diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS
index 0a9c02f8b7d2b7..d457a5b98a8b5f 100644
--- a/deps/npm/AUTHORS
+++ b/deps/npm/AUTHORS
@@ -747,3 +747,4 @@ marsonya <16393876+marsonya@users.noreply.github.com>
Jeff Griffiths
Michael Garvin
Gar
+dr-js
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
index df3e2ba22f31ad..f332ed5f0a6041 100644
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
@@ -1,3 +1,60 @@
+## v7.5.0 (2021-01-28)
+
+### FEATURES
+
+* [`d011266b7`](https://github.com/npm/cli/commit/d011266b733367aad283ccbfb9d2b19442c3405f)
+ [#1319](https://github.com/npm/cli/issues/1319)
+ add npm diff command
+ ([@ruyadorno](https://github.com/ruyadorno))
+
+### BUG FIXES
+
+* [`d2f8af2da`](https://github.com/npm/cli/commit/d2f8af2da64d510d3d363aec10531bebf840d84e)
+ [#2445](https://github.com/npm/cli/issues/2445)
+ publish: don't complain about missing auth until after registry is chosen
+ ([@dr-js](https://github.com/dr-js))
+
+### DOCUMENTATION
+
+* [`8d3fd63aa`](https://github.com/npm/cli/commit/8d3fd63aaa6a5c9b3d2281dd0bd9e1c270b35941)
+ [#2559](https://github.com/npm/cli/issues/2559)
+ updates to readme, removal, contributing and several other docs
+ ([@darcyclarke](https://github.com/darcyclarke))
+* [`7772d9f9f`](https://github.com/npm/cli/commit/7772d9f9f9f853573a7ff8e7fb60c5e46566f596)
+ [#2542](https://github.com/npm/cli/issues/2542)
+ fix grammar on caching docs for search, exec and init
+ ([@wraithgar](https://github.com/wraithgar))
+* [`52e8a1aef`](https://github.com/npm/cli/commit/52e8a1aef4aab3f378c20276a9109bb3f00eccd5)
+ [#2558](https://github.com/npm/cli/issues/2558)
+ refreshed npm updated docs
+ ([@ruyadorno](https://github.com/ruyadorno))
+* [`abae00ca0`](https://github.com/npm/cli/commit/abae00ca05925e521696dd12480853509aab6c0a)
+ [#2565](https://github.com/npm/cli/issues/2565)
+ update npm command docs
+ ([@wraithgar](https://github.com/wraithgar))
+* [`9351cbf9a`](https://github.com/npm/cli/commit/9351cbf9afd2310c56b9953c005505ea5126a5d4)
+ [#2566](https://github.com/npm/cli/issues/2566)
+ refresh npm run-script docs
+ ([@ruyadorno](https://github.com/ruyadorno))
+
+### DEPENDENCIES
+
+* [`56c08863e`](https://github.com/npm/cli/commit/56c08863e15cb9cf8662b99ddc627cfcdff0348d)
+ `hosted-git-info@3.0.8`
+* [`18a93f06b`](https://github.com/npm/cli/commit/18a93f06b632be051b9455e32a85e4e75066f52c)
+ `ssri@8.0.1`
+* [`cb768f671`](https://github.com/npm/cli/commit/cb768f671c4d8d5a09d9a6c5a74227d300e81104)
+ `@npmcli/move-file@1.1.1`
+* [`32cc0a4be`](https://github.com/npm/cli/commit/32cc0a4be76465093e3d0f314215a0ec46dc03c6)
+ `minipass-fetch@1.3.3`
+ * fixes ssl settings passthrough
+* [`530997968`](https://github.com/npm/cli/commit/530997968fbbd9e8bf016689b1d192daa812b4de)
+ `@npmcli/arborist@2.1.0`
+ * added signal handler to rollback when possible
+ * prevent ERESOLVEs caused by loose root dep specs
+ * detect conflicts among nested peerOptional deps
+ * properly buildIdealTree when root is a symlink
+
## v7.4.3 (2021-01-21)
### DOCUMENTATION
diff --git a/deps/npm/CONTRIBUTING.md b/deps/npm/CONTRIBUTING.md
index 3e3512ffeaec05..7e2890140bb092 100644
--- a/deps/npm/CONTRIBUTING.md
+++ b/deps/npm/CONTRIBUTING.md
@@ -1,191 +1,56 @@
-# npm CLI Contributor Roles and Responsibilities
+# Contributing
-## Table of Contents
+## Code of Conduct
-* [Introduction](#introduction)
-* [Code Structure](#code-structure)
-* [Running Tests](#running-tests)
-* [Debugging](#debugging)
-* [Coverage](#coverage)
-* [Benchmarking](#benchmarking)
-* [Types of Contributions](#types-of-contributions)
- * [Contributing an Issue?](#contributing-an-issue)
- * [Contributing a Question?](#contributing-a-question)
- * [Contributing a Bug Fix?](#contributing-a-bug-fix)
- * [Contributing a Feature?](#contributing-a-bug-feature)
-* [Development Dependencies](#development-dependencies)
-* [Dependencies](#dependencies)
+All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://www.npmjs.com/policies/conduct).
-## Introduction
+## Development
-Welcome to the npm CLI Contributor Guide! This document outlines the npm CLI repository's process for community interaction and contribution. This includes the issue tracker, pull requests, wiki pages, and, to a certain extent, outside communication in the context of the npm CLI. This is an entry point for anyone wishing to contribute their time and effort to making npm a better tool for the JavaScript community!
+**1. Clone this repository...**
-All interactions in the npm repository are covered by the [npm Code of Conduct](https://www.npmjs.com/policies/conduct)
+```bash
+$ git clone git@github.com:npm/cli.git
+```
+**2. Navigate into project & install development-specific dependencies...**
-## Code Structure
-```
-/
-├── bin/
-│ │ # Directory for executable files. It's very rare that you
-│ │ # will need to update a file in this directory.
-│ │
-│ ├── npm # npm-cli entrypoint for bourne shell
-│ ├── npm-cli.js # npm-cli entrypoint for node
-│ ├── npm.cmd # npm-cli entrypoint for windows
-│ ├── npx # npx entrypoint for bourne shell
-│ ├── npx-cli.js # npx entrypoint for node
-│ └── npx.cmd # npx entrypoint for windows
-│
-├── docs/ 📖
-│ │ # Directory that contains the documentation website for
-│ │ # the npm-cli. You can run this website locally, and have
-│ │ # offline docs! 🔥📖🤓
-│ │
-│ ├── content/ # Markdown files for site content
-│ ├── src/ # Source files for the website; gatsby related
-│ └── package.json # Site manifest; scripts and dependencies
-│
-├── lib/ 📦
-│ # All the Good Bits(tm) of the CLI project live here
-│
-├── node_modules/ 🔋
-│ # Vendored dependencies for the CLI project (See the
-│ # dependencies section below for more details).
-│
-├── scripts/ 📜
-│ # We've created some helper scripts for working with the
-│ # CLI project, specifically around managing our vendored
-│ # dependencies, merging in pull-requests, and publishing
-│ # releases.
-│
-├── test/ 🧪
-│ # All the tests for the CLI live in this folder. We've
-│ # got a lot of tests 🤓🧪🩺
-│
-├── CONTRIBUTING.md # This file! 🎉
-└── package.json # The projects main manifest file 📃
+```bash
+$ cd ./npm && npm install
```
-## Running Tests
+**3. Write some code &/or add some tests...**
+```bash
+...
```
-# Make sure you install the dependencies first before running tests.
-$ npm install
-# Run tests for the CLI (it could take a while).
-$ npm run test
+**4. Run tests & ensure they pass...**
```
-
-## Debugging
-
-It can be tricky to track down issues in the CLI. It's a large code base that has been evolving for over a decade. There is a handy `make` command that will connect the **cloned repository** you have on your machine with the global command, so you can add `console.log` statements or debug any other way you feel most comfortable with.
-
+$ npm run test
```
-# Clone the repository to start with
-$ git clone git@github.com:npm/cli.git
-# Change working directories into the repository
-$ cd cli
+**5. Open a [Pull Request](https://github.com/npm/cli/pulls) for your work & become the newest conributor to `npm`! 🎉**
-# Make sure you have the latest code (if that's what you're trying to debug)
-$ git fetch origin latest
+## Test Coverage
-# Connect repository to the global namespace
-$ make link
+We expect that every new feature or bug fix comes with corresponding tests that validate the solutions. We strive to have as close to, if not exactly, 100% code coverage.
-#################
-# ALTERNATIVELY
-#################
-# If you're working on a feature or bug, you can run the same command on your
-# working branch and link that code.
+**You can find out what the current test coverage percentage is by running...**
-# Create new branch to work from (there are many ways)
-$ git checkout -b feature/awesome-feature
-
-# Connect repository to global namespace
-$ make link
-```
-
-## Coverage
-
-We try and make sure that each new feature or bug fix has tests to go along with them in order to keep code coverages consistent and increasing. We are actively striving for 100% code coverage!
-
-```
-# You can run the following command to find out coverage
+```bash
$ npm run test-coverage
```
-## Benchmarking
-
-We often want to know if the bug we've fixed for the feature we've added has any sort of performance impact. We've created a [benchmark suite](https://github.com/npm/benchmarks) to run against the CLI project from pull-requests. If you would like to know if there are any performance impacts to the work you're contributing, simply do the following:
+## Performance & Benchmarks
-1. Make a pull-request against this repository
-2. Add the following comment to the pull-request: "`test this please ✅`"
+We've set up an automated [benchmark](https://github.com/npm/benchmarks) integration that will run against all Pull Requests; Posting back a comment with the results of the run.
-This will trigger the [benchmark suite](https://github.com/npm/benchmarks) to run against your pull-request, and when it's finished running it will post a comment on your pull-request just like below. You'll be able to see the results from the suite inline in your pull-request.
-
-> You'll notice that the bot-user will also add a 🚀 reaction to your comment to
-let you know that it's sent the request to start the benchmark suite.
+**Example:**
![image](https://user-images.githubusercontent.com/2818462/72312698-e2e57f80-3656-11ea-9fcf-4a8f6b97b0d1.png)
-If you've updated your pull-request and you'd like to run the the benchmark suite again, simple update your original comment, by adding `test this please ✅` again, or simply just adding another emoji to the **end**. _(The trigger is the phrase "test this please ✅" at the beginning of a comment. Updates will trigger as well, so long as the phrase stays at the beginning.)_.
-
-![image](https://user-images.githubusercontent.com/2818462/72313006-ec231c00-3657-11ea-9bd9-227634d67362.png)
-
-## Types of Contributions
-
-### Contributing an Issue?
-
-Great!! Is your [new issue](https://github.com/npm/cli/issues/new/choose) a [bug](https://github.com/npm/cli/issues/new?template=bug.md&title=%5BBUG%5D+%3Ctitle%3E), a [feature](https://github.com/npm/cli/issues/new?template=feature.md&title=%5BFEATURE%5D+%3Ctitle%3E), or a [question](https://github.com/npm/cli/issues/new?template=question.md&title=%5BQUESTION%5D+%3Ctitle%3E)?
-
-### Contributing a Question?
-
-Huh? 🤔 Got a situation you're not sure about?! Perfect! We've got some resources you can use.
-
-* Our [documentation site](https://docs.npmjs.com/)
-* The local docs that come with the CLI project
-
- > **Example**: `npm help install --viewer browser`
-
-* The man pages that are built and shipped with the CLI
-
- > **Example**: `man npm-install` (only on linux/macOS)
-
-* Search of the [current issues](https://github.com/npm/cli/issues)
-
-### Contributing a Bug Fix?
-
-We'd be happy to triage and help! Head over to the issues and [create a new one](https://github.com/npm/cli/issues/new?template=bug.md&title=%5BBUG%5D+%3Ctitle%3E)!
-
-> We'll need a little bit of information about what happened, rather than "it broke". Such as:
-* When did/does this bug happen?
-* Can you reproduce it? _(Can you make it happen more than once.)_
-* What version of `node`/`npm` are you running on your computer?
-* What did you expect it to do?
-* What did it _actually do?
-* etc...
-
-### Contributing a Feature?
-
-Snazzy, we're always up for fancy new things! If the feature is fairly minor, the team can triage it and prioritize it into our backlog. However, if the feature is a little more complex, then it's best to create an [RFC](https://en.wikipedia.org/wiki/Request_for_Comments) in our [RFC repository](https://github.com/npm/rfcs). Exactly how to do that is outlined in that repository. If you're not sure _exactly_ how to implement your idea, or don't want to make a document about your idea, then please create an issue on that repository. We consider these RRFC's, or a "Requesting Request For Comment".
-
-## Development Dependencies
-
-You'll need a few things installed in order to update and test the CLI project during development:
-
-* [node](https://nodejs.org/) v8 or greater
-
-> We recommend that you have a [node version manager](https://github.com/nvm-sh/nvm) installed if you plan on fixing bugs that might be present in a specific version of node. With a version manager you can easily switch versions of node and test if your changes to the CLI project are working.
-
-* [git](https://git-scm.com/) v2.11+
-
-
-## Dependencies
-
-> Package vendoring is commonly referred to as the case where dependent packages are stored in the same place as your project. That usually means you dependencies are checked into your source management system, such as Git.
+You can learn more about this tool, including how to run & configure it manually, [here](https://github.com/npm/benchmarks)
-The CLI project vendors its dependencies in the `node_modules/` folder. Meaning all the dependencies that the CLI project uses are contained within the project itself. This is represented by the `bundledDependencies` section in the root level `package.json` file. The main reason for this is because the `npm` CLI project is distributed with the NodeJS runtime and needs to work out of the box, which means all dependencies need to be available after the runtime is installed.
+## Reporting Bugs
-There are a couple scripts created to help manage this process in the `scripts/` folder.
+When submitting a new bug report, please first [search](https://github.com/npm/cli/issues) for an existing or similar report & then use one of our existing [issue templates](https://github.com/npm/cli/issues/new/choose) if you believe you've come across a unique problem. Duplicate issues, or issues that don't use one of our templates may get closed without a response.
diff --git a/deps/npm/README.md b/deps/npm/README.md
index 794a24b6b15207..9350087f62cd13 100644
--- a/deps/npm/README.md
+++ b/deps/npm/README.md
@@ -1,163 +1,53 @@
-npm(1) -- a JavaScript package manager
-==============================
+[![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/npm/cli/Node%20CI/latest)](https://github.com/npm/cli/actions?query=workflow%3A%22Node+CI%22+branch%3Alatest) [![Coveralls github branch](https://img.shields.io/coveralls/github/npm/cli/latest)](https://coveralls.io/github/npm/cli?branch=latest)
-[![Build Status](https://img.shields.io/travis/npm/cli/latest.svg)](https://travis-ci.org/npm/cli)
+# npm - a JavaScript package manager
-## SYNOPSIS
+### Requirements
-This is just enough info to get you up and running.
+* [**Node.js** `v10`](https://nodejs.org/en/download/) or higher must be installed to run this program
-Much more info will be available via `npm help` once it's installed.
+### Installation
-## IMPORTANT
+**`npm`** comes bundled with [**`node`**](https://nodejs.org/), & most third-party distributions, by default. Officially supported downloads/distributions can be found at: [nodejs.org/en/download](https://nodejs.org/en/download)
-**You need node v6 or higher to run this program.**
+#### Direct Download
-To install an old **and unsupported** version of npm that works on node v5
-and prior, clone the git repo and dig through the old tags and branches.
+You can download & install **`npm`** directly from [**npmjs**.com](https://npmjs.com/) using our custom `install.sh` script:
-**npm is configured to use npm, Inc.'s public registry at
- by default.** Use of the npm public registry
-is subject to terms of use available at .
-
-You can configure npm to use any compatible registry you
-like, and even run your own registry. Check out the [doc on
-registries](https://docs.npmjs.com/misc/registry).
-
-## Super Easy Install
-
-npm is bundled with [node](https://nodejs.org/en/download/).
-
-### Windows Computers
-
-[Get the MSI](https://nodejs.org/en/download/). npm is in it.
-
-### Apple Macintosh Computers
-
-[Get the pkg](https://nodejs.org/en/download/). npm is in it.
-
-### Other Sorts of Unices
-
-Run `make install`. npm will be installed with node.
-
-If you want a more fancy pants install (a different version, customized
-paths, etc.) then read on.
-
-## Fancy Install (Unix)
-
-There's a pretty robust install script at
-. You can download that and run it.
-
-Here's an example using curl:
-
-```sh
+```bash
curl -L https://www.npmjs.com/install.sh | sh
```
-### Slightly Fancier
+#### Node Version Managers
-You can set any npm configuration params with that script:
+If you're looking to manage multiple versions of **`node`** &/or **`npm`**, consider using a "Node Version Manager" such as:
-```sh
-npm_config_prefix=/some/path sh install.sh
-```
+* [**`nvm`**](https://github.com/nvm-sh/nvm)
+* [**`nvs`**](https://github.com/jasongin/nvs)
+* [**`nave`**](https://github.com/isaacs/nave)
+* [**`n`**](https://github.com/tj/n)
+* [**`volta`**](https://github.com/volta-cli/volta)
-Or, you can run it in uber-debuggery mode:
+### Usage
-```sh
-npm_debug=1 sh install.sh
+```bash
+npm
```
-### Even Fancier
-
-Get the code with git. Use `make` to build the docs and do other stuff.
-If you plan on hacking on npm, `make link` is your friend.
-
-If you've got the npm source code, you can also semi-permanently set
-arbitrary config keys using the `./configure --key=val ...`, and then
-run npm commands by doing `node bin/npm-cli.js `. (This is helpful
-for testing, or running stuff without actually installing npm itself.)
-
-## Windows Install or Upgrade
-
-Many improvements for Windows users have been made in npm 3 - you will have a better
-experience if you run a recent version of npm. To upgrade, either use [Microsoft's
-upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade),
-[download a new version of Node](https://nodejs.org/en/download/),
-or follow the Windows upgrade instructions in the
-[Installing/upgrading npm](https://npm.community/t/installing-upgrading-npm/251/2) post.
-
-If that's not fancy enough for you, then you can fetch the code with
-git, and mess with it directly.
-
-## Installing on Cygwin
-
-No.
-
-## Uninstalling
-
-So sad to see you go.
-
-```sh
-sudo npm uninstall npm -g
-```
-Or, if that fails,
-
-```sh
-sudo make uninstall
-```
-
-## More Severe Uninstalling
-
-Usually, the above instructions are sufficient. That will remove
-npm, but leave behind anything you've installed.
-
-If you would like to remove all the packages that you have installed,
-then you can use the `npm ls` command to find them, and then `npm rm` to
-remove them.
-
-To remove cruft left behind by npm 0.x, you can use the included
-`clean-old.sh` script file. You can run it conveniently like this:
-
-```sh
-npm explore npm -g -- sh scripts/clean-old.sh
-```
-
-npm uses two configuration files, one for per-user configs, and another
-for global (every-user) configs. You can view them by doing:
-
-```sh
-npm config get userconfig # defaults to ~/.npmrc
-npm config get globalconfig # defaults to /usr/local/etc/npmrc
-```
-
-Uninstalling npm does not remove configuration files by default. You
-must remove them yourself manually if you want them gone. Note that
-this means that future npm installs will not remember the settings that
-you have chosen.
-
-## More Docs
-
-Check out the [docs](https://docs.npmjs.com/).
-
-You can use the `npm help` command to read any of them.
-
-If you're a developer, and you want to use npm to publish your program,
-you should [read this](https://docs.npmjs.com/misc/developers).
-
-## BUGS
-
-When you find issues, please report them:
-
-* web:
-
-* archived web:
-
+### Links & Resources
-Be sure to include *all* of the output from the npm command that didn't work
-as expected. The `npm-debug.log` file is also helpful to provide.
+* [**Documentation**](https://docs.npmjs.com/) - Official docs & how-tos for all things **npm**
+ * Note: you can also search docs locally with `npm help-search `
+* [**Bug Tracker**](https://github.com/npm/cli/issues) - Search or submit bugs against the CLI
+* [**Roadmap**](https://github.com/npm/roadmap) - Track & follow along with our public roadmap
+* [**Feedback**](https://github.com/npm/feedback) - Contribute ideas & discussion around the npm registry, website & CLI
+* [**RFCs**](https://github.com/npm/rfcs) - Contribute ideas & specifications for the API/design of the npm CLI
+* [**Service Status**](https://status.npmjs.org/) - Monitor the current status & see incident reports for the website & registry
+* [**Project Status**](https://npm.github.io/statusboard/) - See the health of all our maintained OSS projects in one view
+* [**Events Calendar**](https://calendar.google.com/calendar/u/0/embed?src=npmjs.com_oonluqt8oftrt0vmgrfbg6q6go@group.calendar.google.com) - Keep track of our Open RFC calls, releases, meetups, conferences & more
+* [**Support**](https://www.npmjs.com/support) - Experiencing problems with the **npm** [website](https://npmjs.com) or [registry](https://registry.npmjs.org)? File a ticket [here](https://www.npmjs.com/support)
-## SEE ALSO
+### Acknowledgments
-* npm(1)
-* npm-help(1)
+* `npm` is configured to use the **npm Public Registry** at [https://registry.npmjs.org](https://registry.npmjs.org) by default; Usage of this registry is subject to **Terms of Use** available at [https://npmjs.com/policies/terms](https://npmjs.com/policies/terms)
+* You can configure `npm` to use any other compatible registry you prefer. You can read more about configuring third-party registries [here](https://docs.npmjs.com/cli/v7/using-npm/registry)
\ No newline at end of file
diff --git a/deps/npm/docs/content/commands/npm-diff.md b/deps/npm/docs/content/commands/npm-diff.md
new file mode 100644
index 00000000000000..0ce5e8dc8baee6
--- /dev/null
+++ b/deps/npm/docs/content/commands/npm-diff.md
@@ -0,0 +1,237 @@
+---
+title: npm-diff
+section: 1
+description: The registry diff command
+---
+
+### Synopsis
+
+```bash
+npm diff [...]
+npm diff --diff= [...]
+npm diff --diff= [--diff=] [...]
+npm diff --diff= [--diff=] [...]
+npm diff [--diff-ignore-all-space] [--diff-name-only] [...]
+```
+
+### Description
+
+Similar to its `git diff` counterpart, this command will print diff patches
+of files for packages published to the npm registry.
+
+* `npm diff --diff= --diff=`
+
+ Compares two package versions using their registry specifiers, e.g:
+ `npm diff --diff=pkg@1.0.0 --diff=pkg@^2.0.0`. It's also possible to
+ compare across forks of any package,
+ e.g: `npm diff --diff=pkg@1.0.0 --diff=pkg-fork@1.0.0`.
+
+ Any valid spec can be used, so that it's also possible to compare
+ directories or git repositories,
+ e.g: `npm diff --diff=pkg@latest --diff=./packages/pkg`
+
+ Here's an example comparing two different versions of a package named
+ `abbrev` from the registry:
+
+ ```bash
+ npm diff --diff=abbrev@1.1.0 --diff=abbrev@1.1.1
+ ```
+
+ On success, output looks like:
+
+ ```bash
+ diff --git a/package.json b/package.json
+ index v1.1.0..v1.1.1 100644
+ --- a/package.json
+ +++ b/package.json
+ @@ -1,6 +1,6 @@
+ {
+ "name": "abbrev",
+ - "version": "1.1.0",
+ + "version": "1.1.1",
+ "description": "Like ruby's abbrev module, but in js",
+ "author": "Isaac Z. Schlueter ",
+ "main": "abbrev.js",
+ ```
+
+ Given the flexible nature of npm specs, you can also target local
+ directories or git repos just like when using `npm install`:
+
+ ```bash
+ npm diff --diff=https://github.com/npm/libnpmdiff --diff=./local-path
+ ```
+
+ In the example above we can compare the contents from the package installed
+ from the git repo at `github.com/npm/libnpmdiff` with the contents of the
+ `./local-path` that contains a valid package, such as a modified copy of
+ the original.
+
+* `npm diff` (in a package directory, no arguments):
+
+ If the package is published to the registry, `npm diff` will fetch the
+ tarball version tagged as `latest` (this value can be configured using the
+ `tag` option) and proceed to compare the contents of files present in that
+ tarball, with the current files in your local file system.
+
+ This workflow provides a handy way for package authors to see what
+ package-tracked files have been changed in comparison with the latest
+ published version of that package.
+
+* `npm diff --diff=` (in a package directory):
+
+ When using a single package name (with no version or tag specifier) as an
+ argument, `npm diff` will work in a similar way to
+ [`npm-outdated`](npm-outdated) and reach for the registry to figure out
+ what current published version of the package named will satisfy
+ its dependent declared semver-range. Once that specific version is known
+ `npm diff` will print diff patches comparing the current version of
+ found in the local file system with that specific version
+ returned by the registry.
+
+ Given a package named `abbrev` that is currently installed:
+
+ ```bash
+ npm diff --diff=abbrev
+ ```
+
+ That will request from the registry its most up to date version and
+ will print a diff output comparing the currently installed version to this
+ newer one if the version numbers are not the same.
+
+* `npm diff --diff=` (in a package directory):
+
+ Similar to using only a single package name, it's also possible to declare
+ a full registry specifier version if you wish to compare the local version
+ of an installed package with the specific version/tag/semver-range provided
+ in ``.
+
+ An example: assuming `pkg@1.0.0` is installed in the current `node_modules`
+ folder, running:
+
+ ```bash
+ npm diff --diff=pkg@2.0.0
+ ```
+
+ It will effectively be an alias to
+ `npm diff --diff=pkg@1.0.0 --diff=pkg@2.0.0`.
+
+* `npm diff --diff= [--diff=]` (in a package directory):
+
+ Using `npm diff` along with semver-valid version numbers is a shorthand
+ to compare different versions of the current package.
+
+ It needs to be run from a package directory, such that for a package named
+ `pkg` running `npm diff --diff=1.0.0 --diff=1.0.1` is the same as running
+ `npm diff --diff=pkg@1.0.0 --diff=pkg@1.0.1`.
+
+ If only a single argument `` is provided, then the current local
+ file system is going to be compared against that version.
+
+ Here's an example comparing two specific versions (published to the
+ configured registry) of the current project directory:
+
+ ```bash
+ npm diff --diff=1.0.0 --diff=1.1.0
+ ```
+
+Note that tag names are not valid `--diff` argument values, if you wish to
+compare to a published tag, you must use the `pkg@tagname` syntax.
+
+#### Filtering files
+
+It's possible to also specify positional arguments using file names or globs
+pattern matching in order to limit the result of diff patches to only a subset
+of files for a given package, e.g:
+
+ ```bash
+ npm diff --diff=pkg@2 ./lib/ CHANGELOG.md
+ ```
+
+In the example above the diff output is only going to print contents of files
+located within the folder `./lib/` and changed lines of code within the
+`CHANGELOG.md` file.
+
+### Configuration
+
+#### diff
+
+* Type: Array
+* Default: null
+
+Defines npm package specifiers to compare using the `npm diff` command.
+
+This can be specified up to 2 times.
+
+#### diff-name-only
+
+* Type: Boolean
+* Default: false
+
+When set to `true` running `npm diff` only returns the names of the files that
+have any difference.
+
+#### diff-unified
+
+* Type: Number
+* Default: `3`
+
+The number of lines of context to print in the unified diff format output.
+
+#### diff-ignore-all-space
+
+* Type: Boolean
+* Default: false
+
+Ignore whitespace when comparing lines. This ignores differences even if one
+line has whitespace where the other line has none.
+
+#### diff-no-prefix
+
+* Type: Boolean
+* Default: false
+
+Do not show any source or destination prefix.
+
+#### diff-src-prefix
+
+* Type: String
+* Default: `"a/"`
+
+Show the given source prefix in diff patches headers instead of using "a/".
+
+#### diff-dst-prefix
+
+* Type: String
+* Default: `"b/"`
+
+Show the given source prefix in diff patches headers instead of using "b/".
+
+#### diff-text
+
+* Type: Boolean
+* Default: false
+
+Treat all files as text.
+
+#### global
+
+* Default: false
+* Type: Boolean
+
+Uses packages from the global space as a source for comparison.
+
+#### tag
+
+* Type: String
+* Default: `"latest"`
+
+The tag used to fetch the tarball that will be compared with the local file
+system files when running npm diff with no arguments.
+
+
+## See Also
+
+* [npm outdated](/commands/npm-outdated)
+* [npm install](/commands/npm-install)
+* [npm config](/commands/npm-config)
+* [npm registry](/using-npm/registry)
diff --git a/deps/npm/docs/content/commands/npm-exec.md b/deps/npm/docs/content/commands/npm-exec.md
index 3ae30fa0cba9a7..cb3e51c8255d4b 100644
--- a/deps/npm/docs/content/commands/npm-exec.md
+++ b/deps/npm/docs/content/commands/npm-exec.md
@@ -173,6 +173,28 @@ This resulted in some shifts in its functionality:
- The `--shell` option is replaced with `--script-shell`, but maintained
in the `npx` executable for backwards compatibility.
+### A note on caching
+
+The npm cli utilizes its internal package cache when using the package
+name specified. You can use the following to change how and when the
+cli uses this cache. See [`npm cache`](/commands/npm-cache) for more on
+how the cache works.
+
+#### prefer-online
+
+Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache.
+
+#### prefer-offline
+
+Bypasses staleness checks for packages. Missing data will still be
+requested from the server. To force full offline mode, use `offline`.
+
+#### offline
+
+Forces full offline mode. Any packages not locally cached will result in
+an error.
+
### See Also
* [npm run-script](/commands/npm-run-script)
diff --git a/deps/npm/docs/content/commands/npm-init.md b/deps/npm/docs/content/commands/npm-init.md
index 3eac923175b5a1..8a40d90e8354d5 100644
--- a/deps/npm/docs/content/commands/npm-init.md
+++ b/deps/npm/docs/content/commands/npm-init.md
@@ -71,9 +71,32 @@ Generate it without having it ask any questions:
$ npm init -y
```
+### A note on caching
+
+The npm cli utilizes its internal package cache when using the package
+name specified. You can use the following to change how and when the
+cli uses this cache. See [`npm cache`](/commands/npm-cache) for more on
+how the cache works.
+
+#### prefer-online
+
+Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache.
+
+#### prefer-offline
+
+Bypasses staleness checks for packages. Missing data will still be
+requested from the server. To force full offline mode, use `offline`.
+
+#### offline
+
+Forces full offline mode. Any packages not locally cached will result in
+an error.
+
### See Also
* [init-package-json module](http://npm.im/init-package-json)
* [package.json](/configuring-npm/package-json)
* [npm version](/commands/npm-version)
* [npm scope](/using-npm/scope)
+* [npm exec](/commands/npm-exec)
diff --git a/deps/npm/docs/content/commands/npm-owner.md b/deps/npm/docs/content/commands/npm-owner.md
index 6479f3bdd11f42..69eba56afd97d5 100644
--- a/deps/npm/docs/content/commands/npm-owner.md
+++ b/deps/npm/docs/content/commands/npm-owner.md
@@ -39,4 +39,3 @@ on the command line when changing ownership with `--otp`.
* [npm publish](/commands/npm-publish)
* [npm registry](/using-npm/registry)
* [npm adduser](/commands/npm-adduser)
-* [npm disputes](/using-npm/disputes)
diff --git a/deps/npm/docs/content/commands/npm-run-script.md b/deps/npm/docs/content/commands/npm-run-script.md
index b7ab20a73af473..8b89435e1a97be 100644
--- a/deps/npm/docs/content/commands/npm-run-script.md
+++ b/deps/npm/docs/content/commands/npm-run-script.md
@@ -32,7 +32,7 @@ npm run test -- --grep="pattern"
```
The arguments will only be passed to the script specified after ```npm run```
-and not to any pre or post script.
+and not to any `pre` or `post` script.
The `env` script is a special built-in command that can be used to list
environment variables that will be available to the script at runtime. If an
@@ -56,7 +56,8 @@ instead of
```
The actual shell your script is run within is platform dependent. By default,
-on Unix-like systems it is the `/bin/sh` command, on Windows it is the `cmd.exe`.
+on Unix-like systems it is the `/bin/sh` command, on Windows it is
+`cmd.exe`.
The actual shell referred to by `/bin/sh` also depends on the system.
You can customize the shell with the `script-shell` configuration.
@@ -73,15 +74,43 @@ If `--scripts-prepend-node-path=auto` is passed (which has been the default
in `npm` v3), this is only performed when that `node` executable is not
found in the `PATH`.
-If you try to run a script without having a `node_modules` directory and it fails,
-you will be given a warning to run `npm install`, just in case you've forgotten.
+If you try to run a script without having a `node_modules` directory and it
+fails, you will be given a warning to run `npm install`, just in case you've
+forgotten.
-You can use the `--silent` flag to prevent showing `npm ERR!` output on error.
+### Configuration
+
+#### if-present
+
+* Type: Boolean
+* Default: false
You can use the `--if-present` flag to avoid exiting with a non-zero exit code
when the script is undefined. This lets you run potentially undefined scripts
without breaking the execution chain.
+#### ignore-scripts
+
+* Type: Boolean
+* Default: false
+
+Skips running `pre` and `post` scripts.
+
+#### script-shell
+
+* Type: String
+* Default: `null`
+
+Optional custom script to use to execute the command. If not defined defaults
+to `/bin/sh` on Unix, defaults to `env.comspec` or `cmd.exe` on Windows.
+
+#### silent
+
+* Type: Boolean
+* Default: false
+
+You can use the `--silent` flag to prevent showing `npm ERR!` output on error.
+
### See Also
* [npm scripts](/using-npm/scripts)
diff --git a/deps/npm/docs/content/commands/npm-search.md b/deps/npm/docs/content/commands/npm-search.md
index 33864d472d4a20..35178bcb0a580a 100644
--- a/deps/npm/docs/content/commands/npm-search.md
+++ b/deps/npm/docs/content/commands/npm-search.md
@@ -110,13 +110,13 @@ on how the cache works.
#### prefer-online
-Forced staleness checks for cached searches, making the cli look for
+Forces staleness checks for cached searches, making the cli look for
updates immediately even for fresh search results.
#### prefer-offline
-Bypasses staleness checks for cached. Missing data will still be
-requested from the server. To force full offline mode, use `offline`.
+Bypasses staleness checks for cached searches. Missing data will still
+be requested from the server. To force full offline mode, use `offline`.
#### offline
diff --git a/deps/npm/docs/content/commands/npm-update.md b/deps/npm/docs/content/commands/npm-update.md
index 424d686189dca6..012c8472c93fec 100644
--- a/deps/npm/docs/content/commands/npm-update.md
+++ b/deps/npm/docs/content/commands/npm-update.md
@@ -1,7 +1,7 @@
---
title: npm-update
section: 1
-description: Update a package
+description: Update packages
---
### Synopsis
@@ -27,22 +27,11 @@ packages.
If no package name is specified, all packages in the specified location (global
or local) will be updated.
-As of `npm@2.6.1`, the `npm update` will only inspect top-level packages.
-Prior versions of `npm` would also recursively inspect all dependencies.
-To get the old behavior, use `npm --depth 9999 update`.
-
-As of `npm@5.0.0`, the `npm update` will change `package.json` to save the
-new version as the minimum required dependency. To get the old behavior,
-use `npm update --no-save`.
-
### Example
-IMPORTANT VERSION NOTE: these examples assume `npm@2.6.1` or later. For
-older versions of `npm`, you must specify `--depth 0` to get the behavior
-described below.
-
For the examples below, assume that the current package is `app` and it depends
-on dependencies, `dep1` (`dep2`, .. etc.). The published versions of `dep1` are:
+on dependencies, `dep1` (`dep2`, .. etc.). The published versions of `dep1`
+are:
```json
{
@@ -84,10 +73,10 @@ However, if `app`'s `package.json` contains:
}
```
-In this case, running `npm update` will install `dep1@1.1.2`. Even though the `latest`
-tag points to `1.2.2`, this version does not satisfy `~1.1.1`, which is equivalent
-to `>=1.1.1 <1.2.0`. So the highest-sorting version that satisfies `~1.1.1` is used,
-which is `1.1.2`.
+In this case, running `npm update` will install `dep1@1.1.2`. Even though the
+`latest` tag points to `1.2.2`, this version do not satisfy `~1.1.1`, which is
+equivalent to `>=1.1.1 <1.2.0`. So the highest-sorting version that satisfies
+`~1.1.1` is used, which is `1.1.2`.
#### Caret Dependencies below 1.0.0
@@ -120,7 +109,9 @@ version that satisfies `^0.4.0` (`>= 0.4.0 <0.5.0`)
package that is `outdated` -- that is, has a version that is different from
`wanted`.
-Note: Globally installed packages are treated as if they are installed with a caret semver range specified. So if you require to update to `latest` you may need to run `npm install -g [...]`
+Note: Globally installed packages are treated as if they are installed with a
+caret semver range specified. So if you require to update to `latest` you may
+need to run `npm install -g [...]`
NOTE: If a package has been upgraded to a version newer than `latest`, it will
be _downgraded_.
diff --git a/deps/npm/docs/content/commands/npm-version.md b/deps/npm/docs/content/commands/npm-version.md
index 5f93ef44ae5dd1..0eb814b9899b0f 100644
--- a/deps/npm/docs/content/commands/npm-version.md
+++ b/deps/npm/docs/content/commands/npm-version.md
@@ -83,37 +83,37 @@ Take the following example:
}
```
-This runs all your tests, and proceeds only if they pass. Then runs your `build` script, and
+This runs all your tests and proceeds only if they pass. Then runs your `build` script, and
adds everything in the `dist` directory to the commit. After the commit, it pushes the new commit
and tag up to the server, and deletes the `build/temp` directory.
### Configuration
-#### allow-same-version
+#### `allow-same-version`
-* Default: false
+* Default: `false`
* Type: Boolean
-Prevents throwing an error when `npm version` is used to set the new version
+Prevents throwing an error when `npm version` is used to set the new version
to the same value as the current version.
-#### git-tag-version
+#### `git-tag-version`
-* Default: true
+* Default: `true`
* Type: Boolean
Commit and tag the version change.
-#### commit-hooks
+#### `commit-hooks`
-* Default: true
+* Default: `true`
* Type: Boolean
Run git commit hooks when committing the version change.
-#### sign-git-tag
+#### `sign-git-tag`
-* Default: false
+* Default: `false`
* Type: Boolean
Pass the `-s` flag to git to sign the tag.
@@ -126,5 +126,4 @@ Note that you must have a default GPG key set up in your git config for this to
* [npm run-script](/commands/npm-run-script)
* [npm scripts](/using-npm/scripts)
* [package.json](/configuring-npm/package-json)
-* [semver](/using-npm/semver)
* [config](/using-npm/config)
diff --git a/deps/npm/docs/content/commands/npm-view.md b/deps/npm/docs/content/commands/npm-view.md
index 3404c0314335b7..bf09c2ba4f3616 100644
--- a/deps/npm/docs/content/commands/npm-view.md
+++ b/deps/npm/docs/content/commands/npm-view.md
@@ -17,50 +17,48 @@ aliases: info, show, v
This command shows data about a package and prints it to the stream
referenced by the `outfd` config, which defaults to stdout.
-To show the package registry entry for the `connect` package, you can do
-this:
+As an example, to view information about the `connect` package from the registry, you would run:
```bash
npm view connect
```
-The default version is "latest" if unspecified.
+The default version is `"latest"` if unspecified.
Field names can be specified after the package descriptor.
For example, to show the dependencies of the `ronn` package at version
-0.3.5, you could do the following:
+`0.3.5`, you could do the following:
```bash
npm view ronn@0.3.5 dependencies
```
You can view child fields by separating them with a period.
-To view the git repository URL for the latest version of npm, you could
-do this:
+To view the git repository URL for the latest version of `npm`, you would run the following command:
```bash
npm view npm repository.url
```
This makes it easy to view information about a dependency with a bit of
-shell scripting. For example, to view all the data about the version of
-opts that ronn depends on, you can do this:
+shell scripting. For example, to view all the data about the version of
+`opts` that `ronn` depends on, you could write the following:
```bash
npm view opts@$(npm view ronn dependencies.opts)
```
For fields that are arrays, requesting a non-numeric field will return
-all of the values from the objects in the list. For example, to get all
-the contributor names for the "express" project, you can do this:
+all of the values from the objects in the list. For example, to get all
+the contributor names for the `express` package, you would run:
```bash
npm view express contributors.email
```
You may also use numeric indices in square braces to specifically select
-an item in an array field. To just get the email address of the first
-contributor in the list, you can do this:
+an item in an array field. To just get the email address of the first
+contributor in the list, you can run:
```bash
npm view express contributors[0].email
@@ -75,7 +73,7 @@ npm view express contributors.name contributors.email
```
"Person" fields are shown as a string if they would be shown as an
-object. So, for example, this will show the list of npm contributors in
+object. So, for example, this will show the list of `npm` contributors in
the shortened string format. (See [`package.json`](/configuring-npm/package.json) for more on this.)
```bash
@@ -83,12 +81,12 @@ npm view npm contributors
```
If a version range is provided, then data will be printed for every
-matching version of the package. This will show which version of jsdom
-was required by each matching version of yui3:
+matching version of the package. This will show which version of `jsdom`
+was required by each matching version of `yui3`:
```bash
npm view yui3@'>0.5.4' dependencies.jsdom
-```
+```
To show the `connect` package version history, you can do
this:
@@ -100,15 +98,15 @@ npm view connect versions
### Output
If only a single string field for a single version is output, then it
-will not be colorized or quoted, so as to enable piping the output to
+will not be colorized or quoted, to enable piping the output to
another command. If the field is an object, it will be output as a JavaScript object literal.
-If the --json flag is given, the outputted fields will be JSON.
+If the `--json` flag is given, the outputted fields will be JSON.
-If the version range matches multiple versions, than each printed value
+If the version range matches multiple versions then each printed value
will be prefixed with the version it applies to.
-If multiple fields are requested, than each of them are prefixed with
+If multiple fields are requested, then each of them is prefixed with
the field name.
### See Also
diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md
index dd7da2f18aa33e..d01146d37041ca 100644
--- a/deps/npm/docs/content/commands/npm.md
+++ b/deps/npm/docs/content/commands/npm.md
@@ -20,36 +20,42 @@ npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
conflicts intelligently.
-It is extremely configurable to support a wide variety of use cases.
-Most commonly, it is used to publish, discover, install, and develop node
+It is extremely configurable to support a variety of use cases. Most
+commonly, you use it to publish, discover, install, and develop node
programs.
Run `npm help` to get a list of available commands.
### Important
-npm is configured to use npm, Inc.'s public registry at
+npm comes preconfigured to use npm's public registry at
https://registry.npmjs.org by default. Use of the npm public registry is
-subject to terms of use available at https://www.npmjs.com/policies/terms.
+subject to terms of use available at
+https://www.npmjs.com/policies/terms.
-You can configure npm to use any compatible registry you like, and even run
-your own registry. Use of someone else's registry may be governed by their
-terms of use.
+You can configure npm to use any compatible registry you like, and even
+run your own registry. Use of someone else's registry is governed by
+their terms of use.
### Introduction
You probably got npm because you want to install stuff.
-Use `npm install blerg` to install the latest version of "blerg". Check out
-[`npm install`](/commands/npm-install) for more info. It can do a lot of stuff.
+The very first thing you will most likely want to run in any node
+program is `npm install` to install its dependencies.
-Use the `npm search` command to show everything that's available.
-Use `npm ls` to show everything you've installed.
+You can also run `npm install blerg` to install the latest version of
+"blerg". Check out [`npm install`](/commands/npm-install) for more
+info. It can do a lot of stuff.
+
+Use the `npm search` command to show everything that's available in the
+public registry. Use `npm ls` to show everything you've installed.
### Dependencies
-If a package references to another package with a git URL, npm depends
-on a preinstalled git.
+If a package lists a dependency using a git URL, npm will install that
+dependency using the [`git`](https://github.com/git-guides/install-git)
+command and will generate an error if it is not installed.
If one of the packages npm tries to install is a native node module and
requires compiling of C++ Code, npm will use
@@ -64,20 +70,22 @@ the [node-gyp Wiki](https://github.com/nodejs/node-gyp/wiki).
### Directories
-See [`folders`](/configuring-npm/folders) to learn about where npm puts stuff.
+See [`folders`](/configuring-npm/folders) to learn about where npm puts
+stuff.
In particular, npm has two modes of operation:
-* global mode:
- npm installs packages into the install prefix at
- `prefix/lib/node_modules` and bins are installed in `prefix/bin`.
* local mode:
npm installs packages into the current project directory, which
- defaults to the current working directory. Packages are installed to
- `./node_modules`, and bins are installed to `./node_modules/.bin`.
+ defaults to the current working directory. Packages install to
+ `./node_modules`, and bins to `./node_modules/.bin`.
+* global mode:
+ npm installs packages into the install prefix at
+ `$npm_config_prefix/lib/node_modules` and bins to
+ `$npm_config_prefix/bin`.
Local mode is the default. Use `-g` or `--global` on any command to
-operate in global mode instead.
+run in global mode instead.
### Developer Usage
@@ -85,20 +93,22 @@ If you're using npm to develop and publish your code, check out the
following help topics:
* json:
- Make a package.json file. See [`package.json`](/configuring-npm/package-json).
+ Make a package.json file. See
+ [`package.json`](/configuring-npm/package-json).
* link:
- For linking your current working code into Node's path, so that you
- don't have to reinstall every time you make a change. Use
- `npm link` to do this.
+ Links your current working code into Node's path, so that you don't
+ have to reinstall every time you make a change. Use [`npm
+ link`](/commands/npm-link) to do this.
* install:
- It's a good idea to install things if you don't need the symbolic link.
- Especially, installing other peoples code from the registry is done via
- `npm install`
+ It's a good idea to install things if you don't need the symbolic
+ link. Especially, installing other peoples code from the registry is
+ done via [`npm install`](/commands/npm-install)
* adduser:
- Create an account or log in. Credentials are stored in the
- user config file.
+ Create an account or log in. When you do this, npm will store
+ credentials in the user config file config file.
* publish:
- Use the `npm publish` command to upload your code to the registry.
+ Use the [`npm publish`](/commands/npm-publish`) command to upload your
+ code to the registry.
#### Configuration
@@ -108,20 +118,20 @@ npm is extremely configurable. It reads its configuration options from
* Command line switches:
Set a config with `--key val`. All keys take a value, even if they
are booleans (the config parser doesn't know what the options are at
- the time of parsing). If no value is provided, then the option is set
- to boolean `true`.
+ the time of parsing). If you do not provide a value (`--key`) then
+ the option is set to boolean `true`.
* Environment Variables:
Set any config by prefixing the name in an environment variable with
`npm_config_`. For example, `export npm_config_key=val`.
* User Configs:
- The file at $HOME/.npmrc is an ini-formatted list of configs. If
+ The file at `$HOME/.npmrc` is an ini-formatted list of configs. If
present, it is parsed. If the `userconfig` option is set in the cli
- or env, then that will be used instead.
+ or env, that file will be used instead.
* Global Configs:
- The file found at ../etc/npmrc (from the node executable, by default
- this resolves to /usr/local/etc/npmrc) will be parsed if it is found.
- If the `globalconfig` option is set in the cli, env, or user config,
- then that file is parsed instead.
+ The file found at `./etc/npmrc` (relative to the global prefix will be
+ parsed if it is found. See [`npm prefix`](/commands/npm-prefix) for
+ more info on the global prefix. If the `globalconfig` option is set
+ in the cli, env, or user config, then that file is parsed instead.
* Defaults:
npm's default configuration options are defined in
lib/utils/config-defs.js. These must not be changed.
@@ -132,15 +142,17 @@ See [`config`](/using-npm/config) for much much more information.
Patches welcome!
-If you would like to contribute, but don't know what to work on, read
-the [contributing guidelines](https://github.com/npm/cli/blob/latest/CONTRIBUTING.md)
-and check the issues list.
+If you would like to help, but don't know what to work on, read the
+[contributing
+guidelines](https://github.com/npm/cli/blob/latest/CONTRIBUTING.md) and
+check the issues list.
### Bugs
-When you find issues, please report them:
+When you find issues, please report them:
+
-Be sure to follow the template and bug reporting guidelines.
+Please be sure to follow the template and bug reporting guidelines.
### Feature Requests
@@ -153,8 +165,11 @@ Or suggest formal RFC proposals:
*
### See Also
+
* [npm help](/commands/npm-help)
* [package.json](/configuring-npm/package-json)
-* [npm install](/commands/npm-install)
-* [npm config](/commands/npm-config)
* [npmrc](/configuring-npm/npmrc)
+* [npm config](/commands/npm-config)
+* [npm install](/commands/npm-install)
+* [npm prefix](/commands/npm-prefix)
+* [npm publish](/commands/npm-publish)
diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md
index caa1e16a32678a..4b3fd2ba934591 100644
--- a/deps/npm/docs/content/configuring-npm/package-json.md
+++ b/deps/npm/docs/content/configuring-npm/package-json.md
@@ -63,8 +63,6 @@ Version must be parseable by
[node-semver](https://github.com/npm/node-semver), which is bundled with
npm as a dependency. (`npm install semver` to use it yourself.)
-More on version numbers and ranges at [semver](/using-npm/semver).
-
### description
Put a description in it. It's a string. This helps people discover your
@@ -564,8 +562,8 @@ tarball or git URL.
**Please do not put test harnesses or transpilers or other "development"
time tools in your `dependencies` object.** See `devDependencies`, below.
-See [semver](/using-npm/semver) for more details about specifying version
-ranges.
+See [semver]([/using-npm/semver](https://github.com/npm/node-semver#versions))
+for more details about specifying version ranges.
* `version` Must match `version` exactly
* `>version` Must be greater than `version`
@@ -573,8 +571,8 @@ ranges.
* ``
-2. Email the author, CC
-3. After a few weeks, if there's no resolution, we'll sort it out.
-
-Don't squat on package names. Publish code or move out of the way.
-
-### Description
-
-There sometimes arise cases where a user publishes a module, and then later,
-some other user wants to use that name. Here are some common ways that happens
-(each of these is based on actual events.)
-
-1. Alice writes a JavaScript module `foo`, which is not node-specific. Alice
- doesn't use node at all. Yusuf wants to use `foo` in node, so he wraps it in
- an npm module. Some time later, Alice starts using node, and wants to take
- over management of her program.
-2. Yusuf writes an npm module `foo`, and publishes it. Perhaps much later, Alice
- finds a bug in `foo`, and fixes it. She sends a pull request to Yusuf, but
- Yusuf doesn't have the time to deal with it, because he has a new job and a
- new baby and is focused on his new Erlang project, and kind of not involved
- with node any more. Alice would like to publish a new `foo`, but can't,
- because the name is taken.
-3. Yusuf writes a 10-line flow-control library, and calls it `foo`, and
- publishes it to the npm registry. Being a simple little thing, it never
- really has to be updated. Alice works for Foo Inc, the makers of the
- critically acclaimed and widely-marketed `foo` JavaScript toolkit framework.
- They publish it to npm as `foojs`, but people are routinely confused when
- `npm install foo` is some different thing.
-4. Yusuf writes a parser for the widely-known `foo` file format, because he
- needs it for work. Then, he gets a new job, and never updates the prototype.
- Later on, Alice writes a much more complete `foo` parser, but can't publish,
- because Yusuf's `foo` is in the way.
-
-1. `npm owner ls foo`. This will tell Alice the email address of the owner
- (Yusuf).
-2. Alice emails Yusuf, explaining the situation **as respectfully as possible**,
- and what she would like to do with the module name. She adds the npm support
- staff to the CC list of the email. Mention in the email
- that Yusuf can run npm owner `add alice foo` to add Alice as an owner of the
- foo package.
-3. After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
- and Alice can't come to any sort of resolution, email support
- and we'll sort it out. ("Reasonable" is usually at least
- 4 weeks.)
-
-### Reasoning
-
-In almost every case so far, the parties involved have been able to reach an
-amicable resolution without any major intervention. Most people really do want
-to be reasonable, and are probably not even aware that they're in your way.
-
-Module ecosystems are most vibrant and powerful when they are as self-directed
-as possible. If an admin one day deletes something you had worked on, then that
-is going to make most people quite upset, regardless of the justification. When
-humans solve their problems by talking to other humans with respect, everyone
-has the chance to end up feeling good about the interaction.
-
-### Exceptions
-
-Some things are not allowed, and will be removed without discussion if they are
-brought to the attention of the npm registry admins, including but not limited
-to:
-
-1. Malware (that is, a package designed to exploit or harm the machine on which
- it is installed).
-2. Violations of copyright or licenses (for example, cloning an MIT-licensed
- program, and then removing or changing the copyright and license statement).
-3. Illegal content.
-4. "Squatting" on a package name that you plan to use, but aren't actually
- using. Sorry, I don't care how great the name is, or how perfect a fit it is
- for the thing that someday might happen. If someone wants to use it today,
- and you're just taking up space with an empty tarball, you're going to be
- evicted.
-5. Putting empty packages in the registry. Packages must have SOME
- functionality. It can be silly, but it can't be nothing. (See also:
- squatting.)
-6. Doing weird things with the registry, like using it as your own personal
- application database or otherwise putting non-packagey things into it.
-7. Other things forbidden by the npm
- [Code of Conduct](https://www.npmjs.com/policies/conduct) such as hateful
- language, pornographic content, or harassment.
-
-If you see bad behavior like this, please report it to right
-away. **You are never expected to resolve abusive behavior on your own. We are
-here to help.**
-
-### Trademarks
-
-If you think another npm publisher is infringing your trademark, such as by
-using a confusingly similar package name, email with a link to
-the package or user account on [https://www.npmjs.com/](https://www.npmjs.com/).
-Attach a copy of your trademark registration certificate.
-
-If we see that the package's publisher is intentionally misleading others by
-misusing your registered mark without permission, we will transfer the package
-name to you. Otherwise, we will contact the package publisher and ask them to
-clear up any confusion with changes to their package's `README` file or
-metadata.
-
-### Changes
-
-This is a living document and may be updated from time to time. Please refer to
-the [git history for this document](https://github.com/npm/cli/commits/latest/doc/misc/npm-disputes.md)
-to view the changes.
-
-### License
-
-Copyright (C) npm, Inc., All rights reserved
-
-This document may be reused under a Creative Commons Attribution-ShareAlike
-License.
-
-### See also
-
-* [npm registry](/using-npm/registry)
-* [npm owner](/commands/npm-owner)
diff --git a/deps/npm/docs/content/using-npm/registry.md b/deps/npm/docs/content/using-npm/registry.md
index b7a18712f8be8e..c07fa7a48e888f 100644
--- a/deps/npm/docs/content/using-npm/registry.md
+++ b/deps/npm/docs/content/using-npm/registry.md
@@ -10,7 +10,7 @@ To resolve packages by name and version, npm talks to a registry website
that implements the CommonJS Package Registry specification for reading
package info.
-npm is configured to use npm, Inc.'s public registry at
+npm is configured to use the **npm public registry** at
by default. Use of the npm public registry is
subject to terms of use available at .
@@ -23,9 +23,7 @@ write APIs as well, to allow for publishing packages and managing user
account information.
The npm public registry is powered by a CouchDB database,
-of which there is a public mirror at
-. The code for the couchapp is
-available at .
+of which there is a public mirror at .
The registry URL used is determined by the scope of the package (see
[`scope`](/using-npm/scope). If no scope is specified, the default registry is used, which is
@@ -55,44 +53,18 @@ about your environment:
The npm registry does not try to correlate the information in these headers
with any authenticated accounts that may be used in the same requests.
-### Can I run my own private registry?
+### How can I prevent my package from being published in the official registry?
-Yes!
-
-The easiest way is to replicate the couch database, and use the same (or
-similar) design doc to implement the APIs.
-
-If you set up continuous replication from the official CouchDB, and then
-set your internal CouchDB as the registry config, then you'll be able
-to read any published packages, in addition to your private ones, and by
-default will only publish internally.
-
-If you then want to publish a package for the whole world to see, you can
-simply override the `--registry` option for that `publish` command.
-
-### I don't want my package published in the official registry. It's private.
-
-Set `"private": true` in your package.json to prevent it from being
+Set `"private": true` in your `package.json` to prevent it from being
published at all, or
`"publishConfig":{"registry":"http://my-internal-registry.local"}`
-to force it to be published only to your internal registry.
+to force it to be published only to your internal/private registry.
See [`package.json`](/configuring-npm/package-json) for more info on what goes in the package.json file.
-### Will you replicate from my registry into the public one?
-
-No. If you want things to be public, then publish them into the public
-registry using npm. What little security there is would be for nought
-otherwise.
-
-### Do I have to use couchdb to build a registry that npm can talk to?
-
-No, but it's way easier. Basically, yes, you do, or you have to
-effectively implement the entire CouchDB API anyway.
-
-### Is there a website or something to see package docs and such?
+### Where can I find my own, & other's, published packages?
-Yes, head over to
+
### See also
@@ -100,4 +72,3 @@ Yes, head over to
* [config](/using-npm/config)
* [npmrc](/configuring-npm/npmrc)
* [npm developers](/using-npm/developers)
-* [npm disputes](/using-npm/disputes)
diff --git a/deps/npm/docs/content/using-npm/removal.md b/deps/npm/docs/content/using-npm/removal.md
index 7b35460b595e83..c5e13b6741b6de 100644
--- a/deps/npm/docs/content/using-npm/removal.md
+++ b/deps/npm/docs/content/using-npm/removal.md
@@ -58,8 +58,6 @@ modules. To track those down, you can do the following:
find /usr/local/{lib/node,bin} -exec grep -l npm \{\} \; ;
```
-(This is also in the README file.)
-
### See also
* [npm uninstall](/commands/npm-uninstall)
diff --git a/deps/npm/docs/content/using-npm/semver.md b/deps/npm/docs/content/using-npm/semver.md
deleted file mode 100644
index 55141ed537c586..00000000000000
--- a/deps/npm/docs/content/using-npm/semver.md
+++ /dev/null
@@ -1,415 +0,0 @@
----
-title: semver
-section: 7
-description: The semantic versioner for npm
----
-
-## Install
-
-```bash
-npm install --save semver
-````
-
-## Usage
-
-As a node module:
-
-```js
-const semver = require('semver')
-
-semver.valid('1.2.3') // '1.2.3'
-semver.valid('a.b.c') // null
-semver.clean(' =v1.2.3 ') // '1.2.3'
-semver.satisfies('1.2.3', '1.x || >=2.5.0 || 5.0.0 - 7.2.3') // true
-semver.gt('1.2.3', '9.8.7') // false
-semver.lt('1.2.3', '9.8.7') // true
-semver.minVersion('>=1.0.0') // '1.0.0'
-semver.valid(semver.coerce('v2')) // '2.0.0'
-semver.valid(semver.coerce('42.6.7.9.3-alpha')) // '42.6.7'
-```
-
-As a command-line utility:
-
-```
-$ semver -h
-
-A JavaScript implementation of the https://semver.org/ specification
-Copyright Isaac Z. Schlueter
-
-Usage: semver [options] [ [...]]
-Prints valid versions sorted by SemVer precedence
-
-Options:
--r --range
- Print versions that match the specified range.
-
--i --increment []
- Increment a version by the specified level. Level can
- be one of: major, minor, patch, premajor, preminor,
- prepatch, or prerelease. Default level is 'patch'.
- Only one version may be specified.
-
---preid
- Identifier to be used to prefix premajor, preminor,
- prepatch or prerelease version increments.
-
--l --loose
- Interpret versions and ranges loosely
-
--p --include-prerelease
- Always include prerelease versions in range matching
-
--c --coerce
- Coerce a string into SemVer if possible
- (does not imply --loose)
-
-Program exits successfully if any valid version satisfies
-all supplied ranges, and prints all satisfying versions.
-
-If no satisfying versions are found, then exits failure.
-
-Versions are printed in ascending order, so supplying
-multiple versions to the utility will just sort them.
-```
-
-## Versions
-
-A "version" is described by the `v2.0.0` specification found at
-.
-
-A leading `"="` or `"v"` character is stripped off and ignored.
-
-## Ranges
-
-A `version range` is a set of `comparators` which specify versions
-that satisfy the range.
-
-A `comparator` is composed of an `operator` and a `version`. The set
-of primitive `operators` is:
-
-* `<` Less than
-* `<=` Less than or equal to
-* `>` Greater than
-* `>=` Greater than or equal to
-* `=` Equal. If no operator is specified, then equality is assumed,
- so this operator is optional, but MAY be included.
-
-For example, the comparator `>=1.2.7` would match the versions
-`1.2.7`, `1.2.8`, `2.5.3`, and `1.3.9`, but not the versions `1.2.6`
-or `1.1.0`.
-
-Comparators can be joined by whitespace to form a `comparator set`,
-which is satisfied by the **intersection** of all of the comparators
-it includes.
-
-A range is composed of one or more comparator sets, joined by `||`. A
-version matches a range if and only if every comparator in at least
-one of the `||`-separated comparator sets is satisfied by the version.
-
-For example, the range `>=1.2.7 <1.3.0` would match the versions
-`1.2.7`, `1.2.8`, and `1.2.99`, but not the versions `1.2.6`, `1.3.0`,
-or `1.1.0`.
-
-The range `1.2.7 || >=1.2.9 <2.0.0` would match the versions `1.2.7`,
-`1.2.9`, and `1.4.6`, but not the versions `1.2.8` or `2.0.0`.
-
-### Prerelease Tags
-
-If a version has a prerelease tag (for example, `1.2.3-alpha.3`) then
-it will only be allowed to satisfy comparator sets if at least one
-comparator with the same `[major, minor, patch]` tuple also has a
-prerelease tag.
-
-For example, the range `>1.2.3-alpha.3` would be allowed to match the
-version `1.2.3-alpha.7`, but it would *not* be satisfied by
-`3.4.5-alpha.9`, even though `3.4.5-alpha.9` is technically "greater
-than" `1.2.3-alpha.3` according to the SemVer sort rules. The version
-range only accepts prerelease tags on the `1.2.3` version. The
-version `3.4.5` *would* satisfy the range, because it does not have a
-prerelease flag, and `3.4.5` is greater than `1.2.3-alpha.7`.
-
-The purpose for this behavior is twofold. First, prerelease versions
-frequently are updated very quickly, and contain many breaking changes
-that are (by the author's design) not yet fit for public consumption.
-Therefore, by default, they are excluded from range matching
-semantics.
-
-Second, a user who has opted into using a prerelease version has
-clearly indicated the intent to use *that specific* set of
-alpha/beta/rc versions. By including a prerelease tag in the range,
-the user is indicating that they are aware of the risk. However, it
-is still not appropriate to assume that they have opted into taking a
-similar risk on the *next* set of prerelease versions.
-
-Note that this behavior can be suppressed (treating all prerelease
-versions as if they were normal versions, for the purpose of range
-matching) by setting the `includePrerelease` flag on the options
-object to any
-[functions](https://github.com/npm/node-semver#functions) that do
-range matching.
-
-#### Prerelease Identifiers
-
-The method `.inc` takes an additional `identifier` string argument that
-will append the value of the string as a prerelease identifier:
-
-```javascript
-semver.inc('1.2.3', 'prerelease', 'beta')
-// '1.2.4-beta.0'
-```
-
-command-line example:
-
-```bash
-$ semver 1.2.3 -i prerelease --preid beta
-1.2.4-beta.0
-```
-
-Which then can be used to increment further:
-
-```bash
-$ semver 1.2.4-beta.0 -i prerelease
-1.2.4-beta.1
-```
-
-### Advanced Range Syntax
-
-Advanced range syntax desugars to primitive comparators in
-deterministic ways.
-
-Advanced ranges may be combined in the same way as primitive
-comparators using white space or `||`.
-
-#### Hyphen Ranges `X.Y.Z - A.B.C`
-
-Specifies an inclusive set.
-
-* `1.2.3 - 2.3.4` := `>=1.2.3 <=2.3.4`
-
-If a partial version is provided as the first version in the inclusive
-range, then the missing pieces are replaced with zeroes.
-
-* `1.2 - 2.3.4` := `>=1.2.0 <=2.3.4`
-
-If a partial version is provided as the second version in the
-inclusive range, then all versions that start with the supplied parts
-of the tuple are accepted, but nothing that would be greater than the
-provided tuple parts.
-
-* `1.2.3 - 2.3` := `>=1.2.3 <2.4.0`
-* `1.2.3 - 2` := `>=1.2.3 <3.0.0`
-
-#### X-Ranges `1.2.x` `1.X` `1.2.*` `*`
-
-Any of `X`, `x`, or `*` may be used to "stand in" for one of the
-numeric values in the `[major, minor, patch]` tuple.
-
-* `*` := `>=0.0.0` (Any version satisfies)
-* `1.x` := `>=1.0.0 <2.0.0` (Matching major version)
-* `1.2.x` := `>=1.2.0 <1.3.0` (Matching major and minor versions)
-
-A partial version range is treated as an X-Range, so the special
-character is in fact optional.
-
-* `""` (empty string) := `*` := `>=0.0.0`
-* `1` := `1.x.x` := `>=1.0.0 <2.0.0`
-* `1.2` := `1.2.x` := `>=1.2.0 <1.3.0`
-
-#### Tilde Ranges `~1.2.3` `~1.2` `~1`
-
-Allows patch-level changes if a minor version is specified on the
-comparator. Allows minor-level changes if not.
-
-* `~1.2.3` := `>=1.2.3 <1.(2+1).0` := `>=1.2.3 <1.3.0`
-* `~1.2` := `>=1.2.0 <1.(2+1).0` := `>=1.2.0 <1.3.0` (Same as `1.2.x`)
-* `~1` := `>=1.0.0 <(1+1).0.0` := `>=1.0.0 <2.0.0` (Same as `1.x`)
-* `~0.2.3` := `>=0.2.3 <0.(2+1).0` := `>=0.2.3 <0.3.0`
-* `~0.2` := `>=0.2.0 <0.(2+1).0` := `>=0.2.0 <0.3.0` (Same as `0.2.x`)
-* `~0` := `>=0.0.0 <(0+1).0.0` := `>=0.0.0 <1.0.0` (Same as `0.x`)
-* `~1.2.3-beta.2` := `>=1.2.3-beta.2 <1.3.0` Note that prereleases in
- the `1.2.3` version will be allowed, if they are greater than or
- equal to `beta.2`. So, `1.2.3-beta.4` would be allowed, but
- `1.2.4-beta.2` would not, because it is a prerelease of a
- different `[major, minor, patch]` tuple.
-
-#### Caret Ranges `^1.2.3` `^0.2.5` `^0.0.4`
-
-Allows changes that do not modify the left-most non-zero digit in the
-`[major, minor, patch]` tuple. In other words, this allows patch and
-minor updates for versions `1.0.0` and above, patch updates for
-versions `0.X >=0.1.0`, and *no* updates for versions `0.0.X`.
-
-Many authors treat a `0.x` version as if the `x` were the major
-"breaking-change" indicator.
-
-Caret ranges are ideal when an author may make breaking changes
-between `0.2.4` and `0.3.0` releases, which is a common practice.
-However, it presumes that there will *not* be breaking changes between
-`0.2.4` and `0.2.5`. It allows for changes that are presumed to be
-additive (but non-breaking), according to commonly observed practices.
-
-* `^1.2.3` := `>=1.2.3 <2.0.0`
-* `^0.2.3` := `>=0.2.3 <0.3.0`
-* `^0.0.3` := `>=0.0.3 <0.0.4`
-* `^1.2.3-beta.2` := `>=1.2.3-beta.2 <2.0.0` Note that prereleases in
- the `1.2.3` version will be allowed, if they are greater than or
- equal to `beta.2`. So, `1.2.3-beta.4` would be allowed, but
- `1.2.4-beta.2` would not, because it is a prerelease of a
- different `[major, minor, patch]` tuple.
-* `^0.0.3-beta` := `>=0.0.3-beta <0.0.4` Note that prereleases in the
- `0.0.3` version *only* will be allowed, if they are greater than or
- equal to `beta`. So, `0.0.3-pr.2` would be allowed.
-
-When parsing caret ranges, a missing `patch` value desugars to the
-number `0`, but will allow flexibility within that value, even if the
-major and minor versions are both `0`.
-
-* `^1.2.x` := `>=1.2.0 <2.0.0`
-* `^0.0.x` := `>=0.0.0 <0.1.0`
-* `^0.0` := `>=0.0.0 <0.1.0`
-
-A missing `minor` and `patch` values will desugar to zero, but also
-allow flexibility within those values, even if the major version is
-zero.
-
-* `^1.x` := `>=1.0.0 <2.0.0`
-* `^0.x` := `>=0.0.0 <1.0.0`
-
-### Range Grammar
-
-Putting all this together, here is a Backus-Naur grammar for ranges,
-for the benefit of parser authors:
-
-```bnf
-range-set ::= range ( logical-or range ) *
-logical-or ::= ( ' ' ) * '||' ( ' ' ) *
-range ::= hyphen | simple ( ' ' simple ) * | ''
-hyphen ::= partial ' - ' partial
-simple ::= primitive | partial | tilde | caret
-primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial
-partial ::= xr ( '.' xr ( '.' xr qualifier ? )? )?
-xr ::= 'x' | 'X' | '*' | nr
-nr ::= '0' | ['1'-'9'] ( ['0'-'9'] ) *
-tilde ::= '~' partial
-caret ::= '^' partial
-qualifier ::= ( '-' pre )? ( '+' build )?
-pre ::= parts
-build ::= parts
-parts ::= part ( '.' part ) *
-part ::= nr | [-0-9A-Za-z]+
-```
-
-## Functions
-
-All methods and classes take a final `options` object argument. All
-options in this object are `false` by default. The options supported
-are:
-
-- `loose` Be more forgiving about not-quite-valid semver strings.
- (Any resulting output will always be 100% strict compliant, of
- course.) For backwards compatibility reasons, if the `options`
- argument is a boolean value instead of an object, it is interpreted
- to be the `loose` param.
-- `includePrerelease` Set to suppress the [default
- behavior](https://github.com/npm/node-semver#prerelease-tags) of
- excluding prerelease tagged versions from ranges unless they are
- explicitly opted into.
-
-Strict-mode Comparators and Ranges will be strict about the SemVer
-strings that they parse.
-
-* `valid(v)`: Return the parsed version, or null if it's not valid.
-* `inc(v, release)`: Return the version incremented by the release
- type (`major`, `premajor`, `minor`, `preminor`, `patch`,
- `prepatch`, or `prerelease`), or null if it's not valid
- * `premajor` in one call will bump the version up to the next major
- version and down to a prerelease of that major version.
- `preminor`, and `prepatch` work the same way.
- * If called from a non-prerelease version, the `prerelease` will work the
- same as `prepatch`. It increments the patch version, then makes a
- prerelease. If the input version is already a prerelease it simply
- increments it.
-* `prerelease(v)`: Returns an array of prerelease components, or null
- if none exist. Example: `prerelease('1.2.3-alpha.1') -> ['alpha', 1]`
-* `major(v)`: Return the major version number.
-* `minor(v)`: Return the minor version number.
-* `patch(v)`: Return the patch version number.
-* `intersects(r1, r2, loose)`: Return true if the two supplied ranges
- or comparators intersect.
-* `parse(v)`: Attempt to parse a string as a semantic version, returning either
- a `SemVer` object or `null`.
-
-### Comparison
-
-* `gt(v1, v2)`: `v1 > v2`
-* `gte(v1, v2)`: `v1 >= v2`
-* `lt(v1, v2)`: `v1 < v2`
-* `lte(v1, v2)`: `v1 <= v2`
-* `eq(v1, v2)`: `v1 == v2` This is true if they're logically equivalent,
- even if they're not the exact same string. You already know how to
- compare strings.
-* `neq(v1, v2)`: `v1 != v2` The opposite of `eq`.
-* `cmp(v1, comparator, v2)`: Pass in a comparison string, and it'll call
- the corresponding function above. `"==="` and `"!=="` do simple
- string comparison, but are included for completeness. Throws if an
- invalid comparison string is provided.
-* `compare(v1, v2)`: Return `0` if `v1 == v2`, or `1` if `v1` is greater, or `-1` if
- `v2` is greater. Sorts in ascending order if passed to `Array.sort()`.
-* `rcompare(v1, v2)`: The reverse of compare. Sorts an array of versions
- in descending order when passed to `Array.sort()`.
-* `diff(v1, v2)`: Returns difference between two versions by the release type
- (`major`, `premajor`, `minor`, `preminor`, `patch`, `prepatch`, or `prerelease`),
- or null if the versions are the same.
-
-### Comparators
-
-* `intersects(comparator)`: Return true if the comparators intersect
-
-### Ranges
-
-* `validRange(range)`: Return the valid range or null if it's not valid
-* `satisfies(version, range)`: Return true if the version satisfies the
- range.
-* `maxSatisfying(versions, range)`: Return the highest version in the list
- that satisfies the range, or `null` if none of them do.
-* `minSatisfying(versions, range)`: Return the lowest version in the list
- that satisfies the range, or `null` if none of them do.
-* `minVersion(range)`: Return the lowest version that can possibly match
- the given range.
-* `gtr(version, range)`: Return `true` if version is greater than all the
- versions possible in the range.
-* `ltr(version, range)`: Return `true` if version is less than all the
- versions possible in the range.
-* `outside(version, range, hilo)`: Return true if the version is outside
- the bounds of the range in either the high or low direction. The
- `hilo` argument must be either the string `'>'` or `'<'`. (This is
- the function called by `gtr` and `ltr`.)
-* `intersects(range)`: Return true if any of the ranges comparators intersect
-
-Note that, since ranges may be non-contiguous, a version might not be
-greater than a range, less than a range, *or* satisfy a range! For
-example, the range `1.2 <1.2.9 || >2.0.0` would have a hole from `1.2.9`
-until `2.0.0`, so the version `1.2.10` would not be greater than the
-range (because `2.0.1` satisfies, which is higher), nor less than the
-range (since `1.2.8` satisfies, which is lower), and it also does not
-satisfy the range.
-
-If you want to know if a version satisfies or does not satisfy a
-range, use the `satisfies(version, range)` function.
-
-### Coercion
-
-* `coerce(version)`: Coerces a string to semver if possible
-
-This aims to provide a very forgiving translation of a non-semver string to
-semver. It looks for the first digit in a string, and consumes all
-remaining characters which satisfy at least a partial semver (e.g., `1`,
-`1.2`, `1.2.3`) up to the max permitted length (256 characters). Longer
-versions are simply truncated (`4.6.3.9.2-alpha2` becomes `4.6.3`). All
-surrounding text is simply ignored (`v3.4 replaces v3.3.1` becomes
-`3.4.0`). Only text which lacks digits will fail coercion (`version one`
-is not valid). The maximum length for any semver component considered for
-coercion is 16 characters; longer components will be ignored
-(`10000000000000000.4.7.4` becomes `4.7.4`). The maximum value for any
-semver component is `Number.MAX_SAFE_INTEGER || (2**53 - 1)`; higher value
-components are invalid (`9999999999999999.4.7.4` is likely invalid).
diff --git a/deps/npm/docs/output/commands/npm-diff.html b/deps/npm/docs/output/commands/npm-diff.html
new file mode 100644
index 00000000000000..43840ea9a2984a
--- /dev/null
+++ b/deps/npm/docs/output/commands/npm-diff.html
@@ -0,0 +1,346 @@
+
+npm-diff
+
+
+
+
Similar to its git diff counterpart, this command will print diff patches
+of files for packages published to the npm registry.
+
+
+
npm diff --diff=<spec-a> --diff=<spec-b>
+
Compares two package versions using their registry specifiers, e.g:
+npm diff --diff=pkg@1.0.0 --diff=pkg@^2.0.0. It’s also possible to
+compare across forks of any package,
+e.g: npm diff --diff=pkg@1.0.0 --diff=pkg-fork@1.0.0.
+
Any valid spec can be used, so that it’s also possible to compare
+directories or git repositories,
+e.g: npm diff --diff=pkg@latest --diff=./packages/pkg
+
Here’s an example comparing two different versions of a package named
+abbrev from the registry:
In the example above we can compare the contents from the package installed
+from the git repo at github.com/npm/libnpmdiff with the contents of the
+./local-path that contains a valid package, such as a modified copy of
+the original.
+
+
+
npm diff (in a package directory, no arguments):
+
If the package is published to the registry, npm diff will fetch the
+tarball version tagged as latest (this value can be configured using the
+tag option) and proceed to compare the contents of files present in that
+tarball, with the current files in your local file system.
+
This workflow provides a handy way for package authors to see what
+package-tracked files have been changed in comparison with the latest
+published version of that package.
+
+
+
npm diff --diff=<pkg-name> (in a package directory):
+
When using a single package name (with no version or tag specifier) as an
+argument, npm diff will work in a similar way to
+npm-outdated and reach for the registry to figure out
+what current published version of the package named will satisfy
+its dependent declared semver-range. Once that specific version is known
+npm diff will print diff patches comparing the current version of
+ found in the local file system with that specific version
+returned by the registry.
+
Given a package named abbrev that is currently installed:
+
npm diff --diff=abbrev
+
+
That will request from the registry its most up to date version and
+will print a diff output comparing the currently installed version to this
+newer one if the version numbers are not the same.
+
+
+
npm diff --diff=<spec-a> (in a package directory):
+
Similar to using only a single package name, it’s also possible to declare
+a full registry specifier version if you wish to compare the local version
+of an installed package with the specific version/tag/semver-range provided
+in <spec-a>.
+
An example: assuming pkg@1.0.0 is installed in the current node_modules
+folder, running:
+
npm diff --diff=pkg@2.0.0
+
+
It will effectively be an alias to
+npm diff --diff=pkg@1.0.0 --diff=pkg@2.0.0.
+
+
+
npm diff --diff=<semver-a> [--diff=<semver-b>] (in a package directory):
+
Using npm diff along with semver-valid version numbers is a shorthand
+to compare different versions of the current package.
+
It needs to be run from a package directory, such that for a package named
+pkg running npm diff --diff=1.0.0 --diff=1.0.1 is the same as running
+npm diff --diff=pkg@1.0.0 --diff=pkg@1.0.1.
+
If only a single argument <version-a> is provided, then the current local
+file system is going to be compared against that version.
+
Here’s an example comparing two specific versions (published to the
+configured registry) of the current project directory:
+
npm diff --diff=1.0.0 --diff=1.1.0
+
+
+
+
Note that tag names are not valid --diff argument values, if you wish to
+compare to a published tag, you must use the pkg@tagname syntax.
+
Filtering files
+
It’s possible to also specify positional arguments using file names or globs
+pattern matching in order to limit the result of diff patches to only a subset
+of files for a given package, e.g:
+
npm diff --diff=pkg@2 ./lib/ CHANGELOG.md
+
+
In the example above the diff output is only going to print contents of files
+located within the folder ./lib/ and changed lines of code within the
+CHANGELOG.md file.
+
Configuration
+
diff
+
+
Type: Array
+
Default: null
+
+
Defines npm package specifiers to compare using the npm diff command.
+
This can be specified up to 2 times.
+
diff-name-only
+
+
Type: Boolean
+
Default: false
+
+
When set to true running npm diff only returns the names of the files that
+have any difference.
+
diff-unified
+
+
Type: Number
+
Default: 3
+
+
The number of lines of context to print in the unified diff format output.
+
diff-ignore-all-space
+
+
Type: Boolean
+
Default: false
+
+
Ignore whitespace when comparing lines. This ignores differences even if one
+line has whitespace where the other line has none.
+
diff-no-prefix
+
+
Type: Boolean
+
Default: false
+
+
Do not show any source or destination prefix.
+
diff-src-prefix
+
+
Type: String
+
Default: "a/"
+
+
Show the given source prefix in diff patches headers instead of using “a/”.
+
diff-dst-prefix
+
+
Type: String
+
Default: "b/"
+
+
Show the given source prefix in diff patches headers instead of using “b/”.
+
diff-text
+
+
Type: Boolean
+
Default: false
+
+
Treat all files as text.
+
global
+
+
Default: false
+
Type: Boolean
+
+
Uses packages from the global space as a source for comparison.
+
tag
+
+
Type: String
+
Default: "latest"
+
+
The tag used to fetch the tarball that will be compared with the local file
+system files when running npm diff with no arguments.
The --shell option is replaced with --script-shell, but maintained
in the npx executable for backwards compatibility.
+
A note on caching
+
The npm cli utilizes its internal package cache when using the package
+name specified. You can use the following to change how and when the
+cli uses this cache. See npm cache for more on
+how the cache works.
+
prefer-online
+
Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache.
+
prefer-offline
+
Bypasses staleness checks for packages. Missing data will still be
+requested from the server. To force full offline mode, use offline.
+
offline
+
Forces full offline mode. Any packages not locally cached will result in
+an error.
The npm cli utilizes its internal package cache when using the package
+name specified. You can use the following to change how and when the
+cli uses this cache. See npm cache for more on
+how the cache works.
+
prefer-online
+
Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache.
+
prefer-offline
+
Bypasses staleness checks for packages. Missing data will still be
+requested from the server. To force full offline mode, use offline.
+
offline
+
Forces full offline mode. Any packages not locally cached will result in
+an error.
the results to only the paths to the packages named. Note that nested
packages will also show the paths to the specified packages. For
example, running npm ls promzard in npm’s source tree will show:
-
The arguments will only be passed to the script specified after npm run
-and not to any pre or post script.
+and not to any pre or post script.
The env script is a special built-in command that can be used to list
environment variables that will be available to the script at runtime. If an
“env” command is defined in your package, it will take precedence over the
@@ -178,7 +178,8 @@
The actual shell your script is run within is platform dependent. By default,
-on Unix-like systems it is the /bin/sh command, on Windows it is the cmd.exe.
+on Unix-like systems it is the /bin/sh command, on Windows it is
+cmd.exe.
The actual shell referred to by /bin/sh also depends on the system.
You can customize the shell with the script-shell configuration.
Scripts are run from the root of the package folder, regardless of what the
@@ -192,12 +193,37 @@
Description
If --scripts-prepend-node-path=auto is passed (which has been the default
in npm v3), this is only performed when that node executable is not
found in the PATH.
-
If you try to run a script without having a node_modules directory and it fails,
-you will be given a warning to run npm install, just in case you’ve forgotten.
-
You can use the --silent flag to prevent showing npm ERR! output on error.
+
If you try to run a script without having a node_modules directory and it
+fails, you will be given a warning to run npm install, just in case you’ve
+forgotten.
+
Configuration
+
if-present
+
+
Type: Boolean
+
Default: false
+
You can use the --if-present flag to avoid exiting with a non-zero exit code
when the script is undefined. This lets you run potentially undefined scripts
without breaking the execution chain.
+
ignore-scripts
+
+
Type: Boolean
+
Default: false
+
+
Skips running pre and post scripts.
+
script-shell
+
+
Type: String
+
Default: null
+
+
Optional custom script to use to execute the command. If not defined defaults
+to /bin/sh on Unix, defaults to env.comspec or cmd.exe on Windows.
+
silent
+
+
Type: Boolean
+
Default: false
+
+
You can use the --silent flag to prevent showing npm ERR! output on error.
-Update a package
+Update packages
@@ -159,18 +159,10 @@
Description
packages.
If no package name is specified, all packages in the specified location (global
or local) will be updated.
-
As of npm@2.6.1, the npm update will only inspect top-level packages.
-Prior versions of npm would also recursively inspect all dependencies.
-To get the old behavior, use npm --depth 9999 update.
-
As of npm@5.0.0, the npm update will change package.json to save the
-new version as the minimum required dependency. To get the old behavior,
-use npm update --no-save.
Example
-
IMPORTANT VERSION NOTE: these examples assume npm@2.6.1 or later. For
-older versions of npm, you must specify --depth 0 to get the behavior
-described below.
For the examples below, assume that the current package is app and it depends
-on dependencies, dep1 (dep2, .. etc.). The published versions of dep1 are:
+on dependencies, dep1 (dep2, .. etc.). The published versions of dep1
+are:
In this case, running npm update will install dep1@1.1.2. Even though the latest
-tag points to 1.2.2, this version does not satisfy ~1.1.1, which is equivalent
-to >=1.1.1 <1.2.0. So the highest-sorting version that satisfies ~1.1.1 is used,
-which is 1.1.2.
+
In this case, running npm update will install dep1@1.1.2. Even though the
+latest tag points to 1.2.2, this version do not satisfy ~1.1.1, which is
+equivalent to >=1.1.1 <1.2.0. So the highest-sorting version that satisfies
+~1.1.1 is used, which is 1.1.2.
Caret Dependencies below 1.0.0
Suppose app has a caret dependency on a version below 1.0.0, for example:
"dependencies": {
@@ -223,7 +215,9 @@
Updating Globally-Installed Packag
npm update -g will apply the update action to each globally installed
package that is outdated – that is, has a version that is different from
wanted.
-
Note: Globally installed packages are treated as if they are installed with a caret semver range specified. So if you require to update to latest you may need to run npm install -g [<pkg>...]
+
Note: Globally installed packages are treated as if they are installed with a
+caret semver range specified. So if you require to update to latest you may
+need to run npm install -g [<pkg>...]
NOTE: If a package has been upgraded to a version newer than latest, it will
be downgraded.
This runs all your tests, and proceeds only if they pass. Then runs your build script, and
+
This runs all your tests and proceeds only if they pass. Then runs your build script, and
adds everything in the dist directory to the commit. After the commit, it pushes the new commit
and tag up to the server, and deletes the build/temp directory.
Configuration
-
allow-same-version
+
allow-same-version
-
Default: false
+
Default: false
Type: Boolean
Prevents throwing an error when npm version is used to set the new version
to the same value as the current version.
-
git-tag-version
+
git-tag-version
-
Default: true
+
Default: true
Type: Boolean
Commit and tag the version change.
-
commit-hooks
+
commit-hooks
-
Default: true
+
Default: true
Type: Boolean
Run git commit hooks when committing the version change.
This command shows data about a package and prints it to the stream
referenced by the outfd config, which defaults to stdout.
-
To show the package registry entry for the connect package, you can do
-this:
+
As an example, to view information about the connect package from the registry, you would run:
npm view connect
-
The default version is “latest” if unspecified.
+
The default version is "latest" if unspecified.
Field names can be specified after the package descriptor.
For example, to show the dependencies of the ronn package at version
-0.3.5, you could do the following:
+0.3.5, you could do the following:
npm view ronn@0.3.5 dependencies
You can view child fields by separating them with a period.
-To view the git repository URL for the latest version of npm, you could
-do this:
+To view the git repository URL for the latest version of npm, you would run the following command:
npm view npm repository.url
This makes it easy to view information about a dependency with a bit of
-shell scripting. For example, to view all the data about the version of
-opts that ronn depends on, you can do this:
+shell scripting. For example, to view all the data about the version of
+opts that ronn depends on, you could write the following:
npm view opts@$(npm view ronn dependencies.opts)
For fields that are arrays, requesting a non-numeric field will return
-all of the values from the objects in the list. For example, to get all
-the contributor names for the “express” project, you can do this:
+all of the values from the objects in the list. For example, to get all
+the contributor names for the express package, you would run:
npm view express contributors.email
You may also use numeric indices in square braces to specifically select
-an item in an array field. To just get the email address of the first
-contributor in the list, you can do this:
+an item in an array field. To just get the email address of the first
+contributor in the list, you can run:
npm view express contributors[0].email
Multiple fields may be specified, and will be printed one after another.
@@ -188,13 +186,13 @@
“Person” fields are shown as a string if they would be shown as an
-object. So, for example, this will show the list of npm contributors in
+object. So, for example, this will show the list of npm contributors in
the shortened string format. (See package.json for more on this.)
npm view npm contributors
If a version range is provided, then data will be printed for every
-matching version of the package. This will show which version of jsdom
-was required by each matching version of yui3:
+matching version of the package. This will show which version of jsdom
+was required by each matching version of yui3:
npm view yui3@'>0.5.4' dependencies.jsdom
To show the connect package version history, you can do
@@ -203,12 +201,12 @@
Description
Output
If only a single string field for a single version is output, then it
-will not be colorized or quoted, so as to enable piping the output to
+will not be colorized or quoted, to enable piping the output to
another command. If the field is an object, it will be output as a JavaScript object literal.
-
If the –json flag is given, the outputted fields will be JSON.
-
If the version range matches multiple versions, than each printed value
+
If the --json flag is given, the outputted fields will be JSON.
+
If the version range matches multiple versions then each printed value
will be prefixed with the version it applies to.
-
If multiple fields are requested, than each of them are prefixed with
+
If multiple fields are requested, then each of them is prefixed with
the field name.
npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
conflicts intelligently.
-
It is extremely configurable to support a wide variety of use cases.
-Most commonly, it is used to publish, discover, install, and develop node
+
It is extremely configurable to support a variety of use cases. Most
+commonly, you use it to publish, discover, install, and develop node
programs.
Run npm help to get a list of available commands.
Important
-
npm is configured to use npm, Inc.’s public registry at
+
You can configure npm to use any compatible registry you like, and even run
-your own registry. Use of someone else’s registry may be governed by their
-terms of use.
You can configure npm to use any compatible registry you like, and even
+run your own registry. Use of someone else’s registry is governed by
+their terms of use.
Introduction
You probably got npm because you want to install stuff.
-
Use npm install blerg to install the latest version of “blerg”. Check out
-npm install for more info. It can do a lot of stuff.
-
Use the npm search command to show everything that’s available.
-Use npm ls to show everything you’ve installed.
+
The very first thing you will most likely want to run in any node
+program is npm install to install its dependencies.
+
You can also run npm install blerg to install the latest version of
+“blerg”. Check out npm install for more
+info. It can do a lot of stuff.
+
Use the npm search command to show everything that’s available in the
+public registry. Use npm ls to show everything you’ve installed.
Dependencies
-
If a package references to another package with a git URL, npm depends
-on a preinstalled git.
+
If a package lists a dependency using a git URL, npm will install that
+dependency using the git
+command and will generate an error if it is not installed.
If one of the packages npm tries to install is a native node module and
requires compiling of C++ Code, npm will use
node-gyp for that task.
@@ -184,38 +189,41 @@
global mode:
-npm installs packages into the install prefix at
-prefix/lib/node_modules and bins are installed in prefix/bin.
local mode:
npm installs packages into the current project directory, which
-defaults to the current working directory. Packages are installed to
-./node_modules, and bins are installed to ./node_modules/.bin.
+defaults to the current working directory. Packages install to
+./node_modules, and bins to ./node_modules/.bin.
+
global mode:
+npm installs packages into the install prefix at
+$npm_config_prefix/lib/node_modules and bins to
+$npm_config_prefix/bin.
Local mode is the default. Use -g or --global on any command to
-operate in global mode instead.
+run in global mode instead.
Developer Usage
If you’re using npm to develop and publish your code, check out the
following help topics:
json:
-Make a package.json file. See package.json.
link:
-For linking your current working code into Node’s path, so that you
-don’t have to reinstall every time you make a change. Use
-npm link to do this.
+Links your current working code into Node’s path, so that you don’t
+have to reinstall every time you make a change. Use npm link to do this.
install:
-It’s a good idea to install things if you don’t need the symbolic link.
-Especially, installing other peoples code from the registry is done via
-npm install
+It’s a good idea to install things if you don’t need the symbolic
+link. Especially, installing other peoples code from the registry is
+done via npm install
adduser:
-Create an account or log in. Credentials are stored in the
-user config file.
+Create an account or log in. When you do this, npm will store
+credentials in the user config file config file.
publish:
-Use the npm publish command to upload your code to the registry.
+Use the npm publish command to upload your
+code to the registry.
Configuration
npm is extremely configurable. It reads its configuration options from
@@ -224,20 +232,20 @@
Configuration
Command line switches:
Set a config with --key val. All keys take a value, even if they
are booleans (the config parser doesn’t know what the options are at
-the time of parsing). If no value is provided, then the option is set
-to boolean true.
+the time of parsing). If you do not provide a value (--key) then
+the option is set to boolean true.
Environment Variables:
Set any config by prefixing the name in an environment variable with
npm_config_. For example, export npm_config_key=val.
User Configs:
-The file at $HOME/.npmrc is an ini-formatted list of configs. If
+The file at $HOME/.npmrc is an ini-formatted list of configs. If
present, it is parsed. If the userconfig option is set in the cli
-or env, then that will be used instead.
+or env, that file will be used instead.
Global Configs:
-The file found at ../etc/npmrc (from the node executable, by default
-this resolves to /usr/local/etc/npmrc) will be parsed if it is found.
-If the globalconfig option is set in the cli, env, or user config,
-then that file is parsed instead.
+The file found at ./etc/npmrc (relative to the global prefix will be
+parsed if it is found. See npm prefix for
+more info on the global prefix. If the globalconfig option is set
+in the cli, env, or user config, then that file is parsed instead.
Defaults:
npm’s default configuration options are defined in
lib/utils/config-defs.js. These must not be changed.
commands that modify your local installation, eg, install, update,
dedupe, uninstall. This is NOT currently honored by some network related
commands, eg dist-tags, owner, etc.
+
diff
+
+
Default: null
+
Type: String, Array, null
+
+
Define arguments to compare in npm diff.
+
diff-name-only
+
+
Default: false
+
Type: Boolean
+
+
Prints only filenames when using npm diff.
+
diff-unified
+
+
Type: number
+
Default: 3
+
+
The number of lines of context to print in npm diff.
+
diff-ignore-all-space
+
+
Type: Boolean
+
Default: false
+
+
Ignore whitespace when comparing lines in `npm diff.
+
diff-no-prefix
+
+
Type: Boolean
+
Default: false
+
+
Do not show any source or destination prefix in npm diff output.
+
diff-src-prefix
+
+
Type: String
+
Default: "a/"
+
+
Source prefix to be used in npm diff output.
+
diff-dst-prefix
+
+
Type: String
+
Default: "b/"
+
+
Destination prefix to be used in npm diff output.
+
diff-text
+
+
Alias: -a
+
Type: Boolean
+
Default: false
+
+
Treat all files as text in npm diff.
editor
Default: EDITOR environment variable if set, or "vi" on Posix,
diff --git a/deps/npm/docs/output/using-npm/disputes.html b/deps/npm/docs/output/using-npm/disputes.html
deleted file mode 100644
index e7cc8b90cce0d0..00000000000000
--- a/deps/npm/docs/output/using-npm/disputes.html
+++ /dev/null
@@ -1,285 +0,0 @@
-
-disputes
-
-
-
-
This document describes the steps that you should take to resolve module name
-disputes with other npm publishers. It also describes special steps you should
-take about names you think infringe your trademarks.
-
This document is a clarification of the acceptable behavior outlined in the
-npm Code of Conduct, and nothing in
-this document should be interpreted to contradict any aspect of the npm Code of
-Conduct.
After a few weeks, if there’s no resolution, we’ll sort it out.
-
-
Don’t squat on package names. Publish code or move out of the way.
-
Description
-
There sometimes arise cases where a user publishes a module, and then later,
-some other user wants to use that name. Here are some common ways that happens
-(each of these is based on actual events.)
-
-
-
Alice writes a JavaScript module foo, which is not node-specific. Alice
-doesn’t use node at all. Yusuf wants to use foo in node, so he wraps it in
-an npm module. Some time later, Alice starts using node, and wants to take
-over management of her program.
-
-
-
Yusuf writes an npm module foo, and publishes it. Perhaps much later, Alice
-finds a bug in foo, and fixes it. She sends a pull request to Yusuf, but
-Yusuf doesn’t have the time to deal with it, because he has a new job and a
-new baby and is focused on his new Erlang project, and kind of not involved
-with node any more. Alice would like to publish a new foo, but can’t,
-because the name is taken.
-
-
-
Yusuf writes a 10-line flow-control library, and calls it foo, and
-publishes it to the npm registry. Being a simple little thing, it never
-really has to be updated. Alice works for Foo Inc, the makers of the
-critically acclaimed and widely-marketed foo JavaScript toolkit framework.
-They publish it to npm as foojs, but people are routinely confused when
-npm install foo is some different thing.
-
-
-
Yusuf writes a parser for the widely-known foo file format, because he
-needs it for work. Then, he gets a new job, and never updates the prototype.
-Later on, Alice writes a much more complete foo parser, but can’t publish,
-because Yusuf’s foo is in the way.
-
-
-
npm owner ls foo. This will tell Alice the email address of the owner
-(Yusuf).
-
-
-
Alice emails Yusuf, explaining the situation as respectfully as possible,
-and what she would like to do with the module name. She adds the npm support
-staff support@npmjs.com to the CC list of the email. Mention in the email
-that Yusuf can run npm owner add alice foo to add Alice as an owner of the
-foo package.
-
-
-
After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
-and Alice can’t come to any sort of resolution, email support
-support@npmjs.com and we’ll sort it out. (“Reasonable” is usually at least
-4 weeks.)
-
-
-
Reasoning
-
In almost every case so far, the parties involved have been able to reach an
-amicable resolution without any major intervention. Most people really do want
-to be reasonable, and are probably not even aware that they’re in your way.
-
Module ecosystems are most vibrant and powerful when they are as self-directed
-as possible. If an admin one day deletes something you had worked on, then that
-is going to make most people quite upset, regardless of the justification. When
-humans solve their problems by talking to other humans with respect, everyone
-has the chance to end up feeling good about the interaction.
-
Exceptions
-
Some things are not allowed, and will be removed without discussion if they are
-brought to the attention of the npm registry admins, including but not limited
-to:
-
-
Malware (that is, a package designed to exploit or harm the machine on which
-it is installed).
-
Violations of copyright or licenses (for example, cloning an MIT-licensed
-program, and then removing or changing the copyright and license statement).
-
Illegal content.
-
“Squatting” on a package name that you plan to use, but aren’t actually
-using. Sorry, I don’t care how great the name is, or how perfect a fit it is
-for the thing that someday might happen. If someone wants to use it today,
-and you’re just taking up space with an empty tarball, you’re going to be
-evicted.
-
Putting empty packages in the registry. Packages must have SOME
-functionality. It can be silly, but it can’t be nothing. (See also:
-squatting.)
-
Doing weird things with the registry, like using it as your own personal
-application database or otherwise putting non-packagey things into it.
-
Other things forbidden by the npm
-Code of Conduct such as hateful
-language, pornographic content, or harassment.
-
-
If you see bad behavior like this, please report it to abuse@npmjs.com right
-away. You are never expected to resolve abusive behavior on your own. We are
-here to help.
-
Trademarks
-
If you think another npm publisher is infringing your trademark, such as by
-using a confusingly similar package name, email abuse@npmjs.com with a link to
-the package or user account on https://www.npmjs.com/.
-Attach a copy of your trademark registration certificate.
-
If we see that the package’s publisher is intentionally misleading others by
-misusing your registered mark without permission, we will transfer the package
-name to you. Otherwise, we will contact the package publisher and ask them to
-clear up any confusion with changes to their package’s README file or
-metadata.
-
Changes
-
This is a living document and may be updated from time to time. Please refer to
-the git history for this document
-to view the changes.
-
License
-
Copyright (C) npm, Inc., All rights reserved
-
This document may be reused under a Creative Commons Attribution-ShareAlike
-License.
To resolve packages by name and version, npm talks to a registry website
that implements the CommonJS Package Registry specification for reading
package info.
-
npm is configured to use npm, Inc.’s public registry at
+
The registry URL used is determined by the scope of the package (see
scope. If no scope is specified, the default registry is used, which is
supplied by the registry config parameter. See npm config,
@@ -185,38 +183,20 @@
Does npm se
The npm registry does not try to correlate the information in these headers
with any authenticated accounts that may be used in the same requests.
-
Can I run my own private registry?
-
Yes!
-
The easiest way is to replicate the couch database, and use the same (or
-similar) design doc to implement the APIs.
-
If you set up continuous replication from the official CouchDB, and then
-set your internal CouchDB as the registry config, then you’ll be able
-to read any published packages, in addition to your private ones, and by
-default will only publish internally.
-
If you then want to publish a package for the whole world to see, you can
-simply override the --registry option for that publish command.
-
I don’t want my package published in the official registry. It’s private.
-
Set "private": true in your package.json to prevent it from being
+
How can I prevent my package from being published in the official registry?
+
Set "private": true in your package.json to prevent it from being
published at all, or
"publishConfig":{"registry":"http://my-internal-registry.local"}
-to force it to be published only to your internal registry.
+to force it to be published only to your internal/private registry.
See package.json for more info on what goes in the package.json file.
-
Will you replicate from my registry into the public one?
-
No. If you want things to be public, then publish them into the public
-registry using npm. What little security there is would be for nought
-otherwise.
-
Do I have to use couchdb to build a registry that npm can talk to?
-
No, but it’s way easier. Basically, yes, you do, or you have to
-effectively implement the entire CouchDB API anyway.
-
Is there a website or something to see package docs and such?
$ semver -h
-
-A JavaScript implementation of the https://semver.org/ specification
-Copyright Isaac Z. Schlueter
-
-Usage: semver [options] <version> [<version> [...]]
-Prints valid versions sorted by SemVer precedence
-
-Options:
--r --range <range>
- Print versions that match the specified range.
-
--i --increment [<level>]
- Increment a version by the specified level. Level can
- be one of: major, minor, patch, premajor, preminor,
- prepatch, or prerelease. Default level is 'patch'.
- Only one version may be specified.
-
---preid <identifier>
- Identifier to be used to prefix premajor, preminor,
- prepatch or prerelease version increments.
-
--l --loose
- Interpret versions and ranges loosely
-
--p --include-prerelease
- Always include prerelease versions in range matching
-
--c --coerce
- Coerce a string into SemVer if possible
- (does not imply --loose)
-
-Program exits successfully if any valid version satisfies
-all supplied ranges, and prints all satisfying versions.
-
-If no satisfying versions are found, then exits failure.
-
-Versions are printed in ascending order, so supplying
-multiple versions to the utility will just sort them.
-
-
Versions
-
A “version” is described by the v2.0.0 specification found at
-https://semver.org/.
-
A leading "=" or "v" character is stripped off and ignored.
-
Ranges
-
A version range is a set of comparators which specify versions
-that satisfy the range.
-
A comparator is composed of an operator and a version. The set
-of primitive operators is:
-
-
< Less than
-
<= Less than or equal to
-
> Greater than
-
>= Greater than or equal to
-
= Equal. If no operator is specified, then equality is assumed,
-so this operator is optional, but MAY be included.
-
-
For example, the comparator >=1.2.7 would match the versions
-1.2.7, 1.2.8, 2.5.3, and 1.3.9, but not the versions 1.2.6
-or 1.1.0.
-
Comparators can be joined by whitespace to form a comparator set,
-which is satisfied by the intersection of all of the comparators
-it includes.
-
A range is composed of one or more comparator sets, joined by ||. A
-version matches a range if and only if every comparator in at least
-one of the ||-separated comparator sets is satisfied by the version.
-
For example, the range >=1.2.7 <1.3.0 would match the versions
-1.2.7, 1.2.8, and 1.2.99, but not the versions 1.2.6, 1.3.0,
-or 1.1.0.
-
The range 1.2.7 || >=1.2.9 <2.0.0 would match the versions 1.2.7,
-1.2.9, and 1.4.6, but not the versions 1.2.8 or 2.0.0.
-
Prerelease Tags
-
If a version has a prerelease tag (for example, 1.2.3-alpha.3) then
-it will only be allowed to satisfy comparator sets if at least one
-comparator with the same [major, minor, patch] tuple also has a
-prerelease tag.
-
For example, the range >1.2.3-alpha.3 would be allowed to match the
-version 1.2.3-alpha.7, but it would not be satisfied by
-3.4.5-alpha.9, even though 3.4.5-alpha.9 is technically “greater
-than” 1.2.3-alpha.3 according to the SemVer sort rules. The version
-range only accepts prerelease tags on the 1.2.3 version. The
-version 3.4.5would satisfy the range, because it does not have a
-prerelease flag, and 3.4.5 is greater than 1.2.3-alpha.7.
-
The purpose for this behavior is twofold. First, prerelease versions
-frequently are updated very quickly, and contain many breaking changes
-that are (by the author’s design) not yet fit for public consumption.
-Therefore, by default, they are excluded from range matching
-semantics.
-
Second, a user who has opted into using a prerelease version has
-clearly indicated the intent to use that specific set of
-alpha/beta/rc versions. By including a prerelease tag in the range,
-the user is indicating that they are aware of the risk. However, it
-is still not appropriate to assume that they have opted into taking a
-similar risk on the next set of prerelease versions.
-
Note that this behavior can be suppressed (treating all prerelease
-versions as if they were normal versions, for the purpose of range
-matching) by setting the includePrerelease flag on the options
-object to any
-functions that do
-range matching.
-
Prerelease Identifiers
-
The method .inc takes an additional identifier string argument that
-will append the value of the string as a prerelease identifier:
Advanced range syntax desugars to primitive comparators in
-deterministic ways.
-
Advanced ranges may be combined in the same way as primitive
-comparators using white space or ||.
-
Hyphen Ranges X.Y.Z - A.B.C
-
Specifies an inclusive set.
-
-
1.2.3 - 2.3.4 := >=1.2.3 <=2.3.4
-
-
If a partial version is provided as the first version in the inclusive
-range, then the missing pieces are replaced with zeroes.
-
-
1.2 - 2.3.4 := >=1.2.0 <=2.3.4
-
-
If a partial version is provided as the second version in the
-inclusive range, then all versions that start with the supplied parts
-of the tuple are accepted, but nothing that would be greater than the
-provided tuple parts.
-
-
1.2.3 - 2.3 := >=1.2.3 <2.4.0
-
1.2.3 - 2 := >=1.2.3 <3.0.0
-
-
X-Ranges 1.2.x1.X1.2.**
-
Any of X, x, or * may be used to “stand in” for one of the
-numeric values in the [major, minor, patch] tuple.
-
-
* := >=0.0.0 (Any version satisfies)
-
1.x := >=1.0.0 <2.0.0 (Matching major version)
-
1.2.x := >=1.2.0 <1.3.0 (Matching major and minor versions)
-
-
A partial version range is treated as an X-Range, so the special
-character is in fact optional.
-
-
"" (empty string) := * := >=0.0.0
-
1 := 1.x.x := >=1.0.0 <2.0.0
-
1.2 := 1.2.x := >=1.2.0 <1.3.0
-
-
Tilde Ranges ~1.2.3~1.2~1
-
Allows patch-level changes if a minor version is specified on the
-comparator. Allows minor-level changes if not.
-
-
~1.2.3 := >=1.2.3 <1.(2+1).0 := >=1.2.3 <1.3.0
-
~1.2 := >=1.2.0 <1.(2+1).0 := >=1.2.0 <1.3.0 (Same as 1.2.x)
-
~1 := >=1.0.0 <(1+1).0.0 := >=1.0.0 <2.0.0 (Same as 1.x)
-
~0.2.3 := >=0.2.3 <0.(2+1).0 := >=0.2.3 <0.3.0
-
~0.2 := >=0.2.0 <0.(2+1).0 := >=0.2.0 <0.3.0 (Same as 0.2.x)
-
~0 := >=0.0.0 <(0+1).0.0 := >=0.0.0 <1.0.0 (Same as 0.x)
-
~1.2.3-beta.2 := >=1.2.3-beta.2 <1.3.0 Note that prereleases in
-the 1.2.3 version will be allowed, if they are greater than or
-equal to beta.2. So, 1.2.3-beta.4 would be allowed, but
-1.2.4-beta.2 would not, because it is a prerelease of a
-different [major, minor, patch] tuple.
-
-
Caret Ranges ^1.2.3^0.2.5^0.0.4
-
Allows changes that do not modify the left-most non-zero digit in the
-[major, minor, patch] tuple. In other words, this allows patch and
-minor updates for versions 1.0.0 and above, patch updates for
-versions 0.X >=0.1.0, and no updates for versions 0.0.X.
-
Many authors treat a 0.x version as if the x were the major
-“breaking-change” indicator.
-
Caret ranges are ideal when an author may make breaking changes
-between 0.2.4 and 0.3.0 releases, which is a common practice.
-However, it presumes that there will not be breaking changes between
-0.2.4 and 0.2.5. It allows for changes that are presumed to be
-additive (but non-breaking), according to commonly observed practices.
-
-
^1.2.3 := >=1.2.3 <2.0.0
-
^0.2.3 := >=0.2.3 <0.3.0
-
^0.0.3 := >=0.0.3 <0.0.4
-
^1.2.3-beta.2 := >=1.2.3-beta.2 <2.0.0 Note that prereleases in
-the 1.2.3 version will be allowed, if they are greater than or
-equal to beta.2. So, 1.2.3-beta.4 would be allowed, but
-1.2.4-beta.2 would not, because it is a prerelease of a
-different [major, minor, patch] tuple.
-
^0.0.3-beta := >=0.0.3-beta <0.0.4 Note that prereleases in the
-0.0.3 version only will be allowed, if they are greater than or
-equal to beta. So, 0.0.3-pr.2 would be allowed.
-
-
When parsing caret ranges, a missing patch value desugars to the
-number 0, but will allow flexibility within that value, even if the
-major and minor versions are both 0.
-
-
^1.2.x := >=1.2.0 <2.0.0
-
^0.0.x := >=0.0.0 <0.1.0
-
^0.0 := >=0.0.0 <0.1.0
-
-
A missing minor and patch values will desugar to zero, but also
-allow flexibility within those values, even if the major version is
-zero.
-
-
^1.x := >=1.0.0 <2.0.0
-
^0.x := >=0.0.0 <1.0.0
-
-
Range Grammar
-
Putting all this together, here is a Backus-Naur grammar for ranges,
-for the benefit of parser authors:
All methods and classes take a final options object argument. All
-options in this object are false by default. The options supported
-are:
-
-
loose Be more forgiving about not-quite-valid semver strings.
-(Any resulting output will always be 100% strict compliant, of
-course.) For backwards compatibility reasons, if the options
-argument is a boolean value instead of an object, it is interpreted
-to be the loose param.
-
includePrerelease Set to suppress the default
-behavior of
-excluding prerelease tagged versions from ranges unless they are
-explicitly opted into.
-
-
Strict-mode Comparators and Ranges will be strict about the SemVer
-strings that they parse.
-
-
valid(v): Return the parsed version, or null if it’s not valid.
-
inc(v, release): Return the version incremented by the release
-type (major, premajor, minor, preminor, patch,
-prepatch, or prerelease), or null if it’s not valid
-
-
premajor in one call will bump the version up to the next major
-version and down to a prerelease of that major version.
-preminor, and prepatch work the same way.
-
If called from a non-prerelease version, the prerelease will work the
-same as prepatch. It increments the patch version, then makes a
-prerelease. If the input version is already a prerelease it simply
-increments it.
-
-
-
prerelease(v): Returns an array of prerelease components, or null
-if none exist. Example: prerelease('1.2.3-alpha.1') -> ['alpha', 1]
-
major(v): Return the major version number.
-
minor(v): Return the minor version number.
-
patch(v): Return the patch version number.
-
intersects(r1, r2, loose): Return true if the two supplied ranges
-or comparators intersect.
-
parse(v): Attempt to parse a string as a semantic version, returning either
-a SemVer object or null.
-
-
Comparison
-
-
gt(v1, v2): v1 > v2
-
gte(v1, v2): v1 >= v2
-
lt(v1, v2): v1 < v2
-
lte(v1, v2): v1 <= v2
-
eq(v1, v2): v1 == v2 This is true if they’re logically equivalent,
-even if they’re not the exact same string. You already know how to
-compare strings.
-
neq(v1, v2): v1 != v2 The opposite of eq.
-
cmp(v1, comparator, v2): Pass in a comparison string, and it’ll call
-the corresponding function above. "===" and "!==" do simple
-string comparison, but are included for completeness. Throws if an
-invalid comparison string is provided.
-
compare(v1, v2): Return 0 if v1 == v2, or 1 if v1 is greater, or -1 if
-v2 is greater. Sorts in ascending order if passed to Array.sort().
-
rcompare(v1, v2): The reverse of compare. Sorts an array of versions
-in descending order when passed to Array.sort().
-
diff(v1, v2): Returns difference between two versions by the release type
-(major, premajor, minor, preminor, patch, prepatch, or prerelease),
-or null if the versions are the same.
-
-
Comparators
-
-
intersects(comparator): Return true if the comparators intersect
-
-
Ranges
-
-
validRange(range): Return the valid range or null if it’s not valid
-
satisfies(version, range): Return true if the version satisfies the
-range.
-
maxSatisfying(versions, range): Return the highest version in the list
-that satisfies the range, or null if none of them do.
-
minSatisfying(versions, range): Return the lowest version in the list
-that satisfies the range, or null if none of them do.
-
minVersion(range): Return the lowest version that can possibly match
-the given range.
-
gtr(version, range): Return true if version is greater than all the
-versions possible in the range.
-
ltr(version, range): Return true if version is less than all the
-versions possible in the range.
-
outside(version, range, hilo): Return true if the version is outside
-the bounds of the range in either the high or low direction. The
-hilo argument must be either the string '>' or '<'. (This is
-the function called by gtr and ltr.)
-
intersects(range): Return true if any of the ranges comparators intersect
-
-
Note that, since ranges may be non-contiguous, a version might not be
-greater than a range, less than a range, or satisfy a range! For
-example, the range 1.2 <1.2.9 || >2.0.0 would have a hole from 1.2.9
-until 2.0.0, so the version 1.2.10 would not be greater than the
-range (because 2.0.1 satisfies, which is higher), nor less than the
-range (since 1.2.8 satisfies, which is lower), and it also does not
-satisfy the range.
-
If you want to know if a version satisfies or does not satisfy a
-range, use the satisfies(version, range) function.
-
Coercion
-
-
coerce(version): Coerces a string to semver if possible
-
-
This aims to provide a very forgiving translation of a non-semver string to
-semver. It looks for the first digit in a string, and consumes all
-remaining characters which satisfy at least a partial semver (e.g., 1,
-1.2, 1.2.3) up to the max permitted length (256 characters). Longer
-versions are simply truncated (4.6.3.9.2-alpha2 becomes 4.6.3). All
-surrounding text is simply ignored (v3.4 replaces v3.3.1 becomes
-3.4.0). Only text which lacks digits will fail coercion (version one
-is not valid). The maximum length for any semver component considered for
-coercion is 16 characters; longer components will be ignored
-(10000000000000000.4.7.4 becomes 4.7.4). The maximum value for any
-semver component is Number.MAX_SAFE_INTEGER || (2**53 - 1); higher value
-components are invalid (9999999999999999.4.7.4 is likely invalid).
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/deps/npm/lib/diff.js b/deps/npm/lib/diff.js
new file mode 100644
index 00000000000000..af6760106e0065
--- /dev/null
+++ b/deps/npm/lib/diff.js
@@ -0,0 +1,266 @@
+const { resolve } = require('path')
+
+const semver = require('semver')
+const libdiff = require('libnpmdiff')
+const npa = require('npm-package-arg')
+const Arborist = require('@npmcli/arborist')
+const npmlog = require('npmlog')
+const pacote = require('pacote')
+const pickManifest = require('npm-pick-manifest')
+
+const npm = require('./npm.js')
+const usageUtil = require('./utils/usage.js')
+const output = require('./utils/output.js')
+const completion = require('./utils/completion/none.js')
+const readLocalPkg = require('./utils/read-local-package.js')
+
+const usage = usageUtil(
+ 'diff',
+ 'npm diff [...]' +
+ '\nnpm diff --diff= [...]' +
+ '\nnpm diff --diff= [--diff=] [...]' +
+ '\nnpm diff --diff= [--diff=] [...]' +
+ '\nnpm diff [--diff-ignore-all-space] [--diff-name-only] [...] [...]'
+)
+
+const cmd = (args, cb) => diff(args).then(() => cb()).catch(cb)
+
+const where = () => {
+ const globalTop = resolve(npm.globalDir, '..')
+ const { global } = npm.flatOptions
+ return global ? globalTop : npm.prefix
+}
+
+const diff = async (args) => {
+ const specs = npm.flatOptions.diff.filter(d => d)
+ if (specs.length > 2) {
+ throw new TypeError(
+ 'Can\'t use more than two --diff arguments.\n\n' +
+ `Usage:\n${usage}`
+ )
+ }
+
+ const [a, b] = await retrieveSpecs(specs)
+ npmlog.info('diff', { src: a, dst: b })
+
+ const res = await libdiff([a, b], { ...npm.flatOptions, diffFiles: args })
+ return output(res)
+}
+
+const retrieveSpecs = ([a, b]) => {
+ // no arguments, defaults to comparing cwd
+ // to its latest published registry version
+ if (!a)
+ return defaultSpec()
+
+ // single argument, used to compare wanted versions of an
+ // installed dependency or to compare the cwd to a published version
+ if (!b)
+ return transformSingleSpec(a)
+
+ return convertVersionsToSpecs([a, b])
+ .then(findVersionsByPackageName)
+}
+
+const defaultSpec = async () => {
+ let noPackageJson
+ let pkgName
+ try {
+ pkgName = await readLocalPkg()
+ } catch (e) {
+ npmlog.verbose('diff', 'could not read project dir package.json')
+ noPackageJson = true
+ }
+
+ if (!pkgName || noPackageJson) {
+ throw new Error(
+ 'Needs multiple arguments to compare or run from a project dir.\n\n' +
+ `Usage:\n${usage}`
+ )
+ }
+
+ return [
+ `${pkgName}@${npm.flatOptions.defaultTag}`,
+ `file:${npm.prefix}`,
+ ]
+}
+
+const transformSingleSpec = async (a) => {
+ let noPackageJson
+ let pkgName
+ try {
+ pkgName = await readLocalPkg()
+ } catch (e) {
+ npmlog.verbose('diff', 'could not read project dir package.json')
+ noPackageJson = true
+ }
+ const missingPackageJson = new Error(
+ 'Needs multiple arguments to compare or run from a project dir.\n\n' +
+ `Usage:\n${usage}`
+ )
+
+ const specSelf = () => {
+ if (noPackageJson)
+ throw missingPackageJson
+
+ return `file:${npm.prefix}`
+ }
+
+ // using a valid semver range, that means it should just diff
+ // the cwd against a published version to the registry using the
+ // same project name and the provided semver range
+ if (semver.validRange(a)) {
+ if (!pkgName)
+ throw missingPackageJson
+
+ return [
+ `${pkgName}@${a}`,
+ specSelf(),
+ ]
+ }
+
+ // when using a single package name as arg and it's part of the current
+ // install tree, then retrieve the current installed version and compare
+ // it against the same value `npm outdated` would suggest you to update to
+ const spec = npa(a)
+ if (spec.registry) {
+ let actualTree
+ let node
+ try {
+ const opts = {
+ ...npm.flatOptions,
+ path: where(),
+ }
+ const arb = new Arborist(opts)
+ actualTree = await arb.loadActual(opts)
+ node = actualTree &&
+ actualTree.inventory.query('name', spec.name)
+ .values().next().value
+ } catch (e) {
+ npmlog.verbose('diff', 'failed to load actual install tree')
+ }
+
+ if (!node || !node.name || !node.package || !node.package.version) {
+ return [
+ `${spec.name}@${spec.fetchSpec}`,
+ specSelf(),
+ ]
+ }
+
+ const tryRootNodeSpec = () =>
+ (actualTree && actualTree.edgesOut.get(spec.name) || {}).spec
+
+ const tryAnySpec = () => {
+ for (const edge of node.edgesIn)
+ return edge.spec
+ }
+
+ const aSpec = `file:${node.realpath}`
+
+ // finds what version of the package to compare against, if a exact
+ // version or tag was passed than it should use that, otherwise
+ // work from the top of the arborist tree to find the original semver
+ // range declared in the package that depends on the package.
+ let bSpec
+ if (spec.rawSpec)
+ bSpec = spec.rawSpec
+ else {
+ const bTargetVersion =
+ tryRootNodeSpec()
+ || tryAnySpec()
+
+ // figure out what to compare against,
+ // follows same logic to npm outdated "Wanted" results
+ const packument = await pacote.packument(spec, {
+ ...npm.flatOptions,
+ preferOnline: true,
+ })
+ bSpec = pickManifest(
+ packument,
+ bTargetVersion,
+ { ...npm.flatOptions }
+ ).version
+ }
+
+ return [
+ `${spec.name}@${aSpec}`,
+ `${spec.name}@${bSpec}`,
+ ]
+ } else if (spec.type === 'directory') {
+ return [
+ `file:${spec.fetchSpec}`,
+ specSelf(),
+ ]
+ } else {
+ throw new Error(
+ 'Spec type not supported.\n\n' +
+ `Usage:\n${usage}`
+ )
+ }
+}
+
+const convertVersionsToSpecs = async ([a, b]) => {
+ const semverA = semver.validRange(a)
+ const semverB = semver.validRange(b)
+
+ // both specs are semver versions, assume current project dir name
+ if (semverA && semverB) {
+ let pkgName
+ try {
+ pkgName = await readLocalPkg()
+ } catch (e) {
+ npmlog.verbose('diff', 'could not read project dir package.json')
+ }
+
+ if (!pkgName) {
+ throw new Error(
+ 'Needs to be run from a project dir in order to diff two versions.\n\n' +
+ `Usage:\n${usage}`
+ )
+ }
+ return [`${pkgName}@${a}`, `${pkgName}@${b}`]
+ }
+
+ // otherwise uses the name from the other arg to
+ // figure out the spec.name of what to compare
+ if (!semverA && semverB)
+ return [a, `${npa(a).name}@${b}`]
+
+ if (semverA && !semverB)
+ return [`${npa(b).name}@${a}`, b]
+
+ // no valid semver ranges used
+ return [a, b]
+}
+
+const findVersionsByPackageName = async (specs) => {
+ let actualTree
+ try {
+ const opts = {
+ ...npm.flatOptions,
+ path: where(),
+ }
+ const arb = new Arborist(opts)
+ actualTree = await arb.loadActual(opts)
+ } catch (e) {
+ npmlog.verbose('diff', 'failed to load actual install tree')
+ }
+
+ return specs.map(i => {
+ const spec = npa(i)
+ if (spec.rawSpec)
+ return i
+
+ const node = actualTree
+ && actualTree.inventory.query('name', spec.name)
+ .values().next().value
+
+ const res = !node || !node.package || !node.package.version
+ ? spec.fetchSpec
+ : `file:${node.realpath}`
+
+ return `${spec.name}@${res}`
+ })
+}
+
+module.exports = Object.assign(cmd, { completion, usage })
diff --git a/deps/npm/lib/help-search.js b/deps/npm/lib/help-search.js
index c1814b4e53fc3e..d60ef5b4ba89f6 100644
--- a/deps/npm/lib/help-search.js
+++ b/deps/npm/lib/help-search.js
@@ -132,11 +132,15 @@ const searchFiles = async (args, data, files) => {
// sort results by number of results found, then by number of hits
// then by number of matching lines
+
+ // coverage is ignored here because the contents of results are
+ // nondeterministic due to either glob or readFiles or Object.entries
return results.sort((a, b) =>
a.found.length > b.found.length ? -1
: a.found.length < b.found.length ? 1
: a.totalHits > b.totalHits ? -1
: a.totalHits < b.totalHits ? 1
+ /* istanbul ignore next */
: a.lines.length > b.lines.length ? -1
: a.lines.length < b.lines.length ? 1
: 0).slice(0, 10)
diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js
index 8ef7eff4c8a64d..49b2088070e7a5 100644
--- a/deps/npm/lib/publish.js
+++ b/deps/npm/lib/publish.js
@@ -35,22 +35,7 @@ const publish = async args => {
log.verbose('publish', args)
const opts = { ...npm.flatOptions }
- const { json, defaultTag, registry } = opts
-
- if (!registry) {
- throw Object.assign(new Error('No registry specified.'), {
- code: 'ENOREGISTRY',
- })
- }
-
- if (!opts.dryRun) {
- const creds = npm.config.getCredentialsByURI(registry)
- if (!creds.token && !creds.username) {
- throw Object.assign(new Error('This command requires you to be logged in.'), {
- code: 'ENEEDAUTH',
- })
- }
- }
+ const { json, defaultTag } = opts
if (semver.validRange(defaultTag))
throw new Error('Tag name must not be a valid SemVer range: ' + defaultTag.trim())
@@ -91,6 +76,22 @@ const publish_ = async (arg, opts) => {
if (manifest.publishConfig)
Object.assign(opts, publishConfigToOpts(manifest.publishConfig))
+ const { registry } = opts
+ if (!registry) {
+ throw Object.assign(new Error('No registry specified.'), {
+ code: 'ENOREGISTRY',
+ })
+ }
+
+ if (!dryRun) {
+ const creds = npm.config.getCredentialsByURI(registry)
+ if (!creds.token && !creds.username) {
+ throw Object.assign(new Error('This command requires you to be logged in.'), {
+ code: 'ENEEDAUTH',
+ })
+ }
+ }
+
// only run scripts for directory type publishes
if (spec.type === 'directory') {
await runScript({
diff --git a/deps/npm/lib/utils/cmd-list.js b/deps/npm/lib/utils/cmd-list.js
index 8c092e719c05c1..4e088c12d43f64 100644
--- a/deps/npm/lib/utils/cmd-list.js
+++ b/deps/npm/lib/utils/cmd-list.js
@@ -119,6 +119,7 @@ const cmdList = [
'prefix',
'bin',
'whoami',
+ 'diff',
'dist-tag',
'ping',
diff --git a/deps/npm/lib/utils/config.js b/deps/npm/lib/utils/config.js
index 511215769893e3..3ca9766132f02f 100644
--- a/deps/npm/lib/utils/config.js
+++ b/deps/npm/lib/utils/config.js
@@ -74,6 +74,14 @@ const defaults = {
depth: null,
description: true,
dev: false,
+ diff: [],
+ 'diff-unified': null,
+ 'diff-ignore-all-space': false,
+ 'diff-name-only': false,
+ 'diff-no-prefix': false,
+ 'diff-src-prefix': '',
+ 'diff-dst-prefix': '',
+ 'diff-text': false,
'dry-run': false,
editor,
'engine-strict': false,
@@ -216,6 +224,14 @@ const types = {
depth: [null, Number],
description: Boolean,
dev: Boolean,
+ diff: [String, Array],
+ 'diff-unified': [null, Number],
+ 'diff-ignore-all-space': Boolean,
+ 'diff-name-only': Boolean,
+ 'diff-no-prefix': Boolean,
+ 'diff-src-prefix': String,
+ 'diff-dst-prefix': String,
+ 'diff-text': Boolean,
'dry-run': Boolean,
editor: String,
'engine-strict': Boolean,
diff --git a/deps/npm/lib/utils/flat-options.js b/deps/npm/lib/utils/flat-options.js
index a161ff2e6a70fa..c082e4137ab217 100644
--- a/deps/npm/lib/utils/flat-options.js
+++ b/deps/npm/lib/utils/flat-options.js
@@ -102,6 +102,15 @@ const flatten = obj => ({
staleness: obj.searchstaleness,
},
+ diff: obj.diff,
+ diffUnified: obj['diff-unified'],
+ diffIgnoreAllSpace: obj['diff-ignore-all-space'],
+ diffNameOnly: obj['diff-name-only'],
+ diffNoPrefix: obj['diff-no-prefix'],
+ diffSrcPrefix: obj['diff-src-prefix'],
+ diffDstPrefix: obj['diff-dst-prefix'],
+ diffText: obj['diff-text'],
+
dryRun: obj['dry-run'],
engineStrict: obj['engine-strict'],
diff --git a/deps/npm/man/man1/npm-diff.1 b/deps/npm/man/man1/npm-diff.1
new file mode 100644
index 00000000000000..cb7cac17ff8a7b
--- /dev/null
+++ b/deps/npm/man/man1/npm-diff.1
@@ -0,0 +1,266 @@
+.TH "NPM\-DIFF" "1" "January 2021" "" ""
+.SH "NAME"
+\fBnpm-diff\fR \- The registry diff command
+.SS Synopsis
+.P
+.RS 2
+.nf
+npm diff [\.\.\.]
+npm diff \-\-diff= [\.\.\.]
+npm diff \-\-diff= [\-\-diff=] [\.\.\.]
+npm diff \-\-diff= [\-\-diff=] [\.\.\.]
+npm diff [\-\-diff\-ignore\-all\-space] [\-\-diff\-name\-only] [\.\.\.]
+.fi
+.RE
+.SS Description
+.P
+Similar to its \fBgit diff\fP counterpart, this command will print diff patches
+of files for packages published to the npm registry\.
+.RS 0
+.IP \(bu 2
+\fBnpm diff \-\-diff= \-\-diff=\fP
+ Compares two package versions using their registry specifiers, e\.g:
+ \fBnpm diff \-\-diff=pkg@1\.0\.0 \-\-diff=pkg@^2\.0\.0\fP\|\. It's also possible to
+ compare across forks of any package,
+ e\.g: \fBnpm diff \-\-diff=pkg@1\.0\.0 \-\-diff=pkg\-fork@1\.0\.0\fP\|\.
+ Any valid spec can be used, so that it's also possible to compare
+ directories or git repositories,
+ e\.g: \fBnpm diff \-\-diff=pkg@latest \-\-diff=\./packages/pkg\fP
+ Here's an example comparing two different versions of a package named
+ \fBabbrev\fP from the registry:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=abbrev@1\.1\.0 \-\-diff=abbrev@1\.1\.1
+.fi
+.RE
+ On success, output looks like:
+.P
+.RS 2
+.nf
+ diff \-\-git a/package\.json b/package\.json
+ index v1\.1\.0\.\.v1\.1\.1 100644
+ \-\-\- a/package\.json
+ +++ b/package\.json
+ @@ \-1,6 +1,6 @@
+ {
+ "name": "abbrev",
+ \- "version": "1\.1\.0",
+ + "version": "1\.1\.1",
+ "description": "Like ruby's abbrev module, but in js",
+ "author": "Isaac Z\. Schlueter ",
+ "main": "abbrev\.js",
+.fi
+.RE
+ Given the flexible nature of npm specs, you can also target local
+ directories or git repos just like when using \fBnpm install\fP:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=https://github\.com/npm/libnpmdiff \-\-diff=\./local\-path
+.fi
+.RE
+ In the example above we can compare the contents from the package installed
+ from the git repo at \fBgithub\.com/npm/libnpmdiff\fP with the contents of the
+ \fB\|\./local\-path\fP that contains a valid package, such as a modified copy of
+ the original\.
+.IP \(bu 2
+\fBnpm diff\fP (in a package directory, no arguments):
+ If the package is published to the registry, \fBnpm diff\fP will fetch the
+ tarball version tagged as \fBlatest\fP (this value can be configured using the
+ \fBtag\fP option) and proceed to compare the contents of files present in that
+ tarball, with the current files in your local file system\.
+ This workflow provides a handy way for package authors to see what
+ package\-tracked files have been changed in comparison with the latest
+ published version of that package\.
+.IP \(bu 2
+\fBnpm diff \-\-diff=\fP (in a package directory):
+ When using a single package name (with no version or tag specifier) as an
+ argument, \fBnpm diff\fP will work in a similar way to
+ \fBnpm\-outdated\fP \fInpm\-outdated\fR and reach for the registry to figure out
+ what current published version of the package named will satisfy
+ its dependent declared semver\-range\. Once that specific version is known
+ \fBnpm diff\fP will print diff patches comparing the current version of
+ found in the local file system with that specific version
+ returned by the registry\.
+ Given a package named \fBabbrev\fP that is currently installed:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=abbrev
+.fi
+.RE
+ That will request from the registry its most up to date version and
+ will print a diff output comparing the currently installed version to this
+ newer one if the version numbers are not the same\.
+.IP \(bu 2
+\fBnpm diff \-\-diff=\fP (in a package directory):
+ Similar to using only a single package name, it's also possible to declare
+ a full registry specifier version if you wish to compare the local version
+ of an installed package with the specific version/tag/semver\-range provided
+ in \fB\fP\|\.
+ An example: assuming \fBpkg@1\.0\.0\fP is installed in the current \fBnode_modules\fP
+ folder, running:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=pkg@2\.0\.0
+.fi
+.RE
+ It will effectively be an alias to
+ \fBnpm diff \-\-diff=pkg@1\.0\.0 \-\-diff=pkg@2\.0\.0\fP\|\.
+.IP \(bu 2
+\fBnpm diff \-\-diff= [\-\-diff=]\fP (in a package directory):
+ Using \fBnpm diff\fP along with semver\-valid version numbers is a shorthand
+ to compare different versions of the current package\.
+ It needs to be run from a package directory, such that for a package named
+ \fBpkg\fP running \fBnpm diff \-\-diff=1\.0\.0 \-\-diff=1\.0\.1\fP is the same as running
+ \fBnpm diff \-\-diff=pkg@1\.0\.0 \-\-diff=pkg@1\.0\.1\fP\|\.
+ If only a single argument \fB\fP is provided, then the current local
+ file system is going to be compared against that version\.
+ Here's an example comparing two specific versions (published to the
+ configured registry) of the current project directory:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=1\.0\.0 \-\-diff=1\.1\.0
+.fi
+.RE
+
+.RE
+.P
+Note that tag names are not valid \fB\-\-diff\fP argument values, if you wish to
+compare to a published tag, you must use the \fBpkg@tagname\fP syntax\.
+.SS Filtering files
+.P
+It's possible to also specify positional arguments using file names or globs
+pattern matching in order to limit the result of diff patches to only a subset
+of files for a given package, e\.g:
+.P
+.RS 2
+.nf
+ npm diff \-\-diff=pkg@2 \./lib/ CHANGELOG\.md
+.fi
+.RE
+.P
+In the example above the diff output is only going to print contents of files
+located within the folder \fB\|\./lib/\fP and changed lines of code within the
+\fBCHANGELOG\.md\fP file\.
+.SS Configuration
+.SS diff
+.RS 0
+.IP \(bu 2
+Type: Array
+.IP \(bu 2
+Default: null
+
+.RE
+.P
+Defines npm package specifiers to compare using the \fBnpm diff\fP command\.
+.P
+This can be specified up to 2 times\.
+.SS diff\-name\-only
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+When set to \fBtrue\fP running \fBnpm diff\fP only returns the names of the files that
+have any difference\.
+.SS diff\-unified
+.RS 0
+.IP \(bu 2
+Type: Number
+.IP \(bu 2
+Default: \fB3\fP
+
+.RE
+.P
+The number of lines of context to print in the unified diff format output\.
+.SS diff\-ignore\-all\-space
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Ignore whitespace when comparing lines\. This ignores differences even if one
+line has whitespace where the other line has none\.
+.SS diff\-no\-prefix
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Do not show any source or destination prefix\.
+.SS diff\-src\-prefix
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fB"a/"\fP
+
+.RE
+.P
+Show the given source prefix in diff patches headers instead of using "a/"\.
+.SS diff\-dst\-prefix
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fB"b/"\fP
+
+.RE
+.P
+Show the given source prefix in diff patches headers instead of using "b/"\.
+.SS diff\-text
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Treat all files as text\.
+.SS global
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Uses packages from the global space as a source for comparison\.
+.SS tag
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fB"latest"\fP
+
+.RE
+.P
+The tag used to fetch the tarball that will be compared with the local file
+system files when running npm diff with no arguments\.
+.SH See Also
+.RS 0
+.IP \(bu 2
+npm help outdated
+.IP \(bu 2
+npm help install
+.IP \(bu 2
+npm help config
+.IP \(bu 2
+npm help registry
+
+.RE
diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1
index a4c45df72e8b27..24c5aef3f87199 100644
--- a/deps/npm/man/man1/npm-exec.1
+++ b/deps/npm/man/man1/npm-exec.1
@@ -200,6 +200,24 @@ The \fB\-\-shell\fP option is replaced with \fB\-\-script\-shell\fP, but maintai
in the \fBnpx\fP executable for backwards compatibility\.
.RE
+.SS A note on caching
+.P
+The npm cli utilizes its internal package cache when using the package
+name specified\. You can use the following to change how and when the
+cli uses this cache\. See npm help \fBcache\fP for more on
+how the cache works\.
+.SS prefer\-online
+.P
+Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache\.
+.SS prefer\-offline
+.P
+Bypasses staleness checks for packages\. Missing data will still be
+requested from the server\. To force full offline mode, use \fBoffline\fP\|\.
+.SS offline
+.P
+Forces full offline mode\. Any packages not locally cached will result in
+an error\.
.SS See Also
.RS 0
.IP \(bu 2
diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1
index 05dbd6d80a6110..f3e584840556ae 100644
--- a/deps/npm/man/man1/npm-init.1
+++ b/deps/npm/man/man1/npm-init.1
@@ -80,6 +80,24 @@ Generate it without having it ask any questions:
$ npm init \-y
.fi
.RE
+.SS A note on caching
+.P
+The npm cli utilizes its internal package cache when using the package
+name specified\. You can use the following to change how and when the
+cli uses this cache\. See npm help \fBcache\fP for more on
+how the cache works\.
+.SS prefer\-online
+.P
+Forces staleness checks for packages, making the cli look for updates
+immediately even if the package is already in the cache\.
+.SS prefer\-offline
+.P
+Bypasses staleness checks for packages\. Missing data will still be
+requested from the server\. To force full offline mode, use \fBoffline\fP\|\.
+.SS offline
+.P
+Forces full offline mode\. Any packages not locally cached will result in
+an error\.
.SS See Also
.RS 0
.IP \(bu 2
@@ -90,5 +108,7 @@ npm help package\.json
npm help version
.IP \(bu 2
npm help scope
+.IP \(bu 2
+npm help exec
.RE
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 0a90b749529343..0f98263394be00 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -26,7 +26,7 @@ example, running \fBnpm ls promzard\fP in npm's source tree will show:
.P
.RS 2
.nf
-npm@7\.4\.3 /path/to/npm
+npm@7\.5\.0 /path/to/npm
└─┬ init\-package\-json@0\.0\.4
└── promzard@0\.1\.5
.fi
diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1
index f7709d7c27ba48..9889faaca43336 100644
--- a/deps/npm/man/man1/npm-owner.1
+++ b/deps/npm/man/man1/npm-owner.1
@@ -45,7 +45,5 @@ npm help publish
npm help registry
.IP \(bu 2
npm help adduser
-.IP \(bu 2
-npm help disputes
.RE
diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1
index 12d53610de0fbd..38753e123ac9a5 100644
--- a/deps/npm/man/man1/npm-run-script.1
+++ b/deps/npm/man/man1/npm-run-script.1
@@ -32,7 +32,7 @@ npm run test \-\- \-\-grep="pattern"
.RE
.P
The arguments will only be passed to the script specified after \fBnpm run\fP
-and not to any pre or post script\.
+and not to any \fBpre\fP or \fBpost\fP script\.
.P
The \fBenv\fP script is a special built\-in command that can be used to list
environment variables that will be available to the script at runtime\. If an
@@ -60,7 +60,8 @@ instead of
.RE
.P
The actual shell your script is run within is platform dependent\. By default,
-on Unix\-like systems it is the \fB/bin/sh\fP command, on Windows it is the \fBcmd\.exe\fP\|\.
+on Unix\-like systems it is the \fB/bin/sh\fP command, on Windows it is
+\fBcmd\.exe\fP\|\.
The actual shell referred to by \fB/bin/sh\fP also depends on the system\.
You can customize the shell with the \fBscript\-shell\fP configuration\.
.P
@@ -77,14 +78,53 @@ If \fB\-\-scripts\-prepend\-node\-path=auto\fP is passed (which has been the def
in \fBnpm\fP v3), this is only performed when that \fBnode\fP executable is not
found in the \fBPATH\fP\|\.
.P
-If you try to run a script without having a \fBnode_modules\fP directory and it fails,
-you will be given a warning to run \fBnpm install\fP, just in case you've forgotten\.
-.P
-You can use the \fB\-\-silent\fP flag to prevent showing \fBnpm ERR!\fP output on error\.
+If you try to run a script without having a \fBnode_modules\fP directory and it
+fails, you will be given a warning to run \fBnpm install\fP, just in case you've
+forgotten\.
+.SS Configuration
+.SS if\-present
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
.P
You can use the \fB\-\-if\-present\fP flag to avoid exiting with a non\-zero exit code
when the script is undefined\. This lets you run potentially undefined scripts
without breaking the execution chain\.
+.SS ignore\-scripts
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Skips running \fBpre\fP and \fBpost\fP scripts\.
+.SS script\-shell
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fBnull\fP
+
+.RE
+.P
+Optional custom script to use to execute the command\. If not defined defaults
+to \fB/bin/sh\fP on Unix, defaults to \fBenv\.comspec\fP or \fBcmd\.exe\fP on Windows\.
+.SS silent
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+You can use the \fB\-\-silent\fP flag to prevent showing \fBnpm ERR!\fP output on error\.
.SS See Also
.RS 0
.IP \(bu 2
diff --git a/deps/npm/man/man1/npm-search.1 b/deps/npm/man/man1/npm-search.1
index ab71c948f48bf8..b7f8315ccb7f2a 100644
--- a/deps/npm/man/man1/npm-search.1
+++ b/deps/npm/man/man1/npm-search.1
@@ -129,12 +129,12 @@ the cli uses this cache\. See npm help \fBcache\fP for more
on how the cache works\.
.SS prefer\-online
.P
-Forced staleness checks for cached searches, making the cli look for
+Forces staleness checks for cached searches, making the cli look for
updates immediately even for fresh search results\.
.SS prefer\-offline
.P
-Bypasses staleness checks for cached\. Missing data will still be
-requested from the server\. To force full offline mode, use \fBoffline\fP\|\.
+Bypasses staleness checks for cached searches\. Missing data will still
+be requested from the server\. To force full offline mode, use \fBoffline\fP\|\.
.SS offline
.P
Forces full offline mode\. Any searches not locally cached will result in
diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1
index 7eee932e92c5b0..72aff345ff993f 100644
--- a/deps/npm/man/man1/npm-update.1
+++ b/deps/npm/man/man1/npm-update.1
@@ -1,6 +1,6 @@
.TH "NPM\-UPDATE" "1" "January 2021" "" ""
.SH "NAME"
-\fBnpm-update\fR \- Update a package
+\fBnpm-update\fR \- Update packages
.SS Synopsis
.P
.RS 2
@@ -24,22 +24,11 @@ packages\.
.P
If no package name is specified, all packages in the specified location (global
or local) will be updated\.
-.P
-As of \fBnpm@2\.6\.1\fP, the \fBnpm update\fP will only inspect top\-level packages\.
-Prior versions of \fBnpm\fP would also recursively inspect all dependencies\.
-To get the old behavior, use \fBnpm \-\-depth 9999 update\fP\|\.
-.P
-As of \fBnpm@5\.0\.0\fP, the \fBnpm update\fP will change \fBpackage\.json\fP to save the
-new version as the minimum required dependency\. To get the old behavior,
-use \fBnpm update \-\-no\-save\fP\|\.
.SS Example
.P
-IMPORTANT VERSION NOTE: these examples assume \fBnpm@2\.6\.1\fP or later\. For
-older versions of \fBnpm\fP, you must specify \fB\-\-depth 0\fP to get the behavior
-described below\.
-.P
For the examples below, assume that the current package is \fBapp\fP and it depends
-on dependencies, \fBdep1\fP (\fBdep2\fP, \.\. etc\.)\. The published versions of \fBdep1\fP are:
+on dependencies, \fBdep1\fP (\fBdep2\fP, \.\. etc\.)\. The published versions of \fBdep1\fP
+are:
.P
.RS 2
.nf
@@ -85,10 +74,10 @@ However, if \fBapp\fP\|'s \fBpackage\.json\fP contains:
.fi
.RE
.P
-In this case, running \fBnpm update\fP will install \fBdep1@1\.1\.2\fP\|\. Even though the \fBlatest\fP
-tag points to \fB1\.2\.2\fP, this version does not satisfy \fB~1\.1\.1\fP, which is equivalent
-to \fB>=1\.1\.1 <1\.2\.0\fP\|\. So the highest\-sorting version that satisfies \fB~1\.1\.1\fP is used,
-which is \fB1\.1\.2\fP\|\.
+In this case, running \fBnpm update\fP will install \fBdep1@1\.1\.2\fP\|\. Even though the
+\fBlatest\fP tag points to \fB1\.2\.2\fP, this version do not satisfy \fB~1\.1\.1\fP, which is
+equivalent to \fB>=1\.1\.1 <1\.2\.0\fP\|\. So the highest\-sorting version that satisfies
+\fB~1\.1\.1\fP is used, which is \fB1\.1\.2\fP\|\.
.SS Caret Dependencies below 1\.0\.0
.P
Suppose \fBapp\fP has a caret dependency on a version below \fB1\.0\.0\fP, for example:
@@ -122,7 +111,9 @@ version that satisfies \fB^0\.4\.0\fP (\fB>= 0\.4\.0 <0\.5\.0\fP)
package that is \fBoutdated\fP \-\- that is, has a version that is different from
\fBwanted\fP\|\.
.P
-Note: Globally installed packages are treated as if they are installed with a caret semver range specified\. So if you require to update to \fBlatest\fP you may need to run \fBnpm install \-g [\.\.\.]\fP
+Note: Globally installed packages are treated as if they are installed with a
+caret semver range specified\. So if you require to update to \fBlatest\fP you may
+need to run \fBnpm install \-g [\.\.\.]\fP
.P
NOTE: If a package has been upgraded to a version newer than \fBlatest\fP, it will
be \fIdowngraded\fR\|\.
diff --git a/deps/npm/man/man1/npm-version.1 b/deps/npm/man/man1/npm-version.1
index aa3a5f1c1ba320..04206c929ecf81 100644
--- a/deps/npm/man/man1/npm-version.1
+++ b/deps/npm/man/man1/npm-version.1
@@ -96,45 +96,45 @@ Take the following example:
.fi
.RE
.P
-This runs all your tests, and proceeds only if they pass\. Then runs your \fBbuild\fP script, and
+This runs all your tests and proceeds only if they pass\. Then runs your \fBbuild\fP script, and
adds everything in the \fBdist\fP directory to the commit\. After the commit, it pushes the new commit
and tag up to the server, and deletes the \fBbuild/temp\fP directory\.
.SS Configuration
-.SS allow\-same\-version
+.SS \fBallow\-same\-version\fP
.RS 0
.IP \(bu 2
-Default: false
+Default: \fBfalse\fP
.IP \(bu 2
Type: Boolean
.RE
.P
-Prevents throwing an error when \fBnpm version\fP is used to set the new version
+Prevents throwing an error when \fBnpm version\fP is used to set the new version
to the same value as the current version\.
-.SS git\-tag\-version
+.SS \fBgit\-tag\-version\fP
.RS 0
.IP \(bu 2
-Default: true
+Default: \fBtrue\fP
.IP \(bu 2
Type: Boolean
.RE
.P
Commit and tag the version change\.
-.SS commit\-hooks
+.SS \fBcommit\-hooks\fP
.RS 0
.IP \(bu 2
-Default: true
+Default: \fBtrue\fP
.IP \(bu 2
Type: Boolean
.RE
.P
Run git commit hooks when committing the version change\.
-.SS sign\-git\-tag
+.SS \fBsign\-git\-tag\fP
.RS 0
.IP \(bu 2
-Default: false
+Default: \fBfalse\fP
.IP \(bu 2
Type: Boolean
@@ -154,8 +154,6 @@ npm help scripts
.IP \(bu 2
npm help package\.json
.IP \(bu 2
-npm help semver
-.IP \(bu 2
npm help config
.RE
diff --git a/deps/npm/man/man1/npm-view.1 b/deps/npm/man/man1/npm-view.1
index ea6c1ec5db4f6b..5590292359ef62 100644
--- a/deps/npm/man/man1/npm-view.1
+++ b/deps/npm/man/man1/npm-view.1
@@ -15,8 +15,7 @@ aliases: info, show, v
This command shows data about a package and prints it to the stream
referenced by the \fBoutfd\fP config, which defaults to stdout\.
.P
-To show the package registry entry for the \fBconnect\fP package, you can do
-this:
+As an example, to view information about the \fBconnect\fP package from the registry, you would run:
.P
.RS 2
.nf
@@ -24,11 +23,11 @@ npm view connect
.fi
.RE
.P
-The default version is "latest" if unspecified\.
+The default version is \fB"latest"\fP if unspecified\.
.P
Field names can be specified after the package descriptor\.
For example, to show the dependencies of the \fBronn\fP package at version
-0\.3\.5, you could do the following:
+\fB0\.3\.5\fP, you could do the following:
.P
.RS 2
.nf
@@ -37,8 +36,7 @@ npm view ronn@0\.3\.5 dependencies
.RE
.P
You can view child fields by separating them with a period\.
-To view the git repository URL for the latest version of npm, you could
-do this:
+To view the git repository URL for the latest version of \fBnpm\fP, you would run the following command:
.P
.RS 2
.nf
@@ -47,8 +45,8 @@ npm view npm repository\.url
.RE
.P
This makes it easy to view information about a dependency with a bit of
-shell scripting\. For example, to view all the data about the version of
-opts that ronn depends on, you can do this:
+shell scripting\. For example, to view all the data about the version of
+\fBopts\fP that \fBronn\fP depends on, you could write the following:
.P
.RS 2
.nf
@@ -57,8 +55,8 @@ npm view opts@$(npm view ronn dependencies\.opts)
.RE
.P
For fields that are arrays, requesting a non\-numeric field will return
-all of the values from the objects in the list\. For example, to get all
-the contributor names for the "express" project, you can do this:
+all of the values from the objects in the list\. For example, to get all
+the contributor names for the \fBexpress\fP package, you would run:
.P
.RS 2
.nf
@@ -67,8 +65,8 @@ npm view express contributors\.email
.RE
.P
You may also use numeric indices in square braces to specifically select
-an item in an array field\. To just get the email address of the first
-contributor in the list, you can do this:
+an item in an array field\. To just get the email address of the first
+contributor in the list, you can run:
.P
.RS 2
.nf
@@ -87,7 +85,7 @@ npm view express contributors\.name contributors\.email
.RE
.P
"Person" fields are shown as a string if they would be shown as an
-object\. So, for example, this will show the list of npm contributors in
+object\. So, for example, this will show the list of \fBnpm\fP contributors in
the shortened string format\. (See npm help \fBpackage\.json\fP for more on this\.)
.P
.RS 2
@@ -97,8 +95,8 @@ npm view npm contributors
.RE
.P
If a version range is provided, then data will be printed for every
-matching version of the package\. This will show which version of jsdom
-was required by each matching version of yui3:
+matching version of the package\. This will show which version of \fBjsdom\fP
+was required by each matching version of \fByui3\fP:
.P
.RS 2
.nf
@@ -117,15 +115,15 @@ npm view connect versions
.SS Output
.P
If only a single string field for a single version is output, then it
-will not be colorized or quoted, so as to enable piping the output to
+will not be colorized or quoted, to enable piping the output to
another command\. If the field is an object, it will be output as a JavaScript object literal\.
.P
-If the \-\-json flag is given, the outputted fields will be JSON\.
+If the \fB\-\-json\fP flag is given, the outputted fields will be JSON\.
.P
-If the version range matches multiple versions, than each printed value
+If the version range matches multiple versions then each printed value
will be prefixed with the version it applies to\.
.P
-If multiple fields are requested, than each of them are prefixed with
+If multiple fields are requested, then each of them is prefixed with
the field name\.
.SS See Also
.RS 0
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index a75dc70db92309..833e9f2d148a54 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,40 +10,46 @@ npm [args]
.RE
.SS Version
.P
-7\.4\.3
+7\.5\.0
.SS Description
.P
npm is the package manager for the Node JavaScript platform\. It puts
modules in place so that node can find them, and manages dependency
conflicts intelligently\.
.P
-It is extremely configurable to support a wide variety of use cases\.
-Most commonly, it is used to publish, discover, install, and develop node
+It is extremely configurable to support a variety of use cases\. Most
+commonly, you use it to publish, discover, install, and develop node
programs\.
.P
Run \fBnpm help\fP to get a list of available commands\.
.SS Important
.P
-npm is configured to use npm, Inc\.'s public registry at
+npm comes preconfigured to use npm's public registry at
https://registry\.npmjs\.org by default\. Use of the npm public registry is
-subject to terms of use available at https://www\.npmjs\.com/policies/terms\.
+subject to terms of use available at
+https://www\.npmjs\.com/policies/terms\.
.P
-You can configure npm to use any compatible registry you like, and even run
-your own registry\. Use of someone else's registry may be governed by their
-terms of use\.
+You can configure npm to use any compatible registry you like, and even
+run your own registry\. Use of someone else's registry is governed by
+their terms of use\.
.SS Introduction
.P
You probably got npm because you want to install stuff\.
.P
-Use \fBnpm install blerg\fP to install the latest version of "blerg"\. Check out
-npm help \fBinstall\fP for more info\. It can do a lot of stuff\.
+The very first thing you will most likely want to run in any node
+program is \fBnpm install\fP to install its dependencies\.
.P
-Use the \fBnpm search\fP command to show everything that's available\.
-Use \fBnpm ls\fP to show everything you've installed\.
+You can also run \fBnpm install blerg\fP to install the latest version of
+"blerg"\. Check out npm help \fBinstall\fP for more
+info\. It can do a lot of stuff\.
+.P
+Use the \fBnpm search\fP command to show everything that's available in the
+public registry\. Use \fBnpm ls\fP to show everything you've installed\.
.SS Dependencies
.P
-If a package references to another package with a git URL, npm depends
-on a preinstalled git\.
+If a package lists a dependency using a git URL, npm will install that
+dependency using the \fBgit\fP \fIhttps://github\.com/git\-guides/install\-git\fR
+command and will generate an error if it is not installed\.
.P
If one of the packages npm tries to install is a native node module and
requires compiling of C++ Code, npm will use
@@ -57,24 +63,26 @@ the node\-gyp repository \fIhttps://github\.com/nodejs/node\-gyp\fR and
the node\-gyp Wiki \fIhttps://github\.com/nodejs/node\-gyp/wiki\fR\|\.
.SS Directories
.P
-See npm help \fBfolders\fP to learn about where npm puts stuff\.
+See npm help \fBfolders\fP to learn about where npm puts
+stuff\.
.P
In particular, npm has two modes of operation:
.RS 0
.IP \(bu 2
-global mode:
-npm installs packages into the install prefix at
-\fBprefix/lib/node_modules\fP and bins are installed in \fBprefix/bin\fP\|\.
-.IP \(bu 2
local mode:
npm installs packages into the current project directory, which
-defaults to the current working directory\. Packages are installed to
-\fB\|\./node_modules\fP, and bins are installed to \fB\|\./node_modules/\.bin\fP\|\.
+defaults to the current working directory\. Packages install to
+\fB\|\./node_modules\fP, and bins to \fB\|\./node_modules/\.bin\fP\|\.
+.IP \(bu 2
+global mode:
+npm installs packages into the install prefix at
+\fB$npm_config_prefix/lib/node_modules\fP and bins to
+\fB$npm_config_prefix/bin\fP\|\.
.RE
.P
Local mode is the default\. Use \fB\-g\fP or \fB\-\-global\fP on any command to
-operate in global mode instead\.
+run in global mode instead\.
.SS Developer Usage
.P
If you're using npm to develop and publish your code, check out the
@@ -82,24 +90,26 @@ following help topics:
.RS 0
.IP \(bu 2
json:
-Make a package\.json file\. See npm help \fBpackage\.json\fP\|\.
+Make a package\.json file\. See
+npm help \fBpackage\.json\fP\|\.
.IP \(bu 2
link:
-For linking your current working code into Node's path, so that you
-don't have to reinstall every time you make a change\. Use
-\fBnpm link\fP to do this\.
+Links your current working code into Node's path, so that you don't
+have to reinstall every time you make a change\. Use npm help \fBnpm
+link\fP to do this\.
.IP \(bu 2
install:
-It's a good idea to install things if you don't need the symbolic link\.
-Especially, installing other peoples code from the registry is done via
-\fBnpm install\fP
+It's a good idea to install things if you don't need the symbolic
+link\. Especially, installing other peoples code from the registry is
+done via npm help \fBinstall\fP
.IP \(bu 2
adduser:
-Create an account or log in\. Credentials are stored in the
-user config file\.
+Create an account or log in\. When you do this, npm will store
+credentials in the user config file config file\.
.IP \(bu 2
publish:
-Use the \fBnpm publish\fP command to upload your code to the registry\.
+Use the npm help \fBpublish\fP command to upload your
+code to the registry\.
.RE
.SS Configuration
@@ -111,23 +121,23 @@ npm is extremely configurable\. It reads its configuration options from
Command line switches:
Set a config with \fB\-\-key val\fP\|\. All keys take a value, even if they
are booleans (the config parser doesn't know what the options are at
-the time of parsing)\. If no value is provided, then the option is set
-to boolean \fBtrue\fP\|\.
+the time of parsing)\. If you do not provide a value (\fB\-\-key\fP) then
+the option is set to boolean \fBtrue\fP\|\.
.IP \(bu 2
Environment Variables:
Set any config by prefixing the name in an environment variable with
\fBnpm_config_\fP\|\. For example, \fBexport npm_config_key=val\fP\|\.
.IP \(bu 2
User Configs:
-The file at $HOME/\.npmrc is an ini\-formatted list of configs\. If
+The file at \fB$HOME/\.npmrc\fP is an ini\-formatted list of configs\. If
present, it is parsed\. If the \fBuserconfig\fP option is set in the cli
-or env, then that will be used instead\.
+or env, that file will be used instead\.
.IP \(bu 2
Global Configs:
-The file found at \.\./etc/npmrc (from the node executable, by default
-this resolves to /usr/local/etc/npmrc) will be parsed if it is found\.
-If the \fBglobalconfig\fP option is set in the cli, env, or user config,
-then that file is parsed instead\.
+The file found at \fB\|\./etc/npmrc\fP (relative to the global prefix will be
+parsed if it is found\. See npm help \fBprefix\fP for
+more info on the global prefix\. If the \fBglobalconfig\fP option is set
+in the cli, env, or user config, then that file is parsed instead\.
.IP \(bu 2
Defaults:
npm's default configuration options are defined in
@@ -140,14 +150,16 @@ See npm help \fBconfig\fP for much much more information\.
.P
Patches welcome!
.P
-If you would like to contribute, but don't know what to work on, read
-the contributing guidelines \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR
-and check the issues list\.
+If you would like to help, but don't know what to work on, read the
+contributing
+guidelines \fIhttps://github\.com/npm/cli/blob/latest/CONTRIBUTING\.md\fR and
+check the issues list\.
.SS Bugs
.P
-When you find issues, please report them: https://github\.com/npm/cli/issues
+When you find issues, please report them:
+https://github\.com/npm/cli/issues
.P
-Be sure to follow the template and bug reporting guidelines\.
+Please be sure to follow the template and bug reporting guidelines\.
.SS Feature Requests
.P
Discuss new feature ideas on our discussion forum:
@@ -170,10 +182,14 @@ npm help help
.IP \(bu 2
npm help package\.json
.IP \(bu 2
-npm help install
+npm help npmrc
.IP \(bu 2
npm help config
.IP \(bu 2
-npm help npmrc
+npm help install
+.IP \(bu 2
+npm help prefix
+.IP \(bu 2
+npm help publish
.RE
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index 79ebabc5eec228..e4f3a964ec4bb0 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -69,8 +69,6 @@ version fields are optional\.
Version must be parseable by
node\-semver \fIhttps://github\.com/npm/node\-semver\fR, which is bundled with
npm as a dependency\. (\fBnpm install semver\fP to use it yourself\.)
-.P
-More on version numbers and ranges at npm help semver\.
.SS description
.P
Put a description in it\. It's a string\. This helps people discover your
@@ -622,8 +620,8 @@ tarball or git URL\.
\fBPlease do not put test harnesses or transpilers or other "development"
time tools in your \fBdependencies\fP object\.\fR See \fBdevDependencies\fP, below\.
.P
-See npm help semver for more details about specifying version
-ranges\.
+See semver \fI[/using\-npm/semver](https://github\.com/npm/node\-semver#versions)\fR
+for more details about specifying version ranges\.
.RS 0
.IP \(bu 2
\fBversion\fP Must match \fBversion\fP exactly
@@ -637,9 +635,9 @@ ranges\.
\fB<=version\fP
.IP \(bu 2
\fB~version\fP "Approximately equivalent to version" See
-npm help semver
+semver \fIhttps://github\.com/npm/node\-semver#versions\fR
.IP \(bu 2
-\fB^version\fP "Compatible with version" See npm help semver
+\fB^version\fP "Compatible with version" See semver \fIhttps://github\.com/npm/node\-semver#versions\fR
.IP \(bu 2
\fB1\.2\.x\fP 1\.2\.0, 1\.2\.1, etc\., but not 1\.3\.0
.IP \(bu 2
@@ -1126,7 +1124,7 @@ optional\. Lines which start with a \fB#\fP or are blank, will be ignored\.
.SS SEE ALSO
.RS 0
.IP \(bu 2
-npm help semver
+semver \fIhttps://github\.com/npm/node\-semver#versions\fR
.IP \(bu 2
npm help workspaces
.IP \(bu 2
diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7
index c6235e825d08bc..a2e18228d6ba53 100644
--- a/deps/npm/man/man7/config.7
+++ b/deps/npm/man/man7/config.7
@@ -498,6 +498,88 @@ only report what it would have done\. This can be passed into any of the
commands that modify your local installation, eg, \fBinstall\fP, \fBupdate\fP,
\fBdedupe\fP, \fBuninstall\fP\|\. This is NOT currently honored by some network related
commands, eg \fBdist\-tags\fP, \fBowner\fP, etc\.
+.SS diff
+.RS 0
+.IP \(bu 2
+Default: null
+.IP \(bu 2
+Type: String, Array, null
+
+.RE
+.P
+Define arguments to compare in \fBnpm diff\fP\|\.
+.SS diff\-name\-only
+.RS 0
+.IP \(bu 2
+Default: false
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+Prints only filenames when using \fBnpm diff\fP\|\.
+.SS diff\-unified
+.RS 0
+.IP \(bu 2
+Type: number
+.IP \(bu 2
+Default: \fB3\fP
+
+.RE
+.P
+The number of lines of context to print in \fBnpm diff\fP\|\.
+.SS diff\-ignore\-all\-space
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Ignore whitespace when comparing lines in `npm diff\.
+.SS diff\-no\-prefix
+.RS 0
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Do not show any source or destination prefix in \fBnpm diff\fP output\.
+.SS diff\-src\-prefix
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fB"a/"\fP
+
+.RE
+.P
+Source prefix to be used in \fBnpm diff\fP output\.
+.SS diff\-dst\-prefix
+.RS 0
+.IP \(bu 2
+Type: String
+.IP \(bu 2
+Default: \fB"b/"\fP
+
+.RE
+.P
+Destination prefix to be used in \fBnpm diff\fP output\.
+.SS diff\-text
+.RS 0
+.IP \(bu 2
+Alias: \fB\-a\fP
+.IP \(bu 2
+Type: Boolean
+.IP \(bu 2
+Default: false
+
+.RE
+.P
+Treat all files as text in \fBnpm diff\fP\|\.
.SS editor
.RS 0
.IP \(bu 2
diff --git a/deps/npm/man/man7/disputes.7 b/deps/npm/man/man7/disputes.7
deleted file mode 100644
index 8ef02443c9c9bd..00000000000000
--- a/deps/npm/man/man7/disputes.7
+++ /dev/null
@@ -1,149 +0,0 @@
-.TH "DISPUTES" "7" "January 2021" "" ""
-.SH "NAME"
-\fBdisputes\fR \- Handling Module Name Disputes
-.P
-This document describes the steps that you should take to resolve module name
-disputes with other npm publishers\. It also describes special steps you should
-take about names you think infringe your trademarks\.
-.P
-This document is a clarification of the acceptable behavior outlined in the
-npm Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR, and nothing in
-this document should be interpreted to contradict any aspect of the npm Code of
-Conduct\.
-.SS TL;DR
-.RS 0
-.IP 1. 3
-Get the author email with \fBnpm owner ls \fP
-.IP 2. 3
-Email the author, CC support@npmjs\.com
-.IP 3. 3
-After a few weeks, if there's no resolution, we'll sort it out\.
-
-.RE
-.P
-Don't squat on package names\. Publish code or move out of the way\.
-.SS Description
-.P
-There sometimes arise cases where a user publishes a module, and then later,
-some other user wants to use that name\. Here are some common ways that happens
-(each of these is based on actual events\.)
-.RS 0
-.IP 1. 3
-Alice writes a JavaScript module \fBfoo\fP, which is not node\-specific\. Alice
-doesn't use node at all\. Yusuf wants to use \fBfoo\fP in node, so he wraps it in
-an npm module\. Some time later, Alice starts using node, and wants to take
-over management of her program\.
-.IP 2. 3
-Yusuf writes an npm module \fBfoo\fP, and publishes it\. Perhaps much later, Alice
-finds a bug in \fBfoo\fP, and fixes it\. She sends a pull request to Yusuf, but
-Yusuf doesn't have the time to deal with it, because he has a new job and a
-new baby and is focused on his new Erlang project, and kind of not involved
-with node any more\. Alice would like to publish a new \fBfoo\fP, but can't,
-because the name is taken\.
-.IP 3. 3
-Yusuf writes a 10\-line flow\-control library, and calls it \fBfoo\fP, and
-publishes it to the npm registry\. Being a simple little thing, it never
-really has to be updated\. Alice works for Foo Inc, the makers of the
-critically acclaimed and widely\-marketed \fBfoo\fP JavaScript toolkit framework\.
-They publish it to npm as \fBfoojs\fP, but people are routinely confused when
-\fBnpm install foo\fP is some different thing\.
-.IP 4. 3
-Yusuf writes a parser for the widely\-known \fBfoo\fP file format, because he
-needs it for work\. Then, he gets a new job, and never updates the prototype\.
-Later on, Alice writes a much more complete \fBfoo\fP parser, but can't publish,
-because Yusuf's \fBfoo\fP is in the way\.
-.IP 5. 3
-\fBnpm owner ls foo\fP\|\. This will tell Alice the email address of the owner
-(Yusuf)\.
-.IP 6. 3
-Alice emails Yusuf, explaining the situation \fBas respectfully as possible\fR,
-and what she would like to do with the module name\. She adds the npm support
-staff support@npmjs\.com to the CC list of the email\. Mention in the email
-that Yusuf can run npm owner \fBadd alice foo\fP to add Alice as an owner of the
-foo package\.
-.IP 7. 3
-After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
-and Alice can't come to any sort of resolution, email support
-support@npmjs\.com and we'll sort it out\. ("Reasonable" is usually at least
-4 weeks\.)
-
-.RE
-.SS Reasoning
-.P
-In almost every case so far, the parties involved have been able to reach an
-amicable resolution without any major intervention\. Most people really do want
-to be reasonable, and are probably not even aware that they're in your way\.
-.P
-Module ecosystems are most vibrant and powerful when they are as self\-directed
-as possible\. If an admin one day deletes something you had worked on, then that
-is going to make most people quite upset, regardless of the justification\. When
-humans solve their problems by talking to other humans with respect, everyone
-has the chance to end up feeling good about the interaction\.
-.SS Exceptions
-.P
-Some things are not allowed, and will be removed without discussion if they are
-brought to the attention of the npm registry admins, including but not limited
-to:
-.RS 0
-.IP 1. 3
-Malware (that is, a package designed to exploit or harm the machine on which
-it is installed)\.
-.IP 2. 3
-Violations of copyright or licenses (for example, cloning an MIT\-licensed
-program, and then removing or changing the copyright and license statement)\.
-.IP 3. 3
-Illegal content\.
-.IP 4. 3
-"Squatting" on a package name that you plan to use, but aren't actually
-using\. Sorry, I don't care how great the name is, or how perfect a fit it is
-for the thing that someday might happen\. If someone wants to use it today,
-and you're just taking up space with an empty tarball, you're going to be
-evicted\.
-.IP 5. 3
-Putting empty packages in the registry\. Packages must have SOME
-functionality\. It can be silly, but it can't be nothing\. (See also:
-squatting\.)
-.IP 6. 3
-Doing weird things with the registry, like using it as your own personal
-application database or otherwise putting non\-packagey things into it\.
-.IP 7. 3
-Other things forbidden by the npm
-Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR such as hateful
-language, pornographic content, or harassment\.
-
-.RE
-.P
-If you see bad behavior like this, please report it to abuse@npmjs\.com right
-away\. \fBYou are never expected to resolve abusive behavior on your own\. We are
-here to help\.\fR
-.SS Trademarks
-.P
-If you think another npm publisher is infringing your trademark, such as by
-using a confusingly similar package name, email abuse@npmjs\.com with a link to
-the package or user account on https://www\.npmjs\.com/ \fIhttps://www\.npmjs\.com/\fR\|\.
-Attach a copy of your trademark registration certificate\.
-.P
-If we see that the package's publisher is intentionally misleading others by
-misusing your registered mark without permission, we will transfer the package
-name to you\. Otherwise, we will contact the package publisher and ask them to
-clear up any confusion with changes to their package's \fBREADME\fP file or
-metadata\.
-.SS Changes
-.P
-This is a living document and may be updated from time to time\. Please refer to
-the git history for this document \fIhttps://github\.com/npm/cli/commits/latest/doc/misc/npm\-disputes\.md\fR
-to view the changes\.
-.SS License
-.P
-Copyright (C) npm, Inc\., All rights reserved
-.P
-This document may be reused under a Creative Commons Attribution\-ShareAlike
-License\.
-.SS See also
-.RS 0
-.IP \(bu 2
-npm help registry
-.IP \(bu 2
-npm help owner
-
-.RE
diff --git a/deps/npm/man/man7/registry.7 b/deps/npm/man/man7/registry.7
index c72c1168ff4ff9..2626ac08e9a7e5 100644
--- a/deps/npm/man/man7/registry.7
+++ b/deps/npm/man/man7/registry.7
@@ -7,7 +7,7 @@ To resolve packages by name and version, npm talks to a registry website
that implements the CommonJS Package Registry specification for reading
package info\.
.P
-npm is configured to use npm, Inc\.'s public registry at
+npm is configured to use the \fBnpm public registry\fR at
https://registry\.npmjs\.org by default\. Use of the npm public registry is
subject to terms of use available at https://www\.npmjs\.com/policies/terms\|\.
.P
@@ -20,9 +20,7 @@ write APIs as well, to allow for publishing packages and managing user
account information\.
.P
The npm public registry is powered by a CouchDB database,
-of which there is a public mirror at
-https://skimdb\.npmjs\.com/registry\|\. The code for the couchapp is
-available at https://github\.com/npm/npm\-registry\-couchapp\|\.
+of which there is a public mirror at https://skimdb\.npmjs\.com/registry\|\.
.P
The registry URL used is determined by the scope of the package (see
npm help \fBscope\fP\|\. If no scope is specified, the default registry is used, which is
@@ -54,40 +52,17 @@ build farms\.
.P
The npm registry does not try to correlate the information in these headers
with any authenticated accounts that may be used in the same requests\.
-.SS Can I run my own private registry?
+.SS How can I prevent my package from being published in the official registry?
.P
-Yes!
-.P
-The easiest way is to replicate the couch database, and use the same (or
-similar) design doc to implement the APIs\.
-.P
-If you set up continuous replication from the official CouchDB, and then
-set your internal CouchDB as the registry config, then you'll be able
-to read any published packages, in addition to your private ones, and by
-default will only publish internally\.
-.P
-If you then want to publish a package for the whole world to see, you can
-simply override the \fB\-\-registry\fP option for that \fBpublish\fP command\.
-.SS I don't want my package published in the official registry\. It's private\.
-.P
-Set \fB"private": true\fP in your package\.json to prevent it from being
+Set \fB"private": true\fP in your \fBpackage\.json\fP to prevent it from being
published at all, or
\fB"publishConfig":{"registry":"http://my\-internal\-registry\.local"}\fP
-to force it to be published only to your internal registry\.
+to force it to be published only to your internal/private registry\.
.P
See npm help \fBpackage\.json\fP for more info on what goes in the package\.json file\.
-.SS Will you replicate from my registry into the public one?
+.SS Where can I find my own, & other's, published packages?
.P
-No\. If you want things to be public, then publish them into the public
-registry using npm\. What little security there is would be for nought
-otherwise\.
-.SS Do I have to use couchdb to build a registry that npm can talk to?
-.P
-No, but it's way easier\. Basically, yes, you do, or you have to
-effectively implement the entire CouchDB API anyway\.
-.SS Is there a website or something to see package docs and such?
-.P
-Yes, head over to https://www\.npmjs\.com/
+https://www\.npmjs\.com/
.SS See also
.RS 0
.IP \(bu 2
@@ -98,7 +73,5 @@ npm help config
npm help npmrc
.IP \(bu 2
npm help developers
-.IP \(bu 2
-npm help disputes
.RE
diff --git a/deps/npm/man/man7/removal.7 b/deps/npm/man/man7/removal.7
index 3f6d0187c87459..5fa0bcbabf8755 100644
--- a/deps/npm/man/man7/removal.7
+++ b/deps/npm/man/man7/removal.7
@@ -63,8 +63,6 @@ modules\. To track those down, you can do the following:
find /usr/local/{lib/node,bin} \-exec grep \-l npm \\{\\} \\; ;
.fi
.RE
-.P
-(This is also in the README file\.)
.SS See also
.RS 0
.IP \(bu 2
diff --git a/deps/npm/man/man7/semver.7 b/deps/npm/man/man7/semver.7
deleted file mode 100644
index 1a271545d1e18a..00000000000000
--- a/deps/npm/man/man7/semver.7
+++ /dev/null
@@ -1,510 +0,0 @@
-.TH "SEMVER" "7" "January 2021" "" ""
-.SH "NAME"
-\fBsemver\fR \- The semantic versioner for npm
-.SH Install
-.P
-.RS 2
-.nf
-npm install \-\-save semver
-.fi
-.RE
-.SH Usage
-.P
-As a node module:
-.P
-.RS 2
-.nf
-const semver = require('semver')
-
-semver\.valid('1\.2\.3') // '1\.2\.3'
-semver\.valid('a\.b\.c') // null
-semver\.clean(' =v1\.2\.3 ') // '1\.2\.3'
-semver\.satisfies('1\.2\.3', '1\.x || >=2\.5\.0 || 5\.0\.0 \- 7\.2\.3') // true
-semver\.gt('1\.2\.3', '9\.8\.7') // false
-semver\.lt('1\.2\.3', '9\.8\.7') // true
-semver\.minVersion('>=1\.0\.0') // '1\.0\.0'
-semver\.valid(semver\.coerce('v2')) // '2\.0\.0'
-semver\.valid(semver\.coerce('42\.6\.7\.9\.3\-alpha')) // '42\.6\.7'
-.fi
-.RE
-.P
-As a command\-line utility:
-.P
-.RS 2
-.nf
-$ semver \-h
-
-A JavaScript implementation of the https://semver\.org/ specification
-Copyright Isaac Z\. Schlueter
-
-Usage: semver [options] [ [\.\.\.]]
-Prints valid versions sorted by SemVer precedence
-
-Options:
-\-r \-\-range
- Print versions that match the specified range\.
-
-\-i \-\-increment []
- Increment a version by the specified level\. Level can
- be one of: major, minor, patch, premajor, preminor,
- prepatch, or prerelease\. Default level is 'patch'\.
- Only one version may be specified\.
-
-\-\-preid
- Identifier to be used to prefix premajor, preminor,
- prepatch or prerelease version increments\.
-
-\-l \-\-loose
- Interpret versions and ranges loosely
-
-\-p \-\-include\-prerelease
- Always include prerelease versions in range matching
-
-\-c \-\-coerce
- Coerce a string into SemVer if possible
- (does not imply \-\-loose)
-
-Program exits successfully if any valid version satisfies
-all supplied ranges, and prints all satisfying versions\.
-
-If no satisfying versions are found, then exits failure\.
-
-Versions are printed in ascending order, so supplying
-multiple versions to the utility will just sort them\.
-.fi
-.RE
-.SH Versions
-.P
-A "version" is described by the \fBv2\.0\.0\fP specification found at
-https://semver\.org/\|\.
-.P
-A leading \fB"="\fP or \fB"v"\fP character is stripped off and ignored\.
-.SH Ranges
-.P
-A \fBversion range\fP is a set of \fBcomparators\fP which specify versions
-that satisfy the range\.
-.P
-A \fBcomparator\fP is composed of an \fBoperator\fP and a \fBversion\fP\|\. The set
-of primitive \fBoperators\fP is:
-.RS 0
-.IP \(bu 2
-\fB<\fP Less than
-.IP \(bu 2
-\fB<=\fP Less than or equal to
-.IP \(bu 2
-\fB>\fP Greater than
-.IP \(bu 2
-\fB>=\fP Greater than or equal to
-.IP \(bu 2
-\fB=\fP Equal\. If no operator is specified, then equality is assumed,
-so this operator is optional, but MAY be included\.
-
-.RE
-.P
-For example, the comparator \fB>=1\.2\.7\fP would match the versions
-\fB1\.2\.7\fP, \fB1\.2\.8\fP, \fB2\.5\.3\fP, and \fB1\.3\.9\fP, but not the versions \fB1\.2\.6\fP
-or \fB1\.1\.0\fP\|\.
-.P
-Comparators can be joined by whitespace to form a \fBcomparator set\fP,
-which is satisfied by the \fBintersection\fR of all of the comparators
-it includes\.
-.P
-A range is composed of one or more comparator sets, joined by \fB||\fP\|\. A
-version matches a range if and only if every comparator in at least
-one of the \fB||\fP\-separated comparator sets is satisfied by the version\.
-.P
-For example, the range \fB>=1\.2\.7 <1\.3\.0\fP would match the versions
-\fB1\.2\.7\fP, \fB1\.2\.8\fP, and \fB1\.2\.99\fP, but not the versions \fB1\.2\.6\fP, \fB1\.3\.0\fP,
-or \fB1\.1\.0\fP\|\.
-.P
-The range \fB1\.2\.7 || >=1\.2\.9 <2\.0\.0\fP would match the versions \fB1\.2\.7\fP,
-\fB1\.2\.9\fP, and \fB1\.4\.6\fP, but not the versions \fB1\.2\.8\fP or \fB2\.0\.0\fP\|\.
-.SS Prerelease Tags
-.P
-If a version has a prerelease tag (for example, \fB1\.2\.3\-alpha\.3\fP) then
-it will only be allowed to satisfy comparator sets if at least one
-comparator with the same \fB[major, minor, patch]\fP tuple also has a
-prerelease tag\.
-.P
-For example, the range \fB>1\.2\.3\-alpha\.3\fP would be allowed to match the
-version \fB1\.2\.3\-alpha\.7\fP, but it would \fInot\fR be satisfied by
-\fB3\.4\.5\-alpha\.9\fP, even though \fB3\.4\.5\-alpha\.9\fP is technically "greater
-than" \fB1\.2\.3\-alpha\.3\fP according to the SemVer sort rules\. The version
-range only accepts prerelease tags on the \fB1\.2\.3\fP version\. The
-version \fB3\.4\.5\fP \fIwould\fR satisfy the range, because it does not have a
-prerelease flag, and \fB3\.4\.5\fP is greater than \fB1\.2\.3\-alpha\.7\fP\|\.
-.P
-The purpose for this behavior is twofold\. First, prerelease versions
-frequently are updated very quickly, and contain many breaking changes
-that are (by the author's design) not yet fit for public consumption\.
-Therefore, by default, they are excluded from range matching
-semantics\.
-.P
-Second, a user who has opted into using a prerelease version has
-clearly indicated the intent to use \fIthat specific\fR set of
-alpha/beta/rc versions\. By including a prerelease tag in the range,
-the user is indicating that they are aware of the risk\. However, it
-is still not appropriate to assume that they have opted into taking a
-similar risk on the \fInext\fR set of prerelease versions\.
-.P
-Note that this behavior can be suppressed (treating all prerelease
-versions as if they were normal versions, for the purpose of range
-matching) by setting the \fBincludePrerelease\fP flag on the options
-object to any
-functions \fIhttps://github\.com/npm/node\-semver#functions\fR that do
-range matching\.
-.SS Prerelease Identifiers
-.P
-The method \fB\|\.inc\fP takes an additional \fBidentifier\fP string argument that
-will append the value of the string as a prerelease identifier:
-.P
-.RS 2
-.nf
-semver\.inc('1\.2\.3', 'prerelease', 'beta')
-// '1\.2\.4\-beta\.0'
-.fi
-.RE
-.P
-command\-line example:
-.P
-.RS 2
-.nf
-$ semver 1\.2\.3 \-i prerelease \-\-preid beta
-1\.2\.4\-beta\.0
-.fi
-.RE
-.P
-Which then can be used to increment further:
-.P
-.RS 2
-.nf
-$ semver 1\.2\.4\-beta\.0 \-i prerelease
-1\.2\.4\-beta\.1
-.fi
-.RE
-.SS Advanced Range Syntax
-.P
-Advanced range syntax desugars to primitive comparators in
-deterministic ways\.
-.P
-Advanced ranges may be combined in the same way as primitive
-comparators using white space or \fB||\fP\|\.
-.SS Hyphen Ranges \fBX\.Y\.Z \- A\.B\.C\fP
-.P
-Specifies an inclusive set\.
-.RS 0
-.IP \(bu 2
-\fB1\.2\.3 \- 2\.3\.4\fP := \fB>=1\.2\.3 <=2\.3\.4\fP
-
-.RE
-.P
-If a partial version is provided as the first version in the inclusive
-range, then the missing pieces are replaced with zeroes\.
-.RS 0
-.IP \(bu 2
-\fB1\.2 \- 2\.3\.4\fP := \fB>=1\.2\.0 <=2\.3\.4\fP
-
-.RE
-.P
-If a partial version is provided as the second version in the
-inclusive range, then all versions that start with the supplied parts
-of the tuple are accepted, but nothing that would be greater than the
-provided tuple parts\.
-.RS 0
-.IP \(bu 2
-\fB1\.2\.3 \- 2\.3\fP := \fB>=1\.2\.3 <2\.4\.0\fP
-.IP \(bu 2
-\fB1\.2\.3 \- 2\fP := \fB>=1\.2\.3 <3\.0\.0\fP
-
-.RE
-.SS X\-Ranges \fB1\.2\.x\fP \fB1\.X\fP \fB1\.2\.*\fP \fB*\fP
-.P
-Any of \fBX\fP, \fBx\fP, or \fB*\fP may be used to "stand in" for one of the
-numeric values in the \fB[major, minor, patch]\fP tuple\.
-.RS 0
-.IP \(bu 2
-\fB*\fP := \fB>=0\.0\.0\fP (Any version satisfies)
-.IP \(bu 2
-\fB1\.x\fP := \fB>=1\.0\.0 <2\.0\.0\fP (Matching major version)
-.IP \(bu 2
-\fB1\.2\.x\fP := \fB>=1\.2\.0 <1\.3\.0\fP (Matching major and minor versions)
-
-.RE
-.P
-A partial version range is treated as an X\-Range, so the special
-character is in fact optional\.
-.RS 0
-.IP \(bu 2
-\fB""\fP (empty string) := \fB*\fP := \fB>=0\.0\.0\fP
-.IP \(bu 2
-\fB1\fP := \fB1\.x\.x\fP := \fB>=1\.0\.0 <2\.0\.0\fP
-.IP \(bu 2
-\fB1\.2\fP := \fB1\.2\.x\fP := \fB>=1\.2\.0 <1\.3\.0\fP
-
-.RE
-.SS Tilde Ranges \fB~1\.2\.3\fP \fB~1\.2\fP \fB~1\fP
-.P
-Allows patch\-level changes if a minor version is specified on the
-comparator\. Allows minor\-level changes if not\.
-.RS 0
-.IP \(bu 2
-\fB~1\.2\.3\fP := \fB>=1\.2\.3 <1\.(2+1)\.0\fP := \fB>=1\.2\.3 <1\.3\.0\fP
-.IP \(bu 2
-\fB~1\.2\fP := \fB>=1\.2\.0 <1\.(2+1)\.0\fP := \fB>=1\.2\.0 <1\.3\.0\fP (Same as \fB1\.2\.x\fP)
-.IP \(bu 2
-\fB~1\fP := \fB>=1\.0\.0 <(1+1)\.0\.0\fP := \fB>=1\.0\.0 <2\.0\.0\fP (Same as \fB1\.x\fP)
-.IP \(bu 2
-\fB~0\.2\.3\fP := \fB>=0\.2\.3 <0\.(2+1)\.0\fP := \fB>=0\.2\.3 <0\.3\.0\fP
-.IP \(bu 2
-\fB~0\.2\fP := \fB>=0\.2\.0 <0\.(2+1)\.0\fP := \fB>=0\.2\.0 <0\.3\.0\fP (Same as \fB0\.2\.x\fP)
-.IP \(bu 2
-\fB~0\fP := \fB>=0\.0\.0 <(0+1)\.0\.0\fP := \fB>=0\.0\.0 <1\.0\.0\fP (Same as \fB0\.x\fP)
-.IP \(bu 2
-\fB~1\.2\.3\-beta\.2\fP := \fB>=1\.2\.3\-beta\.2 <1\.3\.0\fP Note that prereleases in
-the \fB1\.2\.3\fP version will be allowed, if they are greater than or
-equal to \fBbeta\.2\fP\|\. So, \fB1\.2\.3\-beta\.4\fP would be allowed, but
-\fB1\.2\.4\-beta\.2\fP would not, because it is a prerelease of a
-different \fB[major, minor, patch]\fP tuple\.
-
-.RE
-.SS Caret Ranges \fB^1\.2\.3\fP \fB^0\.2\.5\fP \fB^0\.0\.4\fP
-.P
-Allows changes that do not modify the left\-most non\-zero digit in the
-\fB[major, minor, patch]\fP tuple\. In other words, this allows patch and
-minor updates for versions \fB1\.0\.0\fP and above, patch updates for
-versions \fB0\.X >=0\.1\.0\fP, and \fIno\fR updates for versions \fB0\.0\.X\fP\|\.
-.P
-Many authors treat a \fB0\.x\fP version as if the \fBx\fP were the major
-"breaking\-change" indicator\.
-.P
-Caret ranges are ideal when an author may make breaking changes
-between \fB0\.2\.4\fP and \fB0\.3\.0\fP releases, which is a common practice\.
-However, it presumes that there will \fInot\fR be breaking changes between
-\fB0\.2\.4\fP and \fB0\.2\.5\fP\|\. It allows for changes that are presumed to be
-additive (but non\-breaking), according to commonly observed practices\.
-.RS 0
-.IP \(bu 2
-\fB^1\.2\.3\fP := \fB>=1\.2\.3 <2\.0\.0\fP
-.IP \(bu 2
-\fB^0\.2\.3\fP := \fB>=0\.2\.3 <0\.3\.0\fP
-.IP \(bu 2
-\fB^0\.0\.3\fP := \fB>=0\.0\.3 <0\.0\.4\fP
-.IP \(bu 2
-\fB^1\.2\.3\-beta\.2\fP := \fB>=1\.2\.3\-beta\.2 <2\.0\.0\fP Note that prereleases in
-the \fB1\.2\.3\fP version will be allowed, if they are greater than or
-equal to \fBbeta\.2\fP\|\. So, \fB1\.2\.3\-beta\.4\fP would be allowed, but
-\fB1\.2\.4\-beta\.2\fP would not, because it is a prerelease of a
-different \fB[major, minor, patch]\fP tuple\.
-.IP \(bu 2
-\fB^0\.0\.3\-beta\fP := \fB>=0\.0\.3\-beta <0\.0\.4\fP Note that prereleases in the
-\fB0\.0\.3\fP version \fIonly\fR will be allowed, if they are greater than or
-equal to \fBbeta\fP\|\. So, \fB0\.0\.3\-pr\.2\fP would be allowed\.
-
-.RE
-.P
-When parsing caret ranges, a missing \fBpatch\fP value desugars to the
-number \fB0\fP, but will allow flexibility within that value, even if the
-major and minor versions are both \fB0\fP\|\.
-.RS 0
-.IP \(bu 2
-\fB^1\.2\.x\fP := \fB>=1\.2\.0 <2\.0\.0\fP
-.IP \(bu 2
-\fB^0\.0\.x\fP := \fB>=0\.0\.0 <0\.1\.0\fP
-.IP \(bu 2
-\fB^0\.0\fP := \fB>=0\.0\.0 <0\.1\.0\fP
-
-.RE
-.P
-A missing \fBminor\fP and \fBpatch\fP values will desugar to zero, but also
-allow flexibility within those values, even if the major version is
-zero\.
-.RS 0
-.IP \(bu 2
-\fB^1\.x\fP := \fB>=1\.0\.0 <2\.0\.0\fP
-.IP \(bu 2
-\fB^0\.x\fP := \fB>=0\.0\.0 <1\.0\.0\fP
-
-.RE
-.SS Range Grammar
-.P
-Putting all this together, here is a Backus\-Naur grammar for ranges,
-for the benefit of parser authors:
-.P
-.RS 2
-.nf
-range\-set ::= range ( logical\-or range ) *
-logical\-or ::= ( ' ' ) * '||' ( ' ' ) *
-range ::= hyphen | simple ( ' ' simple ) * | ''
-hyphen ::= partial ' \- ' partial
-simple ::= primitive | partial | tilde | caret
-primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial
-partial ::= xr ( '\.' xr ( '\.' xr qualifier ? )? )?
-xr ::= 'x' | 'X' | '*' | nr
-nr ::= '0' | ['1'\-'9'] ( ['0'\-'9'] ) *
-tilde ::= '~' partial
-caret ::= '^' partial
-qualifier ::= ( '\-' pre )? ( '+' build )?
-pre ::= parts
-build ::= parts
-parts ::= part ( '\.' part ) *
-part ::= nr | [\-0\-9A\-Za\-z]+
-.fi
-.RE
-.SH Functions
-.P
-All methods and classes take a final \fBoptions\fP object argument\. All
-options in this object are \fBfalse\fP by default\. The options supported
-are:
-.RS 0
-.IP \(bu 2
-\fBloose\fP Be more forgiving about not\-quite\-valid semver strings\.
-(Any resulting output will always be 100% strict compliant, of
-course\.) For backwards compatibility reasons, if the \fBoptions\fP
-argument is a boolean value instead of an object, it is interpreted
-to be the \fBloose\fP param\.
-.IP \(bu 2
-\fBincludePrerelease\fP Set to suppress the default
-behavior \fIhttps://github\.com/npm/node\-semver#prerelease\-tags\fR of
-excluding prerelease tagged versions from ranges unless they are
-explicitly opted into\.
-
-.RE
-.P
-Strict\-mode Comparators and Ranges will be strict about the SemVer
-strings that they parse\.
-.RS 0
-.IP \(bu 2
-\fBvalid(v)\fP: Return the parsed version, or null if it's not valid\.
-.IP \(bu 2
-\fBinc(v, release)\fP: Return the version incremented by the release
-type (\fBmajor\fP, \fBpremajor\fP, \fBminor\fP, \fBpreminor\fP, \fBpatch\fP,
-\fBprepatch\fP, or \fBprerelease\fP), or null if it's not valid
-.RS
-.IP \(bu 2
-\fBpremajor\fP in one call will bump the version up to the next major
-version and down to a prerelease of that major version\.
-\fBpreminor\fP, and \fBprepatch\fP work the same way\.
-.IP \(bu 2
-If called from a non\-prerelease version, the \fBprerelease\fP will work the
-same as \fBprepatch\fP\|\. It increments the patch version, then makes a
-prerelease\. If the input version is already a prerelease it simply
-increments it\.
-
-.RE
-.IP \(bu 2
-\fBprerelease(v)\fP: Returns an array of prerelease components, or null
-if none exist\. Example: \fBprerelease('1\.2\.3\-alpha\.1') \-> ['alpha', 1]\fP
-.IP \(bu 2
-\fBmajor(v)\fP: Return the major version number\.
-.IP \(bu 2
-\fBminor(v)\fP: Return the minor version number\.
-.IP \(bu 2
-\fBpatch(v)\fP: Return the patch version number\.
-.IP \(bu 2
-\fBintersects(r1, r2, loose)\fP: Return true if the two supplied ranges
-or comparators intersect\.
-.IP \(bu 2
-\fBparse(v)\fP: Attempt to parse a string as a semantic version, returning either
-a \fBSemVer\fP object or \fBnull\fP\|\.
-
-.RE
-.SS Comparison
-.RS 0
-.IP \(bu 2
-\fBgt(v1, v2)\fP: \fBv1 > v2\fP
-.IP \(bu 2
-\fBgte(v1, v2)\fP: \fBv1 >= v2\fP
-.IP \(bu 2
-\fBlt(v1, v2)\fP: \fBv1 < v2\fP
-.IP \(bu 2
-\fBlte(v1, v2)\fP: \fBv1 <= v2\fP
-.IP \(bu 2
-\fBeq(v1, v2)\fP: \fBv1 == v2\fP This is true if they're logically equivalent,
-even if they're not the exact same string\. You already know how to
-compare strings\.
-.IP \(bu 2
-\fBneq(v1, v2)\fP: \fBv1 != v2\fP The opposite of \fBeq\fP\|\.
-.IP \(bu 2
-\fBcmp(v1, comparator, v2)\fP: Pass in a comparison string, and it'll call
-the corresponding function above\. \fB"==="\fP and \fB"!=="\fP do simple
-string comparison, but are included for completeness\. Throws if an
-invalid comparison string is provided\.
-.IP \(bu 2
-\fBcompare(v1, v2)\fP: Return \fB0\fP if \fBv1 == v2\fP, or \fB1\fP if \fBv1\fP is greater, or \fB\-1\fP if
-\fBv2\fP is greater\. Sorts in ascending order if passed to \fBArray\.sort()\fP\|\.
-.IP \(bu 2
-\fBrcompare(v1, v2)\fP: The reverse of compare\. Sorts an array of versions
-in descending order when passed to \fBArray\.sort()\fP\|\.
-.IP \(bu 2
-\fBdiff(v1, v2)\fP: Returns difference between two versions by the release type
-(\fBmajor\fP, \fBpremajor\fP, \fBminor\fP, \fBpreminor\fP, \fBpatch\fP, \fBprepatch\fP, or \fBprerelease\fP),
-or null if the versions are the same\.
-
-.RE
-.SS Comparators
-.RS 0
-.IP \(bu 2
-\fBintersects(comparator)\fP: Return true if the comparators intersect
-
-.RE
-.SS Ranges
-.RS 0
-.IP \(bu 2
-\fBvalidRange(range)\fP: Return the valid range or null if it's not valid
-.IP \(bu 2
-\fBsatisfies(version, range)\fP: Return true if the version satisfies the
-range\.
-.IP \(bu 2
-\fBmaxSatisfying(versions, range)\fP: Return the highest version in the list
-that satisfies the range, or \fBnull\fP if none of them do\.
-.IP \(bu 2
-\fBminSatisfying(versions, range)\fP: Return the lowest version in the list
-that satisfies the range, or \fBnull\fP if none of them do\.
-.IP \(bu 2
-\fBminVersion(range)\fP: Return the lowest version that can possibly match
-the given range\.
-.IP \(bu 2
-\fBgtr(version, range)\fP: Return \fBtrue\fP if version is greater than all the
-versions possible in the range\.
-.IP \(bu 2
-\fBltr(version, range)\fP: Return \fBtrue\fP if version is less than all the
-versions possible in the range\.
-.IP \(bu 2
-\fBoutside(version, range, hilo)\fP: Return true if the version is outside
-the bounds of the range in either the high or low direction\. The
-\fBhilo\fP argument must be either the string \fB\|'>'\fP or \fB\|'<'\fP\|\. (This is
-the function called by \fBgtr\fP and \fBltr\fP\|\.)
-.IP \(bu 2
-\fBintersects(range)\fP: Return true if any of the ranges comparators intersect
-
-.RE
-.P
-Note that, since ranges may be non\-contiguous, a version might not be
-greater than a range, less than a range, \fIor\fR satisfy a range! For
-example, the range \fB1\.2 <1\.2\.9 || >2\.0\.0\fP would have a hole from \fB1\.2\.9\fP
-until \fB2\.0\.0\fP, so the version \fB1\.2\.10\fP would not be greater than the
-range (because \fB2\.0\.1\fP satisfies, which is higher), nor less than the
-range (since \fB1\.2\.8\fP satisfies, which is lower), and it also does not
-satisfy the range\.
-.P
-If you want to know if a version satisfies or does not satisfy a
-range, use the \fBsatisfies(version, range)\fP function\.
-.SS Coercion
-.RS 0
-.IP \(bu 2
-\fBcoerce(version)\fP: Coerces a string to semver if possible
-
-.RE
-.P
-This aims to provide a very forgiving translation of a non\-semver string to
-semver\. It looks for the first digit in a string, and consumes all
-remaining characters which satisfy at least a partial semver (e\.g\., \fB1\fP,
-\fB1\.2\fP, \fB1\.2\.3\fP) up to the max permitted length (256 characters)\. Longer
-versions are simply truncated (\fB4\.6\.3\.9\.2\-alpha2\fP becomes \fB4\.6\.3\fP)\. All
-surrounding text is simply ignored (\fBv3\.4 replaces v3\.3\.1\fP becomes
-\fB3\.4\.0\fP)\. Only text which lacks digits will fail coercion (\fBversion one\fP
-is not valid)\. The maximum length for any semver component considered for
-coercion is 16 characters; longer components will be ignored
-(\fB10000000000000000\.4\.7\.4\fP becomes \fB4\.7\.4\fP)\. The maximum value for any
-semver component is \fBNumber\.MAX_SAFE_INTEGER || (2**53 \- 1)\fP; higher value
-components are invalid (\fB9999999999999999\.4\.7\.4\fP is likely invalid)\.
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
index c1f18af7e43dc7..9328b8043bd4e5 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
@@ -314,10 +314,11 @@ module.exports = cls => class IdealTreeBuilder extends cls {
.then(async root => {
if (!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) {
await new this.constructor(this.options).loadActual({ root })
+ const tree = root.target || root
// even though we didn't load it from a package-lock.json FILE,
// we still loaded it "from disk", meaning we have to reset
// dep flags before assuming that any mutations were reflected.
- if (root.children.size)
+ if (tree.children.size)
root.meta.loadedFromDisk = true
}
return root
@@ -332,20 +333,28 @@ module.exports = cls => class IdealTreeBuilder extends cls {
})
}
- [_globalRootNode] () {
- const root = this[_rootNodeFromPackage]({ dependencies: {} })
+ async [_globalRootNode] () {
+ const root = await this[_rootNodeFromPackage]({ dependencies: {} })
// this is a gross kludge to handle the fact that we don't save
// metadata on the root node in global installs, because the "root"
// node is something like /usr/local/lib.
const meta = new Shrinkwrap({ path: this.path })
meta.reset()
root.meta = meta
- return Promise.resolve(root)
+ return root
}
- [_rootNodeFromPackage] (pkg) {
- return new Node({
+ async [_rootNodeFromPackage] (pkg) {
+ // if the path doesn't exist, then we explode at this point. Note that
+ // this is not a problem for reify(), since it creates the root path
+ // before ever loading trees.
+ // TODO: make buildIdealTree() and loadActual handle a missing root path,
+ // or a symlink to a missing target, and let reify() create it as needed.
+ const real = await realpath(this.path, this[_rpcache], this[_stcache])
+ const Cls = real === this.path ? Node : Link
+ const root = new Cls({
path: this.path,
+ realpath: real,
pkg,
extraneous: false,
dev: false,
@@ -355,12 +364,29 @@ module.exports = cls => class IdealTreeBuilder extends cls {
global: this[_global],
legacyPeerDeps: this.legacyPeerDeps,
})
+ if (root.isLink) {
+ root.target = new Node({
+ path: real,
+ realpath: real,
+ pkg,
+ extraneous: false,
+ dev: false,
+ devOptional: false,
+ peer: false,
+ optional: false,
+ global: this[_global],
+ legacyPeerDeps: this.legacyPeerDeps,
+ root,
+ })
+ }
+ return root
}
// process the add/rm requests by modifying the root node, and the
// update.names request by queueing nodes dependent on those named.
async [_applyUserRequests] (options) {
process.emit('time', 'idealTree:userRequests')
+ const tree = this.idealTree.target || this.idealTree
// If we have a list of package names to update, and we know it's
// going to update them wherever they are, add any paths into those
// named nodes to the buildIdealTree queue.
@@ -373,7 +399,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
const nm = resolve(this.path, 'node_modules')
for (const name of await readdir(nm)) {
if (this[_updateAll] || this[_updateNames].includes(name))
- this.idealTree.package.dependencies[name] = '*'
+ tree.package.dependencies[name] = '*'
}
}
@@ -381,7 +407,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
this[_queueVulnDependents](options)
if (options.rm && options.rm.length) {
- addRmPkgDeps.rm(this.idealTree.package, options.rm)
+ addRmPkgDeps.rm(tree.package, options.rm)
for (const name of options.rm)
this[_explicitRequests].add(name)
}
@@ -391,7 +417,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
// triggers a refresh of all edgesOut
if (options.add && options.add.length || options.rm && options.rm.length)
- this.idealTree.package = this.idealTree.package
+ tree.package = tree.package
process.emit('timeEnd', 'idealTree:userRequests')
}
@@ -410,8 +436,9 @@ module.exports = cls => class IdealTreeBuilder extends cls {
this[_resolvedAdd] = add
// now add is a list of spec objects with names.
// find a home for each of them!
+ const tree = this.idealTree.target || this.idealTree
addRmPkgDeps.add({
- pkg: this.idealTree.package,
+ pkg: tree.package,
add,
saveBundle,
saveType,
@@ -514,7 +541,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
fixAvailable,
} = topVuln
for (const node of topNodes) {
- if (node !== this.idealTree) {
+ if (node !== this.idealTree && node !== this.idealTree.target) {
// not something we're going to fix, sorry. have to cd into
// that directory and fix it yourself.
this.log.warn('audit', 'Manual fix required in linked project ' +
@@ -606,7 +633,7 @@ This is a one-time fix-up, please be patient...
this.addTracker('idealTree:inflate')
const queue = []
for (const node of inventory.values()) {
- if (node.isRoot)
+ if (node.isProjectRoot)
continue
queue.push(async () => {
@@ -646,11 +673,12 @@ This is a one-time fix-up, please be patient...
// at this point we have a virtual tree with the actual root node's
// package deps, which may be partly or entirely incomplete, invalid
// or extraneous.
- [_buildDeps] (node) {
+ [_buildDeps] () {
process.emit('time', 'idealTree:buildDeps')
- this[_depsQueue].push(this.idealTree)
+ const tree = this.idealTree.target || this.idealTree
+ this[_depsQueue].push(tree)
this.log.silly('idealTree', 'buildDeps')
- this.addTracker('idealTree', this.idealTree.name, '')
+ this.addTracker('idealTree', tree.name, '')
return this[_buildDepStep]()
.then(() => process.emit('timeEnd', 'idealTree:buildDeps'))
}
@@ -835,7 +863,7 @@ This is a one-time fix-up, please be patient...
// loads a node from an edge, and then loads its peer deps (and their
// peer deps, on down the line) into a virtual root parent.
- [_nodeFromEdge] (edge, parent_) {
+ async [_nodeFromEdge] (edge, parent_, secondEdge = null) {
// create a virtual root node with the same deps as the node that
// is requesting this one, so that we can get all the peer deps in
// a context where they're likely to be resolvable.
@@ -843,22 +871,43 @@ This is a one-time fix-up, please be patient...
const realParent = edge.peer ? edge.from.resolveParent : edge.from
const spec = npa.resolve(edge.name, edge.spec, edge.from.path)
- return this[_nodeFromSpec](edge.name, spec, parent, edge)
- .then(node => {
- // handle otherwise unresolvable dependency nesting loops by
- // creating a symbolic link
- // a1 -> b1 -> a2 -> b2 -> a1 -> ...
- // instead of nesting forever, when the loop occurs, create
- // a symbolic link to the earlier instance
- for (let p = edge.from.resolveParent; p; p = p.resolveParent) {
- if (p.matches(node) && !p.isRoot)
- return new Link({ parent: realParent, target: p })
- }
- // keep track of the thing that caused this node to be included.
- const src = parent.sourceReference
- this[_peerSetSource].set(node, src)
- return this[_loadPeerSet](node)
- })
+ const first = await this[_nodeFromSpec](edge.name, spec, parent, edge)
+
+ // we might have a case where the parent has a peer dependency on
+ // `foo@*` which resolves to v2, but another dep in the set has a
+ // peerDependency on `foo@1`. In that case, if we force it to be v2,
+ // we're unnecessarily triggering an ERESOLVE.
+ // If we have a second edge to worry about, and it's not satisfied
+ // by the first node, try a second and see if that satisfies the
+ // original edge here.
+ const spec2 = secondEdge && npa.resolve(
+ edge.name,
+ secondEdge.spec,
+ secondEdge.from.path
+ )
+ const second = secondEdge && !secondEdge.valid
+ ? await this[_nodeFromSpec](edge.name, spec2, parent, secondEdge)
+ : null
+
+ // pick the second one if they're both happy with that, otherwise first
+ const node = second && edge.valid ? second : first
+ // ensure the one we want is the one that's placed
+ node.parent = parent
+
+ // handle otherwise unresolvable dependency nesting loops by
+ // creating a symbolic link
+ // a1 -> b1 -> a2 -> b2 -> a1 -> ...
+ // instead of nesting forever, when the loop occurs, create
+ // a symbolic link to the earlier instance
+ for (let p = edge.from.resolveParent; p; p = p.resolveParent) {
+ if (p.matches(node) && !p.isTop)
+ return new Link({ parent: realParent, target: p })
+ }
+
+ // keep track of the thing that caused this node to be included.
+ const src = parent.sourceReference
+ this[_peerSetSource].set(node, src)
+ return this[_loadPeerSet](node)
}
[_virtualRoot] (node, reuse = false) {
@@ -886,7 +935,7 @@ This is a one-time fix-up, please be patient...
// also skip over any nodes in the tree that failed to load, since those
// will crash the install later on anyway.
- const bd = node.isRoot ? null : node.package.bundleDependencies
+ const bd = node.isProjectRoot ? null : node.package.bundleDependencies
const bundled = new Set(bd || [])
return [...node.edgesOut.values()]
@@ -923,7 +972,7 @@ This is a one-time fix-up, please be patient...
return true
// If the user has explicitly asked to install this package, it's a problem.
- if (node.isRoot && this[_explicitRequests].has(edge.name))
+ if (node.isProjectRoot && this[_explicitRequests].has(edge.name))
return true
// No problems!
@@ -1005,30 +1054,34 @@ This is a one-time fix-up, please be patient...
// deps to override, but throw if no preference can be determined.
async [_loadPeerSet] (node) {
const peerEdges = [...node.edgesOut.values()]
- // we only care about peers here, and don't install peerOptionals
- .filter(e => e.peer && !e.valid && !e.optional)
+ // we typically only install non-optional peers, but we have to
+ // factor them into the peerSet so that we can avoid conflicts
+ .filter(e => e.peer && !(e.valid && e.to))
.sort(({name: a}, {name: b}) => a.localeCompare(b))
for (const edge of peerEdges) {
// already placed this one, and we're happy with it.
- if (edge.valid)
+ if (edge.valid && edge.to)
continue
const parentEdge = node.parent.edgesOut.get(edge.name)
- const {isRoot, isWorkspace} = node.parent.sourceReference
- const isMine = isRoot || isWorkspace
- if (edge.missing) {
+ const {isProjectRoot, isWorkspace} = node.parent.sourceReference
+ const isMine = isProjectRoot || isWorkspace
+ if (!edge.to) {
if (!parentEdge) {
// easy, just put the thing there
await this[_nodeFromEdge](edge, node.parent)
continue
} else {
- // try to put the parent's preference, and make sure that satisfies.
- // if so, we're good.
- // if it does not, then we have a problem in strict mode, no problem
+ // if the parent's edge is very broad like >=1, and the edge in
+ // question is something like 1.x, then we want to get a 1.x, not
+ // a 2.x. pass along the child edge as an advisory guideline.
+ // if the parent edge doesn't satisfy the child edge, and the
+ // child edge doesn't satisfy the parent edge, then we have
+ // a conflict. this is always a problem in strict mode, never
// in force mode, and a problem in non-strict mode if this isn't
- // on behalf of the root node. In all such cases, we warn at least.
- await this[_nodeFromEdge](parentEdge, node.parent)
+ // on behalf of our project. in all such cases, we warn at least.
+ await this[_nodeFromEdge](parentEdge, node.parent, edge)
// hooray! that worked!
if (edge.valid)
@@ -1037,8 +1090,9 @@ This is a one-time fix-up, please be patient...
// allow it
if (this[_force] || !isMine && !this[_strictPeerDeps])
continue
- else
- this[_failPeerConflict](edge)
+
+ // problem
+ this[_failPeerConflict](edge)
}
}
@@ -1101,7 +1155,7 @@ This is a one-time fix-up, please be patient...
// top nodes should still get peer deps from their fsParent if possible,
// and only install locally if there's no other option, eg for a link
// outside of the project root, or for a conflicted dep.
- const start = edge.peer && !node.isRoot ? node.resolveParent || node
+ const start = edge.peer && !node.isProjectRoot ? node.resolveParent || node
: node
let target
@@ -1137,7 +1191,8 @@ This is a one-time fix-up, please be patient...
// when installing globally, or just in global style, we never place
// deps above the first level.
- if (this[_globalStyle] && check.resolveParent === this.idealTree)
+ const tree = this.idealTree && this.idealTree.target || this.idealTree
+ if (this[_globalStyle] && check.resolveParent === tree)
break
}
@@ -1350,8 +1405,8 @@ This is a one-time fix-up, please be patient...
// depends on a, and it has a conflict, it's our problem. So, the root
// (or whatever is bringing in a) becomes the "effective source" for
// the purposes of this calculation.
- const { isRoot, isWorkspace } = isSource ? target : source || {}
- const isMine = isRoot || isWorkspace
+ const { isProjectRoot, isWorkspace } = isSource ? target : source || {}
+ const isMine = isProjectRoot || isWorkspace
// Useful testing thingie right here.
// peerEntryEdge should *always* be a non-peer dependency, or a peer
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index d916b49c22c018..19c7fa384de515 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -1,5 +1,6 @@
// mixin implementing the reify method
+const onExit = require('../signal-handling.js')
const pacote = require('pacote')
const rpj = require('read-package-json-fast')
const { updateDepSpec } = require('../dep-spec.js')
@@ -27,8 +28,9 @@ const updateRootPackageJson = require('../update-root-package-json.js')
const _retiredPaths = Symbol('retiredPaths')
const _retiredUnchanged = Symbol('retiredUnchanged')
const _sparseTreeDirs = Symbol('sparseTreeDirs')
+const _sparseTreeRoots = Symbol('sparseTreeRoots')
const _savePrefix = Symbol('savePrefix')
-const _retireShallowNodes = Symbol('retireShallowNodes')
+const _retireShallowNodes = Symbol.for('retireShallowNodes')
const _getBundlesByDepth = Symbol('getBundlesByDepth')
const _registryResolved = Symbol('registryResolved')
const _addNodeToTrashList = Symbol('addNodeToTrashList')
@@ -54,7 +56,7 @@ const _awaitQuickAudit = Symbol('awaitQuickAudit')
const _unpackNewModules = Symbol.for('unpackNewModules')
const _moveContents = Symbol.for('moveContents')
const _moveBackRetiredUnchanged = Symbol.for('moveBackRetiredUnchanged')
-const _build = Symbol('build')
+const _build = Symbol.for('build')
const _removeTrash = Symbol.for('removeTrash')
const _renamePath = Symbol.for('renamePath')
const _rollbackRetireShallowNodes = Symbol.for('rollbackRetireShallowNodes')
@@ -102,6 +104,7 @@ module.exports = cls => class Reifier extends cls {
this[_retiredPaths] = {}
this[_retiredUnchanged] = {}
this[_sparseTreeDirs] = new Set()
+ this[_sparseTreeRoots] = new Set()
this[_trashList] = new Set()
}
@@ -153,16 +156,63 @@ module.exports = cls => class Reifier extends cls {
return this[_submitQuickAudit]()
}
- await this[_retireShallowNodes]()
- await this[_createSparseTree]()
- await this[_addOmitsToTrashList]()
- await this[_loadShrinkwrapsAndUpdateTrees]()
- await this[_loadBundlesAndUpdateTrees]()
- await this[_submitQuickAudit]()
- await this[_unpackNewModules]()
- await this[_moveBackRetiredUnchanged]()
- await this[_build]()
+ // ok, we're about to start touching the fs. need to roll back
+ // if we get an early termination.
+ let reifyTerminated = null
+ const removeHandler = onExit(({signal}) => {
+ // only call once. if signal hits twice, we just terminate
+ removeHandler()
+ reifyTerminated = Object.assign(new Error('process terminated'), {
+ signal,
+ })
+ return false
+ })
+
+ // [rollbackfn, [...actions]]
+ // after each step, if the process was terminated, execute the rollback
+ // note that each rollback *also* calls the previous one when it's
+ // finished, and then the first one throws the error, so we only need
+ // a new rollback step when we have a new thing that must be done to
+ // revert the install.
+ const steps = [
+ [_rollbackRetireShallowNodes, [
+ _retireShallowNodes,
+ ]],
+ [_rollbackCreateSparseTree, [
+ _createSparseTree,
+ _addOmitsToTrashList,
+ _loadShrinkwrapsAndUpdateTrees,
+ _loadBundlesAndUpdateTrees,
+ _submitQuickAudit,
+ _unpackNewModules,
+ ]],
+ [_rollbackMoveBackRetiredUnchanged, [
+ _moveBackRetiredUnchanged,
+ _build,
+ ]],
+ ]
+ for (const [rollback, actions] of steps) {
+ for (const action of actions) {
+ try {
+ await this[action]()
+ if (reifyTerminated)
+ throw reifyTerminated
+ } catch (er) {
+ await this[rollback](er)
+ /* istanbul ignore next - rollback throws, should never hit this */
+ throw er
+ }
+ }
+ }
+
+ // no rollback for this one, just exit with the error, since the
+ // install completed and can't be safely recovered at this point.
await this[_removeTrash]()
+ if (reifyTerminated)
+ throw reifyTerminated
+
+ // done modifying the file system, no need to keep listening for sigs
+ removeHandler()
}
// when doing a local install, we load everything and figure it all out.
@@ -183,8 +233,9 @@ module.exports = cls => class Reifier extends cls {
const actualOpt = this[_global] ? {
ignoreMissing: true,
global: true,
- filter: (node, kid) => !node.isRoot ? true
- : (node.edgesOut.has(kid) || this[_explicitRequests].has(kid)),
+ filter: (node, kid) => !node.isRoot && node !== node.root.target
+ ? true
+ : (node.edgesOut.has(kid) || this[_explicitRequests].has(kid)),
} : { ignoreMissing: true }
if (!this[_global]) {
@@ -260,7 +311,6 @@ module.exports = cls => class Reifier extends cls {
const movePromises = Object.entries(moves)
.map(([from, to]) => this[_renamePath](from, to))
return promiseAllRejectLate(movePromises)
- .catch(er => this[_rollbackRetireShallowNodes](er))
.then(() => process.emit('timeEnd', 'reify:retireShallow'))
}
@@ -326,18 +376,22 @@ module.exports = cls => class Reifier extends cls {
.map(diff => diff.ideal.path)
return promiseAllRejectLate(dirs.map(d => mkdirp(d)))
- .then(() => dirs.forEach(dir => this[_sparseTreeDirs].add(dir)))
+ .then(made => {
+ made.forEach(made => this[_sparseTreeRoots].add(made))
+ dirs.forEach(dir => this[_sparseTreeDirs].add(dir))
+ })
.then(() => process.emit('timeEnd', 'reify:createSparse'))
- .catch(er => this[_rollbackCreateSparseTree](er))
}
[_rollbackCreateSparseTree] (er) {
process.emit('time', 'reify:rollback:createSparse')
- // cut the roots of the sparse tree, not the leaves
- const moves = this[_retiredPaths]
+ // cut the roots of the sparse tree that were created, not the leaves
+ const roots = this[_sparseTreeRoots]
+ // also delete the moves that we retired, so that we can move them back
const failures = []
- const unlinks = Object.entries(moves)
- .map(([from, to]) => rimraf(from).catch(er => failures.push([from, er])))
+ const targets = [...roots, ...Object.keys(this[_retiredPaths])]
+ const unlinks = targets
+ .map(path => rimraf(path).catch(er => failures.push([path, er])))
return promiseAllRejectLate(unlinks)
.then(() => {
if (failures.length)
@@ -375,7 +429,6 @@ module.exports = cls => class Reifier extends cls {
.then(() => this[_diffTrees]())
.then(() => this[_createSparseTree]())
.then(() => process.emit('timeEnd', 'reify:loadShrinkwraps'))
- .catch(er => this[_rollbackCreateSparseTree](er))
}
// create a symlink for Links, extract for Nodes
@@ -543,7 +596,6 @@ module.exports = cls => class Reifier extends cls {
}))))
// move onto the next level of bundled items
.then(() => this[_loadBundlesAndUpdateTrees](depth + 1, bundlesByDepth))
- .catch(er => this[_rollbackCreateSparseTree](er))
}
[_getBundlesByDepth] () {
@@ -677,7 +729,6 @@ module.exports = cls => class Reifier extends cls {
})
return promiseAllRejectLate(unpacks)
.then(() => process.emit('timeEnd', 'reify:unpack'))
- .catch(er => this[_rollbackCreateSparseTree](er))
}
// This is the part where we move back the unchanging nodes that were
@@ -720,7 +771,6 @@ module.exports = cls => class Reifier extends cls {
}))
}))
.then(() => process.emit('timeEnd', 'reify:unretire'))
- .catch(er => this[_rollbackMoveBackRetiredUnchanged](er))
}
// move the contents from the fromPath to the node.path
@@ -771,7 +821,6 @@ module.exports = cls => class Reifier extends cls {
return this.rebuild({ nodes, handleOptionalFailure: true })
.then(() => process.emit('timeEnd', 'reify:build'))
- .catch(er => this[_rollbackMoveBackRetiredUnchanged](er))
}
// the tree is pretty much built now, so it's cleanup time.
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
index 396bcb58a2de96..01147b9d48da8a 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
@@ -64,70 +64,7 @@ const _meta = Symbol('_meta')
const relpath = require('./relpath.js')
const consistentResolve = require('./consistent-resolve.js')
-// helper function to output a clearer visualization
-// of the current node and its descendents
-class ArboristNode {}
-
-const printableTree = (tree, path = []) =>
- (path.includes(tree) ? { location: tree.location } : (path.push(tree), Object.assign(new ArboristNode(), {
- name: tree.name,
- ...(tree.package && tree.package.version
- ? { version: tree.package.version }
- : {}),
- location: tree.location,
- path: tree.path,
- realpath: tree.realpath,
- ...(tree.isLink ? { target: printableTree(tree.target, path) } : {}),
- ...(tree.resolved != null ? { resolved: tree.resolved } : {}),
- ...(tree.extraneous ? { extraneous: true } : {
- ...(tree.dev ? { dev: true } : {}),
- ...(tree.optional ? { optional: true } : {}),
- ...(tree.devOptional && !tree.dev && !tree.optional
- ? { devOptional: true } : {}),
- ...(tree.peer ? { peer: true } : {}),
- }),
- ...(tree.inBundle ? { bundled: true } : {}),
- // handle top-level tree error
- ...(tree.error
- ? {
- error: {
- code: tree.error.code,
- ...(tree.error.path
- ? { path: tree.error.path }
- : {}),
- },
- } : {}),
- // handle errors for each node
- ...(tree.errors && tree.errors.length
- ? {
- errors: tree.errors.map(error => ({
- code: error.code,
- ...(error.path
- ? { path: error.path }
- : {}),
- })),
- } : {}),
- ...(tree.edgesIn && tree.edgesIn.size ? {
- edgesIn: new Set([...tree.edgesIn]
- .sort((a, b) => a.from.location.localeCompare(b.from.location))),
- } : {}),
- ...(tree.edgesOut && tree.edgesOut.size ? {
- edgesOut: new Map([...tree.edgesOut.entries()]
- .sort((a, b) => a[0].localeCompare(b[0]))),
- } : {}),
- ...(tree.fsChildren && tree.fsChildren.size ? {
- fsChildren: new Set([...tree.fsChildren]
- .sort((a, b) => a.path.localeCompare(b.path))
- .map(tree => printableTree(tree, path))),
- } : {}),
- ...(tree.target || !tree.children || !tree.children.size
- ? {}
- : {
- children: new Map([...tree.children.entries()]
- .sort((a, b) => a[0].localeCompare(b[0]))
- .map(([name, tree]) => [name, printableTree(tree, path)])),
- }),
- })))
+const printableTree = require('./printable.js')
class Node {
constructor (options) {
@@ -527,6 +464,10 @@ class Node {
return this === this.root
}
+ get isProjectRoot () {
+ return this === this.root || this === this.root.target
+ }
+
set root (root) {
// setting to null means this is the new root
// should only ever be one step
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/printable.js b/deps/npm/node_modules/@npmcli/arborist/lib/printable.js
new file mode 100644
index 00000000000000..fb73c7c2bc4349
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/printable.js
@@ -0,0 +1,129 @@
+// helper function to output a clearer visualization
+// of the current node and its descendents
+
+const util = require('util')
+
+class ArboristNode {
+ constructor (tree, path) {
+ this.name = tree.name
+ if (tree.package.name && tree.package.name !== this.name)
+ this.packageName = tree.package.name
+ if (tree.version)
+ this.version = tree.version
+ this.location = tree.location
+ this.path = tree.path
+ if (tree.realpath !== this.path)
+ this.realpath = tree.realpath
+ if (tree.resolved !== null)
+ this.resolved = tree.resolved
+ if (tree.extraneous)
+ this.extraneous = true
+ if (tree.dev)
+ this.dev = true
+ if (tree.optional)
+ this.optional = true
+ if (tree.devOptional && !tree.dev && !tree.optional)
+ this.devOptional = true
+ if (tree.peer)
+ this.peer = true
+ if (tree.inBundle)
+ this.bundled = true
+ if (tree.error)
+ this.error = treeError(tree.error)
+ if (tree.errors && tree.errors.length)
+ this.errors = tree.errors.map(treeError)
+
+ // edgesOut sorted by name
+ if (tree.edgesOut.size) {
+ this.edgesOut = new Map([...tree.edgesOut.entries()]
+ .sort(([a], [b]) => a.localeCompare(b))
+ .map(([name, edge]) => [name, new EdgeOut(edge)]))
+ }
+
+ // edgesIn sorted by location
+ if (tree.edgesIn.size) {
+ this.edgesIn = new Set([...tree.edgesIn]
+ .sort((a, b) => a.from.location.localeCompare(b.from.location))
+ .map(edge => new EdgeIn(edge)))
+ }
+
+ // fsChildren sorted by path
+ if (tree.fsChildren.size) {
+ this.fsChildren = new Set([...tree.fsChildren]
+ .sort(({path: a}, {path: b}) => a.localeCompare(b))
+ .map(tree => printableTree(tree, path)))
+ }
+
+ // children sorted by name
+ if (tree.children.size) {
+ this.children = new Map([...tree.children.entries()]
+ .sort(([a], [b]) => a.localeCompare(b))
+ .map(([name, tree]) => [name, printableTree(tree, path)]))
+ }
+ }
+}
+
+class ArboristLink extends ArboristNode {
+ constructor (tree, path) {
+ super(tree, path)
+ this.target = printableTree(tree.target, path)
+ }
+}
+
+const treeError = ({code, path}) => ({
+ code,
+ ...(path ? { path } : {}),
+})
+
+// print out edges without dumping the full node all over again
+// this base class will toJSON as a plain old object, but the
+// util.inspect() output will be a bit cleaner
+class Edge {
+ constructor (edge) {
+ this.type = edge.type
+ this.name = edge.name
+ this.spec = edge.spec || '*'
+ if (edge.error)
+ this.error = edge.error
+ }
+}
+
+// don't care about 'from' for edges out
+class EdgeOut extends Edge {
+ constructor (edge) {
+ super(edge)
+ this.to = edge.to && edge.to.location
+ }
+
+ [util.inspect.custom] () {
+ return `{ ${this.type} ${this.name}@${this.spec}${
+ this.to ? ' -> ' + this.to : ''
+ }${
+ this.error ? ' ' + this.error : ''
+ } }`
+ }
+}
+
+// don't care about 'to' for edges in
+class EdgeIn extends Edge {
+ constructor (edge) {
+ super(edge)
+ this.from = edge.from && edge.from.location
+ }
+
+ [util.inspect.custom] () {
+ return `{ ${this.from || '""'} ${this.type} ${this.name}@${this.spec}${
+ this.error ? ' ' + this.error : ''
+ } }`
+ }
+}
+
+const printableTree = (tree, path = []) => {
+ if (path.includes(tree))
+ return { location: tree.location }
+ path.push(tree)
+ const Cls = tree.isLink ? ArboristLink : ArboristNode
+ return new Cls(tree, path)
+}
+
+module.exports = printableTree
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/signal-handling.js b/deps/npm/node_modules/@npmcli/arborist/lib/signal-handling.js
new file mode 100644
index 00000000000000..1051cd593970a3
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/signal-handling.js
@@ -0,0 +1,67 @@
+const signals = require('./signals.js')
+
+// for testing, expose the process being used
+module.exports = Object.assign(fn => setup(fn), { process })
+
+// do all of this in a setup function so that we can call it
+// multiple times for multiple reifies that might be going on.
+// Otherwise, Arborist.reify() is a global action, which is a
+// new constraint we'd be adding with this behavior.
+const setup = fn => {
+ const { process } = module.exports
+
+ const sigListeners = { loaded: false }
+
+ const unload = () => {
+ if (!sigListeners.loaded)
+ return
+ for (const sig of signals) {
+ try {
+ process.removeListener(sig, sigListeners[sig])
+ } catch (er) {}
+ }
+ process.removeListener('beforeExit', onBeforeExit)
+ sigListeners.loaded = false
+ }
+
+ const onBeforeExit = () => {
+ // this trick ensures that we exit with the same signal we caught
+ // Ie, if you press ^C and npm gets a SIGINT, we'll do the rollback
+ // and then exit with a SIGINT signal once we've removed the handler.
+ // The timeout is there because signals are asynchronous, so we need
+ // the process to NOT exit on its own, which means we have to have
+ // something keeping the event loop looping. Hence this hack.
+ unload()
+ process.kill(process.pid, signalReceived)
+ setTimeout(() => {}, 500)
+ }
+
+ let signalReceived = null
+ const listener = (sig, fn) => () => {
+ signalReceived = sig
+
+ // if we exit normally, but caught a signal which would have been fatal,
+ // then re-send it once we're done with whatever cleanup we have to do.
+ unload()
+ if (process.listeners(sig).length < 1)
+ process.once('beforeExit', onBeforeExit)
+
+ fn({ signal: sig })
+ }
+
+ // do the actual loading here
+ for (const sig of signals) {
+ sigListeners[sig] = listener(sig, fn)
+ const max = process.getMaxListeners()
+ try {
+ // if we call this a bunch of times, avoid triggering the warning
+ const { length } = process.listeners(sig)
+ if (length >= max)
+ process.setMaxListeners(length + 1)
+ process.on(sig, sigListeners[sig])
+ } catch (er) {}
+ }
+ sigListeners.loaded = true
+
+ return unload
+}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/signals.js b/deps/npm/node_modules/@npmcli/arborist/lib/signals.js
new file mode 100644
index 00000000000000..8dcd585c4c0657
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/signals.js
@@ -0,0 +1,58 @@
+// copied from signal-exit
+
+// This is not the set of all possible signals.
+//
+// It IS, however, the set of all signals that trigger
+// an exit on either Linux or BSD systems. Linux is a
+// superset of the signal names supported on BSD, and
+// the unknown signals just fail to register, so we can
+// catch that easily enough.
+//
+// Don't bother with SIGKILL. It's uncatchable, which
+// means that we can't fire any callbacks anyway.
+//
+// If a user does happen to register a handler on a non-
+// fatal signal like SIGWINCH or something, and then
+// exit, it'll end up firing `process.emit('exit')`, so
+// the handler will be fired anyway.
+//
+// SIGBUS, SIGFPE, SIGSEGV and SIGILL, when not raised
+// artificially, inherently leave the process in a
+// state from which it is not safe to try and enter JS
+// listeners.
+
+const platform = global.__ARBORIST_FAKE_PLATFORM__ || process.platform
+
+module.exports = [
+ 'SIGABRT',
+ 'SIGALRM',
+ 'SIGHUP',
+ 'SIGINT',
+ 'SIGTERM',
+]
+
+if (platform !== 'win32') {
+ module.exports.push(
+ 'SIGVTALRM',
+ 'SIGXCPU',
+ 'SIGXFSZ',
+ 'SIGUSR2',
+ 'SIGTRAP',
+ 'SIGSYS',
+ 'SIGQUIT',
+ 'SIGIOT'
+ // should detect profiler and enable/disable accordingly.
+ // see #21
+ // 'SIGPROF'
+ )
+}
+
+if (platform === 'linux') {
+ module.exports.push(
+ 'SIGIO',
+ 'SIGPOLL',
+ 'SIGPWR',
+ 'SIGSTKFLT',
+ 'SIGUNUSED'
+ )
+}
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index fafd1fb0f865f2..bf0de29939182b 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
{
"name": "@npmcli/arborist",
- "version": "2.0.6",
+ "version": "2.1.0",
"description": "Manage node_modules trees",
"dependencies": {
"@npmcli/installed-package-contents": "^1.0.5",
diff --git a/deps/npm/node_modules/@npmcli/disparity-colors/CHANGELOG.md b/deps/npm/node_modules/@npmcli/disparity-colors/CHANGELOG.md
new file mode 100644
index 00000000000000..c6dc19711a96dc
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/disparity-colors/CHANGELOG.md
@@ -0,0 +1,5 @@
+# Changelog
+
+## 1.0.0
+
+- Initial release
diff --git a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/LICENSE b/deps/npm/node_modules/@npmcli/disparity-colors/LICENSE
similarity index 93%
rename from deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/LICENSE
rename to deps/npm/node_modules/@npmcli/disparity-colors/LICENSE
index 19129e315fe593..dedcd7d2f9daec 100644
--- a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/LICENSE
+++ b/deps/npm/node_modules/@npmcli/disparity-colors/LICENSE
@@ -1,6 +1,6 @@
The ISC License
-Copyright (c) Isaac Z. Schlueter and Contributors
+Copyright (c) npm Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
diff --git a/deps/npm/node_modules/@npmcli/disparity-colors/README.md b/deps/npm/node_modules/@npmcli/disparity-colors/README.md
new file mode 100644
index 00000000000000..31d2b9c10d3ec6
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/disparity-colors/README.md
@@ -0,0 +1,48 @@
+# @npmcli/disparity-colors
+
+[![NPM version](https://img.shields.io/npm/v/@npmcli/disparity-colors)](https://www.npmjs.com/package/@npmcli/disparity-colors)
+[![Build Status](https://img.shields.io/github/workflow/status/npm/disparity-colors/node-ci)](https://github.com/npm/disparity-colors)
+[![License](https://img.shields.io/github/license/npm/disparity-colors)](https://github.com/npm/disparity-colors/blob/master/LICENSE)
+
+Spiritual sucessor to [disparity](https://www.npmjs.com/package/disparity). Colorizes [Diff Unified format](https://en.wikipedia.org/wiki/Diff#Unified_format) output using [ansi-styles](https://www.npmjs.com/package/ansi-styles).
+
+## Install
+
+`npm install @npmcli/disparity-colors`
+
+## Usage:
+
+```js
+const colorize = require('@npmcli/disparity-colors')
+mapWorkspaces(`--- a/src/index.js
++++ b/src/index.js
+@@ -1,4 +1,5 @@
+ "use strict";
++"use foo";
+
+ const os = require("os");
+`)
+// [33m--- a/src/index.js[39m
+// [33m+++ b/src/index.js[39m
+// [35m@@ -1,4 +1,5 @@[39m
+// "use strict";
+// [32m+"use foo";[39m
+//
+// const os = require("os");
+```
+
+## API:
+
+### `colorize(str, opts = {}) -> String`
+
+- `str`: A [Diff Unified format](https://en.wikipedia.org/wiki/Diff#Unified_format) string
+- `opts`:
+ - `headerLength`: A **Number** defining how many lines should be colorized as header
+
+#### Returns
+
+A **String** including the appropriate [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code#Colors_and_Styles)
+
+## LICENSE
+
+[ISC](./LICENSE)
diff --git a/deps/npm/node_modules/@npmcli/disparity-colors/index.js b/deps/npm/node_modules/@npmcli/disparity-colors/index.js
new file mode 100644
index 00000000000000..a02b8f884d8ac4
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/disparity-colors/index.js
@@ -0,0 +1,34 @@
+const ansi = require('ansi-styles')
+
+const colors = {
+ removed: ansi.red,
+ added: ansi.green,
+ header: ansi.yellow,
+ section: ansi.magenta
+}
+
+function colorize (str, opts) {
+ let headerLength = (opts || {}).headerLength
+ if (typeof headerLength !== 'number' || Number.isNaN(headerLength)) {
+ headerLength = 2
+ }
+
+ const color = (str, colorId) => {
+ const { open, close } = colors[colorId]
+ // avoid highlighting the "\n" (would highlight till the end of the line)
+ return str.replace(/[^\n\r]+/g, open + '$&' + close)
+ }
+
+ // this RegExp will include all the `\n` chars into the lines, easier to join
+ const lines = ((typeof str === 'string' && str) || '').split(/^/m)
+
+ const start = color(lines.slice(0, headerLength).join(''), 'header')
+ const end = lines.slice(headerLength).join('')
+ .replace(/^-.*/gm, color('$&', 'removed'))
+ .replace(/^\+.*/gm, color('$&', 'added'))
+ .replace(/^@@.+@@/gm, color('$&', 'section'))
+
+ return start + end
+}
+
+module.exports = colorize
diff --git a/deps/npm/node_modules/@npmcli/disparity-colors/package.json b/deps/npm/node_modules/@npmcli/disparity-colors/package.json
new file mode 100644
index 00000000000000..3f389a42c9f99b
--- /dev/null
+++ b/deps/npm/node_modules/@npmcli/disparity-colors/package.json
@@ -0,0 +1,60 @@
+{
+ "name": "@npmcli/disparity-colors",
+ "version": "1.0.1",
+ "files": [
+ "index.js"
+ ],
+ "engines": {
+ "node": ">=10"
+ },
+ "description": "Colorizes unified diff output",
+ "repository": "https://github.com/npm/disparity-colors",
+ "keywords": [
+ "disparity",
+ "npm",
+ "npmcli",
+ "diff",
+ "char",
+ "unified",
+ "multiline",
+ "string",
+ "color",
+ "ansi",
+ "terminal",
+ "cli",
+ "tty"
+ ],
+ "author": "npm Inc. ",
+ "contributors": [
+ {
+ "name": "Ruy Adorno",
+ "url": "https://ruyadorno.com",
+ "twitter": "ruyadorno"
+ }
+ ],
+ "license": "ISC",
+ "scripts": {
+ "lint": "standard index.js",
+ "pretest": "npm run lint",
+ "test": "tap",
+ "snap": "tap",
+ "preversion": "npm test",
+ "postversion": "npm publish",
+ "prepublishOnly": "git push origin --follow-tags"
+ },
+ "tap": {
+ "check-coverage": true
+ },
+ "standard": {
+ "ignore": [
+ "/tap-snapshots/"
+ ]
+ },
+ "devDependencies": {
+ "standard": "^16.0.3",
+ "tap": "^14.11.0"
+ },
+ "dependencies": {
+ "ansi-styles": "^4.3.0"
+ }
+}
diff --git a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/README.md b/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/README.md
deleted file mode 100644
index 423b8cf854ad3e..00000000000000
--- a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/README.md
+++ /dev/null
@@ -1,101 +0,0 @@
-[![Build Status](https://travis-ci.org/isaacs/rimraf.svg?branch=master)](https://travis-ci.org/isaacs/rimraf) [![Dependency Status](https://david-dm.org/isaacs/rimraf.svg)](https://david-dm.org/isaacs/rimraf) [![devDependency Status](https://david-dm.org/isaacs/rimraf/dev-status.svg)](https://david-dm.org/isaacs/rimraf#info=devDependencies)
-
-The [UNIX command](http://en.wikipedia.org/wiki/Rm_(Unix)) `rm -rf` for node.
-
-Install with `npm install rimraf`, or just drop rimraf.js somewhere.
-
-## API
-
-`rimraf(f, [opts], callback)`
-
-The first parameter will be interpreted as a globbing pattern for files. If you
-want to disable globbing you can do so with `opts.disableGlob` (defaults to
-`false`). This might be handy, for instance, if you have filenames that contain
-globbing wildcard characters.
-
-The callback will be called with an error if there is one. Certain
-errors are handled for you:
-
-* Windows: `EBUSY` and `ENOTEMPTY` - rimraf will back off a maximum of
- `opts.maxBusyTries` times before giving up, adding 100ms of wait
- between each attempt. The default `maxBusyTries` is 3.
-* `ENOENT` - If the file doesn't exist, rimraf will return
- successfully, since your desired outcome is already the case.
-* `EMFILE` - Since `readdir` requires opening a file descriptor, it's
- possible to hit `EMFILE` if too many file descriptors are in use.
- In the sync case, there's nothing to be done for this. But in the
- async case, rimraf will gradually back off with timeouts up to
- `opts.emfileWait` ms, which defaults to 1000.
-
-## options
-
-* unlink, chmod, stat, lstat, rmdir, readdir,
- unlinkSync, chmodSync, statSync, lstatSync, rmdirSync, readdirSync
-
- In order to use a custom file system library, you can override
- specific fs functions on the options object.
-
- If any of these functions are present on the options object, then
- the supplied function will be used instead of the default fs
- method.
-
- Sync methods are only relevant for `rimraf.sync()`, of course.
-
- For example:
-
- ```javascript
- var myCustomFS = require('some-custom-fs')
-
- rimraf('some-thing', myCustomFS, callback)
- ```
-
-* maxBusyTries
-
- If an `EBUSY`, `ENOTEMPTY`, or `EPERM` error code is encountered
- on Windows systems, then rimraf will retry with a linear backoff
- wait of 100ms longer on each try. The default maxBusyTries is 3.
-
- Only relevant for async usage.
-
-* emfileWait
-
- If an `EMFILE` error is encountered, then rimraf will retry
- repeatedly with a linear backoff of 1ms longer on each try, until
- the timeout counter hits this max. The default limit is 1000.
-
- If you repeatedly encounter `EMFILE` errors, then consider using
- [graceful-fs](http://npm.im/graceful-fs) in your program.
-
- Only relevant for async usage.
-
-* glob
-
- Set to `false` to disable [glob](http://npm.im/glob) pattern
- matching.
-
- Set to an object to pass options to the glob module. The default
- glob options are `{ nosort: true, silent: true }`.
-
- Glob version 6 is used in this module.
-
- Relevant for both sync and async usage.
-
-* disableGlob
-
- Set to any non-falsey value to disable globbing entirely.
- (Equivalent to setting `glob: false`.)
-
-## rimraf.sync
-
-It can remove stuff synchronously, too. But that's not so good. Use
-the async API. It's better.
-
-## CLI
-
-If installed with `npm install rimraf -g` it can be used as a global
-command `rimraf [ ...]` which is useful for cross platform support.
-
-## mkdirp
-
-If you need to create a directory recursively, check out
-[mkdirp](https://github.com/substack/node-mkdirp).
diff --git a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/bin.js b/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/bin.js
deleted file mode 100755
index 0d1e17be701ec3..00000000000000
--- a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/bin.js
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env node
-
-var rimraf = require('./')
-
-var help = false
-var dashdash = false
-var noglob = false
-var args = process.argv.slice(2).filter(function(arg) {
- if (dashdash)
- return !!arg
- else if (arg === '--')
- dashdash = true
- else if (arg === '--no-glob' || arg === '-G')
- noglob = true
- else if (arg === '--glob' || arg === '-g')
- noglob = false
- else if (arg.match(/^(-+|\/)(h(elp)?|\?)$/))
- help = true
- else
- return !!arg
-})
-
-if (help || args.length === 0) {
- // If they didn't ask for help, then this is not a "success"
- var log = help ? console.log : console.error
- log('Usage: rimraf [ ...]')
- log('')
- log(' Deletes all files and folders at "path" recursively.')
- log('')
- log('Options:')
- log('')
- log(' -h, --help Display this usage info')
- log(' -G, --no-glob Do not expand glob patterns in arguments')
- log(' -g, --glob Expand glob patterns in arguments (default)')
- process.exit(help ? 0 : 1)
-} else
- go(0)
-
-function go (n) {
- if (n >= args.length)
- return
- var options = {}
- if (noglob)
- options = { glob: false }
- rimraf(args[n], options, function (er) {
- if (er)
- throw er
- go(n+1)
- })
-}
diff --git a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/package.json b/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/package.json
deleted file mode 100644
index 26e05d85ea2fdf..00000000000000
--- a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/package.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "name": "rimraf",
- "version": "2.7.1",
- "main": "rimraf.js",
- "description": "A deep deletion module for node (like `rm -rf`)",
- "author": "Isaac Z. Schlueter (http://blog.izs.me/)",
- "license": "ISC",
- "repository": "git://github.com/isaacs/rimraf.git",
- "scripts": {
- "preversion": "npm test",
- "postversion": "npm publish",
- "postpublish": "git push origin --all; git push origin --tags",
- "test": "tap test/*.js"
- },
- "bin": "./bin.js",
- "dependencies": {
- "glob": "^7.1.3"
- },
- "files": [
- "LICENSE",
- "README.md",
- "bin.js",
- "rimraf.js"
- ],
- "devDependencies": {
- "mkdirp": "^0.5.1",
- "tap": "^12.1.1"
- }
-}
diff --git a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/rimraf.js b/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/rimraf.js
deleted file mode 100644
index a90ad029f3ece1..00000000000000
--- a/deps/npm/node_modules/@npmcli/move-file/node_modules/rimraf/rimraf.js
+++ /dev/null
@@ -1,372 +0,0 @@
-module.exports = rimraf
-rimraf.sync = rimrafSync
-
-var assert = require("assert")
-var path = require("path")
-var fs = require("fs")
-var glob = undefined
-try {
- glob = require("glob")
-} catch (_err) {
- // treat glob as optional.
-}
-var _0666 = parseInt('666', 8)
-
-var defaultGlobOpts = {
- nosort: true,
- silent: true
-}
-
-// for EMFILE handling
-var timeout = 0
-
-var isWindows = (process.platform === "win32")
-
-function defaults (options) {
- var methods = [
- 'unlink',
- 'chmod',
- 'stat',
- 'lstat',
- 'rmdir',
- 'readdir'
- ]
- methods.forEach(function(m) {
- options[m] = options[m] || fs[m]
- m = m + 'Sync'
- options[m] = options[m] || fs[m]
- })
-
- options.maxBusyTries = options.maxBusyTries || 3
- options.emfileWait = options.emfileWait || 1000
- if (options.glob === false) {
- options.disableGlob = true
- }
- if (options.disableGlob !== true && glob === undefined) {
- throw Error('glob dependency not found, set `options.disableGlob = true` if intentional')
- }
- options.disableGlob = options.disableGlob || false
- options.glob = options.glob || defaultGlobOpts
-}
-
-function rimraf (p, options, cb) {
- if (typeof options === 'function') {
- cb = options
- options = {}
- }
-
- assert(p, 'rimraf: missing path')
- assert.equal(typeof p, 'string', 'rimraf: path should be a string')
- assert.equal(typeof cb, 'function', 'rimraf: callback function required')
- assert(options, 'rimraf: invalid options argument provided')
- assert.equal(typeof options, 'object', 'rimraf: options should be object')
-
- defaults(options)
-
- var busyTries = 0
- var errState = null
- var n = 0
-
- if (options.disableGlob || !glob.hasMagic(p))
- return afterGlob(null, [p])
-
- options.lstat(p, function (er, stat) {
- if (!er)
- return afterGlob(null, [p])
-
- glob(p, options.glob, afterGlob)
- })
-
- function next (er) {
- errState = errState || er
- if (--n === 0)
- cb(errState)
- }
-
- function afterGlob (er, results) {
- if (er)
- return cb(er)
-
- n = results.length
- if (n === 0)
- return cb()
-
- results.forEach(function (p) {
- rimraf_(p, options, function CB (er) {
- if (er) {
- if ((er.code === "EBUSY" || er.code === "ENOTEMPTY" || er.code === "EPERM") &&
- busyTries < options.maxBusyTries) {
- busyTries ++
- var time = busyTries * 100
- // try again, with the same exact callback as this one.
- return setTimeout(function () {
- rimraf_(p, options, CB)
- }, time)
- }
-
- // this one won't happen if graceful-fs is used.
- if (er.code === "EMFILE" && timeout < options.emfileWait) {
- return setTimeout(function () {
- rimraf_(p, options, CB)
- }, timeout ++)
- }
-
- // already gone
- if (er.code === "ENOENT") er = null
- }
-
- timeout = 0
- next(er)
- })
- })
- }
-}
-
-// Two possible strategies.
-// 1. Assume it's a file. unlink it, then do the dir stuff on EPERM or EISDIR
-// 2. Assume it's a directory. readdir, then do the file stuff on ENOTDIR
-//
-// Both result in an extra syscall when you guess wrong. However, there
-// are likely far more normal files in the world than directories. This
-// is based on the assumption that a the average number of files per
-// directory is >= 1.
-//
-// If anyone ever complains about this, then I guess the strategy could
-// be made configurable somehow. But until then, YAGNI.
-function rimraf_ (p, options, cb) {
- assert(p)
- assert(options)
- assert(typeof cb === 'function')
-
- // sunos lets the root user unlink directories, which is... weird.
- // so we have to lstat here and make sure it's not a dir.
- options.lstat(p, function (er, st) {
- if (er && er.code === "ENOENT")
- return cb(null)
-
- // Windows can EPERM on stat. Life is suffering.
- if (er && er.code === "EPERM" && isWindows)
- fixWinEPERM(p, options, er, cb)
-
- if (st && st.isDirectory())
- return rmdir(p, options, er, cb)
-
- options.unlink(p, function (er) {
- if (er) {
- if (er.code === "ENOENT")
- return cb(null)
- if (er.code === "EPERM")
- return (isWindows)
- ? fixWinEPERM(p, options, er, cb)
- : rmdir(p, options, er, cb)
- if (er.code === "EISDIR")
- return rmdir(p, options, er, cb)
- }
- return cb(er)
- })
- })
-}
-
-function fixWinEPERM (p, options, er, cb) {
- assert(p)
- assert(options)
- assert(typeof cb === 'function')
- if (er)
- assert(er instanceof Error)
-
- options.chmod(p, _0666, function (er2) {
- if (er2)
- cb(er2.code === "ENOENT" ? null : er)
- else
- options.stat(p, function(er3, stats) {
- if (er3)
- cb(er3.code === "ENOENT" ? null : er)
- else if (stats.isDirectory())
- rmdir(p, options, er, cb)
- else
- options.unlink(p, cb)
- })
- })
-}
-
-function fixWinEPERMSync (p, options, er) {
- assert(p)
- assert(options)
- if (er)
- assert(er instanceof Error)
-
- try {
- options.chmodSync(p, _0666)
- } catch (er2) {
- if (er2.code === "ENOENT")
- return
- else
- throw er
- }
-
- try {
- var stats = options.statSync(p)
- } catch (er3) {
- if (er3.code === "ENOENT")
- return
- else
- throw er
- }
-
- if (stats.isDirectory())
- rmdirSync(p, options, er)
- else
- options.unlinkSync(p)
-}
-
-function rmdir (p, options, originalEr, cb) {
- assert(p)
- assert(options)
- if (originalEr)
- assert(originalEr instanceof Error)
- assert(typeof cb === 'function')
-
- // try to rmdir first, and only readdir on ENOTEMPTY or EEXIST (SunOS)
- // if we guessed wrong, and it's not a directory, then
- // raise the original error.
- options.rmdir(p, function (er) {
- if (er && (er.code === "ENOTEMPTY" || er.code === "EEXIST" || er.code === "EPERM"))
- rmkids(p, options, cb)
- else if (er && er.code === "ENOTDIR")
- cb(originalEr)
- else
- cb(er)
- })
-}
-
-function rmkids(p, options, cb) {
- assert(p)
- assert(options)
- assert(typeof cb === 'function')
-
- options.readdir(p, function (er, files) {
- if (er)
- return cb(er)
- var n = files.length
- if (n === 0)
- return options.rmdir(p, cb)
- var errState
- files.forEach(function (f) {
- rimraf(path.join(p, f), options, function (er) {
- if (errState)
- return
- if (er)
- return cb(errState = er)
- if (--n === 0)
- options.rmdir(p, cb)
- })
- })
- })
-}
-
-// this looks simpler, and is strictly *faster*, but will
-// tie up the JavaScript thread and fail on excessively
-// deep directory trees.
-function rimrafSync (p, options) {
- options = options || {}
- defaults(options)
-
- assert(p, 'rimraf: missing path')
- assert.equal(typeof p, 'string', 'rimraf: path should be a string')
- assert(options, 'rimraf: missing options')
- assert.equal(typeof options, 'object', 'rimraf: options should be object')
-
- var results
-
- if (options.disableGlob || !glob.hasMagic(p)) {
- results = [p]
- } else {
- try {
- options.lstatSync(p)
- results = [p]
- } catch (er) {
- results = glob.sync(p, options.glob)
- }
- }
-
- if (!results.length)
- return
-
- for (var i = 0; i < results.length; i++) {
- var p = results[i]
-
- try {
- var st = options.lstatSync(p)
- } catch (er) {
- if (er.code === "ENOENT")
- return
-
- // Windows can EPERM on stat. Life is suffering.
- if (er.code === "EPERM" && isWindows)
- fixWinEPERMSync(p, options, er)
- }
-
- try {
- // sunos lets the root user unlink directories, which is... weird.
- if (st && st.isDirectory())
- rmdirSync(p, options, null)
- else
- options.unlinkSync(p)
- } catch (er) {
- if (er.code === "ENOENT")
- return
- if (er.code === "EPERM")
- return isWindows ? fixWinEPERMSync(p, options, er) : rmdirSync(p, options, er)
- if (er.code !== "EISDIR")
- throw er
-
- rmdirSync(p, options, er)
- }
- }
-}
-
-function rmdirSync (p, options, originalEr) {
- assert(p)
- assert(options)
- if (originalEr)
- assert(originalEr instanceof Error)
-
- try {
- options.rmdirSync(p)
- } catch (er) {
- if (er.code === "ENOENT")
- return
- if (er.code === "ENOTDIR")
- throw originalEr
- if (er.code === "ENOTEMPTY" || er.code === "EEXIST" || er.code === "EPERM")
- rmkidsSync(p, options)
- }
-}
-
-function rmkidsSync (p, options) {
- assert(p)
- assert(options)
- options.readdirSync(p).forEach(function (f) {
- rimrafSync(path.join(p, f), options)
- })
-
- // We only end up here once we got ENOTEMPTY at least once, and
- // at this point, we are guaranteed to have removed all the kids.
- // So, we know that it won't be ENOENT or ENOTDIR or anything else.
- // try really hard to delete stuff on windows, because it has a
- // PROFOUNDLY annoying habit of not closing handles promptly when
- // files are deleted, resulting in spurious ENOTEMPTY errors.
- var retries = isWindows ? 100 : 1
- var i = 0
- do {
- var threw = true
- try {
- var ret = options.rmdirSync(p, options)
- threw = false
- return ret
- } finally {
- if (++i < retries && threw)
- continue
- }
- } while (true)
-}
diff --git a/deps/npm/node_modules/@npmcli/move-file/package.json b/deps/npm/node_modules/@npmcli/move-file/package.json
index 46b42c9e9aa2b8..28161645d936a2 100644
--- a/deps/npm/node_modules/@npmcli/move-file/package.json
+++ b/deps/npm/node_modules/@npmcli/move-file/package.json
@@ -1,13 +1,13 @@
{
"name": "@npmcli/move-file",
- "version": "1.1.0",
+ "version": "1.1.1",
"files": [
"index.js"
],
"description": "move a file (fork of move-file)",
"dependencies": {
"mkdirp": "^1.0.4",
- "rimraf": "^2.7.1"
+ "rimraf": "^3.0.2"
},
"devDependencies": {
"require-inject": "^1.4.4",
diff --git a/deps/npm/node_modules/binary-extensions/binary-extensions.json b/deps/npm/node_modules/binary-extensions/binary-extensions.json
new file mode 100644
index 00000000000000..4aab3837893a2c
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/binary-extensions.json
@@ -0,0 +1,260 @@
+[
+ "3dm",
+ "3ds",
+ "3g2",
+ "3gp",
+ "7z",
+ "a",
+ "aac",
+ "adp",
+ "ai",
+ "aif",
+ "aiff",
+ "alz",
+ "ape",
+ "apk",
+ "appimage",
+ "ar",
+ "arj",
+ "asf",
+ "au",
+ "avi",
+ "bak",
+ "baml",
+ "bh",
+ "bin",
+ "bk",
+ "bmp",
+ "btif",
+ "bz2",
+ "bzip2",
+ "cab",
+ "caf",
+ "cgm",
+ "class",
+ "cmx",
+ "cpio",
+ "cr2",
+ "cur",
+ "dat",
+ "dcm",
+ "deb",
+ "dex",
+ "djvu",
+ "dll",
+ "dmg",
+ "dng",
+ "doc",
+ "docm",
+ "docx",
+ "dot",
+ "dotm",
+ "dra",
+ "DS_Store",
+ "dsk",
+ "dts",
+ "dtshd",
+ "dvb",
+ "dwg",
+ "dxf",
+ "ecelp4800",
+ "ecelp7470",
+ "ecelp9600",
+ "egg",
+ "eol",
+ "eot",
+ "epub",
+ "exe",
+ "f4v",
+ "fbs",
+ "fh",
+ "fla",
+ "flac",
+ "flatpak",
+ "fli",
+ "flv",
+ "fpx",
+ "fst",
+ "fvt",
+ "g3",
+ "gh",
+ "gif",
+ "graffle",
+ "gz",
+ "gzip",
+ "h261",
+ "h263",
+ "h264",
+ "icns",
+ "ico",
+ "ief",
+ "img",
+ "ipa",
+ "iso",
+ "jar",
+ "jpeg",
+ "jpg",
+ "jpgv",
+ "jpm",
+ "jxr",
+ "key",
+ "ktx",
+ "lha",
+ "lib",
+ "lvp",
+ "lz",
+ "lzh",
+ "lzma",
+ "lzo",
+ "m3u",
+ "m4a",
+ "m4v",
+ "mar",
+ "mdi",
+ "mht",
+ "mid",
+ "midi",
+ "mj2",
+ "mka",
+ "mkv",
+ "mmr",
+ "mng",
+ "mobi",
+ "mov",
+ "movie",
+ "mp3",
+ "mp4",
+ "mp4a",
+ "mpeg",
+ "mpg",
+ "mpga",
+ "mxu",
+ "nef",
+ "npx",
+ "numbers",
+ "nupkg",
+ "o",
+ "odp",
+ "ods",
+ "odt",
+ "oga",
+ "ogg",
+ "ogv",
+ "otf",
+ "ott",
+ "pages",
+ "pbm",
+ "pcx",
+ "pdb",
+ "pdf",
+ "pea",
+ "pgm",
+ "pic",
+ "png",
+ "pnm",
+ "pot",
+ "potm",
+ "potx",
+ "ppa",
+ "ppam",
+ "ppm",
+ "pps",
+ "ppsm",
+ "ppsx",
+ "ppt",
+ "pptm",
+ "pptx",
+ "psd",
+ "pya",
+ "pyc",
+ "pyo",
+ "pyv",
+ "qt",
+ "rar",
+ "ras",
+ "raw",
+ "resources",
+ "rgb",
+ "rip",
+ "rlc",
+ "rmf",
+ "rmvb",
+ "rpm",
+ "rtf",
+ "rz",
+ "s3m",
+ "s7z",
+ "scpt",
+ "sgi",
+ "shar",
+ "snap",
+ "sil",
+ "sketch",
+ "slk",
+ "smv",
+ "snk",
+ "so",
+ "stl",
+ "suo",
+ "sub",
+ "swf",
+ "tar",
+ "tbz",
+ "tbz2",
+ "tga",
+ "tgz",
+ "thmx",
+ "tif",
+ "tiff",
+ "tlz",
+ "ttc",
+ "ttf",
+ "txz",
+ "udf",
+ "uvh",
+ "uvi",
+ "uvm",
+ "uvp",
+ "uvs",
+ "uvu",
+ "viv",
+ "vob",
+ "war",
+ "wav",
+ "wax",
+ "wbmp",
+ "wdp",
+ "weba",
+ "webm",
+ "webp",
+ "whl",
+ "wim",
+ "wm",
+ "wma",
+ "wmv",
+ "wmx",
+ "woff",
+ "woff2",
+ "wrm",
+ "wvx",
+ "xbm",
+ "xif",
+ "xla",
+ "xlam",
+ "xls",
+ "xlsb",
+ "xlsm",
+ "xlsx",
+ "xlt",
+ "xltm",
+ "xltx",
+ "xm",
+ "xmind",
+ "xpi",
+ "xpm",
+ "xwd",
+ "xz",
+ "z",
+ "zip",
+ "zipx"
+]
diff --git a/deps/npm/node_modules/binary-extensions/binary-extensions.json.d.ts b/deps/npm/node_modules/binary-extensions/binary-extensions.json.d.ts
new file mode 100644
index 00000000000000..94a248c2bcff7d
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/binary-extensions.json.d.ts
@@ -0,0 +1,3 @@
+declare const binaryExtensionsJson: readonly string[];
+
+export = binaryExtensionsJson;
diff --git a/deps/npm/node_modules/binary-extensions/index.d.ts b/deps/npm/node_modules/binary-extensions/index.d.ts
new file mode 100644
index 00000000000000..f469ac5fb0fe5f
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/index.d.ts
@@ -0,0 +1,14 @@
+/**
+List of binary file extensions.
+
+@example
+```
+import binaryExtensions = require('binary-extensions');
+
+console.log(binaryExtensions);
+//=> ['3ds', '3g2', …]
+```
+*/
+declare const binaryExtensions: readonly string[];
+
+export = binaryExtensions;
diff --git a/deps/npm/node_modules/binary-extensions/index.js b/deps/npm/node_modules/binary-extensions/index.js
new file mode 100644
index 00000000000000..d46e4688671141
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/index.js
@@ -0,0 +1 @@
+module.exports = require('./binary-extensions.json');
diff --git a/deps/npm/node_modules/binary-extensions/license b/deps/npm/node_modules/binary-extensions/license
new file mode 100644
index 00000000000000..401b1c731bcd3e
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/license
@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2019 Sindre Sorhus (https://sindresorhus.com), Paul Miller (https://paulmillr.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/binary-extensions/package.json b/deps/npm/node_modules/binary-extensions/package.json
new file mode 100644
index 00000000000000..c4d3641735b91b
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/package.json
@@ -0,0 +1,38 @@
+{
+ "name": "binary-extensions",
+ "version": "2.2.0",
+ "description": "List of binary file extensions",
+ "license": "MIT",
+ "repository": "sindresorhus/binary-extensions",
+ "author": {
+ "name": "Sindre Sorhus",
+ "email": "sindresorhus@gmail.com",
+ "url": "sindresorhus.com"
+ },
+ "engines": {
+ "node": ">=8"
+ },
+ "scripts": {
+ "test": "xo && ava && tsd"
+ },
+ "files": [
+ "index.js",
+ "index.d.ts",
+ "binary-extensions.json",
+ "binary-extensions.json.d.ts"
+ ],
+ "keywords": [
+ "binary",
+ "extensions",
+ "extension",
+ "file",
+ "json",
+ "list",
+ "array"
+ ],
+ "devDependencies": {
+ "ava": "^1.4.1",
+ "tsd": "^0.7.2",
+ "xo": "^0.24.0"
+ }
+}
diff --git a/deps/npm/node_modules/binary-extensions/readme.md b/deps/npm/node_modules/binary-extensions/readme.md
new file mode 100644
index 00000000000000..3e25dd835e08b6
--- /dev/null
+++ b/deps/npm/node_modules/binary-extensions/readme.md
@@ -0,0 +1,41 @@
+# binary-extensions
+
+> List of binary file extensions
+
+The list is just a [JSON file](binary-extensions.json) and can be used anywhere.
+
+
+## Install
+
+```
+$ npm install binary-extensions
+```
+
+
+## Usage
+
+```js
+const binaryExtensions = require('binary-extensions');
+
+console.log(binaryExtensions);
+//=> ['3ds', '3g2', …]
+```
+
+
+## Related
+
+- [is-binary-path](https://github.com/sindresorhus/is-binary-path) - Check if a filepath is a binary file
+- [text-extensions](https://github.com/sindresorhus/text-extensions) - List of text file extensions
+
+
+---
+
+