .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-fund.1 b/deps/npm/man/man1/npm-fund.1 index bdcf7b7e0b7d64..b143b012950b9a 100644 --- a/deps/npm/man/man1/npm-fund.1 +++ b/deps/npm/man/man1/npm-fund.1 @@ -1,4 +1,4 @@ -.TH "NPM-FUND" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-FUND" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-fund\fR - Retrieve funding information .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-help-search.1 b/deps/npm/man/man1/npm-help-search.1 index 602a32832bb048..e42e58710280eb 100644 --- a/deps/npm/man/man1/npm-help-search.1 +++ b/deps/npm/man/man1/npm-help-search.1 @@ -1,4 +1,4 @@ -.TH "NPM-HELP-SEARCH" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-HELP-SEARCH" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-help-search\fR - Search npm help documentation .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-help.1 b/deps/npm/man/man1/npm-help.1 index 418b411d7aeee7..b594d6d61e453f 100644 --- a/deps/npm/man/man1/npm-help.1 +++ b/deps/npm/man/man1/npm-help.1 @@ -1,4 +1,4 @@ -.TH "NPM-HELP" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-HELP" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-help\fR - Get help on npm .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1 index 477414cf2adb45..192441bc326108 100644 --- a/deps/npm/man/man1/npm-init.1 +++ b/deps/npm/man/man1/npm-init.1 @@ -1,4 +1,4 @@ -.TH "NPM-INIT" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-INIT" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-init\fR - Create a package.json file .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1 index 55d8bf71323234..7a318549782ee9 100644 --- a/deps/npm/man/man1/npm-install-ci-test.1 +++ b/deps/npm/man/man1/npm-install-ci-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL-CI-TEST" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-INSTALL-CI-TEST" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-install-ci-test\fR - Install a project with a clean slate and run tests .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install-test.1 b/deps/npm/man/man1/npm-install-test.1 index 98e31ff6730657..cfaca3fba03bb1 100644 --- a/deps/npm/man/man1/npm-install-test.1 +++ b/deps/npm/man/man1/npm-install-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL-TEST" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-INSTALL-TEST" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-install-test\fR - Install package(s) and run tests .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1 index 2d9dcd18bb4183..676c07b19f1095 100644 --- a/deps/npm/man/man1/npm-install.1 +++ b/deps/npm/man/man1/npm-install.1 @@ -1,4 +1,4 @@ -.TH "NPM-INSTALL" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-INSTALL" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-install\fR - Install a package .SS "Synopsis" @@ -121,6 +121,8 @@ Do a \fB@\fR install, where \fB\fR is the "tag" config. (See \fB .P In most cases, this will install the version of the modules tagged as \fBlatest\fR on the npm registry. .P +\fBNote:\fR When installing by name without specifying a version or tag, npm prioritizes versions that match the current Node.js version based on the package's \fBengines\fR field. If the \fBlatest\fR tag points to a version incompatible with your current Node.js version, npm will install the newest compatible version instead. To install a specific version regardless of \fBengines\fR compatibility, explicitly specify the version or tag: \fBnpm install @latest\fR. +.P Example: .P .RS 2 @@ -228,6 +230,17 @@ npm install sax@">=0.1.0 <0.2.0" npm install @myorg/privatepackage@"16 - 17" .fi .RE +.P +\fBPrerelease versions:\fR By default, version ranges only match stable versions. To include prerelease versions, they must be explicitly specified in the range. Prerelease versions are tied to a specific version triple (major.minor.patch). For example, \fB^1.2.3-beta.1\fR will only match prereleases for \fB1.2.x\fR, not \fB1.3.x\fR. To match all prereleases for a major version, use a range like \fB^1.0.0-0\fR, which will include all \fB1.x.x\fR prereleases. +.P +Example: +.P +.RS 2 +.nf +npm install package@^1.2.3-beta.1 # Matches 1.2.3-beta.1, 1.2.3-beta.2, 1.2.4-beta.1, etc. +npm install package@^1.0.0-0 # Matches all 1.x.x prereleases and stable versions +.fi +.RE .IP \(bu 4 \fBnpm install \fR: .P @@ -359,6 +372,8 @@ npm install sax@">=0.1.0 <0.2.0" bench supervisor .P The \fB--tag\fR argument will apply to all of the specified install targets. If a tag with the given name exists, the tagged version is preferred over newer versions. .P +\fBNote:\fR The \fB--tag\fR option only affects packages specified on the command line. It does not override version ranges specified in \fBpackage.json\fR. For example, if \fBpackage.json\fR specifies \fB"foo": "^1.0.0"\fR and you run \fBnpm install --tag beta\fR, npm will still install a version matching \fB^1.0.0\fR even if the \fBbeta\fR tag points to a different version. To install a tagged version, specify the package explicitly: \fBnpm install foo@beta\fR. +.P The \fB--dry-run\fR argument will report in the usual way what the install would have done without actually installing anything. .P The \fB--package-lock-only\fR argument will only update the \fBpackage-lock.json\fR, instead of checking \fBnode_modules\fR and downloading dependencies. diff --git a/deps/npm/man/man1/npm-link.1 b/deps/npm/man/man1/npm-link.1 index 95053131833e61..20a07b18bd37f1 100644 --- a/deps/npm/man/man1/npm-link.1 +++ b/deps/npm/man/man1/npm-link.1 @@ -1,4 +1,4 @@ -.TH "NPM-LINK" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-LINK" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-link\fR - Symlink a package folder .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-login.1 b/deps/npm/man/man1/npm-login.1 index 64e78c0a00fce4..aa86256a412c29 100644 --- a/deps/npm/man/man1/npm-login.1 +++ b/deps/npm/man/man1/npm-login.1 @@ -1,4 +1,4 @@ -.TH "NPM-LOGIN" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-LOGIN" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-login\fR - Login to a registry user account .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-logout.1 b/deps/npm/man/man1/npm-logout.1 index b452c96ddb5f97..a9cb0d90da246d 100644 --- a/deps/npm/man/man1/npm-logout.1 +++ b/deps/npm/man/man1/npm-logout.1 @@ -1,4 +1,4 @@ -.TH "NPM-LOGOUT" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-LOGOUT" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-logout\fR - Log out of the registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1 index 529c8deff181ef..c856447ba23e8f 100644 --- a/deps/npm/man/man1/npm-ls.1 +++ b/deps/npm/man/man1/npm-ls.1 @@ -1,4 +1,4 @@ -.TH "NPM-LS" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-LS" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-ls\fR - List installed packages .SS "Synopsis" @@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit .P .RS 2 .nf -npm@11.6.4 /path/to/npm +npm@11.7.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 .fi diff --git a/deps/npm/man/man1/npm-org.1 b/deps/npm/man/man1/npm-org.1 index 7237ef40e495cf..2083de7469a8de 100644 --- a/deps/npm/man/man1/npm-org.1 +++ b/deps/npm/man/man1/npm-org.1 @@ -1,4 +1,4 @@ -.TH "NPM-ORG" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-ORG" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-org\fR - Manage orgs .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-outdated.1 b/deps/npm/man/man1/npm-outdated.1 index c7d37c0b518310..fd3dc0ab1af91d 100644 --- a/deps/npm/man/man1/npm-outdated.1 +++ b/deps/npm/man/man1/npm-outdated.1 @@ -1,4 +1,4 @@ -.TH "NPM-OUTDATED" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-OUTDATED" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-outdated\fR - Check for outdated packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1 index df94af5e658f40..e042272aad6d3f 100644 --- a/deps/npm/man/man1/npm-owner.1 +++ b/deps/npm/man/man1/npm-owner.1 @@ -1,4 +1,4 @@ -.TH "NPM-OWNER" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-OWNER" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-owner\fR - Manage package owners .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-pack.1 b/deps/npm/man/man1/npm-pack.1 index 2c7bcc94a815f5..0e65835bec6699 100644 --- a/deps/npm/man/man1/npm-pack.1 +++ b/deps/npm/man/man1/npm-pack.1 @@ -1,4 +1,4 @@ -.TH "NPM-PACK" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PACK" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-pack\fR - Create a tarball from a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-ping.1 b/deps/npm/man/man1/npm-ping.1 index ce4674dbd6fb65..0f0ccc35e811c8 100644 --- a/deps/npm/man/man1/npm-ping.1 +++ b/deps/npm/man/man1/npm-ping.1 @@ -1,4 +1,4 @@ -.TH "NPM-PING" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PING" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-ping\fR - Ping npm registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-pkg.1 b/deps/npm/man/man1/npm-pkg.1 index c53422e0de4b4a..81c165aa5acbca 100644 --- a/deps/npm/man/man1/npm-pkg.1 +++ b/deps/npm/man/man1/npm-pkg.1 @@ -1,4 +1,4 @@ -.TH "NPM-PKG" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PKG" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-pkg\fR - Manages your package.json .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-prefix.1 b/deps/npm/man/man1/npm-prefix.1 index 8aa3f6f068e0b5..96304a9c436ac0 100644 --- a/deps/npm/man/man1/npm-prefix.1 +++ b/deps/npm/man/man1/npm-prefix.1 @@ -1,4 +1,4 @@ -.TH "NPM-PREFIX" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PREFIX" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-prefix\fR - Display prefix .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-profile.1 b/deps/npm/man/man1/npm-profile.1 index 4536aa7cf13d8e..0345ed510120c5 100644 --- a/deps/npm/man/man1/npm-profile.1 +++ b/deps/npm/man/man1/npm-profile.1 @@ -1,4 +1,4 @@ -.TH "NPM-PROFILE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PROFILE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-profile\fR - Change settings on your registry profile .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-prune.1 b/deps/npm/man/man1/npm-prune.1 index 16f3aea4460ed5..6c0e2060d1111f 100644 --- a/deps/npm/man/man1/npm-prune.1 +++ b/deps/npm/man/man1/npm-prune.1 @@ -1,4 +1,4 @@ -.TH "NPM-PRUNE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PRUNE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-prune\fR - Remove extraneous packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1 index 9f4d2c7523b2f3..4c932f1f74467c 100644 --- a/deps/npm/man/man1/npm-publish.1 +++ b/deps/npm/man/man1/npm-publish.1 @@ -1,4 +1,4 @@ -.TH "NPM-PUBLISH" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-PUBLISH" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-publish\fR - Publish a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-query.1 b/deps/npm/man/man1/npm-query.1 index f720b95c8127ac..6f8d9edafd79d8 100644 --- a/deps/npm/man/man1/npm-query.1 +++ b/deps/npm/man/man1/npm-query.1 @@ -1,4 +1,4 @@ -.TH "NPM-QUERY" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-QUERY" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-query\fR - Dependency selector query .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-rebuild.1 b/deps/npm/man/man1/npm-rebuild.1 index 651695eb0dfed8..2ddfe8ef9ccf6a 100644 --- a/deps/npm/man/man1/npm-rebuild.1 +++ b/deps/npm/man/man1/npm-rebuild.1 @@ -1,4 +1,4 @@ -.TH "NPM-REBUILD" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-REBUILD" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-rebuild\fR - Rebuild a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-repo.1 b/deps/npm/man/man1/npm-repo.1 index 7c5867e2685ea5..9c53c09bffc15a 100644 --- a/deps/npm/man/man1/npm-repo.1 +++ b/deps/npm/man/man1/npm-repo.1 @@ -1,4 +1,4 @@ -.TH "NPM-REPO" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-REPO" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-repo\fR - Open package repository page in the browser .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-restart.1 b/deps/npm/man/man1/npm-restart.1 index d5c3fc21544299..0546b97fdee364 100644 --- a/deps/npm/man/man1/npm-restart.1 +++ b/deps/npm/man/man1/npm-restart.1 @@ -1,4 +1,4 @@ -.TH "NPM-RESTART" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-RESTART" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-restart\fR - Restart a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-root.1 b/deps/npm/man/man1/npm-root.1 index 8fab3193c3c693..4701fe4977609e 100644 --- a/deps/npm/man/man1/npm-root.1 +++ b/deps/npm/man/man1/npm-root.1 @@ -1,4 +1,4 @@ -.TH "NPM-ROOT" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-ROOT" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-root\fR - Display npm root .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-run.1 b/deps/npm/man/man1/npm-run.1 index 434a43bf17a05e..4e4a78da51aa3b 100644 --- a/deps/npm/man/man1/npm-run.1 +++ b/deps/npm/man/man1/npm-run.1 @@ -1,4 +1,4 @@ -.TH "NPM-RUN" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-RUN" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-run\fR - Run arbitrary package scripts .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-sbom.1 b/deps/npm/man/man1/npm-sbom.1 index f5ac32a393bfad..41fee548c875e9 100644 --- a/deps/npm/man/man1/npm-sbom.1 +++ b/deps/npm/man/man1/npm-sbom.1 @@ -1,4 +1,4 @@ -.TH "NPM-SBOM" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-SBOM" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-sbom\fR - Generate a Software Bill of Materials (SBOM) .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-search.1 b/deps/npm/man/man1/npm-search.1 index 23bcd49e67eb26..168840ef526bf4 100644 --- a/deps/npm/man/man1/npm-search.1 +++ b/deps/npm/man/man1/npm-search.1 @@ -1,4 +1,4 @@ -.TH "NPM-SEARCH" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-SEARCH" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-search\fR - Search for packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-shrinkwrap.1 b/deps/npm/man/man1/npm-shrinkwrap.1 index 44f8455c62446b..66eece7cef0f04 100644 --- a/deps/npm/man/man1/npm-shrinkwrap.1 +++ b/deps/npm/man/man1/npm-shrinkwrap.1 @@ -1,4 +1,4 @@ -.TH "NPM-SHRINKWRAP" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-SHRINKWRAP" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-shrinkwrap\fR - Lock down dependency versions for publication .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-star.1 b/deps/npm/man/man1/npm-star.1 index 22af95cc8561fb..e57fd86909292b 100644 --- a/deps/npm/man/man1/npm-star.1 +++ b/deps/npm/man/man1/npm-star.1 @@ -1,4 +1,4 @@ -.TH "NPM-STAR" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-STAR" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-star\fR - Mark your favorite packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-stars.1 b/deps/npm/man/man1/npm-stars.1 index 89c8ef6c335e27..c2413de4f4d98c 100644 --- a/deps/npm/man/man1/npm-stars.1 +++ b/deps/npm/man/man1/npm-stars.1 @@ -1,4 +1,4 @@ -.TH "NPM-STARS" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-STARS" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-stars\fR - View packages marked as favorites .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-start.1 b/deps/npm/man/man1/npm-start.1 index daa9ba8974af67..78c943681fff9f 100644 --- a/deps/npm/man/man1/npm-start.1 +++ b/deps/npm/man/man1/npm-start.1 @@ -1,4 +1,4 @@ -.TH "NPM-START" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-START" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-start\fR - Start a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-stop.1 b/deps/npm/man/man1/npm-stop.1 index 972e4b71173266..da865090a1938b 100644 --- a/deps/npm/man/man1/npm-stop.1 +++ b/deps/npm/man/man1/npm-stop.1 @@ -1,4 +1,4 @@ -.TH "NPM-STOP" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-STOP" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-stop\fR - Stop a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-team.1 b/deps/npm/man/man1/npm-team.1 index 14af273e8766b7..f3a49dc025c0b1 100644 --- a/deps/npm/man/man1/npm-team.1 +++ b/deps/npm/man/man1/npm-team.1 @@ -1,4 +1,4 @@ -.TH "NPM-TEAM" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-TEAM" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-team\fR - Manage organization teams and team memberships .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-test.1 b/deps/npm/man/man1/npm-test.1 index c4cc6f02c21e15..50a1138e4fe924 100644 --- a/deps/npm/man/man1/npm-test.1 +++ b/deps/npm/man/man1/npm-test.1 @@ -1,4 +1,4 @@ -.TH "NPM-TEST" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-TEST" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-test\fR - Test a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-token.1 b/deps/npm/man/man1/npm-token.1 index 545a05076649ac..1ee8b395852691 100644 --- a/deps/npm/man/man1/npm-token.1 +++ b/deps/npm/man/man1/npm-token.1 @@ -1,4 +1,4 @@ -.TH "NPM-TOKEN" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-TOKEN" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-token\fR - Manage your authentication tokens .SS "Synopsis" @@ -7,7 +7,7 @@ .nf npm token list npm token revoke -npm token create --name= \[lB]--token-description=\[rB] \[lB]--packages=\[rB] \[lB]--packages-all\[rB] \[lB]--scopes=\[rB] \[lB]--orgs=\[rB] \[lB]--packages-and-scopes-permission=\[rB] \[lB]--orgs-permission=\[rB] \[lB]--expires=\[rB] \[lB]--cidr=\[rB] \[lB]--bypass-2fa\[rB] \[lB]--password=\[rB] +npm token create .fi .RE .P @@ -15,41 +15,19 @@ Note: This command is unaware of workspaces. .SS "Description" .P This lets you list, create and revoke authentication tokens. -.RS 0 -.IP \(bu 4 -\fBnpm token list\fR: Shows a table of all active authentication tokens. You can request this as JSON with \fB--json\fR or tab-separated values with \fB--parseable\fR. -.RE 0 - +.SS "Listing tokens" .P -.RS 2 -.nf -Read only token npm_1f… with id 7f3134 created 2017-10-21 - -Publish token npm_af… with id c03241 created 2017-10-02 -with IP Whitelist: 192.168.0.1/24 - -Publish token npm_… with id e0cf92 created 2017-10-02 - -.fi -.RE -.RS 0 -.IP \(bu 4 -\fBnpm token create \[lB]--read-only\[rB] \[lB]--cidr=\[rB]\fR: Create a new authentication token. It can be \fB--read-only\fR, or accept a list of \fBCIDR\fR \fI\(lahttps://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing\(ra\fR ranges with which to limit use of this token. This will prompt you for your password, and, if you have two-factor authentication enabled, an otp. +When listing tokens, an abbreviated token will be displayed. For security purposes the full token is not displayed. +.SS "Generating tokens" .P -Currently, the cli cannot generate automation tokens. Please refer to the \fBdocs website\fR \fI\(lahttps://docs.npmjs.com/creating-and-viewing-access-tokens\(ra\fR for more information on generating automation tokens. -.RE 0 - +When generating tokens, you will be prompted you for your password and, if you have two-factor authentication enabled, an otp. .P -.RS 2 -.nf -Created publish token a73c9572-f1b9-8983-983d-ba3ac3cc913d -.fi -.RE -.RS 0 -.IP \(bu 4 -\fBnpm token revoke \fR: Immediately removes an authentication token from the registry. You will no longer be able to use it. This can accept both complete tokens (such as those you get back from \fBnpm token create\fR, and those found in your \fB.npmrc\fR), and ids as seen in the parseable or json output of \fBnpm token list\fR. This will NOT accept the truncated token found in the normal \fBnpm token list\fR output. -.RE 0 - +Please refer to the \fBdocs website\fR \fI\(lahttps://docs.npmjs.com/creating-and-viewing-access-tokens\(ra\fR for more information on generating tokens for CI/CD. +.SS "Revoking tokens" +.P +When revoking a token, you can use the full token (e.g. what you get back from \fBnpm token create\fR, or as can be found in an \fB.npmrc\fR file), or a truncated id. If the given truncated id is not distinct enough to differentiate between multiple existing tokens, you will need to use enough of the id to allow npm to distinguish between them. Full token ids can be found on the \fBnpm website\fR \fI\(lahttps://www.npmjs.com\(ra\fR, or in the \fB--parseable\fR or \fB--json\fR output of \fBnpm token list\fR. This command will NOT accept the truncated token found in the normal \fBnpm token list\fR output. +.P +A revoked token will immediately be removed from the registry and you will no longer be able to use it. .SS "Configuration" .SS "\fBname\fR" .RS 0 @@ -90,7 +68,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific packages. Provide a comma-separated list of package names. +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific packages. .SS "\fBpackages-all\fR" .RS 0 .IP \(bu 4 @@ -110,7 +88,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific scopes. Provide a comma-separated list of scope names (with or without @ prefix). +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific scopes. Provide a scope name (with or without @ prefix). .SS "\fBorgs\fR" .RS 0 .IP \(bu 4 @@ -120,7 +98,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific organizations. Provide a comma-separated list of organization names. +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific organizations. .SS "\fBpackages-and-scopes-permission\fR" .RS 0 .IP \(bu 4 diff --git a/deps/npm/man/man1/npm-undeprecate.1 b/deps/npm/man/man1/npm-undeprecate.1 index ffe80fba1c7a94..12248c0bc3b77c 100644 --- a/deps/npm/man/man1/npm-undeprecate.1 +++ b/deps/npm/man/man1/npm-undeprecate.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNDEPRECATE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-UNDEPRECATE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-undeprecate\fR - Undeprecate a version of a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-uninstall.1 b/deps/npm/man/man1/npm-uninstall.1 index 0a283ee5040e6d..a889fbb4e76aa3 100644 --- a/deps/npm/man/man1/npm-uninstall.1 +++ b/deps/npm/man/man1/npm-uninstall.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNINSTALL" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-UNINSTALL" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-uninstall\fR - Remove a package .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-unpublish.1 b/deps/npm/man/man1/npm-unpublish.1 index 2c121fab25b930..fafed88b13e076 100644 --- a/deps/npm/man/man1/npm-unpublish.1 +++ b/deps/npm/man/man1/npm-unpublish.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNPUBLISH" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-UNPUBLISH" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-unpublish\fR - Remove a package from the registry .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-unstar.1 b/deps/npm/man/man1/npm-unstar.1 index e93a9d816d85b5..cad783d28a7c13 100644 --- a/deps/npm/man/man1/npm-unstar.1 +++ b/deps/npm/man/man1/npm-unstar.1 @@ -1,4 +1,4 @@ -.TH "NPM-UNSTAR" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-UNSTAR" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-unstar\fR - Remove an item from your favorite packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1 index 451203bb5ff861..d52e7ed56d0268 100644 --- a/deps/npm/man/man1/npm-update.1 +++ b/deps/npm/man/man1/npm-update.1 @@ -1,4 +1,4 @@ -.TH "NPM-UPDATE" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-UPDATE" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-update\fR - Update packages .SS "Synopsis" diff --git a/deps/npm/man/man1/npm-version.1 b/deps/npm/man/man1/npm-version.1 index 969832da26c99c..ade81d3a406857 100644 --- a/deps/npm/man/man1/npm-version.1 +++ b/deps/npm/man/man1/npm-version.1 @@ -1,4 +1,4 @@ -.TH "NPM-VERSION" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-VERSION" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-version\fR - Bump a package version .SS "Synopsis" @@ -180,8 +180,12 @@ Run this in a package directory to bump the version and write the new data back .P The \fBnewversion\fR argument should be a valid semver string, a valid second argument to \fBsemver.inc\fR \fI\(lahttps://github.com/npm/node-semver#functions\(ra\fR (one of \fBpatch\fR, \fBminor\fR, \fBmajor\fR, \fBprepatch\fR, \fBpreminor\fR, \fBpremajor\fR, \fBprerelease\fR), or \fBfrom-git\fR. In the second case, the existing version will be incremented by 1 in the specified field. \fBfrom-git\fR will try to read the latest git tag, and use that as the new npm version. .P +\fBNote:\fR If the current version is a prerelease version, \fBpatch\fR will simply remove the prerelease suffix without incrementing the patch version number. For example, \fB1.2.0-5\fR becomes \fB1.2.0\fR with \fBnpm version patch\fR, not \fB1.2.1\fR. +.P If run in a git repo, it will also create a version commit and tag. This behavior is controlled by \fBgit-tag-version\fR (see below), and can be disabled on the command line by running \fBnpm --no-git-tag-version version\fR. It will fail if the working directory is not clean, unless the \fB-f\fR or \fB--force\fR flag is set. .P +\fBNote:\fR Git integration requires a reasonably recent version of git (2.0.0 or later is recommended). If you encounter issues with git commands, ensure your git installation is up to date. +.P If supplied with \fB-m\fR or \fB\[rs]fB--message\[rs]fR config\fR \fI\(la/using-npm/config#message\(ra\fR option, npm will use it as a commit message when creating a version commit. If the \fBmessage\fR config contains \fB%s\fR then that will be replaced with the resulting version number. For example: .P .RS 2 diff --git a/deps/npm/man/man1/npm-view.1 b/deps/npm/man/man1/npm-view.1 index b999c59df999ec..458a29968504c8 100644 --- a/deps/npm/man/man1/npm-view.1 +++ b/deps/npm/man/man1/npm-view.1 @@ -1,4 +1,4 @@ -.TH "NPM-VIEW" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-VIEW" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-view\fR - View registry info .SS "Synopsis" @@ -80,6 +80,24 @@ npm view express time'\[lB]4.8.0\[rB]' .fi .RE .P +Note: When accessing object properties that contain special characters or numeric keys, you need to use quotes around the key name. For example, to get the publish time of a specific version: +.P +.RS 2 +.nf +npm view express "time\[lB]4.17.1\[rB]" +.fi +.RE +.P +Without quotes, the shell may interpret the square brackets as glob patterns, causing the command to fail. You can also access the time field for a specific version by specifying the version in the package descriptor: +.P +.RS 2 +.nf +npm view express@4.17.1 time +.fi +.RE +.P +This will return all version-time pairs, but the context will be for that specific version. +.P Multiple fields may be specified, and will be printed one after another. For example, to get all the contributor names and email addresses, you can do this: .P .RS 2 @@ -111,6 +129,59 @@ To show the \fBconnect\fR package version history, you can do this: npm view connect versions .fi .RE +.SS "Field Access Patterns" +.P +The \fBnpm view\fR command supports different ways to access nested fields and array elements in package metadata. Understanding these patterns makes it easier to extract specific information. +.SS "Nested Object Fields" +.P +Use dot notation to access nested object fields: +.P +.RS 2 +.nf +# Access nested properties +npm view npm repository.url +npm view express bugs.url +.fi +.RE +.SS "Array Element Access" +.P +For arrays, use numeric indices in square brackets to access specific elements: +.P +.RS 2 +.nf +# Get the first contributor's email +npm view express contributors\[lB]0\[rB].email + +# Get the second maintainer's name +npm view express maintainers\[lB]1\[rB].name +.fi +.RE +.SS "Object Property Access" +.P +For object properties (like accessing specific versions in the \fBtime\fR field), use bracket notation with the property name in quotes: +.P +.RS 2 +.nf +# Get publish time for a specific version +npm view express "time\[lB]4.17.1\[rB]" + +# Get dist-tags +npm view express "dist-tags.latest" +.fi +.RE +.SS "Extracting Fields from Arrays" +.P +Request a non-numeric field on an array to get all values from objects in the list: +.P +.RS 2 +.nf +# Get all contributor emails +npm view express contributors.email + +# Get all contributor names +npm view express contributors.name +.fi +.RE .SS "Configuration" .SS "\fBjson\fR" .RS 0 diff --git a/deps/npm/man/man1/npm-whoami.1 b/deps/npm/man/man1/npm-whoami.1 index 4b7782122b461c..fdeb1b84903370 100644 --- a/deps/npm/man/man1/npm-whoami.1 +++ b/deps/npm/man/man1/npm-whoami.1 @@ -1,4 +1,4 @@ -.TH "NPM-WHOAMI" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM-WHOAMI" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-whoami\fR - Display npm username .SS "Synopsis" diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1 index f1c0352dc047f3..7b39d0ffc8070f 100644 --- a/deps/npm/man/man1/npm.1 +++ b/deps/npm/man/man1/npm.1 @@ -1,4 +1,4 @@ -.TH "NPM" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPM" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm\fR - javascript package manager .SS "Synopsis" @@ -12,7 +12,7 @@ npm Note: This command is unaware of workspaces. .SS "Version" .P -11.6.4 +11.7.0 .SS "Description" .P npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently. diff --git a/deps/npm/man/man1/npx.1 b/deps/npm/man/man1/npx.1 index f3542b524b6d09..029641eebc6879 100644 --- a/deps/npm/man/man1/npx.1 +++ b/deps/npm/man/man1/npx.1 @@ -1,4 +1,4 @@ -.TH "NPX" "1" "November 2025" "NPM@11.6.4" "" +.TH "NPX" "1" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpx\fR - Run a command from a local or remote npm package .SS "Synopsis" @@ -15,6 +15,8 @@ npx --package=foo -c ' \[lB]args...\[rB]' .P This command allows you to run an arbitrary command from an npm package (either one installed locally, or fetched remotely), in a similar context as running it via \fBnpm run\fR. .P +Run this command to execute a package's binary. Any options and arguments after the package name are passed directly to the executed command, not to npx itself. For example, \fBnpx create-react-app my-app --template typescript\fR will pass \fBmy-app\fR and \fB--template typescript\fR to the \fBcreate-react-app\fR command. To see what options a specific package accepts, consult that package's documentation (e.g., at npmjs.com or in its repository). +.P Whatever packages are specified by the \fB--package\fR option will be provided in the \fBPATH\fR of the executed command, along with any locally installed package executables. The \fB--package\fR option may be specified multiple times, to execute the supplied command in an environment where all specified packages are available. .P If any requested packages are not present in the local project dependencies, then they are installed to a folder in the npm cache, which is added to the \fBPATH\fR environment variable in the executed process. A prompt is printed (which can be suppressed by providing either \fB--yes\fR or \fB--no\fR). diff --git a/deps/npm/man/man5/folders.5 b/deps/npm/man/man5/folders.5 index e38531e1f5a3f3..da8ac5bf510397 100644 --- a/deps/npm/man/man5/folders.5 +++ b/deps/npm/man/man5/folders.5 @@ -1,4 +1,4 @@ -.TH "FOLDERS" "5" "November 2025" "NPM@11.6.4" "" +.TH "FOLDERS" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBfolders\fR - Folder Structures Used by npm .SS "Description" diff --git a/deps/npm/man/man5/install.5 b/deps/npm/man/man5/install.5 index 76e3b738e1e15b..a551b767f72cb0 100644 --- a/deps/npm/man/man5/install.5 +++ b/deps/npm/man/man5/install.5 @@ -1,4 +1,4 @@ -.TH "INSTALL" "5" "November 2025" "NPM@11.6.4" "" +.TH "INSTALL" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBinstall\fR - Download and install node and npm .SS "Description" diff --git a/deps/npm/man/man5/npm-global.5 b/deps/npm/man/man5/npm-global.5 index e38531e1f5a3f3..da8ac5bf510397 100644 --- a/deps/npm/man/man5/npm-global.5 +++ b/deps/npm/man/man5/npm-global.5 @@ -1,4 +1,4 @@ -.TH "FOLDERS" "5" "November 2025" "NPM@11.6.4" "" +.TH "FOLDERS" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBfolders\fR - Folder Structures Used by npm .SS "Description" diff --git a/deps/npm/man/man5/npm-json.5 b/deps/npm/man/man5/npm-json.5 index 00a837d1d7707f..0e1bc996e16cf4 100644 --- a/deps/npm/man/man5/npm-json.5 +++ b/deps/npm/man/man5/npm-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE.JSON" "5" "November 2025" "NPM@11.6.4" "" +.TH "PACKAGE.JSON" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBpackage.json\fR - Specifics of npm's package.json handling .SS "Description" @@ -366,6 +366,11 @@ This should be a module relative to the root of your package folder. For most modules, it makes the most sense to have a main script and often not much else. .P If \fBmain\fR is not set, it defaults to \fBindex.js\fR in the package's root folder. +.SS "type" +.P +The \fBtype\fR field defines how Node.js should interpret \fB.js\fR files in your package. This field is not used by npm. +.P +See the \fBNode.js documentation on the type field\fR \fI\(lahttps://nodejs.org/api/packages.html#type\(ra\fR for more information. .SS "browser" .P If your module is meant to be used client-side the browser field should be used instead of the main field. This is helpful to hint users that it might rely on primitives that aren't available in Node.js modules. (e.g. \fBwindow\fR) @@ -527,6 +532,21 @@ For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the same .fi .RE .P +\fBNote on normalization:\fR When you publish a package, npm normalizes the \fBrepository\fR field to the full object format with a \fBurl\fR property. If you use a shorthand format (like \fB"npm/example"\fR), you'll see a warning during \fBnpm publish\fR indicating that the field was auto-corrected. While the shorthand format currently works, it's recommended to use the full object format in your \fBpackage.json\fR to avoid warnings and ensure future compatibility: +.P +.RS 2 +.nf +{ + "repository": { + "type": "git", + "url": "git+https://github.com/npm/example.git" + } +} +.fi +.RE +.P +You can run \fBnpm pkg fix\fR to automatically convert shorthand formats to the normalized object format. +.P If the \fBpackage.json\fR for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives: .P .RS 2 @@ -545,6 +565,21 @@ If the \fBpackage.json\fR for your package is not in the root directory (for exa The "scripts" property is a dictionary containing script commands that are run at various times in the lifecycle of your package. The key is the lifecycle event, and the value is the command to run at that point. .P See npm help scripts to find out more about writing package scripts. +.SS "gypfile" +.P +If you have a binding.gyp file in the root of your package and you have not defined your own \fBinstall\fR or \fBpreinstall\fR scripts, npm will default to building your module using node-gyp. +.P +To prevent npm from automatically building your module with node-gyp, set \fBgypfile\fR to \fBfalse\fR: +.P +.RS 2 +.nf +{ + "gypfile": false +} +.fi +.RE +.P +This is useful for packages that include native addons but want to handle the build process differently, or packages that have a binding.gyp file but should not be built as a native addon. .SS "config" .P A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades. For instance, if a package had the following: @@ -967,6 +1002,59 @@ You may not set an override for a package that you directly depend on unless bot } .fi .RE +.SS "Replacing a dependency with a fork" +.P +You can replace a package with a different package or fork using several methods: +.P +\fBUsing the \fBnpm:\fB prefix to replace with a different package name:\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "npm:@scope/forked-package@1.0.0" + } +} +.fi +.RE +.P +\fBUsing a GitHub repository (supports branches, tags, or commit hashes):\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "github:username/repo#branch-name" + } +} +.fi +.RE +.P +\fBUsing a local file path:\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "file:../local-fork" + } +} +.fi +.RE +.P +These replacement methods work for both top-level overrides and nested overrides. For example, to replace a transitive dependency with a fork: +.P +.RS 2 +.nf +{ + "overrides": { + "parent-package": { + "vulnerable-dep": "github:username/patched-fork#v2.0.1" + } + } +} +.fi +.RE .SS "engines" .P You can specify the version of node that your stuff works on: diff --git a/deps/npm/man/man5/npm-shrinkwrap-json.5 b/deps/npm/man/man5/npm-shrinkwrap-json.5 index c5e703022738f9..0d994cb7b21013 100644 --- a/deps/npm/man/man5/npm-shrinkwrap-json.5 +++ b/deps/npm/man/man5/npm-shrinkwrap-json.5 @@ -1,4 +1,4 @@ -.TH "NPM-SHRINKWRAP.JSON" "5" "November 2025" "NPM@11.6.4" "" +.TH "NPM-SHRINKWRAP.JSON" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpm-shrinkwrap.json\fR - A publishable lockfile .SS "Description" diff --git a/deps/npm/man/man5/npmrc.5 b/deps/npm/man/man5/npmrc.5 index 0c695080776f83..a960ebf8ceffc8 100644 --- a/deps/npm/man/man5/npmrc.5 +++ b/deps/npm/man/man5/npmrc.5 @@ -1,4 +1,4 @@ -.TH "NPMRC" "5" "November 2025" "NPM@11.6.4" "" +.TH "NPMRC" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBnpmrc\fR - The npm config files .SS "Description" diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5 index 00a837d1d7707f..0e1bc996e16cf4 100644 --- a/deps/npm/man/man5/package-json.5 +++ b/deps/npm/man/man5/package-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE.JSON" "5" "November 2025" "NPM@11.6.4" "" +.TH "PACKAGE.JSON" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBpackage.json\fR - Specifics of npm's package.json handling .SS "Description" @@ -366,6 +366,11 @@ This should be a module relative to the root of your package folder. For most modules, it makes the most sense to have a main script and often not much else. .P If \fBmain\fR is not set, it defaults to \fBindex.js\fR in the package's root folder. +.SS "type" +.P +The \fBtype\fR field defines how Node.js should interpret \fB.js\fR files in your package. This field is not used by npm. +.P +See the \fBNode.js documentation on the type field\fR \fI\(lahttps://nodejs.org/api/packages.html#type\(ra\fR for more information. .SS "browser" .P If your module is meant to be used client-side the browser field should be used instead of the main field. This is helpful to hint users that it might rely on primitives that aren't available in Node.js modules. (e.g. \fBwindow\fR) @@ -527,6 +532,21 @@ For GitHub, GitHub gist, Bitbucket, or GitLab repositories you can use the same .fi .RE .P +\fBNote on normalization:\fR When you publish a package, npm normalizes the \fBrepository\fR field to the full object format with a \fBurl\fR property. If you use a shorthand format (like \fB"npm/example"\fR), you'll see a warning during \fBnpm publish\fR indicating that the field was auto-corrected. While the shorthand format currently works, it's recommended to use the full object format in your \fBpackage.json\fR to avoid warnings and ensure future compatibility: +.P +.RS 2 +.nf +{ + "repository": { + "type": "git", + "url": "git+https://github.com/npm/example.git" + } +} +.fi +.RE +.P +You can run \fBnpm pkg fix\fR to automatically convert shorthand formats to the normalized object format. +.P If the \fBpackage.json\fR for your package is not in the root directory (for example if it is part of a monorepo), you can specify the directory in which it lives: .P .RS 2 @@ -545,6 +565,21 @@ If the \fBpackage.json\fR for your package is not in the root directory (for exa The "scripts" property is a dictionary containing script commands that are run at various times in the lifecycle of your package. The key is the lifecycle event, and the value is the command to run at that point. .P See npm help scripts to find out more about writing package scripts. +.SS "gypfile" +.P +If you have a binding.gyp file in the root of your package and you have not defined your own \fBinstall\fR or \fBpreinstall\fR scripts, npm will default to building your module using node-gyp. +.P +To prevent npm from automatically building your module with node-gyp, set \fBgypfile\fR to \fBfalse\fR: +.P +.RS 2 +.nf +{ + "gypfile": false +} +.fi +.RE +.P +This is useful for packages that include native addons but want to handle the build process differently, or packages that have a binding.gyp file but should not be built as a native addon. .SS "config" .P A "config" object can be used to set configuration parameters used in package scripts that persist across upgrades. For instance, if a package had the following: @@ -967,6 +1002,59 @@ You may not set an override for a package that you directly depend on unless bot } .fi .RE +.SS "Replacing a dependency with a fork" +.P +You can replace a package with a different package or fork using several methods: +.P +\fBUsing the \fBnpm:\fB prefix to replace with a different package name:\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "npm:@scope/forked-package@1.0.0" + } +} +.fi +.RE +.P +\fBUsing a GitHub repository (supports branches, tags, or commit hashes):\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "github:username/repo#branch-name" + } +} +.fi +.RE +.P +\fBUsing a local file path:\fR +.P +.RS 2 +.nf +{ + "overrides": { + "package-name": "file:../local-fork" + } +} +.fi +.RE +.P +These replacement methods work for both top-level overrides and nested overrides. For example, to replace a transitive dependency with a fork: +.P +.RS 2 +.nf +{ + "overrides": { + "parent-package": { + "vulnerable-dep": "github:username/patched-fork#v2.0.1" + } + } +} +.fi +.RE .SS "engines" .P You can specify the version of node that your stuff works on: diff --git a/deps/npm/man/man5/package-lock-json.5 b/deps/npm/man/man5/package-lock-json.5 index b609a1da4506f3..bbc08fbb476923 100644 --- a/deps/npm/man/man5/package-lock-json.5 +++ b/deps/npm/man/man5/package-lock-json.5 @@ -1,4 +1,4 @@ -.TH "PACKAGE-LOCK.JSON" "5" "November 2025" "NPM@11.6.4" "" +.TH "PACKAGE-LOCK.JSON" "5" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBpackage-lock.json\fR - A manifestation of the manifest .SS "Description" @@ -119,7 +119,7 @@ npm v7 ignores this section entirely if a \fBpackages\fR section is present, but Dependency objects have the following fields: .RS 0 .IP \(bu 4 -version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it. +version: a specifier that varies depending on the nature of the package, and is usable in fetching a new copy of it. Note that for peer dependencies that are not installed, or optional dependencies that are not installed, this field may be omitted. .RS 4 .IP \(bu 4 bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes. @@ -135,6 +135,8 @@ local tarball sources: This is the file URL of the tarball. (eg \fBfile:///opt/s local link sources: This is the file URL of the link. (eg \fBfile:libs/our-module\fR) .RE 0 +.P +\fBNote:\fR The \fBversion\fR field may be omitted for certain types of dependencies, such as optional peer dependencies that are not installed. In these cases, only metadata fields like \fBdev\fR, \fBoptional\fR, and \fBpeer\fR will be present. .IP \(bu 4 integrity: A \fBsha512\fR or \fBsha1\fR \fBStandard Subresource Integrity\fR \fI\(lahttps://w3c.github.io/webappsec/specs/subresourceintegrity/\(ra\fR string for the artifact that was unpacked in this location. For git dependencies, this is the commit sha. .IP \(bu 4 diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7 index b90d5dfe520b63..cf6eca403397c2 100644 --- a/deps/npm/man/man7/config.7 +++ b/deps/npm/man/man7/config.7 @@ -1,4 +1,4 @@ -.TH "CONFIG" "7" "November 2025" "NPM@11.6.4" "" +.TH "CONFIG" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBconfig\fR - More than you probably want to know about npm configuration .SS "Description" @@ -11,6 +11,19 @@ npm gets its configuration values from the following sources, sorted by priority Putting \fB--foo bar\fR on the command line sets the \fBfoo\fR configuration parameter to \fB"bar"\fR. A \fB--\fR argument tells the cli parser to stop reading flags. Using \fB--flag\fR without specifying any value will set the value to \fBtrue\fR. .P Example: \fB--flag1 --flag2\fR will set both configuration parameters to \fBtrue\fR, while \fB--flag1 --flag2 bar\fR will set \fBflag1\fR to \fBtrue\fR, and \fBflag2\fR to \fBbar\fR. Finally, \fB--flag1 --flag2 -- bar\fR will set both configuration parameters to \fBtrue\fR, and the \fBbar\fR is taken as a command argument. +.P +\fBCommon examples:\fR +.RS 0 +.IP \(bu 4 +\fBnpm install --prefix /path/to/dir\fR - Runs npm commands in a different directory without changing the current working directory +.IP \(bu 4 +\fBnpm install --global\fR - Installs packages globally (shorthand: \fB-g\fR) +.IP \(bu 4 +\fBnpm install --save-dev\fR - Saves to devDependencies (shorthand: \fB-D\fR) +.RE 0 + +.P +Any configuration option documented in the \fI(Config Settings)\fR section below can be set via command line flags using \fB--option-name value\fR syntax. .SS "Environment Variables" .P Any environment variables that start with \fBnpm_config_\fR will be interpreted as a configuration parameter. For example, putting \fBnpm_config_foo=bar\fR in your environment will set the \fBfoo\fR configuration parameter to \fBbar\fR. Any environment configurations that are not given a value will be given the value of \fBtrue\fR. Config values are case-insensitive, so \fBNPM_CONFIG_FOO=bar\fR will work the same. However, please note that inside npm help scripts npm will set its own environment variables and Node will prefer those lowercase versions over any uppercase ones that you might set. For details see \fBthis issue\fR \fI\(lahttps://github.com/npm/npm/issues/14528\(ra\fR. @@ -1157,7 +1170,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific organizations. Provide a comma-separated list of organization names. +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific organizations. .SS "\fBorgs-permission\fR" .RS 0 .IP \(bu 4 @@ -1243,7 +1256,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific packages. Provide a comma-separated list of package names. +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific packages. .SS "\fBpackages-all\fR" .RS 0 .IP \(bu 4 @@ -1586,7 +1599,7 @@ Type: null or String (can be set multiple times) .RE 0 .P -When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific scopes. Provide a comma-separated list of scope names (with or without @ prefix). +When creating a Granular Access Token with \fBnpm token create\fR, this limits the token access to specific scopes. Provide a scope name (with or without @ prefix). .SS "\fBscript-shell\fR" .RS 0 .IP \(bu 4 diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7 index 46d94fd470099b..8b55667ed736a3 100644 --- a/deps/npm/man/man7/dependency-selectors.7 +++ b/deps/npm/man/man7/dependency-selectors.7 @@ -1,4 +1,4 @@ -.TH "QUERYING" "7" "November 2025" "NPM@11.6.4" "" +.TH "QUERYING" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBQuerying\fR - Dependency Selector Syntax & Querying .SS "Description" diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7 index 5ad068e0fff80b..f31fc2c760c8fd 100644 --- a/deps/npm/man/man7/developers.7 +++ b/deps/npm/man/man7/developers.7 @@ -1,4 +1,4 @@ -.TH "DEVELOPERS" "7" "November 2025" "NPM@11.6.4" "" +.TH "DEVELOPERS" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBdevelopers\fR - Developer Guide .SS "Description" diff --git a/deps/npm/man/man7/logging.7 b/deps/npm/man/man7/logging.7 index 7796b568bfc891..0bb53439ced328 100644 --- a/deps/npm/man/man7/logging.7 +++ b/deps/npm/man/man7/logging.7 @@ -1,4 +1,4 @@ -.TH "LOGGING" "7" "November 2025" "NPM@11.6.4" "" +.TH "LOGGING" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBLogging\fR - Why, What & How We Log .SS "Description" diff --git a/deps/npm/man/man7/orgs.7 b/deps/npm/man/man7/orgs.7 index 52828eb28b172b..df6d4a18b3cd50 100644 --- a/deps/npm/man/man7/orgs.7 +++ b/deps/npm/man/man7/orgs.7 @@ -1,4 +1,4 @@ -.TH "ORGS" "7" "November 2025" "NPM@11.6.4" "" +.TH "ORGS" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBorgs\fR - Working with Teams & Orgs .SS "Description" diff --git a/deps/npm/man/man7/package-spec.7 b/deps/npm/man/man7/package-spec.7 index 8b4cc7685cb887..c2ff611ad2da4a 100644 --- a/deps/npm/man/man7/package-spec.7 +++ b/deps/npm/man/man7/package-spec.7 @@ -1,4 +1,4 @@ -.TH "PACKAGE-SPEC" "7" "November 2025" "NPM@11.6.4" "" +.TH "PACKAGE-SPEC" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBpackage-spec\fR - Package name specifier .SS "Description" @@ -47,11 +47,11 @@ See \fBPackage name\fR above for more info on referring to a package by name, an Examples: .RS 0 .IP \(bu 4 -\fBsemver:@npm:@npmcli/semver-with-patch\fR +\fBsemver@npm:@npmcli/semver-with-patch\fR .IP \(bu 4 -\fBsemver:@npm:semver@7.2.2\fR +\fBsemver@npm:semver@7.2.2\fR .IP \(bu 4 -\fBsemver:@npm:semver@legacy\fR +\fBsemver@npm:semver@legacy\fR .RE 0 .SS "Folders" diff --git a/deps/npm/man/man7/registry.7 b/deps/npm/man/man7/registry.7 index b9f4854f741539..a35200cd196314 100644 --- a/deps/npm/man/man7/registry.7 +++ b/deps/npm/man/man7/registry.7 @@ -1,4 +1,4 @@ -.TH "REGISTRY" "7" "November 2025" "NPM@11.6.4" "" +.TH "REGISTRY" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBregistry\fR - The JavaScript Package Registry .SS "Description" diff --git a/deps/npm/man/man7/removal.7 b/deps/npm/man/man7/removal.7 index e589192c4697f7..c9dd805912a51b 100644 --- a/deps/npm/man/man7/removal.7 +++ b/deps/npm/man/man7/removal.7 @@ -1,4 +1,4 @@ -.TH "REMOVAL" "7" "November 2025" "NPM@11.6.4" "" +.TH "REMOVAL" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBremoval\fR - Cleaning the Slate .SS "Synopsis" diff --git a/deps/npm/man/man7/scope.7 b/deps/npm/man/man7/scope.7 index d25af904f4917d..5b2a8160dbc877 100644 --- a/deps/npm/man/man7/scope.7 +++ b/deps/npm/man/man7/scope.7 @@ -1,4 +1,4 @@ -.TH "SCOPE" "7" "November 2025" "NPM@11.6.4" "" +.TH "SCOPE" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBscope\fR - Scoped packages .SS "Description" diff --git a/deps/npm/man/man7/scripts.7 b/deps/npm/man/man7/scripts.7 index 1160ee1ad2270e..989c839c6398c0 100644 --- a/deps/npm/man/man7/scripts.7 +++ b/deps/npm/man/man7/scripts.7 @@ -1,4 +1,4 @@ -.TH "SCRIPTS" "7" "November 2025" "NPM@11.6.4" "" +.TH "SCRIPTS" "7" "December 2025" "NPM@11.7.0" "" .SH "NAME" \fBscripts\fR - How npm handles the "scripts" field .SS "Description" @@ -35,7 +35,7 @@ There are some special life cycle scripts that happen only in certain situations .IP \(bu 4 Runs BEFORE the package is packed, i.e. during \fBnpm publish\fR and \fBnpm pack\fR .IP \(bu 4 -Runs on local \fBnpm install\fR without any arguments +Runs on local \fBnpm install\fR without package arguments (runs with flags like \fB--production\fR or \fB--omit=dev\fR, but does not run when installing specific packages like \fBnpm install express\fR) .IP \(bu 4 Runs AFTER \fBprepublishOnly\fR and \fBprepack\fR, but BEFORE \fBpostpack\fR .IP \(bu 4 @@ -44,6 +44,8 @@ Runs for a package if it's being installed as a link through \fBnpm install class Reifier extends cls { if (er.code === 'ENOENT') { return didMkdirp ? null : mkdir(dirname(to), { recursive: true }).then(() => this[_renamePath](from, to, true)) - } else if (er.code === 'EEXIST') { + } else if (er.code === 'EEXIST' || er.code === 'ENOTEMPTY') { return rm(to, { recursive: true, force: true }).then(() => moveFile(from, to)) } else { throw er diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json index 373e8523e0b07a..5d774c52ed1bc4 100644 --- a/deps/npm/node_modules/@npmcli/arborist/package.json +++ b/deps/npm/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "9.1.8", + "version": "9.1.9", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", diff --git a/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js b/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js index a91baf6927dfa3..0f2d9dd0217812 100644 --- a/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js +++ b/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js @@ -1442,11 +1442,9 @@ const definitions = { orgs: new Definition('orgs', { default: null, type: [null, String, Array], - hint: '', description: ` When creating a Granular Access Token with \`npm token create\`, - this limits the token access to specific organizations. Provide - a comma-separated list of organization names. + this limits the token access to specific organizations. `, flatten, }), @@ -1549,11 +1547,9 @@ const definitions = { packages: new Definition('packages', { default: [], type: [null, String, Array], - hint: '', description: ` When creating a Granular Access Token with \`npm token create\`, - this limits the token access to specific packages. Provide - a comma-separated list of package names. + this limits the token access to specific packages. `, flatten, }), @@ -1955,11 +1951,10 @@ const definitions = { scopes: new Definition('scopes', { default: null, type: [null, String, Array], - hint: '<@scope1,@scope2>', description: ` When creating a Granular Access Token with \`npm token create\`, this limits the token access to specific scopes. Provide - a comma-separated list of scope names (with or without @ prefix). + a scope name (with or without @ prefix). `, flatten, }), diff --git a/deps/npm/node_modules/@npmcli/config/package.json b/deps/npm/node_modules/@npmcli/config/package.json index 1b4827125f9837..56c8970cd8f15f 100644 --- a/deps/npm/node_modules/@npmcli/config/package.json +++ b/deps/npm/node_modules/@npmcli/config/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/config", - "version": "10.4.4", + "version": "10.4.5", "files": [ "bin/", "lib/" diff --git a/deps/npm/node_modules/libnpmdiff/package.json b/deps/npm/node_modules/libnpmdiff/package.json index 6017874f52b339..7fef730160bc07 100644 --- a/deps/npm/node_modules/libnpmdiff/package.json +++ b/deps/npm/node_modules/libnpmdiff/package.json @@ -1,6 +1,6 @@ { "name": "libnpmdiff", - "version": "8.0.11", + "version": "8.0.12", "description": "The registry diff", "repository": { "type": "git", @@ -47,7 +47,7 @@ "tap": "^16.3.8" }, "dependencies": { - "@npmcli/arborist": "^9.1.8", + "@npmcli/arborist": "^9.1.9", "@npmcli/installed-package-contents": "^4.0.0", "binary-extensions": "^3.0.0", "diff": "^8.0.2", diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json index f7036e5667e0b5..95a5ce8c68676d 100644 --- a/deps/npm/node_modules/libnpmexec/package.json +++ b/deps/npm/node_modules/libnpmexec/package.json @@ -1,6 +1,6 @@ { "name": "libnpmexec", - "version": "10.1.10", + "version": "10.1.11", "files": [ "bin/", "lib/" @@ -60,7 +60,7 @@ "tap": "^16.3.8" }, "dependencies": { - "@npmcli/arborist": "^9.1.8", + "@npmcli/arborist": "^9.1.9", "@npmcli/package-json": "^7.0.0", "@npmcli/run-script": "^10.0.0", "ci-info": "^4.0.0", diff --git a/deps/npm/node_modules/libnpmfund/package.json b/deps/npm/node_modules/libnpmfund/package.json index 9710f4018fe69d..7163345a9cbd83 100644 --- a/deps/npm/node_modules/libnpmfund/package.json +++ b/deps/npm/node_modules/libnpmfund/package.json @@ -1,6 +1,6 @@ { "name": "libnpmfund", - "version": "7.0.11", + "version": "7.0.12", "main": "lib/index.js", "files": [ "bin/", @@ -46,7 +46,7 @@ "tap": "^16.3.8" }, "dependencies": { - "@npmcli/arborist": "^9.1.8" + "@npmcli/arborist": "^9.1.9" }, "engines": { "node": "^20.17.0 || >=22.9.0" diff --git a/deps/npm/node_modules/libnpmpack/package.json b/deps/npm/node_modules/libnpmpack/package.json index c79539dae1fe87..98107c092446e0 100644 --- a/deps/npm/node_modules/libnpmpack/package.json +++ b/deps/npm/node_modules/libnpmpack/package.json @@ -1,6 +1,6 @@ { "name": "libnpmpack", - "version": "9.0.11", + "version": "9.0.12", "description": "Programmatic API for the bits behind npm pack", "author": "GitHub Inc.", "main": "lib/index.js", @@ -37,7 +37,7 @@ "bugs": "https://github.com/npm/libnpmpack/issues", "homepage": "https://npmjs.com/package/libnpmpack", "dependencies": { - "@npmcli/arborist": "^9.1.8", + "@npmcli/arborist": "^9.1.9", "@npmcli/run-script": "^10.0.0", "npm-package-arg": "^13.0.0", "pacote": "^21.0.2" diff --git a/deps/npm/package.json b/deps/npm/package.json index d8961113545d51..674d5823f36aba 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -1,5 +1,5 @@ { - "version": "11.6.4", + "version": "11.7.0", "name": "npm", "description": "a package manager for JavaScript", "workspaces": [ @@ -52,8 +52,8 @@ }, "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^9.1.8", - "@npmcli/config": "^10.4.4", + "@npmcli/arborist": "^9.1.9", + "@npmcli/config": "^10.4.5", "@npmcli/fs": "^5.0.0", "@npmcli/map-workspaces": "^5.0.3", "@npmcli/metavuln-calculator": "^9.0.3", @@ -78,11 +78,11 @@ "is-cidr": "^6.0.1", "json-parse-even-better-errors": "^5.0.0", "libnpmaccess": "^10.0.3", - "libnpmdiff": "^8.0.11", - "libnpmexec": "^10.1.10", - "libnpmfund": "^7.0.11", + "libnpmdiff": "^8.0.12", + "libnpmexec": "^10.1.11", + "libnpmfund": "^7.0.12", "libnpmorg": "^8.0.1", - "libnpmpack": "^9.0.11", + "libnpmpack": "^9.0.12", "libnpmpublish": "^11.1.3", "libnpmsearch": "^9.0.1", "libnpmteam": "^8.0.2", diff --git a/deps/npm/tap-snapshots/test/lib/commands/init.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/init.js.test.cjs index eae04d77d2e82e..821193a55e1a98 100644 --- a/deps/npm/tap-snapshots/test/lib/commands/init.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/commands/init.js.test.cjs @@ -20,6 +20,5 @@ Press ^C at any time to quit. exports[`test/lib/commands/init.js TAP workspaces no args -- yes > should print helper info 1`] = ` - added 1 package in {TIME} ` diff --git a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs index b41b875f8ea942..65d625b18b0297 100644 --- a/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/commands/query.js.test.cjs @@ -124,6 +124,10 @@ exports[`test/lib/commands/query.js TAP missing > should return missing node 1`] ] ` +exports[`test/lib/commands/query.js TAP package-lock-only missing workspace in tree > should return empty array for missing workspace 1`] = ` +[] +` + exports[`test/lib/commands/query.js TAP package-lock-only with package lock > should return valid response with only lock info 1`] = ` [ { @@ -172,6 +176,48 @@ exports[`test/lib/commands/query.js TAP package-lock-only with package lock > sh ] ` +exports[`test/lib/commands/query.js TAP package-lock-only with package lock and workspace > should return workspace object with package-lock-only 1`] = ` +[ + { + "name": "root", + "workspaces": [ + "packages/*" + ], + "pkgid": "root@", + "location": "", + "path": "{CWD}/prefix", + "realpath": "{CWD}/prefix", + "resolved": null, + "from": [], + "to": [ + "node_modules/a" + ], + "dev": false, + "inBundle": false, + "deduped": false, + "overridden": false, + "queryContext": {} + }, + { + "name": "a", + "version": "1.0.0", + "_id": "a@1.0.0", + "pkgid": "a@1.0.0", + "location": "packages/a", + "path": "{CWD}/prefix/packages/a", + "realpath": "{CWD}/prefix/packages/a", + "resolved": null, + "from": [], + "to": [], + "dev": false, + "inBundle": false, + "deduped": false, + "overridden": false, + "queryContext": {} + } +] +` + exports[`test/lib/commands/query.js TAP recursive tree > should return everything in the tree, accounting for recursion 1`] = ` [ { diff --git a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs index 61f87de74e4015..67260d755a3b2a 100644 --- a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs @@ -1196,8 +1196,7 @@ time. * Type: null or String (can be set multiple times) When creating a Granular Access Token with \`npm token create\`, this limits -the token access to specific organizations. Provide a comma-separated list -of organization names. +the token access to specific organizations. @@ -1285,8 +1284,7 @@ For \`list\` this means the output will be based on the tree described by the * Type: null or String (can be set multiple times) When creating a Granular Access Token with \`npm token create\`, this limits -the token access to specific packages. Provide a comma-separated list of -package names. +the token access to specific packages. @@ -1622,8 +1620,8 @@ npm init --scope=@foo --yes * Type: null or String (can be set multiple times) When creating a Granular Access Token with \`npm token create\`, this limits -the token access to specific scopes. Provide a comma-separated list of scope -names (with or without @ prefix). +the token access to specific scopes. Provide a scope name (with or without @ +prefix). @@ -4457,13 +4455,12 @@ Manage your authentication tokens Usage: npm token list npm token revoke -npm token create --name= [--token-description=] [--packages=] [--packages-all] [--scopes=] [--orgs=] [--packages-and-scopes-permission=] [--orgs-permission=] [--expires=] [--cidr=] [--bypass-2fa] [--password=] +npm token create Options: [--name ] [--token-description ] [--expires ] -[--packages [--packages ...]] [--packages-all] -[--scopes <@scope1,@scope2> [--scopes <@scope1,@scope2> ...]] -[--orgs [--orgs ...]] +[--packages [--packages ...]] [--packages-all] +[--scopes [--scopes ...]] [--orgs [--orgs ...]] [--packages-and-scopes-permission ] [--orgs-permission ] [--cidr [--cidr ...]] [--bypass-2fa] [--password ] @@ -4474,7 +4471,7 @@ Run "npm help token" for more info \`\`\`bash npm token list npm token revoke -npm token create --name= [--token-description=] [--packages=] [--packages-all] [--scopes=] [--orgs=] [--packages-and-scopes-permission=] [--orgs-permission=] [--expires=] [--cidr=] [--bypass-2fa] [--password=] +npm token create \`\`\` Note: This command is unaware of workspaces. diff --git a/deps/npm/tap-snapshots/test/lib/utils/open-url.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/open-url.js.test.cjs index 2b3fed2b326e42..5154579f0df59c 100644 --- a/deps/npm/tap-snapshots/test/lib/utils/open-url.js.test.cjs +++ b/deps/npm/tap-snapshots/test/lib/utils/open-url.js.test.cjs @@ -25,7 +25,6 @@ https://www.npmjs.com exports[`test/lib/utils/open-url.js TAP open url prompt does not error when opener cannot find command > Outputs extra Browser unavailable message and url 1`] = ` npm home: https://www.npmjs.com - Browser unavailable. Please open the URL manually: https://www.npmjs.com ` diff --git a/deps/npm/test/lib/commands/query.js b/deps/npm/test/lib/commands/query.js index 0907a9d0f4206f..40dadc88858363 100644 --- a/deps/npm/test/lib/commands/query.js +++ b/deps/npm/test/lib/commands/query.js @@ -236,6 +236,98 @@ t.test('package-lock-only', t => { await npm.exec('query', ['*']) t.matchSnapshot(joinedOutput(), 'should return valid response with only lock info') }) + + t.test('with package lock and workspace', async t => { + const { npm, joinedOutput } = await loadMockNpm(t, { + config: { + 'package-lock-only': true, + workspace: ['a'], + }, + prefixDir: { + 'package.json': JSON.stringify({ + name: 'root', + workspaces: ['packages/*'], + }), + 'package-lock.json': JSON.stringify({ + name: 'root', + lockfileVersion: 3, + requires: true, + packages: { + '': { + name: 'root', + workspaces: ['packages/*'], + }, + 'node_modules/a': { + resolved: 'packages/a', + link: true, + }, + 'packages/a': { + name: 'a', + version: '1.0.0', + }, + }, + }), + packages: { + a: { + 'package.json': JSON.stringify({ + name: 'a', + version: '1.0.0', + }), + }, + }, + }, + }) + await npm.exec('query', ['*']) + t.matchSnapshot(joinedOutput(), 'should return workspace object with package-lock-only') + }) + + t.test('no package lock and workspace', async t => { + const { npm } = await loadMockNpm(t, { + config: { + 'package-lock-only': true, + workspace: ['a'], + }, + prefixDir: { + 'package.json': JSON.stringify({ + name: 'root', + workspaces: ['packages/*'], + }), + packages: { + a: { + 'package.json': JSON.stringify({ + name: 'a', + version: '1.0.0', + }), + }, + }, + }, + }) + await t.rejects(npm.exec('query', ['*']), { code: 'EUSAGE' }) + }) + + t.test('missing workspace in tree', async t => { + const { npm, joinedOutput } = await loadMockNpm(t, { + config: { + workspace: ['a'], + }, + prefixDir: { + 'package.json': JSON.stringify({ + name: 'root', + workspaces: ['packages/*'], + }), + packages: { + a: { + 'package.json': JSON.stringify({ + name: 'a', + version: '1.0.0', + }), + }, + }, + }, + }) + await npm.exec('query', ['*']) + t.matchSnapshot(joinedOutput(), 'should return empty array for missing workspace') + }) t.end() }) diff --git a/deps/npm/test/lib/commands/token.js b/deps/npm/test/lib/commands/token.js index 76ffc4f7da80eb..56ab906d921bec 100644 --- a/deps/npm/test/lib/commands/token.js +++ b/deps/npm/test/lib/commands/token.js @@ -63,9 +63,9 @@ t.test('token list', async t => { registry.getTokens(tokens) await npm.exec('token', []) t.strictSame(outputs, [ - `Publish token efgh5678efgh5678… with id abcd123 created ${now.slice(0, 10)}`, + `Token efgh5678efgh5678… with id abcd123 created ${now.slice(0, 10)}`, '', - `Read only token hgfe8765… with id abcd125 created ${now.slice(0, 10)}`, + `Token hgfe8765… with id abcd125 created ${now.slice(0, 10)}`, 'with IP whitelist: 192.168.1.1/32', '', ]) @@ -263,7 +263,7 @@ t.test('token create defaults', async t => { }) await npm.exec('token', ['create']) - t.match(outputs, ['Created publish token n3wt0k3n']) + t.match(outputs, ['Created token n3wt0k3n']) }) t.test('token create extra token attributes', async t => { @@ -311,7 +311,7 @@ t.test('token create extra token attributes', async t => { await npm.exec('token', ['create']) t.match(outputs, [ - 'Created read only token n3wt0k3n', + 'Created token n3wt0k3n', 'with IP whitelist: 10.0.0.0/8,192.168.1.0/24', `expires: ${expires.toISOString()}`, ]) @@ -340,7 +340,7 @@ t.test('token create access.read-only', async t => { }) await npm.exec('token', ['create']) - t.match(outputs, ['Created read only token n3wt0k3n']) + t.match(outputs, ['Created token n3wt0k3n']) }) t.test('token create readonly', async t => { @@ -368,7 +368,7 @@ t.test('token create readonly', async t => { }) await npm.exec('token', ['create']) - t.match(outputs, ['Created read only token n3wt0k3n']) + t.match(outputs, ['Created token n3wt0k3n']) }) t.test('token create json output', async t => { diff --git a/deps/npm/test/lib/utils/display.js b/deps/npm/test/lib/utils/display.js index bc4e23485fa3e4..89c4a855028490 100644 --- a/deps/npm/test/lib/utils/display.js +++ b/deps/npm/test/lib/utils/display.js @@ -132,6 +132,77 @@ t.test('incorrect levels', async t => { t.strictSame(outputs, [], 'output is ignored') }) +t.test('notice deduplication', async t => { + const { log, logs, display } = await mockDisplay(t, { + load: { loglevel: 'notice' }, + }) + + // Log the same notice multiple times - should be deduplicated + log.notice('', 'This is a duplicate notice') + log.notice('', 'This is a duplicate notice') + log.notice('', 'This is a duplicate notice') + + // Should only appear once in logs + t.equal(logs.notice.length, 1, 'notice appears only once') + t.strictSame(logs.notice, ['This is a duplicate notice']) + + // Different notice should appear + log.notice('', 'This is a different notice') + t.equal(logs.notice.length, 2, 'different notice is shown') + t.strictSame(logs.notice, [ + 'This is a duplicate notice', + 'This is a different notice', + ]) + + // Same notice with different title should appear + log.notice('title', 'This is a duplicate notice') + t.equal(logs.notice.length, 3, 'notice with different title is shown') + t.match(logs.notice[2], /title.*This is a duplicate notice/) + + // Log the first notice again - should still be deduplicated + log.notice('', 'This is a duplicate notice') + t.equal(logs.notice.length, 3, 'original notice still deduplicated') + + // Call off() to simulate end of command and clear deduplication + display.off() + + // Create a new display instance to simulate a new command + const logsResult = mockLogs() + const Display = tmock(t, '{LIB}/utils/display') + const display2 = new Display(logsResult.streams) + await display2.load({ + loglevel: 'silly', + stderrColor: false, + stdoutColor: false, + heading: 'npm', + }) + t.teardown(() => display2.off()) + + // Log the same notice again - should appear since deduplication was cleared + log.notice('', 'This is a duplicate notice') + t.equal(logsResult.logs.logs.notice.length, 1, 'notice appears after display.off() clears deduplication') + t.strictSame(logsResult.logs.logs.notice, ['This is a duplicate notice']) +}) + +t.test('notice deduplication does not apply in verbose mode', async t => { + const { log, logs } = await mockDisplay(t, { + load: { loglevel: 'verbose' }, + }) + + // Log the same notice multiple times in verbose mode + log.notice('', 'Repeated notice') + log.notice('', 'Repeated notice') + log.notice('', 'Repeated notice') + + // Should appear all three times in verbose mode + t.equal(logs.notice.length, 3, 'all notices appear in verbose mode') + t.strictSame(logs.notice, [ + 'Repeated notice', + 'Repeated notice', + 'Repeated notice', + ]) +}) + t.test('Display.clean', async (t) => { const { output, outputs, clearOutput } = await mockDisplay(t) @@ -199,3 +270,46 @@ t.test('Display.clean', async (t) => { clearOutput() } }) + +t.test('prompt functionality', async t => { + t.test('regular prompt completion works', async t => { + const { input } = await mockDisplay(t) + + const result = await input.read(() => Promise.resolve('user-input')) + + t.equal(result, 'user-input', 'should return the input result') + }) + + t.test('silent prompt completion works', async t => { + const { input } = await mockDisplay(t) + + const result = await input.read( + () => Promise.resolve('secret-password'), + { silent: true } + ) + + t.equal(result, 'secret-password', 'should return the input result for silent prompts') + }) + + t.test('metadata is correctly passed through', async t => { + const { input } = await mockDisplay(t) + + await input.read( + () => Promise.resolve('result1'), + { silent: false } + ) + t.pass('should handle silent false option') + + await input.read( + () => Promise.resolve('result2'), + {} + ) + t.pass('should handle empty options') + + await input.read( + () => Promise.resolve('result3'), + { silent: true } + ) + t.pass('should handle silent true option') + }) +}) diff --git a/deps/npm/test/lib/utils/read-user-info.js b/deps/npm/test/lib/utils/read-user-info.js index 35628f7f2faac5..74463175f5e8e8 100644 --- a/deps/npm/test/lib/utils/read-user-info.js +++ b/deps/npm/test/lib/utils/read-user-info.js @@ -118,3 +118,35 @@ t.test('email - invalid warns and retries', async (t) => { t.equal(result, 'foo@bar.baz', 'received the email') t.equal(logMsg, 'invalid email') }) + +t.test('read-user-info integration works', async (t) => { + t.teardown(() => { + readResult = null + readOpts = null + }) + + readResult = 'regular-input' + const username = await readUserInfo.username('Username: ') + t.equal(username, 'regular-input', 'should return username from regular prompt') + t.notOk(readOpts.silent, 'username prompt should not set silent') + + readResult = 'secret-password' + const password = await readUserInfo.password('Password: ') + t.equal(password, 'secret-password', 'should return password from silent prompt') + t.match(readOpts, { silent: true }, 'password prompt should set silent: true') +}) + +t.test('silent metadata is passed correctly by read-user-info', async (t) => { + t.teardown(() => { + readResult = null + readOpts = null + }) + + readResult = 'username' + await readUserInfo.username('Username: ') + t.notOk(readOpts?.silent, 'username prompt should not set silent') + + readResult = 'password' + await readUserInfo.password('Password: ') + t.equal(readOpts?.silent, true, 'password prompt should set silent: true') +})