deps: upgrade npm to 7.1.2

PR-URL: https://github.com/nodejs/node/pull/36487
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Ruy Adorno <ruyadorno@github.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

135 files changed, 3985 insertions, 928 deletions

diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
index 8c15d7658e..0922176c6b 100644
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
@@ -1,3 +1,53 @@
+## 7.1.2 (2020-12-11)
+
+### DEPENDENCIES
+
+* [`c3ba1daf7`](https://github.com/npm/cli/commit/c3ba1daf7cd335d72aeba80ae0e9f9d215ca9ea5)
+  [#2033](https://github.com/npm/cli/issues/2033) `@npmcli/config@1.2.6`:
+    * Set `INIT_CWD` to initial current working directory
+    * Set `NODE` to initial process.execPath
+* [`8029608b9`](https://github.com/npm/cli/commit/8029608b914fe5ba35a7cd37ae95ab93b0532e2e)
+  `json-parse-even-better-errors@2.3.1`
+* [`0233818e6`](https://github.com/npm/cli/commit/0233818e606888b80881b17a2c6aca9f10a619b2)
+  [#2332](https://github.com/npm/cli/issues/2332) `treeverse@1.0.4`
+* [`e401d6bb3`](https://github.com/npm/cli/commit/e401d6bb37ffc767b4fefe89878dd3c3ef490b2c)
+  `ini@1.3.8`
+* [`011bb1220`](https://github.com/npm/cli/commit/011bb122035dcd43769ec35982662cca41635068)
+  [#2320](https://github.com/npm/cli/issues/2320) `@npmcli/arborist@2.0.1`:
+    * Do not save with `^` and no version
+
+### BUGFIXES
+
+* [`244c2069f`](https://github.com/npm/cli/commit/244c2069fd093f053d3061c85575ac13e72e2454)
+  [#2325](https://github.com/npm/cli/issues/2325) npm search
+  include/exclude ([@ruyadorno](https://github.com/ruyadorno))
+* [`d825e901e`](https://github.com/npm/cli/commit/d825e901eceea4cf8d860e35238dc30008eb4da4)
+  [#1905](https://github.com/npm/cli/issues/1905)
+  [#2316](https://github.com/npm/cli/issues/2316) run install scripts for
+  root project
+* [`315449142`](https://github.com/npm/cli/commit/31544914294948085a84097af7f0f5de2a2e8f7e)
+  [#2331](https://github.com/npm/cli/issues/2331)
+  [#2021](https://github.com/npm/cli/issues/2021) Set `NODE_ENV=production`
+  if 'dev' is on the omit list ([@isaacs](https://github.com/isaacs))
+
+### TESTING
+
+* [`c243e3b9d`](https://github.com/npm/cli/commit/c243e3b9d9bda0580a0fc1b3e230b4d47412176e)
+  [#2313](https://github.com/npm/cli/issues/2313) tests: completion
+  ([@nlf](https://github.com/nlf))
+* [`7ff6efbb8`](https://github.com/npm/cli/commit/7ff6efbb866591b2330b967215cef8146dff3ebf)
+  [#2314](https://github.com/npm/cli/issues/2314) npm team
+  ([@ruyadorno](https://github.com/ruyadorno))
+* [`7a4f0c96c`](https://github.com/npm/cli/commit/7a4f0c96c2ab9f264f7bda2caf7e72c881571270)
+  [#2323](https://github.com/npm/cli/issues/2323) npm doctor
+  ([@nlf](https://github.com/nlf))
+
+### DOCUMENTATION
+
+* [`e340cf64b`](https://github.com/npm/cli/commit/e340cf64ba31ef329a9049b60c32ffd0342cfb7d)
+  [#2330](https://github.com/npm/cli/issues/2330) explain through
+  run-script ([@isaacs](https://github.com/isaacs))
+
 ## 7.1.1 (2020-12-08)
 
 ### DEPENDENCIES
diff --git a/deps/npm/docs/content/commands/npm-explain.md b/deps/npm/docs/content/commands/npm-explain.md
index fe7485d61a..ec63ec34f2 100644
--- a/deps/npm/docs/content/commands/npm-explain.md
+++ b/deps/npm/docs/content/commands/npm-explain.md
@@ -8,6 +8,8 @@ description: Explain installed packages
 
 ```bash
 npm explain <folder | specifier>
+
+alias: why
 ```
 
 ### Description
diff --git a/deps/npm/docs/content/commands/npm-link.md b/deps/npm/docs/content/commands/npm-link.md
index 7c55f18c5a..1a835001fc 100644
--- a/deps/npm/docs/content/commands/npm-link.md
+++ b/deps/npm/docs/content/commands/npm-link.md
@@ -15,41 +15,44 @@ alias: npm ln
 
 ### Description
 
+This is handy for installing your own stuff, so that you can work on it and
+test iteratively without having to continually rebuild.
+
 Package linking is a two-step process.
 
-First, `npm link` in a package folder will create a symlink in the global folder
-`{prefix}/lib/node_modules/<package>` that links to the package where the `npm
-link` command was executed. It will also link any bins in the package to `{prefix}/bin/{name}`.
-Note that `npm link` uses the global prefix (see `npm prefix -g` for its value).
+First, `npm link` in a package folder will create a symlink in the global
+folder `{prefix}/lib/node_modules/<package>` that links to the package
+where the `npm link` command was executed. It will also link any bins in
+the package to `{prefix}/bin/{name}`.  Note that `npm link` uses the global
+prefix (see `npm prefix -g` for its value).
 
 Next, in some other location, `npm link package-name` will create a
-symbolic link from globally-installed `package-name` to `node_modules/`
-of the current folder.
+symbolic link from globally-installed `package-name` to `node_modules/` of
+the current folder.
 
-Note that `package-name` is taken from `package.json`,
-not from directory name.
+Note that `package-name` is taken from `package.json`, _not_ from the
+directory name.
 
-The package name can be optionally prefixed with a scope. See [`scope`](/using-npm/scope).
-The scope must be preceded by an @-symbol and followed by a slash.
+The package name can be optionally prefixed with a scope. See
+[`scope`](/using-npm/scope).  The scope must be preceded by an @-symbol and
+followed by a slash.
 
 When creating tarballs for `npm publish`, the linked packages are
-"snapshotted" to their current state by resolving the symbolic links.
-
-This is handy for installing your own stuff, so that you can work on it and
-test it iteratively without having to continually rebuild.
+"snapshotted" to their current state by resolving the symbolic links, if
+they are included in `bundleDependencies`.
 
 For example:
 
 ```bash
-    cd ~/projects/node-redis    # go into the package directory
-    npm link                    # creates global link
-    cd ~/projects/node-bloggy   # go into some other package directory.
-    npm link redis              # link-install the package
+cd ~/projects/node-redis    # go into the package directory
+npm link                    # creates global link
+cd ~/projects/node-bloggy   # go into some other package directory.
+npm link redis              # link-install the package
 ```
 
-Now, any changes to ~/projects/node-redis will be reflected in
-~/projects/node-bloggy/node_modules/node-redis/. Note that the link should
-be to the package name, not the directory name for that package.
+Now, any changes to `~/projects/node-redis` will be reflected in
+`~/projects/node-bloggy/node_modules/node-redis/`. Note that the link
+should be to the package name, not the directory name for that package.
 
 You may also shortcut the two steps in one.  For example, to do the
 above use-case in a shorter way:
@@ -69,15 +72,33 @@ npm link redis
 That is, it first creates a global link, and then links the global
 installation target into your project's `node_modules` folder.
 
-Note that in this case, you are referring to the directory name, `node-redis`,
-rather than the package name `redis`.
+Note that in this case, you are referring to the directory name,
+`node-redis`, rather than the package name `redis`.
 
-If your linked package is scoped (see [`scope`](/using-npm/scope)) your link command must include that scope, e.g.
+If your linked package is scoped (see [`scope`](/using-npm/scope)) your
+link command must include that scope, e.g.
 
 ```bash
 npm link @myorg/privatepackage
 ```
 
+### Caveat
+
+Note that package dependencies linked in this way are _not_ saved to
+`package.json` by default, on the assumption that the intention is to have
+a link stand in for a regular non-link dependency.  Otherwise, for example,
+if you depend on `redis@^3.0.1`, and ran `npm link redis`, it would replace
+the `^3.0.1` dependency with `file:../path/to/node-redis`, which you
+probably don't want!  Additionally, other users or developers on your
+project would run into issues if they do not have their folders set up
+exactly the same as yours.
+
+If you are adding a _new_ dependency as a link, you should add it to the
+relevant metadata by running `npm install <dep> --package-lock-only`.
+
+If you _want_ to save the `file:` reference in your `package.json` and
+`package-lock.json` files, you can use `npm link <dep> --save` to do so.
+
 ### See Also
 
 * [npm developers](/using-npm/developers)
diff --git a/deps/npm/docs/content/commands/npm-logout.md b/deps/npm/docs/content/commands/npm-logout.md
index b1f344af57..7fa858a999 100644
--- a/deps/npm/docs/content/commands/npm-logout.md
+++ b/deps/npm/docs/content/commands/npm-logout.md
@@ -12,13 +12,13 @@ npm logout [--registry=<url>] [--scope=<@scope>]
 
 ### Description
 
-When logged into a registry that supports token-based authentication, tell the
-server to end this token's session. This will invalidate the token everywhere
-you're using it, not just for the current environment.
+When logged into a registry that supports token-based authentication, tell
+the server to end this token's session. This will invalidate the token
+everywhere you're using it, not just for the current environment.
 
-When logged into a legacy registry that uses username and password authentication, this will
-clear the credentials in your user configuration. In this case, it will _only_ affect
-the current environment.
+When logged into a legacy registry that uses username and password
+authentication, this will clear the credentials in your user configuration.
+In this case, it will _only_ affect the current environment.
 
 If `--scope` is provided, this will find the credentials for the registry
 connected to that scope, if set.
diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md
index c6e2af3314..54787bd638 100644
--- a/deps/npm/docs/content/commands/npm-ls.md
+++ b/deps/npm/docs/content/commands/npm-ls.md
@@ -15,17 +15,21 @@ aliases: list, la, ll
 ### Description
 
 This command will print to stdout all the versions of packages that are
-installed, as well as their dependencies, in a tree-structure.
+installed, as well as their dependencies when `--all` is specified, in a
+tree structure.
 
-Positional arguments are `name@version-range` identifiers, which will
-limit the results to only the paths to the packages named.  Note that
-nested packages will *also* show the paths to the specified packages.
-For example, running `npm ls promzard` in npm's source tree will show:
+Note: to get a "bottoms up" view of why a given package is included in the
+tree at all, use [`npm explain`](/commands/npm-explain).
+
+Positional arguments are `name@version-range` identifiers, which will limit
+the results to only the paths to the packages named.  Note that nested
+packages will *also* show the paths to the specified packages.  For
+example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-    npm@@VERSION@ /path/to/npm
-    └─┬ init-package-json@0.0.4
-      └── promzard@0.1.5
+npm@@VERSION@ /path/to/npm
+└─┬ init-package-json@0.0.4
+  └── promzard@0.1.5
 ```
 
 It will print out extraneous, missing, and invalid packages.
@@ -35,12 +39,49 @@ in parentheses after the name@version to make it easier for users to
 recognize potential forks of a project.
 
 The tree shown is the logical dependency tree, based on package
-dependencies, not the physical layout of your node_modules folder.
+dependencies, not the physical layout of your `node_modules` folder.
 
 When run as `ll` or `la`, it shows extended information by default.
 
+### Note: Design Changes Pending
+
+The `npm ls` command's output and behavior made a _ton_ of sense when npm
+created a `node_modules` folder that naively nested every dependency.  In
+such a case, the logical dependency graph and physical tree of packages on
+disk would be roughly identical.
+
+With the advent of automatic install-time deduplication of dependencies in
+npm v3, the `ls` output was modified to display the logical dependency
+graph as a tree structure, since this was more useful to most users.
+However, without using `npm ls -l`, it became impossible show _where_ a
+package was actually installed much of the time!
+
+With the advent of automatic installation of `peerDependencies` in npm v7,
+this gets even more curious, as `peerDependencies` are logically
+"underneath" their dependents in the dependency graph, but are always
+physically at or above their location on disk.
+
+Also, in the years since npm got an `ls` command (in version 0.0.2!),
+dependency graphs have gotten much larger as a general rule.  Therefor, in
+order to avoid dumping an excessive amount of content to the terminal, `npm
+ls` now only shows the _top_ level dependencies, unless `--all` is
+provided.
+
+A thorough re-examination of the use cases, intention, behavior, and output
+of this command, is currently underway.  Expect significant changes to at
+least the default human-readable `npm ls` output in npm v8.
+
 ### Configuration
 
+#### all
+
+* Default: `false`
+* Type: Boolean
+
+When running `npm outdated` and `npm ls`, setting `--all` will show all
+outdated or installed packages, rather than only those directly depended
+upon by the current project.
+
 #### json
 
 * Default: false
@@ -115,6 +156,7 @@ Set it to false in order to use all-ansi output.
 
 ### See Also
 
+* [npm explain](/commands/npm-explain)
 * [npm config](/commands/npm-config)
 * [npmrc](/configuring-npm/npmrc)
 * [npm folders](/configuring-npm/folders)
diff --git a/deps/npm/docs/content/commands/npm-org.md b/deps/npm/docs/content/commands/npm-org.md
index 2f3c6b4808..18047d109c 100644
--- a/deps/npm/docs/content/commands/npm-org.md
+++ b/deps/npm/docs/content/commands/npm-org.md
@@ -52,10 +52,11 @@ $ npm org ls my-org @mx-santos
 
 ### Description
 
-You can use the `npm org` commands to manage and view users of an organization.
-It supports adding and removing users, changing their roles, listing them, and
-finding specific ones and their roles.
+You can use the `npm org` commands to manage and view users of an
+organization.  It supports adding and removing users, changing their roles,
+listing them, and finding specific ones and their roles.
 
 ### See Also
 
+* [using orgs](/using-npm/orgs)
 * [Documentation on npm Orgs](https://docs.npmjs.com/orgs/)
diff --git a/deps/npm/docs/content/commands/npm-outdated.md b/deps/npm/docs/content/commands/npm-outdated.md
index 01ad780867..ee1157f332 100644
--- a/deps/npm/docs/content/commands/npm-outdated.md
+++ b/deps/npm/docs/content/commands/npm-outdated.md
@@ -15,25 +15,34 @@ npm outdated [[<@scope>/]<pkg> ...]
 This command will check the registry to see if any (or, specific) installed
 packages are currently outdated.
 
+By default, only the direct dependencies of the root project are shown.
+Use `--all` to find all outdated meta-dependencies as well.
+
 In the output:
 
 * `wanted` is the maximum version of the package that satisfies the semver
-  range specified in `package.json`. If there's no available semver range (i.e.
-  you're running `npm outdated --global`, or the package isn't included in
-  `package.json`), then `wanted` shows the currently-installed version.
+  range specified in `package.json`. If there's no available semver range
+  (i.e.  you're running `npm outdated --global`, or the package isn't
+  included in `package.json`), then `wanted` shows the currently-installed
+  version.
 * `latest` is the version of the package tagged as latest in the registry.
-  Running `npm publish` with no special configuration will publish the package
-  with a dist-tag of `latest`. This may or may not be the maximum version of
-  the package, or the most-recently published version of the package, depending
-  on how the package's developer manages the latest [dist-tag](npm-dist-tag).
+  Running `npm publish` with no special configuration will publish the
+  package with a dist-tag of `latest`. This may or may not be the maximum
+  version of the package, or the most-recently published version of the
+  package, depending on how the package's developer manages the latest
+  [dist-tag](/commands/npm-dist-tag).
 * `location` is where in the physical tree the package is located.
 * `depended by` shows which package depends on the displayed dependency
-* `package type` (when using `--long` / `-l`) tells you whether this package is
-  a `dependency` or a dev/peer/optional dependency. Packages not included in `package.json`
-  are always marked `dependencies`.
-* `homepage` (when using `--long` / `-l`) is the `homepage` value contained in the package's packument
-* Red means there's a newer version matching your semver requirements, so you should update now.
-* Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0.x minor) so proceed with caution.
+* `package type` (when using `--long` / `-l`) tells you whether this
+  package is a `dependency` or a dev/peer/optional dependency. Packages not
+  included in `package.json` are always marked `dependencies`.
+* `homepage` (when using `--long` / `-l`) is the `homepage` value contained
+  in the package's packument
+* Red means there's a newer version matching your semver requirements, so
+  you should update now.
+* Yellow indicates that there's a newer version _above_ your semver
+  requirements (usually new major, or new 0.x minor) so proceed with
+  caution.
 
 ### An example
 
@@ -59,19 +68,20 @@ With these `dependencies`:
 
 A few things to note:
 
-* `glob` requires `^5`, which prevents npm from installing `glob@6`, which is
-  outside the semver range.
-* Git dependencies will always be reinstalled, because of how they're specified.
-  The installed committish might satisfy the dependency specifier (if it's
-  something immutable, like a commit SHA), or it might not, so `npm outdated` and
-  `npm update` have to fetch Git repos to check. This is why currently doing a
-  reinstall of a Git dependency always forces a new clone and install.
-* `npm@3.5.2` is marked as "wanted", but "latest" is `npm@3.5.1` because npm
-  uses dist-tags to manage its `latest` and `next` release channels. `npm update`
-  will install the _newest_ version, but `npm install npm` (with no semver range)
-  will install whatever's tagged as `latest`.
-* `once` is just plain out of date. Reinstalling `node_modules` from scratch or
-  running `npm update` will bring it up to spec.
+* `glob` requires `^5`, which prevents npm from installing `glob@6`, which
+  is outside the semver range.
+* Git dependencies will always be reinstalled, because of how they're
+  specified.  The installed committish might satisfy the dependency
+  specifier (if it's something immutable, like a commit SHA), or it might
+  not, so `npm outdated` and `npm update` have to fetch Git repos to check.
+  This is why currently doing a reinstall of a Git dependency always forces
+  a new clone and install.
+* `npm@3.5.2` is marked as "wanted", but "latest" is `npm@3.5.1` because
+  npm uses dist-tags to manage its `latest` and `next` release channels.
+  `npm update` will install the _newest_ version, but `npm install npm`
+  (with no semver range) will install whatever's tagged as `latest`.
+* `once` is just plain out of date. Reinstalling `node_modules` from
+  scratch or running `npm update` will bring it up to spec.
 
 ### Configuration
 
diff --git a/deps/npm/docs/content/commands/npm-owner.md b/deps/npm/docs/content/commands/npm-owner.md
index 3c984ebd85..6479f3bdd1 100644
--- a/deps/npm/docs/content/commands/npm-owner.md
+++ b/deps/npm/docs/content/commands/npm-owner.md
@@ -18,26 +18,24 @@ aliases: author
 
 Manage ownership of published packages.
 
-* ls:
-  List all the users who have access to modify a package and push new versions.
-  Handy when you need to know who to bug for help.
-* add:
-  Add a new user as a maintainer of a package.  This user is enabled to modify
-  metadata, publish new versions, and add other owners.
-* rm:
-  Remove a user from the package owner list.  This immediately revokes their
-  privileges.
+* ls: List all the users who have access to modify a package and push new
+  versions.  Handy when you need to know who to bug for help.
+* add: Add a new user as a maintainer of a package.  This user is enabled
+  to modify metadata, publish new versions, and add other owners.
+* rm: Remove a user from the package owner list.  This immediately revokes
+  their privileges.
 
 Note that there is only one level of access.  Either you can modify a package,
 or you can't.  Future versions may contain more fine-grained access levels, but
 that is not implemented at this time.
 
-If you have two-factor authentication enabled with `auth-and-writes` then
-you'll need to include an otp on the command line when changing ownership
-with `--otp`.
+If you have two-factor authentication enabled with `auth-and-writes` (see
+[`npm-profile`](/commands/npm-profile)) then you'll need to include an otp
+on the command line when changing ownership with `--otp`.
 
 ### See Also
 
+* [npm profile](/commands/npm-profile)
 * [npm publish](/commands/npm-publish)
 * [npm registry](/using-npm/registry)
 * [npm adduser](/commands/npm-adduser)
diff --git a/deps/npm/docs/content/commands/npm-pack.md b/deps/npm/docs/content/commands/npm-pack.md
index adb5d30832..cc6b669efb 100644
--- a/deps/npm/docs/content/commands/npm-pack.md
+++ b/deps/npm/docs/content/commands/npm-pack.md
@@ -13,10 +13,10 @@ npm pack [[<@scope>/]<pkg>...] [--dry-run]
 ### Description
 
 For anything that's installable (that is, a package folder, tarball,
-tarball url, name@tag, name@version, name, or scoped name), this
-command will fetch it to the cache, and then copy the tarball to the
-current working directory as `<name>-<version>.tgz`, and then write
-the filenames out to stdout.
+tarball url, git url, name@tag, name@version, name, or scoped name), this
+command will fetch it to the cache, copy the tarball to the current working
+directory as `<name>-<version>.tgz`, and then write the filenames out to
+stdout.
 
 If the same package is specified multiple times, then the file will be
 overwritten the second time.
@@ -24,10 +24,12 @@ overwritten the second time.
 If no arguments are supplied, then npm packs the current package folder.
 
 The `--dry-run` argument will do everything that pack usually does without
-actually packing anything. Reports on what would have gone into the tarball.
+actually packing anything.  That is, it reports on what would have gone
+into the tarball, but nothing else.
 
 ### See Also
 
+* [npm-packlist package](http://npm.im/npm-packlist)
 * [npm cache](/commands/npm-cache)
 * [npm publish](/commands/npm-publish)
 * [npm config](/commands/npm-config)
diff --git a/deps/npm/docs/content/commands/npm-ping.md b/deps/npm/docs/content/commands/npm-ping.md
index bc2233da74..8de06aa184 100644
--- a/deps/npm/docs/content/commands/npm-ping.md
+++ b/deps/npm/docs/content/commands/npm-ping.md
@@ -25,5 +25,6 @@ Ping error: {*Detail about error}
 
 ### See Also
 
+* [npm doctor](/commands/npm-doctor)
 * [npm config](/commands/npm-config)
 * [npmrc](/configuring-npm/npmrc)
diff --git a/deps/npm/docs/content/commands/npm-profile.md b/deps/npm/docs/content/commands/npm-profile.md
index d44c994167..88edf26d87 100644
--- a/deps/npm/docs/content/commands/npm-profile.md
+++ b/deps/npm/docs/content/commands/npm-profile.md
@@ -16,12 +16,12 @@ npm profile disable-2fa
 
 ### Description
 
-Change your profile information on the registry.  This not be available if
-you're using a non-npmjs registry.
+Change your profile information on the registry.  Note that this command
+depends on the registry implementation, so third-party registries may not
+support this interface.
 
-* `npm profile get [<property>]`:
-  Display all of the properties of your profile, or one or more specific
-  properties.  It looks like:
+* `npm profile get [<property>]`: Display all of the properties of your
+  profile, or one or more specific properties.  It looks like:
 
 ```bash
 +-----------------+---------------------------+
@@ -46,27 +46,26 @@ you're using a non-npmjs registry.
 | updated         | 2017-10-02T21:29:45.922Z  |
 +-----------------+---------------------------+
 ```
-  
-* `npm profile set <property> <value>`:
-  Set the value of a profile property. You can set the following properties this way:
-    email, fullname, homepage, freenode, twitter, github
 
-* `npm profile set password`:
-  Change your password.  This is interactive, you'll be prompted for your
-  current password and a new password.  You'll also be prompted for an OTP
-  if you have two-factor authentication enabled.
+* `npm profile set <property> <value>`: Set the value of a profile
+  property. You can set the following properties this way: email, fullname,
+  homepage, freenode, twitter, github
 
-* `npm profile enable-2fa [auth-and-writes|auth-only]`:
-  Enables two-factor authentication. Defaults to `auth-and-writes` mode. Modes are:
+* `npm profile set password`: Change your password.  This is interactive,
+  you'll be prompted for your current password and a new password.  You'll
+  also be prompted for an OTP if you have two-factor authentication
+  enabled.
+
+* `npm profile enable-2fa [auth-and-writes|auth-only]`: Enables two-factor
+  authentication. Defaults to `auth-and-writes` mode. Modes are:
   * `auth-only`: Require an OTP when logging in or making changes to your
     account's authentication.  The OTP will be required on both the website
     and the command line.
-  * `auth-and-writes`: Requires an OTP at all the times `auth-only` does, and also requires one when
-    publishing a module, setting the `latest` dist-tag, or changing access
-    via `npm access` and `npm owner`.
+  * `auth-and-writes`: Requires an OTP at all the times `auth-only` does,
+    and also requires one when publishing a module, setting the `latest`
+    dist-tag, or changing access via `npm access` and `npm owner`.
 
-* `npm profile disable-2fa`:
-  Disables two-factor authentication.
+* `npm profile disable-2fa`: Disables two-factor authentication.
 
 ### Details
 
@@ -76,4 +75,6 @@ available on non npmjs.com registries.
 
 ### See Also
 
+* [npm adduser](/commands/npm-adduser)
+* [npm logout](/commands/npm-logout)
 * [npm config](/commands/npm-config)
diff --git a/deps/npm/docs/content/commands/npm-prune.md b/deps/npm/docs/content/commands/npm-prune.md
index 1a100e9d88..088c1c3470 100644
--- a/deps/npm/docs/content/commands/npm-prune.md
+++ b/deps/npm/docs/content/commands/npm-prune.md
@@ -12,29 +12,26 @@ npm prune [[<@scope>/]<pkg>...] [--production] [--dry-run] [--json]
 
 ### Description
 
-This command removes "extraneous" packages.  If a package name is
-provided, then only packages matching one of the supplied names are
-removed.
+This command removes "extraneous" packages.  If a package name is provided,
+then only packages matching one of the supplied names are removed.
 
-Extraneous packages are packages that are not listed on the parent
-package's dependencies list.
+Extraneous packages are those present in the `node_modules` folder that are
+not listed as any package's dependency list.
 
 If the `--production` flag is specified or the `NODE_ENV` environment
 variable is set to `production`, this command will remove the packages
-specified in your `devDependencies`. Setting `--no-production` will
-negate `NODE_ENV` being set to `production`.
+specified in your `devDependencies`. Setting `--no-production` will negate
+`NODE_ENV` being set to `production`.
 
 If the `--dry-run` flag is used then no changes will actually be made.
 
-If the `--json` flag is used then the changes `npm prune` made (or would
+If the `--json` flag is used, then the changes `npm prune` made (or would
 have made with `--dry-run`) are printed as a JSON object.
 
-In normal operation with package-locks enabled, extraneous modules are
-pruned automatically when modules are installed and you'll only need
-this command with the `--production` flag.
-
-If you've disabled package-locks then extraneous modules will not be removed
-and it's up to you to run `npm prune` from time-to-time to remove them.
+In normal operation, extraneous modules are pruned automatically, so you'll
+only need this command with the `--production` flag.  However, in the real
+world, operation is not always "normal".  When crashes or mistakes happen,
+this command can help clean up any resulting garbage.
 
 ### See Also
 
diff --git a/deps/npm/docs/content/commands/npm-publish.md b/deps/npm/docs/content/commands/npm-publish.md
index 3dcdc6f302..fc13e67222 100644
--- a/deps/npm/docs/content/commands/npm-publish.md
+++ b/deps/npm/docs/content/commands/npm-publish.md
@@ -15,59 +15,91 @@ Sets tag 'latest' if no --tag specified
 
 ### Description
 
-Publishes a package to the registry so that it can be installed by name. All
-files in the package directory are included if no local `.gitignore` or
-`.npmignore` file exists. If both files exist and a file is ignored by
-`.gitignore` but not by `.npmignore` then it will be included.  See
-[`developers`](/using-npm/developers) for full details on what's included in the published package, as well as details on how the package is built.
+Publishes a package to the registry so that it can be installed by name.
 
-By default npm will publish to the public registry. This can be overridden by
-specifying a different default registry or using a [`scope`](/using-npm/scope) in the name (see [`package.json`](/configuring-npm/package-json)).
+By default npm will publish to the public registry. This can be overridden
+by specifying a different default registry or using a
+[`scope`](/using-npm/scope) in the name (see
+[`package.json`](/configuring-npm/package-json)).
 
-* `<folder>`:
-  A folder containing a package.json file
+* `<folder>`: A folder containing a package.json file
 
-* `<tarball>`:
-  A url or file path to a gzipped tar archive containing a single folder
-  with a package.json file inside.
+* `<tarball>`: A url or file path to a gzipped tar archive containing a
+  single folder with a package.json file inside.
 
-* `[--tag <tag>]`
-  Registers the published package with the given tag, such that
-  `npm install <name>@<tag>` will install this version.  By default,
+* `[--tag <tag>]`: Registers the published package with the given tag, such
+  that `npm install <name>@<tag>` will install this version.  By default,
   `npm publish` updates and `npm install` installs the `latest` tag. See
   [`npm-dist-tag`](npm-dist-tag) for details about tags.
 
-* `[--access <public|restricted>]`
-  Tells the registry whether this package should be published as public or
-  restricted. Only applies to scoped packages, which default to `restricted`.
-  If you don't have a paid account, you must publish with `--access public`
-  to publish scoped packages.
+* `[--access <public|restricted>]`: Tells the registry whether this package
+  should be published as public or restricted. Only applies to scoped
+  packages, which default to `restricted`.  If you don't have a paid
+  account, you must publish with `--access public` to publish scoped
+  packages.
 
-* `[--otp <otpcode>]`
-  If you have two-factor authentication enabled in `auth-and-writes` mode
-  then you can provide a code from your authenticator with this. If you
-  don't include this and you're running from a TTY then you'll be prompted.
+* `[--otp <otpcode>]`: If you have two-factor authentication enabled in
+  `auth-and-writes` mode then you can provide a code from your
+  authenticator with this. If you don't include this and you're running
+  from a TTY then you'll be prompted.
 
-* `[--dry-run]`
-  As of `npm@6`, does everything publish would do except actually publishing
-  to the registry. Reports the details of what would have been published.
+* `[--dry-run]`: As of `npm@6`, does everything publish would do except
+  actually publishing to the registry. Reports the details of what would
+  have been published.
 
-Fails if the package name and version combination already exists in
-the specified registry.
+The publish will fail if the package name and version combination already
+exists in the specified registry.
 
-Once a package is published with a given name and version, that
-specific name and version combination can never be used again, even if
-it is removed with [`npm unpublish`](/commands/npm-unpublish).
+Once a package is published with a given name and version, that specific
+name and version combination can never be used again, even if it is removed
+with [`npm unpublish`](/commands/npm-unpublish).
 
 As of `npm@5`, both a sha1sum and an integrity field with a sha512sum of the
 tarball will be submitted to the registry during publication. Subsequent
 installs will use the strongest supported algorithm to verify downloads.
 
-Similar to `--dry-run` see [`npm pack`](/commands/npm-pack), which figures out the files to be
-included and packs them into a tarball to be uploaded to the registry.
+Similar to `--dry-run` see [`npm pack`](/commands/npm-pack), which figures
+out the files to be included and packs them into a tarball to be uploaded
+to the registry.
+
+### Files included in package
+
+To see what will be included in your package, run `npx npm-packlist`.  All
+files are included by default, with the following exceptions:
+
+- Certain files that are relevant to package installation and distribution
+  are always included.  For example, `package.json`, `README.md`,
+  `LICENSE`, and so on.
+
+- If there is a "files" list in
+  [`package.json`](/configuring-npm/package-json), then only the files
+  specified will be included.  (If directories are specified, then they
+  will be walked recursively and their contents included, subject to the
+  same ignore rules.)
+
+- If there is a `.gitignore` or `.npmignore` file, then ignored files in
+  that and all child directories will be excluded from the package.  If
+  _both_ files exist, then the `.gitignore` is ignored, and only the
+  `.npmignore` is used.
+
+  `.npmignore` files follow the [same pattern
+  rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring)
+  as `.gitignore` files
+
+- If the file matches certain patterns, then it will _never_ be included,
+  unless explicitly added to the `"files"` list in `package.json`, or
+  un-ignored with a `!` rule in a `.npmignore` or `.gitignore` file.
+
+- Symbolic links are never included in npm packages.
+
+
+See [`developers`](/using-npm/developers) for full details on what's
+included in the published package, as well as details on how the package is
+built.
 
 ### See Also
 
+* [npm-packlist package](http://npm.im/npm-packlist)
 * [npm registry](/using-npm/registry)
 * [npm scope](/using-npm/scope)
 * [npm adduser](/commands/npm-adduser)
diff --git a/deps/npm/docs/content/commands/npm-rebuild.md b/deps/npm/docs/content/commands/npm-rebuild.md
index 5b6b816f68..0a7ade6b16 100644
--- a/deps/npm/docs/content/commands/npm-rebuild.md
+++ b/deps/npm/docs/content/commands/npm-rebuild.md
@@ -7,16 +7,23 @@ description: Rebuild a package
 ### Synopsis
 
 ```bash
-npm rebuild [[<@scope>/<name>]...]
+npm rebuild [[<@scope>/]<name>[@<version>] ...]
 
-alias: npm rb
+alias: rb
 ```
 
 ### Description
 
-This command runs the `npm build` command on the matched folders.  This is useful when you install a new version of node, and must recompile all your C++ addons with the new binary.
+This command runs the `npm build` command on the matched folders.  This is
+useful when you install a new version of node, and must recompile all your
+C++ addons with the new binary.  It is also useful when installing with
+`--ignore-scripts` and `--no-bin-links`, to explicitly choose which
+packages to build and/or link bins.
+
+If one or more package names (and optionally version ranges) are provided,
+then only packages with a name and version matching one of the specifiers
+will be rebuilt.
 
 ### See Also
 
-* [npm build](/commands/npm-build)
 * [npm install](/commands/npm-install)
diff --git a/deps/npm/docs/content/commands/npm-repo.md b/deps/npm/docs/content/commands/npm-repo.md
index c6fdf36f1d..670345bece 100644
--- a/deps/npm/docs/content/commands/npm-repo.md
+++ b/deps/npm/docs/content/commands/npm-repo.md
@@ -13,9 +13,9 @@ npm repo [<pkgname> [<pkgname> ...]]
 ### Description
 
 This command tries to guess at the likely location of a package's
-repository URL, and then tries to open it using the `--browser`
-config param. If no package name is provided, it will search for
-a `package.json` in the current folder and use the `name` property.
+repository URL, and then tries to open it using the `--browser` config
+param. If no package name is provided, it will search for a `package.json`
+in the current folder and use the `repository` property.
 
 ### Configuration
 
diff --git a/deps/npm/docs/content/commands/npm-restart.md b/deps/npm/docs/content/commands/npm-restart.md
index a80c54273d..097c9fee7c 100644
--- a/deps/npm/docs/content/commands/npm-restart.md
+++ b/deps/npm/docs/content/commands/npm-restart.md
@@ -12,29 +12,28 @@ npm restart [-- <args>]
 
 ### Description
 
-This restarts a package.
+This restarts a project.  It is equivalent to running `npm run-script
+restart`.
 
-This runs a package's "stop", "restart", and "start" scripts, and associated
-pre- and post- scripts, in the order given below:
+If the current project has a `"restart"` script specified in
+`package.json`, then the following scripts will be run:
+
+1. prerestart
+2. restart
+3. postrestart
+
+If it does _not_ have a `"restart"` script specified, but it does have
+`stop` and/or `start` scripts, then the following scripts will be run:
 
 1. prerestart
 2. prestop
 3. stop
 4. poststop
-5. restart
 6. prestart
 7. start
 8. poststart
 9. postrestart
 
-### Note
-
-Note that the "restart" script is run **in addition to** the "stop"
-and "start" scripts, not instead of them.
-
-This is the behavior as of `npm` major version 2.  A change in this
-behavior will be accompanied by an increase in major version number
-
 ### See Also
 
 * [npm run-script](/commands/npm-run-script)
diff --git a/deps/npm/docs/content/commands/npm-root.md b/deps/npm/docs/content/commands/npm-root.md
index 317ef9d85a..0d694ac876 100644
--- a/deps/npm/docs/content/commands/npm-root.md
+++ b/deps/npm/docs/content/commands/npm-root.md
@@ -5,6 +5,7 @@ description: Display npm root
 ---
 
 ### Synopsis
+
 ```bash
 npm root [-g]
 ```
@@ -13,6 +14,15 @@ npm root [-g]
 
 Print the effective `node_modules` folder to standard out.
 
+Useful for using npm in shell scripts that do things with the
+`node_modules` folder.  For example:
+
+```bash
+#!/bin/bash
+global_node_modules="$(npm root --global)"
+echo "Global packages installed in: ${global_node_modules}"
+```
+
 ### See Also
 
 * [npm prefix](/commands/npm-prefix)
diff --git a/deps/npm/docs/content/commands/npm-run-script.md b/deps/npm/docs/content/commands/npm-run-script.md
index 06b6e9383e..05f6380c2b 100644
--- a/deps/npm/docs/content/commands/npm-run-script.md
+++ b/deps/npm/docs/content/commands/npm-run-script.md
@@ -7,23 +7,25 @@ description: Run arbitrary package scripts
 ### Synopsis
 
 ```bash
-npm run-script <command> [--silent] [-- <args>...]
+npm run-script <command> [--if-present] [--silent] [-- <args>]
 
-alias: npm run
+aliases: run, rum, urn
 ```
 
 ### Description
 
 This runs an arbitrary command from a package's `"scripts"` object.  If no
-`"command"` is provided, it will list the available scripts.  `run[-script]` is
-used by the test, start, restart, and stop commands, but can be called
-directly, as well. When the scripts in the package are printed out, they're
-separated into lifecycle (test, start, restart) and directly-run scripts.
+`"command"` is provided, it will list the available scripts.
 
-As of [`npm@2.0.0`](https://blog.npmjs.org/post/98131109725/npm-2-0-0), you can
-use custom arguments when executing scripts. The special option `--` is used by
-[getopt](https://goo.gl/KxMmtG) to delimit the end of the options. npm will pass
-all the arguments after the `--` directly to your script:
+`run[-script]` is used by the test, start, restart, and stop commands, but
+can be called directly, as well. When the scripts in the package are
+printed out, they're separated into lifecycle (test, start, restart) and
+directly-run scripts.
+
+Any positional arguments are passed to the specified script.  Use `--` to
+pass `-`-prefixed flags and options which would otherwise be parsed by npm.
+
+For example:
 
 ```bash
 npm run test -- --grep="pattern"
@@ -38,31 +40,28 @@ environment variables that will be available to the script at runtime. If an
 built-in.
 
 In addition to the shell's pre-existing `PATH`, `npm run` adds
-`node_modules/.bin` to the `PATH` provided to scripts. Any binaries provided by
-locally-installed dependencies can be used without the `node_modules/.bin`
-prefix. For example, if there is a `devDependency` on `tap` in your package,
-you should write:
+`node_modules/.bin` to the `PATH` provided to scripts. Any binaries
+provided by locally-installed dependencies can be used without the
+`node_modules/.bin` prefix. For example, if there is a `devDependency` on
+`tap` in your package, you should write:
 
 ```bash
-"scripts": {"test": "tap test/\*.js"}
+"scripts": {"test": "tap test/*.js"}
 ```
 
 instead of
 
 ```bash
-"scripts": {"test": "node_modules/.bin/tap test/\*.js"}
+"scripts": {"test": "node_modules/.bin/tap test/*.js"}
 ```
 
-to run your tests.
-
 The actual shell your script is run within is platform dependent. By default,
 on Unix-like systems it is the `/bin/sh` command, on Windows it is the `cmd.exe`.
 The actual shell referred to by `/bin/sh` also depends on the system.
-As of [`npm@5.1.0`](https://github.com/npm/npm/releases/tag/v5.1.0) you can
-customize the shell with the `script-shell` configuration.
+You can customize the shell with the `script-shell` configuration.
 
-Scripts are run from the root of the module, regardless of what your current
-working directory is when you call `npm run`. If you want your script to
+Scripts are run from the root of the module, regardless of what the current
+working directory is when `npm run` is called. If you want your script to
 use different behavior based on what subdirectory you're in, you can use the
 `INIT_CWD` environment variable, which holds the full path you were in when
 you ran `npm run`.
diff --git a/deps/npm/docs/content/commands/npm-unstar.md b/deps/npm/docs/content/commands/npm-unstar.md
index 632b1b5e33..5471d90800 100644
--- a/deps/npm/docs/content/commands/npm-unstar.md
+++ b/deps/npm/docs/content/commands/npm-unstar.md
@@ -34,3 +34,4 @@ You can see all your starred packages using [`npm stars`](/commands/npm-stars)
 * [npm view](/commands/npm-view)
 * [npm whoami](/commands/npm-whoami)
 * [npm adduser](/commands/npm-adduser)
+
diff --git a/deps/npm/docs/content/using-npm/developers.md b/deps/npm/docs/content/using-npm/developers.md
index 7e47b76f65..bce615cfeb 100644
--- a/deps/npm/docs/content/using-npm/developers.md
+++ b/deps/npm/docs/content/using-npm/developers.md
@@ -47,69 +47,64 @@ git+https://user@hostname/project/blah.git#commit-ish
 ```
 
 The `commit-ish` can be any tag, sha, or branch which can be supplied as
-an argument to `git checkout`.  The default is `master`.
+an argument to `git checkout`.  The default is whatever the repository uses
+as its default branch.
 
 ### The package.json File
 
 You need to have a `package.json` file in the root of your project to do
 much of anything with npm.  That is basically the whole interface.
 
-See [`package.json`](/configuring-npm/package-json) for details about what goes in that file.  At the very
-least, you need:
+See [`package.json`](/configuring-npm/package-json) for details about what
+goes in that file.  At the very least, you need:
 
-* name:
-  This should be a string that identifies your project.  Please do not
-  use the name to specify that it runs on node, or is in JavaScript.
-  You can use the "engines" field to explicitly state the versions of
-  node (or whatever else) that your program requires, and it's pretty
-  well assumed that it's JavaScript.
+* name: This should be a string that identifies your project.  Please do
+  not use the name to specify that it runs on node, or is in JavaScript.
+  You can use the "engines" field to explicitly state the versions of node
+  (or whatever else) that your program requires, and it's pretty well
+  assumed that it's JavaScript.
 
   It does not necessarily need to match your github repository name.
 
   So, `node-foo` and `bar-js` are bad names.  `foo` or `bar` are better.
 
-* version:
-  A semver-compatible version.
+* version: A semver-compatible version.
 
-* engines:
-  Specify the versions of node (or whatever else) that your program
-  runs on.  The node API changes a lot, and there may be bugs or new
-  functionality that you depend on.  Be explicit.
+* engines: Specify the versions of node (or whatever else) that your
+  program runs on.  The node API changes a lot, and there may be bugs or
+  new functionality that you depend on.  Be explicit.
 
-* author:
-  Take some credit.
+* author: Take some credit.
 
-* scripts:
-  If you have a special compilation or installation script, then you
-  should put it in the `scripts` object.  You should definitely have at
-  least a basic smoke-test command as the "scripts.test" field.
-  See [scripts](/using-npm/scripts).
+* scripts: If you have a special compilation or installation script, then
+  you should put it in the `scripts` object.  You should definitely have at
+  least a basic smoke-test command as the "scripts.test" field.  See
+  [scripts](/using-npm/scripts).
 
-* main:
-  If you have a single module that serves as the entry point to your
-  program (like what the "foo" package gives you at require("foo")),
-  then you need to specify that in the "main" field.
+* main: If you have a single module that serves as the entry point to your
+  program (like what the "foo" package gives you at require("foo")), then
+  you need to specify that in the "main" field.
 
-* directories:
-  This is an object mapping names to folders.  The best ones to include are
-  "lib" and "doc", but if you use "man" to specify a folder full of man pages,
-  they'll get installed just like these ones.
+* directories: This is an object mapping names to folders.  The best ones
+  to include are "lib" and "doc", but if you use "man" to specify a folder
+  full of man pages, they'll get installed just like these ones.
 
 You can use `npm init` in the root of your package in order to get you
-started with a pretty basic package.json file.  See
-[`npm init`](/commands/npm-init) for more info.
+started with a pretty basic package.json file.  See [`npm
+init`](/commands/npm-init) for more info.
 
 ### Keeping files *out* of your package
 
-Use a `.npmignore` file to keep stuff out of your package.  If there's
-no `.npmignore` file, but there *is* a `.gitignore` file, then npm will
-ignore the stuff matched by the `.gitignore` file.  If you *want* to
-include something that is excluded by your `.gitignore` file, you can
-create an empty `.npmignore` file to override it. Like `git`, `npm` looks
-for `.npmignore` and `.gitignore` files in all subdirectories of your
-package, not only the root directory.
+Use a `.npmignore` file to keep stuff out of your package.  If there's no
+`.npmignore` file, but there *is* a `.gitignore` file, then npm will ignore
+the stuff matched by the `.gitignore` file.  If you *want* to include
+something that is excluded by your `.gitignore` file, you can create an
+empty `.npmignore` file to override it. Like `git`, `npm` looks for
+`.npmignore` and `.gitignore` files in all subdirectories of your package,
+not only the root directory.
 
-`.npmignore` files follow the [same pattern rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring)
+`.npmignore` files follow the [same pattern
+rules](https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring)
 as `.gitignore` files:
 
 * Blank lines or lines starting with `#` are ignored.
diff --git a/deps/npm/docs/output/commands/npm-explain.html b/deps/npm/docs/output/commands/npm-explain.html
index 5300748574..32fc016025 100644
--- a/deps/npm/docs/output/commands/npm-explain.html
+++ b/deps/npm/docs/output/commands/npm-explain.html
@@ -146,6 +146,8 @@ npm command-line interface
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
 <pre lang="bash"><code>npm explain &lt;folder | specifier&gt;
+
+alias: why
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This command will print the chain of dependencies causing a given package
diff --git a/deps/npm/docs/output/commands/npm-link.html b/deps/npm/docs/output/commands/npm-link.html
index b9890bc459..6d26a109a3 100644
--- a/deps/npm/docs/output/commands/npm-link.html
+++ b/deps/npm/docs/output/commands/npm-link.html
@@ -141,7 +141,7 @@ npm command-line interface
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#caveat">Caveat</a></li><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -151,30 +151,34 @@ npm link [&lt;@scope&gt;/]&lt;pkg&gt;[@&lt;version&gt;]
 alias: npm ln
 </code></pre>
 <h3 id="description">Description</h3>
+<p>This is handy for installing your own stuff, so that you can work on it and
+test iteratively without having to continually rebuild.</p>
 <p>Package linking is a two-step process.</p>
-<p>First, <code>npm link</code> in a package folder will create a symlink in the global folder
-<code>{prefix}/lib/node_modules/&lt;package&gt;</code> that links to the package where the <code>npm link</code> command was executed. It will also link any bins in the package to <code>{prefix}/bin/{name}</code>.
-Note that <code>npm link</code> uses the global prefix (see <code>npm prefix -g</code> for its value).</p>
+<p>First, <code>npm link</code> in a package folder will create a symlink in the global
+folder <code>{prefix}/lib/node_modules/&lt;package&gt;</code> that links to the package
+where the <code>npm link</code> command was executed. It will also link any bins in
+the package to <code>{prefix}/bin/{name}</code>.  Note that <code>npm link</code> uses the global
+prefix (see <code>npm prefix -g</code> for its value).</p>
 <p>Next, in some other location, <code>npm link package-name</code> will create a
-symbolic link from globally-installed <code>package-name</code> to <code>node_modules/</code>
-of the current folder.</p>
-<p>Note that <code>package-name</code> is taken from <code>package.json</code>,
-not from directory name.</p>
-<p>The package name can be optionally prefixed with a scope. See <a href="../using-npm/scope.html"><code>scope</code></a>.
-The scope must be preceded by an @-symbol and followed by a slash.</p>
+symbolic link from globally-installed <code>package-name</code> to <code>node_modules/</code> of
+the current folder.</p>
+<p>Note that <code>package-name</code> is taken from <code>package.json</code>, <em>not</em> from the
+directory name.</p>
+<p>The package name can be optionally prefixed with a scope. See
+<a href="../using-npm/scope.html"><code>scope</code></a>.  The scope must be preceded by an @-symbol and
+followed by a slash.</p>
 <p>When creating tarballs for <code>npm publish</code>, the linked packages are
-“snapshotted” to their current state by resolving the symbolic links.</p>
-<p>This is handy for installing your own stuff, so that you can work on it and
-test it iteratively without having to continually rebuild.</p>
+“snapshotted” to their current state by resolving the symbolic links, if
+they are included in <code>bundleDependencies</code>.</p>
 <p>For example:</p>
-<pre lang="bash"><code>    cd ~/projects/node-redis    # go into the package directory
-    npm link                    # creates global link
-    cd ~/projects/node-bloggy   # go into some other package directory.
-    npm link redis              # link-install the package
+<pre lang="bash"><code>cd ~/projects/node-redis    # go into the package directory
+npm link                    # creates global link
+cd ~/projects/node-bloggy   # go into some other package directory.
+npm link redis              # link-install the package
 </code></pre>
-<p>Now, any changes to ~/projects/node-redis will be reflected in
-~/projects/node-bloggy/node_modules/node-redis/. Note that the link should
-be to the package name, not the directory name for that package.</p>
+<p>Now, any changes to <code>~/projects/node-redis</code> will be reflected in
+<code>~/projects/node-bloggy/node_modules/node-redis/</code>. Note that the link
+should be to the package name, not the directory name for that package.</p>
 <p>You may also shortcut the two steps in one.  For example, to do the
 above use-case in a shorter way:</p>
 <pre lang="bash"><code>cd ~/projects/node-bloggy  # go into the dir of your main project
@@ -186,11 +190,25 @@ npm link redis
 </code></pre>
 <p>That is, it first creates a global link, and then links the global
 installation target into your project’s <code>node_modules</code> folder.</p>
-<p>Note that in this case, you are referring to the directory name, <code>node-redis</code>,
-rather than the package name <code>redis</code>.</p>
-<p>If your linked package is scoped (see <a href="../using-npm/scope.html"><code>scope</code></a>) your link command must include that scope, e.g.</p>
+<p>Note that in this case, you are referring to the directory name,
+<code>node-redis</code>, rather than the package name <code>redis</code>.</p>
+<p>If your linked package is scoped (see <a href="../using-npm/scope.html"><code>scope</code></a>) your
+link command must include that scope, e.g.</p>
 <pre lang="bash"><code>npm link @myorg/privatepackage
 </code></pre>
+<h3 id="caveat">Caveat</h3>
+<p>Note that package dependencies linked in this way are <em>not</em> saved to
+<code>package.json</code> by default, on the assumption that the intention is to have
+a link stand in for a regular non-link dependency.  Otherwise, for example,
+if you depend on <code>redis@^3.0.1</code>, and ran <code>npm link redis</code>, it would replace
+the <code>^3.0.1</code> dependency with <code>file:../path/to/node-redis</code>, which you
+probably don’t want!  Additionally, other users or developers on your
+project would run into issues if they do not have their folders set up
+exactly the same as yours.</p>
+<p>If you are adding a <em>new</em> dependency as a link, you should add it to the
+relevant metadata by running <code>npm install &lt;dep&gt; --package-lock-only</code>.</p>
+<p>If you <em>want</em> to save the <code>file:</code> reference in your <code>package.json</code> and
+<code>package-lock.json</code> files, you can use <code>npm link &lt;dep&gt; --save</code> to do so.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
 <li><a href="../using-npm/developers.html">npm developers</a></li>
diff --git a/deps/npm/docs/output/commands/npm-logout.html b/deps/npm/docs/output/commands/npm-logout.html
index 31c6fcff06..02de412c73 100644
--- a/deps/npm/docs/output/commands/npm-logout.html
+++ b/deps/npm/docs/output/commands/npm-logout.html
@@ -148,12 +148,12 @@ npm command-line interface
 <pre lang="bash"><code>npm logout [--registry=&lt;url&gt;] [--scope=&lt;@scope&gt;]
 </code></pre>
 <h3 id="description">Description</h3>
-<p>When logged into a registry that supports token-based authentication, tell the
-server to end this token’s session. This will invalidate the token everywhere
-you’re using it, not just for the current environment.</p>
-<p>When logged into a legacy registry that uses username and password authentication, this will
-clear the credentials in your user configuration. In this case, it will <em>only</em> affect
-the current environment.</p>
+<p>When logged into a registry that supports token-based authentication, tell
+the server to end this token’s session. This will invalidate the token
+everywhere you’re using it, not just for the current environment.</p>
+<p>When logged into a legacy registry that uses username and password
+authentication, this will clear the credentials in your user configuration.
+In this case, it will <em>only</em> affect the current environment.</p>
 <p>If <code>--scope</code> is provided, this will find the credentials for the registry
 connected to that scope, if set.</p>
 <h3 id="configuration">Configuration</h3>
diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html
index edf02aeda7..3963629acc 100644
--- a/deps/npm/docs/output/commands/npm-ls.html
+++ b/deps/npm/docs/output/commands/npm-ls.html
@@ -141,7 +141,7 @@ npm command-line interface
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#json">json</a></li><li><a href="#long">long</a></li><li><a href="#parseable">parseable</a></li><li><a href="#global">global</a></li><li><a href="#depth">depth</a></li><li><a href="#prod--production">prod / production</a></li><li><a href="#dev--development">dev / development</a></li><li><a href="#only">only</a></li><li><a href="#link">link</a></li><li><a href="#unicode">unicode</a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#note-design-changes-pending">Note: Design Changes Pending</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#all">all</a></li><li><a href="#json">json</a></li><li><a href="#long">long</a></li><li><a href="#parseable">parseable</a></li><li><a href="#global">global</a></li><li><a href="#depth">depth</a></li><li><a href="#prod--production">prod / production</a></li><li><a href="#dev--development">dev / development</a></li><li><a href="#only">only</a></li><li><a href="#link">link</a></li><li><a href="#unicode">unicode</a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -151,23 +151,55 @@ aliases: list, la, ll
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This command will print to stdout all the versions of packages that are
-installed, as well as their dependencies, in a tree-structure.</p>
-<p>Positional arguments are <code>name@version-range</code> identifiers, which will
-limit the results to only the paths to the packages named.  Note that
-nested packages will <em>also</em> show the paths to the specified packages.
-For example, running <code>npm ls promzard</code> in npm’s source tree will show:</p>
-<pre lang="bash"><code>    npm@7.1.1 /path/to/npm
-    └─┬ init-package-json@0.0.4
-      └── promzard@0.1.5
+installed, as well as their dependencies when <code>--all</code> is specified, in a
+tree structure.</p>
+<p>Note: to get a “bottoms up” view of why a given package is included in the
+tree at all, use <a href="../commands/npm-explain.html"><code>npm explain</code></a>.</p>
+<p>Positional arguments are <code>name@version-range</code> identifiers, which will limit
+the results to only the paths to the packages named.  Note that nested
+packages will <em>also</em> show the paths to the specified packages.  For
+example, running <code>npm ls promzard</code> in npm’s source tree will show:</p>
+<pre lang="bash"><code>npm@7.1.2 /path/to/npm
+└─┬ init-package-json@0.0.4
+  └── promzard@0.1.5
 </code></pre>
 <p>It will print out extraneous, missing, and invalid packages.</p>
 <p>If a project specifies git urls for dependencies these are shown
 in parentheses after the name@version to make it easier for users to
 recognize potential forks of a project.</p>
 <p>The tree shown is the logical dependency tree, based on package
-dependencies, not the physical layout of your node_modules folder.</p>
+dependencies, not the physical layout of your <code>node_modules</code> folder.</p>
 <p>When run as <code>ll</code> or <code>la</code>, it shows extended information by default.</p>
+<h3 id="note-design-changes-pending">Note: Design Changes Pending</h3>
+<p>The <code>npm ls</code> command’s output and behavior made a <em>ton</em> of sense when npm
+created a <code>node_modules</code> folder that naively nested every dependency.  In
+such a case, the logical dependency graph and physical tree of packages on
+disk would be roughly identical.</p>
+<p>With the advent of automatic install-time deduplication of dependencies in
+npm v3, the <code>ls</code> output was modified to display the logical dependency
+graph as a tree structure, since this was more useful to most users.
+However, without using <code>npm ls -l</code>, it became impossible show <em>where</em> a
+package was actually installed much of the time!</p>
+<p>With the advent of automatic installation of <code>peerDependencies</code> in npm v7,
+this gets even more curious, as <code>peerDependencies</code> are logically
+“underneath” their dependents in the dependency graph, but are always
+physically at or above their location on disk.</p>
+<p>Also, in the years since npm got an <code>ls</code> command (in version 0.0.2!),
+dependency graphs have gotten much larger as a general rule.  Therefor, in
+order to avoid dumping an excessive amount of content to the terminal, <code>npm ls</code> now only shows the <em>top</em> level dependencies, unless <code>--all</code> is
+provided.</p>
+<p>A thorough re-examination of the use cases, intention, behavior, and output
+of this command, is currently underway.  Expect significant changes to at
+least the default human-readable <code>npm ls</code> output in npm v8.</p>
 <h3 id="configuration">Configuration</h3>
+<h4 id="all">all</h4>
+<ul>
+<li>Default: <code>false</code></li>
+<li>Type: Boolean</li>
+</ul>
+<p>When running <code>npm outdated</code> and <code>npm ls</code>, setting <code>--all</code> will show all
+outdated or installed packages, rather than only those directly depended
+upon by the current project.</p>
 <h4 id="json">json</h4>
 <ul>
 <li>Default: false</li>
@@ -231,6 +263,7 @@ project.</p>
 Set it to false in order to use all-ansi output.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="../commands/npm-explain.html">npm explain</a></li>
 <li><a href="../commands/npm-config.html">npm config</a></li>
 <li><a href="../configuring-npm/npmrc.html">npmrc</a></li>
 <li><a href="../configuring-npm/folders.html">npm folders</a></li>
diff --git a/deps/npm/docs/output/commands/npm-org.html b/deps/npm/docs/output/commands/npm-org.html
index b607a0035d..d97f638b22 100644
--- a/deps/npm/docs/output/commands/npm-org.html
+++ b/deps/npm/docs/output/commands/npm-org.html
@@ -169,11 +169,12 @@ npm org ls &lt;orgname&gt; [&lt;username&gt;]
 <pre lang="bash"><code>$ npm org ls my-org @mx-santos
 </code></pre>
 <h3 id="description">Description</h3>
-<p>You can use the <code>npm org</code> commands to manage and view users of an organization.
-It supports adding and removing users, changing their roles, listing them, and
-finding specific ones and their roles.</p>
+<p>You can use the <code>npm org</code> commands to manage and view users of an
+organization.  It supports adding and removing users, changing their roles,
+listing them, and finding specific ones and their roles.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="../using-npm/orgs.html">using orgs</a></li>
 <li><a href="https://docs.npmjs.com/orgs/">Documentation on npm Orgs</a></li>
 </ul>
 </div>
diff --git a/deps/npm/docs/output/commands/npm-outdated.html b/deps/npm/docs/output/commands/npm-outdated.html
index eaffd7dd8e..dba4025b3c 100644
--- a/deps/npm/docs/output/commands/npm-outdated.html
+++ b/deps/npm/docs/output/commands/npm-outdated.html
@@ -150,25 +150,33 @@ npm command-line interface
 <h3 id="description">Description</h3>
 <p>This command will check the registry to see if any (or, specific) installed
 packages are currently outdated.</p>
+<p>By default, only the direct dependencies of the root project are shown.
+Use <code>--all</code> to find all outdated meta-dependencies as well.</p>
 <p>In the output:</p>
 <ul>
 <li><code>wanted</code> is the maximum version of the package that satisfies the semver
-range specified in <code>package.json</code>. If there’s no available semver range (i.e.
-you’re running <code>npm outdated --global</code>, or the package isn’t included in
-<code>package.json</code>), then <code>wanted</code> shows the currently-installed version.</li>
+range specified in <code>package.json</code>. If there’s no available semver range
+(i.e.  you’re running <code>npm outdated --global</code>, or the package isn’t
+included in <code>package.json</code>), then <code>wanted</code> shows the currently-installed
+version.</li>
 <li><code>latest</code> is the version of the package tagged as latest in the registry.
-Running <code>npm publish</code> with no special configuration will publish the package
-with a dist-tag of <code>latest</code>. This may or may not be the maximum version of
-the package, or the most-recently published version of the package, depending
-on how the package’s developer manages the latest <a href="npm-dist-tag">dist-tag</a>.</li>
+Running <code>npm publish</code> with no special configuration will publish the
+package with a dist-tag of <code>latest</code>. This may or may not be the maximum
+version of the package, or the most-recently published version of the
+package, depending on how the package’s developer manages the latest
+<a href="../commands/npm-dist-tag.html">dist-tag</a>.</li>
 <li><code>location</code> is where in the physical tree the package is located.</li>
 <li><code>depended by</code> shows which package depends on the displayed dependency</li>
-<li><code>package type</code> (when using <code>--long</code> / <code>-l</code>) tells you whether this package is
-a <code>dependency</code> or a dev/peer/optional dependency. Packages not included in <code>package.json</code>
-are always marked <code>dependencies</code>.</li>
-<li><code>homepage</code> (when using <code>--long</code> / <code>-l</code>) is the <code>homepage</code> value contained in the package’s packument</li>
-<li>Red means there’s a newer version matching your semver requirements, so you should update now.</li>
-<li>Yellow indicates that there’s a newer version above your semver requirements (usually new major, or new 0.x minor) so proceed with caution.</li>
+<li><code>package type</code> (when using <code>--long</code> / <code>-l</code>) tells you whether this
+package is a <code>dependency</code> or a dev/peer/optional dependency. Packages not
+included in <code>package.json</code> are always marked <code>dependencies</code>.</li>
+<li><code>homepage</code> (when using <code>--long</code> / <code>-l</code>) is the <code>homepage</code> value contained
+in the package’s packument</li>
+<li>Red means there’s a newer version matching your semver requirements, so
+you should update now.</li>
+<li>Yellow indicates that there’s a newer version <em>above</em> your semver
+requirements (usually new major, or new 0.x minor) so proceed with
+caution.</li>
 </ul>
 <h3 id="an-example">An example</h3>
 <pre lang="bash"><code>$ npm outdated
@@ -189,19 +197,20 @@ once           1.3.2    1.3.3    1.3.3  node_modules/once         dependent-pack
 </code></pre>
 <p>A few things to note:</p>
 <ul>
-<li><code>glob</code> requires <code>^5</code>, which prevents npm from installing <code>glob@6</code>, which is
-outside the semver range.</li>
-<li>Git dependencies will always be reinstalled, because of how they’re specified.
-The installed committish might satisfy the dependency specifier (if it’s
-something immutable, like a commit SHA), or it might not, so <code>npm outdated</code> and
-<code>npm update</code> have to fetch Git repos to check. This is why currently doing a
-reinstall of a Git dependency always forces a new clone and install.</li>
-<li><code>npm@3.5.2</code> is marked as “wanted”, but “latest” is <code>npm@3.5.1</code> because npm
-uses dist-tags to manage its <code>latest</code> and <code>next</code> release channels. <code>npm update</code>
-will install the <em>newest</em> version, but <code>npm install npm</code> (with no semver range)
-will install whatever’s tagged as <code>latest</code>.</li>
-<li><code>once</code> is just plain out of date. Reinstalling <code>node_modules</code> from scratch or
-running <code>npm update</code> will bring it up to spec.</li>
+<li><code>glob</code> requires <code>^5</code>, which prevents npm from installing <code>glob@6</code>, which
+is outside the semver range.</li>
+<li>Git dependencies will always be reinstalled, because of how they’re
+specified.  The installed committish might satisfy the dependency
+specifier (if it’s something immutable, like a commit SHA), or it might
+not, so <code>npm outdated</code> and <code>npm update</code> have to fetch Git repos to check.
+This is why currently doing a reinstall of a Git dependency always forces
+a new clone and install.</li>
+<li><code>npm@3.5.2</code> is marked as “wanted”, but “latest” is <code>npm@3.5.1</code> because
+npm uses dist-tags to manage its <code>latest</code> and <code>next</code> release channels.
+<code>npm update</code> will install the <em>newest</em> version, but <code>npm install npm</code>
+(with no semver range) will install whatever’s tagged as <code>latest</code>.</li>
+<li><code>once</code> is just plain out of date. Reinstalling <code>node_modules</code> from
+scratch or running <code>npm update</code> will bring it up to spec.</li>
 </ul>
 <h3 id="configuration">Configuration</h3>
 <h4 id="json">json</h4>
diff --git a/deps/npm/docs/output/commands/npm-owner.html b/deps/npm/docs/output/commands/npm-owner.html
index 3b3e24029d..625d3be234 100644
--- a/deps/npm/docs/output/commands/npm-owner.html
+++ b/deps/npm/docs/output/commands/npm-owner.html
@@ -154,24 +154,22 @@ aliases: author
 <h3 id="description">Description</h3>
 <p>Manage ownership of published packages.</p>
 <ul>
-<li>ls:
-List all the users who have access to modify a package and push new versions.
-Handy when you need to know who to bug for help.</li>
-<li>add:
-Add a new user as a maintainer of a package.  This user is enabled to modify
-metadata, publish new versions, and add other owners.</li>
-<li>rm:
-Remove a user from the package owner list.  This immediately revokes their
-privileges.</li>
+<li>ls: List all the users who have access to modify a package and push new
+versions.  Handy when you need to know who to bug for help.</li>
+<li>add: Add a new user as a maintainer of a package.  This user is enabled
+to modify metadata, publish new versions, and add other owners.</li>
+<li>rm: Remove a user from the package owner list.  This immediately revokes
+their privileges.</li>
 </ul>
 <p>Note that there is only one level of access.  Either you can modify a package,
 or you can’t.  Future versions may contain more fine-grained access levels, but
 that is not implemented at this time.</p>
-<p>If you have two-factor authentication enabled with <code>auth-and-writes</code> then
-you’ll need to include an otp on the command line when changing ownership
-with <code>--otp</code>.</p>
+<p>If you have two-factor authentication enabled with <code>auth-and-writes</code> (see
+<a href="../commands/npm-profile.html"><code>npm-profile</code></a>) then you’ll need to include an otp
+on the command line when changing ownership with <code>--otp</code>.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="../commands/npm-profile.html">npm profile</a></li>
 <li><a href="../commands/npm-publish.html">npm publish</a></li>
 <li><a href="../using-npm/registry.html">npm registry</a></li>
 <li><a href="../commands/npm-adduser.html">npm adduser</a></li>
diff --git a/deps/npm/docs/output/commands/npm-pack.html b/deps/npm/docs/output/commands/npm-pack.html
index cc274c10ac..5c1d8f8df0 100644
--- a/deps/npm/docs/output/commands/npm-pack.html
+++ b/deps/npm/docs/output/commands/npm-pack.html
@@ -149,17 +149,19 @@ npm command-line interface
 </code></pre>
 <h3 id="description">Description</h3>
 <p>For anything that’s installable (that is, a package folder, tarball,
-tarball url, name@tag, name@version, name, or scoped name), this
-command will fetch it to the cache, and then copy the tarball to the
-current working directory as <code>&lt;name&gt;-&lt;version&gt;.tgz</code>, and then write
-the filenames out to stdout.</p>
+tarball url, git url, name@tag, name@version, name, or scoped name), this
+command will fetch it to the cache, copy the tarball to the current working
+directory as <code>&lt;name&gt;-&lt;version&gt;.tgz</code>, and then write the filenames out to
+stdout.</p>
 <p>If the same package is specified multiple times, then the file will be
 overwritten the second time.</p>
 <p>If no arguments are supplied, then npm packs the current package folder.</p>
 <p>The <code>--dry-run</code> argument will do everything that pack usually does without
-actually packing anything. Reports on what would have gone into the tarball.</p>
+actually packing anything.  That is, it reports on what would have gone
+into the tarball, but nothing else.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="http://npm.im/npm-packlist">npm-packlist package</a></li>
 <li><a href="../commands/npm-cache.html">npm cache</a></li>
 <li><a href="../commands/npm-publish.html">npm publish</a></li>
 <li><a href="../commands/npm-config.html">npm config</a></li>
diff --git a/deps/npm/docs/output/commands/npm-ping.html b/deps/npm/docs/output/commands/npm-ping.html
index 64f207a3b3..e00fb30a01 100644
--- a/deps/npm/docs/output/commands/npm-ping.html
+++ b/deps/npm/docs/output/commands/npm-ping.html
@@ -157,6 +157,7 @@ If it works it will output something like:</p>
 </code></pre>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="../commands/npm-doctor.html">npm doctor</a></li>
 <li><a href="../commands/npm-config.html">npm config</a></li>
 <li><a href="../configuring-npm/npmrc.html">npmrc</a></li>
 </ul>
diff --git a/deps/npm/docs/output/commands/npm-profile.html b/deps/npm/docs/output/commands/npm-profile.html
index 369cbd67d6..91013567a2 100644
--- a/deps/npm/docs/output/commands/npm-profile.html
+++ b/deps/npm/docs/output/commands/npm-profile.html
@@ -152,12 +152,12 @@ npm profile enable-2fa [auth-and-writes|auth-only]
 npm profile disable-2fa
 </code></pre>
 <h3 id="description">Description</h3>
-<p>Change your profile information on the registry.  This not be available if
-you’re using a non-npmjs registry.</p>
+<p>Change your profile information on the registry.  Note that this command
+depends on the registry implementation, so third-party registries may not
+support this interface.</p>
 <ul>
-<li><code>npm profile get [&lt;property&gt;]</code>:
-Display all of the properties of your profile, or one or more specific
-properties.  It looks like:</li>
+<li><code>npm profile get [&lt;property&gt;]</code>: Display all of the properties of your
+profile, or one or more specific properties.  It looks like:</li>
 </ul>
 <pre lang="bash"><code>+-----------------+---------------------------+
 | name            | example                   |
@@ -183,31 +183,30 @@ properties.  It looks like:</li>
 </code></pre>
 <ul>
 <li>
-<p><code>npm profile set &lt;property&gt; &lt;value&gt;</code>:
-Set the value of a profile property. You can set the following properties this way:
-email, fullname, homepage, freenode, twitter, github</p>
+<p><code>npm profile set &lt;property&gt; &lt;value&gt;</code>: Set the value of a profile
+property. You can set the following properties this way: email, fullname,
+homepage, freenode, twitter, github</p>
 </li>
 <li>
-<p><code>npm profile set password</code>:
-Change your password.  This is interactive, you’ll be prompted for your
-current password and a new password.  You’ll also be prompted for an OTP
-if you have two-factor authentication enabled.</p>
+<p><code>npm profile set password</code>: Change your password.  This is interactive,
+you’ll be prompted for your current password and a new password.  You’ll
+also be prompted for an OTP if you have two-factor authentication
+enabled.</p>
 </li>
 <li>
-<p><code>npm profile enable-2fa [auth-and-writes|auth-only]</code>:
-Enables two-factor authentication. Defaults to <code>auth-and-writes</code> mode. Modes are:</p>
+<p><code>npm profile enable-2fa [auth-and-writes|auth-only]</code>: Enables two-factor
+authentication. Defaults to <code>auth-and-writes</code> mode. Modes are:</p>
 <ul>
 <li><code>auth-only</code>: Require an OTP when logging in or making changes to your
 account’s authentication.  The OTP will be required on both the website
 and the command line.</li>
-<li><code>auth-and-writes</code>: Requires an OTP at all the times <code>auth-only</code> does, and also requires one when
-publishing a module, setting the <code>latest</code> dist-tag, or changing access
-via <code>npm access</code> and <code>npm owner</code>.</li>
+<li><code>auth-and-writes</code>: Requires an OTP at all the times <code>auth-only</code> does,
+and also requires one when publishing a module, setting the <code>latest</code>
+dist-tag, or changing access via <code>npm access</code> and <code>npm owner</code>.</li>
 </ul>
 </li>
 <li>
-<p><code>npm profile disable-2fa</code>:
-Disables two-factor authentication.</p>
+<p><code>npm profile disable-2fa</code>: Disables two-factor authentication.</p>
 </li>
 </ul>
 <h3 id="details">Details</h3>
@@ -216,6 +215,8 @@ will tailor their output based on those.  Some of these commands may not be
 available on non npmjs.com registries.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="../commands/npm-adduser.html">npm adduser</a></li>
+<li><a href="../commands/npm-logout.html">npm logout</a></li>
 <li><a href="../commands/npm-config.html">npm config</a></li>
 </ul>
 </div>
diff --git a/deps/npm/docs/output/commands/npm-prune.html b/deps/npm/docs/output/commands/npm-prune.html
index 4520cfbf7a..d18755110a 100644
--- a/deps/npm/docs/output/commands/npm-prune.html
+++ b/deps/npm/docs/output/commands/npm-prune.html
@@ -148,23 +148,21 @@ npm command-line interface
 <pre lang="bash"><code>npm prune [[&lt;@scope&gt;/]&lt;pkg&gt;...] [--production] [--dry-run] [--json]
 </code></pre>
 <h3 id="description">Description</h3>
-<p>This command removes “extraneous” packages.  If a package name is
-provided, then only packages matching one of the supplied names are
-removed.</p>
-<p>Extraneous packages are packages that are not listed on the parent
-package’s dependencies list.</p>
+<p>This command removes “extraneous” packages.  If a package name is provided,
+then only packages matching one of the supplied names are removed.</p>
+<p>Extraneous packages are those present in the <code>node_modules</code> folder that are
+not listed as any package’s dependency list.</p>
 <p>If the <code>--production</code> flag is specified or the <code>NODE_ENV</code> environment
 variable is set to <code>production</code>, this command will remove the packages
-specified in your <code>devDependencies</code>. Setting <code>--no-production</code> will
-negate <code>NODE_ENV</code> being set to <code>production</code>.</p>
+specified in your <code>devDependencies</code>. Setting <code>--no-production</code> will negate
+<code>NODE_ENV</code> being set to <code>production</code>.</p>
 <p>If the <code>--dry-run</code> flag is used then no changes will actually be made.</p>
-<p>If the <code>--json</code> flag is used then the changes <code>npm prune</code> made (or would
+<p>If the <code>--json</code> flag is used, then the changes <code>npm prune</code> made (or would
 have made with <code>--dry-run</code>) are printed as a JSON object.</p>
-<p>In normal operation with package-locks enabled, extraneous modules are
-pruned automatically when modules are installed and you’ll only need
-this command with the <code>--production</code> flag.</p>
-<p>If you’ve disabled package-locks then extraneous modules will not be removed
-and it’s up to you to run <code>npm prune</code> from time-to-time to remove them.</p>
+<p>In normal operation, extraneous modules are pruned automatically, so you’ll
+only need this command with the <code>--production</code> flag.  However, in the real
+world, operation is not always “normal”.  When crashes or mistakes happen,
+this command can help clean up any resulting garbage.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
 <li><a href="../commands/npm-uninstall.html">npm uninstall</a></li>
diff --git a/deps/npm/docs/output/commands/npm-publish.html b/deps/npm/docs/output/commands/npm-publish.html
index 65107608ba..fc9136d356 100644
--- a/deps/npm/docs/output/commands/npm-publish.html
+++ b/deps/npm/docs/output/commands/npm-publish.html
@@ -141,7 +141,7 @@ npm command-line interface
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#files-included-in-package">Files included in package</a></li><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -151,61 +151,95 @@ Publishes '.' if no argument supplied
 Sets tag 'latest' if no --tag specified
 </code></pre>
 <h3 id="description">Description</h3>
-<p>Publishes a package to the registry so that it can be installed by name. All
-files in the package directory are included if no local <code>.gitignore</code> or
-<code>.npmignore</code> file exists. If both files exist and a file is ignored by
-<code>.gitignore</code> but not by <code>.npmignore</code> then it will be included.  See
-<a href="../using-npm/developers.html"><code>developers</code></a> for full details on what’s included in the published package, as well as details on how the package is built.</p>
-<p>By default npm will publish to the public registry. This can be overridden by
-specifying a different default registry or using a <a href="../using-npm/scope.html"><code>scope</code></a> in the name (see <a href="../configuring-npm/package-json.html"><code>package.json</code></a>).</p>
+<p>Publishes a package to the registry so that it can be installed by name.</p>
+<p>By default npm will publish to the public registry. This can be overridden
+by specifying a different default registry or using a
+<a href="../using-npm/scope.html"><code>scope</code></a> in the name (see
+<a href="../configuring-npm/package-json.html"><code>package.json</code></a>).</p>
 <ul>
 <li>
-<p><code>&lt;folder&gt;</code>:
-A folder containing a package.json file</p>
+<p><code>&lt;folder&gt;</code>: A folder containing a package.json file</p>
 </li>
 <li>
-<p><code>&lt;tarball&gt;</code>:
-A url or file path to a gzipped tar archive containing a single folder
-with a package.json file inside.</p>
+<p><code>&lt;tarball&gt;</code>: A url or file path to a gzipped tar archive containing a
+single folder with a package.json file inside.</p>
 </li>
 <li>
-<p><code>[--tag &lt;tag&gt;]</code>
-Registers the published package with the given tag, such that
-<code>npm install &lt;name&gt;@&lt;tag&gt;</code> will install this version.  By default,
+<p><code>[--tag &lt;tag&gt;]</code>: Registers the published package with the given tag, such
+that <code>npm install &lt;name&gt;@&lt;tag&gt;</code> will install this version.  By default,
 <code>npm publish</code> updates and <code>npm install</code> installs the <code>latest</code> tag. See
 <a href="npm-dist-tag"><code>npm-dist-tag</code></a> for details about tags.</p>
 </li>
 <li>
-<p><code>[--access &lt;public|restricted&gt;]</code>
-Tells the registry whether this package should be published as public or
-restricted. Only applies to scoped packages, which default to <code>restricted</code>.
-If you don’t have a paid account, you must publish with <code>--access public</code>
-to publish scoped packages.</p>
+<p><code>[--access &lt;public|restricted&gt;]</code>: Tells the registry whether this package
+should be published as public or restricted. Only applies to scoped
+packages, which default to <code>restricted</code>.  If you don’t have a paid
+account, you must publish with <code>--access public</code> to publish scoped
+packages.</p>
 </li>
 <li>
-<p><code>[--otp &lt;otpcode&gt;]</code>
-If you have two-factor authentication enabled in <code>auth-and-writes</code> mode
-then you can provide a code from your authenticator with this. If you
-don’t include this and you’re running from a TTY then you’ll be prompted.</p>
+<p><code>[--otp &lt;otpcode&gt;]</code>: If you have two-factor authentication enabled in
+<code>auth-and-writes</code> mode then you can provide a code from your
+authenticator with this. If you don’t include this and you’re running
+from a TTY then you’ll be prompted.</p>
 </li>
 <li>
-<p><code>[--dry-run]</code>
-As of <code>npm@6</code>, does everything publish would do except actually publishing
-to the registry. Reports the details of what would have been published.</p>
+<p><code>[--dry-run]</code>: As of <code>npm@6</code>, does everything publish would do except
+actually publishing to the registry. Reports the details of what would
+have been published.</p>
 </li>
 </ul>
-<p>Fails if the package name and version combination already exists in
-the specified registry.</p>
-<p>Once a package is published with a given name and version, that
-specific name and version combination can never be used again, even if
-it is removed with <a href="../commands/npm-unpublish.html"><code>npm unpublish</code></a>.</p>
+<p>The publish will fail if the package name and version combination already
+exists in the specified registry.</p>
+<p>Once a package is published with a given name and version, that specific
+name and version combination can never be used again, even if it is removed
+with <a href="../commands/npm-unpublish.html"><code>npm unpublish</code></a>.</p>
 <p>As of <code>npm@5</code>, both a sha1sum and an integrity field with a sha512sum of the
 tarball will be submitted to the registry during publication. Subsequent
 installs will use the strongest supported algorithm to verify downloads.</p>
-<p>Similar to <code>--dry-run</code> see <a href="../commands/npm-pack.html"><code>npm pack</code></a>, which figures out the files to be
-included and packs them into a tarball to be uploaded to the registry.</p>
+<p>Similar to <code>--dry-run</code> see <a href="../commands/npm-pack.html"><code>npm pack</code></a>, which figures
+out the files to be included and packs them into a tarball to be uploaded
+to the registry.</p>
+<h3 id="files-included-in-package">Files included in package</h3>
+<p>To see what will be included in your package, run <code>npx npm-packlist</code>.  All
+files are included by default, with the following exceptions:</p>
+<ul>
+<li>
+<p>Certain files that are relevant to package installation and distribution
+are always included.  For example, <code>package.json</code>, <code>README.md</code>,
+<code>LICENSE</code>, and so on.</p>
+</li>
+<li>
+<p>If there is a “files” list in
+<a href="../configuring-npm/package-json.html"><code>package.json</code></a>, then only the files
+specified will be included.  (If directories are specified, then they
+will be walked recursively and their contents included, subject to the
+same ignore rules.)</p>
+</li>
+<li>
+<p>If there is a <code>.gitignore</code> or <code>.npmignore</code> file, then ignored files in
+that and all child directories will be excluded from the package.  If
+<em>both</em> files exist, then the <code>.gitignore</code> is ignored, and only the
+<code>.npmignore</code> is used.</p>
+<p><code>.npmignore</code> files follow the <a href="https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring">same pattern
+rules</a>
+as <code>.gitignore</code> files</p>
+</li>
+<li>
+<p>If the file matches certain patterns, then it will <em>never</em> be included,
+unless explicitly added to the <code>"files"</code> list in <code>package.json</code>, or
+un-ignored with a <code>!</code> rule in a <code>.npmignore</code> or <code>.gitignore</code> file.</p>
+</li>
+<li>
+<p>Symbolic links are never included in npm packages.</p>
+</li>
+</ul>
+<p>See <a href="../using-npm/developers.html"><code>developers</code></a> for full details on what’s
+included in the published package, as well as details on how the package is
+built.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
+<li><a href="http://npm.im/npm-packlist">npm-packlist package</a></li>
 <li><a href="../using-npm/registry.html">npm registry</a></li>
 <li><a href="../using-npm/scope.html">npm scope</a></li>
 <li><a href="../commands/npm-adduser.html">npm adduser</a></li>
diff --git a/deps/npm/docs/output/commands/npm-rebuild.html b/deps/npm/docs/output/commands/npm-rebuild.html
index c33e01e0ae..e8a329ece8 100644
--- a/deps/npm/docs/output/commands/npm-rebuild.html
+++ b/deps/npm/docs/output/commands/npm-rebuild.html
@@ -145,15 +145,21 @@ npm command-line interface
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
-<pre lang="bash"><code>npm rebuild [[&lt;@scope&gt;/&lt;name&gt;]...]
+<pre lang="bash"><code>npm rebuild [[&lt;@scope&gt;/]&lt;name&gt;[@&lt;version&gt;] ...]
 
-alias: npm rb
+alias: rb
 </code></pre>
 <h3 id="description">Description</h3>
-<p>This command runs the <code>npm build</code> command on the matched folders.  This is useful when you install a new version of node, and must recompile all your C++ addons with the new binary.</p>
+<p>This command runs the <code>npm build</code> command on the matched folders.  This is
+useful when you install a new version of node, and must recompile all your
+C++ addons with the new binary.  It is also useful when installing with
+<code>--ignore-scripts</code> and <code>--no-bin-links</code>, to explicitly choose which
+packages to build and/or link bins.</p>
+<p>If one or more package names (and optionally version ranges) are provided,
+then only packages with a name and version matching one of the specifiers
+will be rebuilt.</p>
 <h3 id="see-also">See Also</h3>
 <ul>
-<li><a href="../commands/npm-build.html">npm build</a></li>
 <li><a href="../commands/npm-install.html">npm install</a></li>
 </ul>
 </div>
diff --git a/deps/npm/docs/output/commands/npm-repo.html b/deps/npm/docs/output/commands/npm-repo.html
index c0403b4b49..969880491e 100644
--- a/deps/npm/docs/output/commands/npm-repo.html
+++ b/deps/npm/docs/output/commands/npm-repo.html
@@ -149,9 +149,9 @@ npm command-line interface
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This command tries to guess at the likely location of a package’s
-repository URL, and then tries to open it using the <code>--browser</code>
-config param. If no package name is provided, it will search for
-a <code>package.json</code> in the current folder and use the <code>name</code> property.</p>
+repository URL, and then tries to open it using the <code>--browser</code> config
+param. If no package name is provided, it will search for a <code>package.json</code>
+in the current folder and use the <code>repository</code> property.</p>
 <h3 id="configuration">Configuration</h3>
 <h4 id="browser">browser</h4>
 <ul>
diff --git a/deps/npm/docs/output/commands/npm-restart.html b/deps/npm/docs/output/commands/npm-restart.html
index 44bb7cd04d..a6296b1fed 100644
--- a/deps/npm/docs/output/commands/npm-restart.html
+++ b/deps/npm/docs/output/commands/npm-restart.html
@@ -141,32 +141,33 @@ npm command-line interface
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#note">Note</a></li><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
 <pre lang="bash"><code>npm restart [-- &lt;args&gt;]
 </code></pre>
 <h3 id="description">Description</h3>
-<p>This restarts a package.</p>
-<p>This runs a package’s “stop”, “restart”, and “start” scripts, and associated
-pre- and post- scripts, in the order given below:</p>
+<p>This restarts a project.  It is equivalent to running <code>npm run-script restart</code>.</p>
+<p>If the current project has a <code>"restart"</code> script specified in
+<code>package.json</code>, then the following scripts will be run:</p>
+<ol>
+<li>prerestart</li>
+<li>restart</li>
+<li>postrestart</li>
+</ol>
+<p>If it does <em>not</em> have a <code>"restart"</code> script specified, but it does have
+<code>stop</code> and/or <code>start</code> scripts, then the following scripts will be run:</p>
 <ol>
 <li>prerestart</li>
 <li>prestop</li>
 <li>stop</li>
 <li>poststop</li>
-<li>restart</li>
 <li>prestart</li>
 <li>start</li>
 <li>poststart</li>
 <li>postrestart</li>
 </ol>
-<h3 id="note">Note</h3>
-<p>Note that the “restart” script is run <strong>in addition to</strong> the “stop”
-and “start” scripts, not instead of them.</p>
-<p>This is the behavior as of <code>npm</code> major version 2.  A change in this
-behavior will be accompanied by an increase in major version number</p>
 <h3 id="see-also">See Also</h3>
 <ul>
 <li><a href="../commands/npm-run-script.html">npm run-script</a></li>
diff --git a/deps/npm/docs/output/commands/npm-root.html b/deps/npm/docs/output/commands/npm-root.html
index 0755eed56b..f333a53d55 100644
--- a/deps/npm/docs/output/commands/npm-root.html
+++ b/deps/npm/docs/output/commands/npm-root.html
@@ -149,6 +149,12 @@ npm command-line interface
 </code></pre>
 <h3 id="description">Description</h3>
 <p>Print the effective <code>node_modules</code> folder to standard out.</p>
+<p>Useful for using npm in shell scripts that do things with the
+<code>node_modules</code> folder.  For example:</p>
+<pre lang="bash"><code>#!/bin/bash
+global_node_modules="$(npm root --global)"
+echo "Global packages installed in: ${global_node_modules}"
+</code></pre>
 <h3 id="see-also">See Also</h3>
 <ul>
 <li><a href="../commands/npm-prefix.html">npm prefix</a></li>
diff --git a/deps/npm/docs/output/commands/npm-run-script.html b/deps/npm/docs/output/commands/npm-run-script.html
index c7d873673c..8f80a761d6 100644
--- a/deps/npm/docs/output/commands/npm-run-script.html
+++ b/deps/npm/docs/output/commands/npm-run-script.html
@@ -145,20 +145,20 @@ npm command-line interface
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
-<pre lang="bash"><code>npm run-script &lt;command&gt; [--silent] [-- &lt;args&gt;...]
+<pre lang="bash"><code>npm run-script &lt;command&gt; [--if-present] [--silent] [-- &lt;args&gt;]
 
-alias: npm run
+aliases: run, rum, urn
 </code></pre>
 <h3 id="description">Description</h3>
 <p>This runs an arbitrary command from a package’s <code>"scripts"</code> object.  If no
-<code>"command"</code> is provided, it will list the available scripts.  <code>run[-script]</code> is
-used by the test, start, restart, and stop commands, but can be called
-directly, as well. When the scripts in the package are printed out, they’re
-separated into lifecycle (test, start, restart) and directly-run scripts.</p>
-<p>As of <a href="https://blog.npmjs.org/post/98131109725/npm-2-0-0"><code>npm@2.0.0</code></a>, you can
-use custom arguments when executing scripts. The special option <code>--</code> is used by
-<a href="https://goo.gl/KxMmtG">getopt</a> to delimit the end of the options. npm will pass
-all the arguments after the <code>--</code> directly to your script:</p>
+<code>"command"</code> is provided, it will list the available scripts.</p>
+<p><code>run[-script]</code> is used by the test, start, restart, and stop commands, but
+can be called directly, as well. When the scripts in the package are
+printed out, they’re separated into lifecycle (test, start, restart) and
+directly-run scripts.</p>
+<p>Any positional arguments are passed to the specified script.  Use <code>--</code> to
+pass <code>-</code>-prefixed flags and options which would otherwise be parsed by npm.</p>
+<p>For example:</p>
 <pre lang="bash"><code>npm run test -- --grep="pattern"
 </code></pre>
 <p>The arguments will only be passed to the script specified after <code>npm run</code>
@@ -168,23 +168,21 @@ environment variables that will be available to the script at runtime. If an
 “env” command is defined in your package, it will take precedence over the
 built-in.</p>
 <p>In addition to the shell’s pre-existing <code>PATH</code>, <code>npm run</code> adds
-<code>node_modules/.bin</code> to the <code>PATH</code> provided to scripts. Any binaries provided by
-locally-installed dependencies can be used without the <code>node_modules/.bin</code>
-prefix. For example, if there is a <code>devDependency</code> on <code>tap</code> in your package,
-you should write:</p>
-<pre lang="bash"><code>"scripts": {"test": "tap test/\*.js"}
+<code>node_modules/.bin</code> to the <code>PATH</code> provided to scripts. Any binaries
+provided by locally-installed dependencies can be used without the
+<code>node_modules/.bin</code> prefix. For example, if there is a <code>devDependency</code> on
+<code>tap</code> in your package, you should write:</p>
+<pre lang="bash"><code>"scripts": {"test": "tap test/*.js"}
 </code></pre>
 <p>instead of</p>
-<pre lang="bash"><code>"scripts": {"test": "node_modules/.bin/tap test/\*.js"}
+<pre lang="bash"><code>"scripts": {"test": "node_modules/.bin/tap test/*.js"}
 </code></pre>
-<p>to run your tests.</p>
 <p>The actual shell your script is run within is platform dependent. By default,
 on Unix-like systems it is the <code>/bin/sh</code> command, on Windows it is the <code>cmd.exe</code>.
 The actual shell referred to by <code>/bin/sh</code> also depends on the system.
-As of <a href="https://github.com/npm/npm/releases/tag/v5.1.0"><code>npm@5.1.0</code></a> you can
-customize the shell with the <code>script-shell</code> configuration.</p>
-<p>Scripts are run from the root of the module, regardless of what your current
-working directory is when you call <code>npm run</code>. If you want your script to
+You can customize the shell with the <code>script-shell</code> configuration.</p>
+<p>Scripts are run from the root of the module, regardless of what the current
+working directory is when <code>npm run</code> is called. If you want your script to
 use different behavior based on what subdirectory you’re in, you can use the
 <code>INIT_CWD</code> environment variable, which holds the full path you were in when
 you ran <code>npm run</code>.</p>
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index ed62bda7a0..92ed591092 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -148,7 +148,7 @@ npm command-line interface
 <pre lang="bash"><code>npm &lt;command&gt; [args]
 </code></pre>
 <h3 id="version">Version</h3>
-<p>7.1.1</p>
+<p>7.1.2</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/docs/output/using-npm/developers.html b/deps/npm/docs/output/using-npm/developers.html
index ae547d4f52..05545060cf 100644
--- a/deps/npm/docs/output/using-npm/developers.html
+++ b/deps/npm/docs/output/using-npm/developers.html
@@ -176,69 +176,63 @@ git+http://user@hostname/project/blah.git#commit-ish
 git+https://user@hostname/project/blah.git#commit-ish
 </code></pre>
 <p>The <code>commit-ish</code> can be any tag, sha, or branch which can be supplied as
-an argument to <code>git checkout</code>.  The default is <code>master</code>.</p>
+an argument to <code>git checkout</code>.  The default is whatever the repository uses
+as its default branch.</p>
 <h3 id="the-packagejson-file">The package.json File</h3>
 <p>You need to have a <code>package.json</code> file in the root of your project to do
 much of anything with npm.  That is basically the whole interface.</p>
-<p>See <a href="../configuring-npm/package-json.html"><code>package.json</code></a> for details about what goes in that file.  At the very
-least, you need:</p>
+<p>See <a href="../configuring-npm/package-json.html"><code>package.json</code></a> for details about what
+goes in that file.  At the very least, you need:</p>
 <ul>
 <li>
-<p>name:
-This should be a string that identifies your project.  Please do not
-use the name to specify that it runs on node, or is in JavaScript.
-You can use the “engines” field to explicitly state the versions of
-node (or whatever else) that your program requires, and it’s pretty
-well assumed that it’s JavaScript.</p>
+<p>name: This should be a string that identifies your project.  Please do
+not use the name to specify that it runs on node, or is in JavaScript.
+You can use the “engines” field to explicitly state the versions of node
+(or whatever else) that your program requires, and it’s pretty well
+assumed that it’s JavaScript.</p>
 <p>It does not necessarily need to match your github repository name.</p>
 <p>So, <code>node-foo</code> and <code>bar-js</code> are bad names.  <code>foo</code> or <code>bar</code> are better.</p>
 </li>
 <li>
-<p>version:
-A semver-compatible version.</p>
+<p>version: A semver-compatible version.</p>
 </li>
 <li>
-<p>engines:
-Specify the versions of node (or whatever else) that your program
-runs on.  The node API changes a lot, and there may be bugs or new
-functionality that you depend on.  Be explicit.</p>
+<p>engines: Specify the versions of node (or whatever else) that your
+program runs on.  The node API changes a lot, and there may be bugs or
+new functionality that you depend on.  Be explicit.</p>
 </li>
 <li>
-<p>author:
-Take some credit.</p>
+<p>author: Take some credit.</p>
 </li>
 <li>
-<p>scripts:
-If you have a special compilation or installation script, then you
-should put it in the <code>scripts</code> object.  You should definitely have at
-least a basic smoke-test command as the “scripts.test” field.
-See <a href="../using-npm/scripts.html">scripts</a>.</p>
+<p>scripts: If you have a special compilation or installation script, then
+you should put it in the <code>scripts</code> object.  You should definitely have at
+least a basic smoke-test command as the “scripts.test” field.  See
+<a href="../using-npm/scripts.html">scripts</a>.</p>
 </li>
 <li>
-<p>main:
-If you have a single module that serves as the entry point to your
-program (like what the “foo” package gives you at require(“foo”)),
-then you need to specify that in the “main” field.</p>
+<p>main: If you have a single module that serves as the entry point to your
+program (like what the “foo” package gives you at require(“foo”)), then
+you need to specify that in the “main” field.</p>
 </li>
 <li>
-<p>directories:
-This is an object mapping names to folders.  The best ones to include are
-“lib” and “doc”, but if you use “man” to specify a folder full of man pages,
-they’ll get installed just like these ones.</p>
+<p>directories: This is an object mapping names to folders.  The best ones
+to include are “lib” and “doc”, but if you use “man” to specify a folder
+full of man pages, they’ll get installed just like these ones.</p>
 </li>
 </ul>
 <p>You can use <code>npm init</code> in the root of your package in order to get you
-started with a pretty basic package.json file.  See
-<a href="../commands/npm-init.html"><code>npm init</code></a> for more info.</p>
+started with a pretty basic package.json file.  See <a href="../commands/npm-init.html"><code>npm init</code></a> for more info.</p>
 <h3 id="keeping-files-out-of-your-package">Keeping files <em>out</em> of your package</h3>
-<p>Use a <code>.npmignore</code> file to keep stuff out of your package.  If there’s
-no <code>.npmignore</code> file, but there <em>is</em> a <code>.gitignore</code> file, then npm will
-ignore the stuff matched by the <code>.gitignore</code> file.  If you <em>want</em> to
-include something that is excluded by your <code>.gitignore</code> file, you can
-create an empty <code>.npmignore</code> file to override it. Like <code>git</code>, <code>npm</code> looks
-for <code>.npmignore</code> and <code>.gitignore</code> files in all subdirectories of your
-package, not only the root directory.</p>
-<p><code>.npmignore</code> files follow the <a href="https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring">same pattern rules</a>
+<p>Use a <code>.npmignore</code> file to keep stuff out of your package.  If there’s no
+<code>.npmignore</code> file, but there <em>is</em> a <code>.gitignore</code> file, then npm will ignore
+the stuff matched by the <code>.gitignore</code> file.  If you <em>want</em> to include
+something that is excluded by your <code>.gitignore</code> file, you can create an
+empty <code>.npmignore</code> file to override it. Like <code>git</code>, <code>npm</code> looks for
+<code>.npmignore</code> and <code>.gitignore</code> files in all subdirectories of your package,
+not only the root directory.</p>
+<p><code>.npmignore</code> files follow the <a href="https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring">same pattern
+rules</a>
 as <code>.gitignore</code> files:</p>
 <ul>
 <li>Blank lines or lines starting with <code>#</code> are ignored.</li>
diff --git a/deps/npm/lib/access.js b/deps/npm/lib/access.js
index 73228cae03..68c6e628d0 100644
--- a/deps/npm/lib/access.js
+++ b/deps/npm/lib/access.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const path = require('path')
 
 const libaccess = require('libnpmaccess')
diff --git a/deps/npm/lib/adduser.js b/deps/npm/lib/adduser.js
index 5017f57a8a..4b9fdf1f5f 100644
--- a/deps/npm/lib/adduser.js
+++ b/deps/npm/lib/adduser.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
diff --git a/deps/npm/lib/auth/legacy.js b/deps/npm/lib/auth/legacy.js
index 4178c40b95..f291ca794e 100644
--- a/deps/npm/lib/auth/legacy.js
+++ b/deps/npm/lib/auth/legacy.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const profile = require('npm-profile')
 
diff --git a/deps/npm/lib/auth/sso.js b/deps/npm/lib/auth/sso.js
index 8e4c345316..378295f5f6 100644
--- a/deps/npm/lib/auth/sso.js
+++ b/deps/npm/lib/auth/sso.js
@@ -1,5 +1,3 @@
-'use strict'
-
 // XXX: To date, npm Enterprise Legacy is the only system that ever
 // implemented support for this type of login.  A better way to do
 // SSO is to use the WebLogin type of login supported by the npm-login
diff --git a/deps/npm/lib/ci.js b/deps/npm/lib/ci.js
index 1255fbc264..2917899c82 100644
--- a/deps/npm/lib/ci.js
+++ b/deps/npm/lib/ci.js
@@ -2,6 +2,7 @@ const util = require('util')
 const Arborist = require('@npmcli/arborist')
 const rimraf = util.promisify(require('rimraf'))
 const reifyFinish = require('./utils/reify-finish.js')
+const runScript = require('@npmcli/run-script')
 
 const log = require('npmlog')
 const npm = require('./npm.js')
@@ -20,6 +21,7 @@ const ci = async () => {
   }
 
   const where = npm.prefix
+  const { scriptShell } = npm.flatOptions
   const arb = new Arborist({ ...npm.flatOptions, path: where })
 
   await Promise.all([
@@ -35,6 +37,27 @@ const ci = async () => {
   ])
   // npm ci should never modify the lockfile or package.json
   await arb.reify({ ...npm.flatOptions, save: false })
+
+  // run the same set of scripts that `npm install` runs.
+  const scripts = [
+    'preinstall',
+    'install',
+    'postinstall',
+    'prepublish', // XXX should we remove this finally??
+    'preprepare',
+    'prepare',
+    'postprepare',
+  ]
+  for (const event of scripts) {
+    await runScript({
+      path: where,
+      args: [],
+      scriptShell,
+      stdio: 'inherit',
+      stdioString: true,
+      event,
+    })
+  }
   await reifyFinish(arb)
 }
 
diff --git a/deps/npm/lib/completion.js b/deps/npm/lib/completion.js
index dda7a9ebd2..bdea338ff2 100644
--- a/deps/npm/lib/completion.js
+++ b/deps/npm/lib/completion.js
@@ -53,7 +53,7 @@ const cmd = (args, cb) => compl(args).then(() => cb()).catch(cb)
 
 // completion for the completion command
 const completion = async (opts, cb) => {
-  if (opts.w > 3)
+  if (opts.w > 2)
     return cb()
 
   const { resolve } = require('path')
@@ -63,12 +63,12 @@ const completion = async (opts, cb) => {
   ])
   const out = []
   if (zshExists)
-    out.push('~/.zshrc')
+    out.push(['>>', '~/.zshrc'])
 
   if (bashExists)
-    out.push('~/.bashrc')
+    out.push(['>>', '~/.bashrc'])
 
-  cb(null, opts.w === 2 ? out.map(m => ['>>', m]) : out)
+  cb(null, out)
 }
 
 const compl = async args => {
@@ -88,14 +88,11 @@ const compl = async args => {
     return dumpScript()
 
   // ok we're actually looking at the envs and outputting the suggestions
-  console.error({ COMP_CWORD, COMP_LINE, COMP_POINT })
-
   // get the partial line and partial word,
   // if the point isn't at the end.
   // ie, tabbing at: npm foo b|ar
   const w = +COMP_CWORD
   const words = args.map(unescape)
-  console.error({ words, args, w })
   const word = words[w]
   const line = COMP_LINE
   const point = +COMP_POINT
@@ -104,8 +101,6 @@ const compl = async args => {
 
   // figure out where in that last word the point is.
   const partialWordRaw = args[w]
-  console.error('partial word (args[%i])', w, partialWordRaw, args)
-
   let i = partialWordRaw.length
   while (partialWordRaw.substr(0, i) !== partialLine.substr(-1 * i) && i > 0)
     i--
@@ -126,7 +121,6 @@ const compl = async args => {
     raw: args,
   }
 
-  console.error(opts)
   const wrap = getWrap(opts)
 
   if (partialWords.slice(0, -1).indexOf('--') === -1) {
@@ -138,7 +132,6 @@ const compl = async args => {
         !isFlag(words[w - 1])) {
       // awaiting a value for a non-bool config.
       // don't even try to do this for now
-      console.error('configValueCompl')
       return wrap(configValueCompl(opts))
     }
   }
@@ -151,9 +144,7 @@ const compl = async args => {
   const parsed = opts.conf =
     nopt(types, shorthands, partialWords.slice(0, -1), 0)
   // check if there's a command already.
-  console.error('PARSED', parsed)
   const cmd = parsed.argv.remain[1]
-  console.error('CMD', cmd)
   if (!cmd)
     return wrap(cmdCompl(opts))
 
@@ -225,20 +216,15 @@ const escape = w => !/\s+/.test(w) ? w
 // Ie, returning ['a', 'b c', ['d', 'e']] would allow it to expand
 // to: 'a', 'b c', or 'd' 'e'
 const getWrap = opts => compls => {
-  console.error('WRAP', opts, compls)
-
   if (!Array.isArray(compls))
     compls = compls ? [compls] : []
 
   compls = compls.map(c =>
     Array.isArray(c) ? c.map(escape).join(' ') : escape(c))
 
-  if (opts.partialWord) {
-    console.error('HAS PARTIAL WORD', opts.partialWord, compls)
+  if (opts.partialWord)
     compls = compls.filter(c => c.startsWith(opts.partialWord))
-  }
 
-  console.error(compls, opts.partialWord)
   if (compls.length > 0)
     output(compls.join('\n'))
 }
@@ -251,7 +237,6 @@ const configCompl = opts => {
   const dashes = split[1]
   const no = split[2]
   const flags = configNames.filter(isFlag)
-  console.error(flags)
   return allConfs.map(c => dashes + c)
     .concat(flags.map(f => dashes + (no || 'no-') + f))
 }
@@ -276,17 +261,14 @@ const isFlag = word => {
 // complete against the npm commands
 // if they all resolve to the same thing, just return the thing it already is
 const cmdCompl = opts => {
-  console.error('CMD COMPL', opts.partialWord)
   const matches = fullList.filter(c => c.startsWith(opts.partialWord))
-  console.error('MATCHES', matches)
   if (!matches.length)
     return matches
 
   const derefs = new Set([...matches.map(c => deref(c))])
-  if (derefs.size === 1) {
-    console.error('ONLY ONE MATCH', derefs)
+  if (derefs.size === 1)
     return [...derefs]
-  }
+
   return fullList
 }
 
diff --git a/deps/npm/lib/deprecate.js b/deps/npm/lib/deprecate.js
index 8c43efcdad..fbaad54b7f 100644
--- a/deps/npm/lib/deprecate.js
+++ b/deps/npm/lib/deprecate.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const npm = require('./npm.js')
 const fetch = require('npm-registry-fetch')
 const otplease = require('./utils/otplease.js')
diff --git a/deps/npm/lib/dist-tag.js b/deps/npm/lib/dist-tag.js
index bd7ccc9e0a..ae4b33ce86 100644
--- a/deps/npm/lib/dist-tag.js
+++ b/deps/npm/lib/dist-tag.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const npa = require('npm-package-arg')
 const regFetch = require('npm-registry-fetch')
diff --git a/deps/npm/lib/doctor.js b/deps/npm/lib/doctor.js
index a596f1f4b5..0b29936bb4 100644
--- a/deps/npm/lib/doctor.js
+++ b/deps/npm/lib/doctor.js
@@ -20,7 +20,7 @@ const checkPing = async () => {
     if (/^E\d{3}$/.test(er.code || ''))
       throw er.code.substr(1) + ' ' + er.message
     else
-      throw er
+      throw er.message
   } finally {
     tracker.finish()
   }
@@ -92,7 +92,7 @@ const lstat = promisify(fs.lstat)
 const readdir = promisify(fs.readdir)
 const access = promisify(fs.access)
 const isWindows = require('./utils/is-windows.js')
-const checkFilesPermission = async (root, shouldOwn = true, mask = null) => {
+const checkFilesPermission = async (root, shouldOwn, mask = null) => {
   if (mask === null)
     mask = shouldOwn ? R_OK | W_OK : R_OK
 
diff --git a/deps/npm/lib/init.js b/deps/npm/lib/init.js
index ac49f54a79..6e4213c28f 100644
--- a/deps/npm/lib/init.js
+++ b/deps/npm/lib/init.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const initJson = require('init-package-json')
 const npa = require('npm-package-arg')
 
diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js
index f621c85c23..303370594a 100644
--- a/deps/npm/lib/install.js
+++ b/deps/npm/lib/install.js
@@ -1,4 +1,3 @@
-'use strict'
 /* eslint-disable camelcase */
 /* eslint-disable standard/no-callback-literal */
 const fs = require('fs')
diff --git a/deps/npm/lib/link.js b/deps/npm/lib/link.js
index 3f0a518084..f7e13369c8 100644
--- a/deps/npm/lib/link.js
+++ b/deps/npm/lib/link.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { readdir } = require('fs')
 const { resolve } = require('path')
 
diff --git a/deps/npm/lib/logout.js b/deps/npm/lib/logout.js
index 32f74831d4..ba2eb92fee 100644
--- a/deps/npm/lib/logout.js
+++ b/deps/npm/lib/logout.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const eu = encodeURIComponent
 const log = require('npmlog')
 const getAuth = require('npm-registry-fetch/auth.js')
diff --git a/deps/npm/lib/ls.js b/deps/npm/lib/ls.js
index 99de6bfe36..362dacad3d 100644
--- a/deps/npm/lib/ls.js
+++ b/deps/npm/lib/ls.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve } = require('path')
 const { EOL } = require('os')
 
diff --git a/deps/npm/lib/org.js b/deps/npm/lib/org.js
index 12e46dd8e8..d430131f83 100644
--- a/deps/npm/lib/org.js
+++ b/deps/npm/lib/org.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const liborg = require('libnpmorg')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
diff --git a/deps/npm/lib/outdated.js b/deps/npm/lib/outdated.js
index 06bdc4c2d9..f0ec7a72f4 100644
--- a/deps/npm/lib/outdated.js
+++ b/deps/npm/lib/outdated.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const os = require('os')
 const path = require('path')
 const pacote = require('pacote')
diff --git a/deps/npm/lib/owner.js b/deps/npm/lib/owner.js
index dcc1ff6301..0bfb0a6a54 100644
--- a/deps/npm/lib/owner.js
+++ b/deps/npm/lib/owner.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const npa = require('npm-package-arg')
 const npmFetch = require('npm-registry-fetch')
diff --git a/deps/npm/lib/profile.js b/deps/npm/lib/profile.js
index cdecef3af9..50d7ddd7d2 100644
--- a/deps/npm/lib/profile.js
+++ b/deps/npm/lib/profile.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const ansistyles = require('ansistyles')
 const inspect = require('util').inspect
 const log = require('npmlog')
diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js
index da58134f7c..da07a70387 100644
--- a/deps/npm/lib/publish.js
+++ b/deps/npm/lib/publish.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const util = require('util')
 const log = require('npmlog')
 const semver = require('semver')
diff --git a/deps/npm/lib/rebuild.js b/deps/npm/lib/rebuild.js
index f373d8cf55..e02c89bd79 100644
--- a/deps/npm/lib/rebuild.js
+++ b/deps/npm/lib/rebuild.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve } = require('path')
 const Arborist = require('@npmcli/arborist')
 const npa = require('npm-package-arg')
diff --git a/deps/npm/lib/search.js b/deps/npm/lib/search.js
index 5c25bd715b..38f5a1d77b 100644
--- a/deps/npm/lib/search.js
+++ b/deps/npm/lib/search.js
@@ -1,27 +1,23 @@
-'use strict'
-
-module.exports = exports = search
-
+const Minipass = require('minipass')
 const Pipeline = require('minipass-pipeline')
-
-const npm = require('./npm.js')
-const formatPackageStream = require('./search/format-package-stream.js')
-
 const libSearch = require('libnpmsearch')
 const log = require('npmlog')
+
+const formatPackageStream = require('./search/format-package-stream.js')
+const packageFilter = require('./search/package-filter.js')
+const npm = require('./npm.js')
 const output = require('./utils/output.js')
-const usage = require('./utils/usage')
+const usageUtil = require('./utils/usage.js')
+const completion = require('./utils/completion/none.js')
 
-search.usage = usage(
+const usage = usageUtil(
   'search',
   'npm search [--long] [search terms ...]'
 )
 
-search.completion = function (opts, cb) {
-  cb(null, [])
-}
+const cmd = (args, cb) => search(args).then(() => cb()).catch(cb)
 
-function search (args, cb) {
+const search = async (args) => {
   const opts = {
     ...npm.flatOptions,
     ...npm.flatOptions.search,
@@ -30,22 +26,33 @@ function search (args, cb) {
   }
 
   if (opts.include.length === 0)
-    return cb(new Error('search must be called with arguments'))
+    throw new Error('search must be called with arguments')
 
   // Used later to figure out whether we had any packages go out
   let anyOutput = false
 
+  class FilterStream extends Minipass {
+    write (pkg) {
+      if (packageFilter(pkg, opts.include, opts.exclude))
+        super.write(pkg)
+    }
+  }
+
+  const filterStream = new FilterStream()
+
   // Grab a configured output stream that will spit out packages in the
   // desired format.
-  //
-  // This is a text minipass stream
-  var outputStream = formatPackageStream({
+  const outputStream = formatPackageStream({
     args, // --searchinclude options are not highlighted
     ...opts,
   })
 
   log.silly('search', 'searching packages')
-  const p = new Pipeline(libSearch.stream(opts.include, opts), outputStream)
+  const p = new Pipeline(
+    libSearch.stream(opts.include, opts),
+    filterStream,
+    outputStream
+  )
 
   p.on('data', chunk => {
     if (!anyOutput)
@@ -53,24 +60,18 @@ function search (args, cb) {
     output(chunk.toString('utf8'))
   })
 
-  p.promise().then(() => {
-    if (!anyOutput && !opts.json && !opts.parseable)
-      output('No matches found for ' + (args.map(JSON.stringify).join(' ')))
+  await p.promise()
+  if (!anyOutput && !opts.json && !opts.parseable)
+    output('No matches found for ' + (args.map(JSON.stringify).join(' ')))
 
-    log.silly('search', 'search completed')
-    log.clearProgress()
-    cb(null, {})
-  }, err => cb(err))
+  log.silly('search', 'search completed')
+  log.clearProgress()
 }
 
 function prepareIncludes (args, searchopts) {
-  if (typeof searchopts !== 'string')
-    searchopts = ''
-  return searchopts.split(/\s+/).concat(args).map(function (s) {
-    return s.toLowerCase()
-  }).filter(function (s) {
-    return s
-  })
+  return args
+    .map(s => s.toLowerCase())
+    .filter(s => s)
 }
 
 function prepareExcludes (searchexclude) {
@@ -80,7 +81,9 @@ function prepareExcludes (searchexclude) {
   else
     exclude = []
 
-  return exclude.map(function (s) {
-    return s.toLowerCase()
-  })
+  return exclude
+    .map(s => s.toLowerCase())
+    .filter(s => s)
 }
+
+module.exports = Object.assign(cmd, { completion, usage })
diff --git a/deps/npm/lib/search/format-package-stream.js b/deps/npm/lib/search/format-package-stream.js
index 0f75bbff7c..c908601144 100644
--- a/deps/npm/lib/search/format-package-stream.js
+++ b/deps/npm/lib/search/format-package-stream.js
@@ -1,5 +1,3 @@
-'use strict'
-
 // XXX these output classes should not live in here forever.  it'd be good to
 // split them out, perhaps to libnpmsearch
 
diff --git a/deps/npm/lib/search/package-filter.js b/deps/npm/lib/search/package-filter.js
index e3d427a4a0..2e7d8e82ae 100644
--- a/deps/npm/lib/search/package-filter.js
+++ b/deps/npm/lib/search/package-filter.js
@@ -1,5 +1,3 @@
-'use strict'
-
 module.exports = filter
 function filter (data, include, exclude, opts) {
   return typeof data === 'object' &&
diff --git a/deps/npm/lib/set-script.js b/deps/npm/lib/set-script.js
index 4dfc67fbbe..f655c22107 100644
--- a/deps/npm/lib/set-script.js
+++ b/deps/npm/lib/set-script.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const usageUtil = require('./utils/usage.js')
 const { localPrefix } = require('./npm.js')
diff --git a/deps/npm/lib/shrinkwrap.js b/deps/npm/lib/shrinkwrap.js
index 33502a5601..74e129297b 100644
--- a/deps/npm/lib/shrinkwrap.js
+++ b/deps/npm/lib/shrinkwrap.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve, basename } = require('path')
 const { promises: { unlink } } = require('fs')
 const Arborist = require('@npmcli/arborist')
diff --git a/deps/npm/lib/star.js b/deps/npm/lib/star.js
index 85d14d0e42..b3e72d7da3 100644
--- a/deps/npm/lib/star.js
+++ b/deps/npm/lib/star.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const fetch = require('npm-registry-fetch')
 const log = require('npmlog')
 const npa = require('npm-package-arg')
diff --git a/deps/npm/lib/stars.js b/deps/npm/lib/stars.js
index 055543210f..c09ca6003e 100644
--- a/deps/npm/lib/stars.js
+++ b/deps/npm/lib/stars.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const log = require('npmlog')
 const fetch = require('npm-registry-fetch')
 
diff --git a/deps/npm/lib/team.js b/deps/npm/lib/team.js
index 582dadb3f3..5e88011cfe 100644
--- a/deps/npm/lib/team.js
+++ b/deps/npm/lib/team.js
@@ -1,11 +1,12 @@
 const columns = require('cli-columns')
 const libteam = require('libnpmteam')
+
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
 const otplease = require('./utils/otplease.js')
 const usageUtil = require('./utils/usage')
 
-const subcommands = ['create', 'destroy', 'add', 'rm', 'ls', 'edit']
+const subcommands = ['create', 'destroy', 'add', 'rm', 'ls']
 
 const usage = usageUtil(
   'team',
@@ -13,8 +14,7 @@ const usage = usageUtil(
   'npm team destroy <scope:team> [--otp <otpcode>]\n' +
   'npm team add <scope:team> <user> [--otp <otpcode>]\n' +
   'npm team rm <scope:team> <user> [--otp <otpcode>]\n' +
-  'npm team ls <scope>|<scope:team>\n' +
-  'npm team edit <scope:team>'
+  'npm team ls <scope>|<scope:team>\n'
 )
 
 const completion = (opts, cb) => {
@@ -28,7 +28,6 @@ const completion = (opts, cb) => {
     case 'destroy':
     case 'add':
     case 'rm':
-    case 'edit':
       return cb(null, [])
     default:
       return cb(new Error(argv[2] + ' not recognized'))
@@ -56,8 +55,6 @@ const team = async ([cmd, entity = '', user = '']) => {
         else
           return teamListTeams(entity, opts)
       }
-      case 'edit':
-        throw new Error('`npm team edit` is not implemented yet.')
       default:
         throw usage
     }
@@ -125,7 +122,9 @@ const teamListUsers = async (entity, opts) => {
   else if (opts.parseable)
     output(users.join('\n'))
   else if (!opts.silent && opts.loglevel !== 'silent') {
-    output(`\n@${entity} has ${users.length} user${users.length === 1 ? '' : 's'}:\n`)
+    const plural = users.length === 1 ? '' : 's'
+    const more = users.length === 0 ? '' : ':\n'
+    output(`\n@${entity} has ${users.length} user${plural}${more}`)
     output(columns(users, { padding: 1 }))
   }
 }
@@ -137,7 +136,9 @@ const teamListTeams = async (entity, opts) => {
   else if (opts.parseable)
     output(teams.join('\n'))
   else if (!opts.silent && opts.loglevel !== 'silent') {
-    output(`\n@${entity} has ${teams.length} team${teams.length === 1 ? '' : 's'}:\n`)
+    const plural = teams.length === 1 ? '' : 's'
+    const more = teams.length === 0 ? '' : ':\n'
+    output(`\n@${entity} has ${teams.length} team${plural}${more}`)
     output(columns(teams.map(t => `@${t}`), { padding: 1 }))
   }
 }
diff --git a/deps/npm/lib/token.js b/deps/npm/lib/token.js
index 7e53bd6120..8809e4412f 100644
--- a/deps/npm/lib/token.js
+++ b/deps/npm/lib/token.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const profile = require('npm-profile')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
diff --git a/deps/npm/lib/uninstall.js b/deps/npm/lib/uninstall.js
index 4f63abfafc..83a0b00969 100644
--- a/deps/npm/lib/uninstall.js
+++ b/deps/npm/lib/uninstall.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve } = require('path')
 const Arborist = require('@npmcli/arborist')
 const rpj = require('read-package-json-fast')
diff --git a/deps/npm/lib/unpublish.js b/deps/npm/lib/unpublish.js
index d6dbc8d6e3..1d7601b60c 100644
--- a/deps/npm/lib/unpublish.js
+++ b/deps/npm/lib/unpublish.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const path = require('path')
 const util = require('util')
 const log = require('npmlog')
diff --git a/deps/npm/lib/update.js b/deps/npm/lib/update.js
index dd6b0d09ff..bbc6732dba 100644
--- a/deps/npm/lib/update.js
+++ b/deps/npm/lib/update.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const path = require('path')
 
 const Arborist = require('@npmcli/arborist')
diff --git a/deps/npm/lib/utils/child-path.js b/deps/npm/lib/utils/child-path.js
index 4594f43221..38b9df1380 100644
--- a/deps/npm/lib/utils/child-path.js
+++ b/deps/npm/lib/utils/child-path.js
@@ -1,4 +1,3 @@
-'use strict'
 var path = require('path')
 var validate = require('aproba')
 var moduleName = require('../utils/module-name.js')
diff --git a/deps/npm/lib/utils/completion/installed-deep.js b/deps/npm/lib/utils/completion/installed-deep.js
index 803b223ea5..793f3b3e9a 100644
--- a/deps/npm/lib/utils/completion/installed-deep.js
+++ b/deps/npm/lib/utils/completion/installed-deep.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve } = require('path')
 const Arborist = require('@npmcli/arborist')
 const npm = require('../../npm.js')
diff --git a/deps/npm/lib/utils/deep-sort-object.js b/deps/npm/lib/utils/deep-sort-object.js
index e7bb7365b2..56f1854f1e 100644
--- a/deps/npm/lib/utils/deep-sort-object.js
+++ b/deps/npm/lib/utils/deep-sort-object.js
@@ -1,4 +1,3 @@
-'use strict'
 var sortedObject = require('sorted-object')
 
 module.exports = function deepSortObject (obj) {
diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js
index 476ca9e917..cb339523db 100644
--- a/deps/npm/lib/utils/error-handler.js
+++ b/deps/npm/lib/utils/error-handler.js
@@ -1,5 +1,3 @@
-'use strict'
-
 let cbCalled = false
 const log = require('npmlog')
 const npm = require('../npm.js')
diff --git a/deps/npm/lib/utils/error-message.js b/deps/npm/lib/utils/error-message.js
index 04034243fb..695b497ab6 100644
--- a/deps/npm/lib/utils/error-message.js
+++ b/deps/npm/lib/utils/error-message.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const npm = require('../npm.js')
 const { format } = require('util')
 const { resolve } = require('path')
diff --git a/deps/npm/lib/utils/flat-options.js b/deps/npm/lib/utils/flat-options.js
index 9b83de8c44..71edca0718 100644
--- a/deps/npm/lib/utils/flat-options.js
+++ b/deps/npm/lib/utils/flat-options.js
@@ -27,6 +27,13 @@ const buildOmitList = obj => {
     omit.add('optional')
 
   obj.omit = [...omit]
+
+  // it would perhaps make more sense to put this in @npmcli/config, but
+  // since we can set dev to be omitted in multiple various legacy ways,
+  // it's better to set it here once it's all resolved.
+  if (obj.omit.includes('dev'))
+    process.env.NODE_ENV = 'production'
+
   return [...omit]
 }
 
diff --git a/deps/npm/lib/utils/git.js b/deps/npm/lib/utils/git.js
index 369f158908..299302b277 100644
--- a/deps/npm/lib/utils/git.js
+++ b/deps/npm/lib/utils/git.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const exec = require('child_process').execFile
 const spawn = require('./spawn')
 const npm = require('../npm.js')
diff --git a/deps/npm/lib/utils/is-windows-bash.js b/deps/npm/lib/utils/is-windows-bash.js
index 420b4c2d49..0ae99e212c 100644
--- a/deps/npm/lib/utils/is-windows-bash.js
+++ b/deps/npm/lib/utils/is-windows-bash.js
@@ -1,4 +1,3 @@
-'use strict'
 const isWindows = require('./is-windows.js')
 module.exports = isWindows &&
   (/^MINGW(32|64)$/.test(process.env.MSYSTEM) || process.env.TERM === 'cygwin')
diff --git a/deps/npm/lib/utils/is-windows-shell.js b/deps/npm/lib/utils/is-windows-shell.js
index 5f2f95e2e3..477bd43cc1 100644
--- a/deps/npm/lib/utils/is-windows-shell.js
+++ b/deps/npm/lib/utils/is-windows-shell.js
@@ -1,4 +1,3 @@
-'use strict'
 const isWindows = require('./is-windows.js')
 const isWindowsBash = require('./is-windows-bash.js')
 module.exports = isWindows && !isWindowsBash
diff --git a/deps/npm/lib/utils/is-windows.js b/deps/npm/lib/utils/is-windows.js
index 8a991d54f5..fbece90ad7 100644
--- a/deps/npm/lib/utils/is-windows.js
+++ b/deps/npm/lib/utils/is-windows.js
@@ -1,2 +1 @@
-'use strict'
 module.exports = process.platform === 'win32'
diff --git a/deps/npm/lib/utils/metrics-launch.js b/deps/npm/lib/utils/metrics-launch.js
index c39c3fec93..4a3dcde1ab 100644
--- a/deps/npm/lib/utils/metrics-launch.js
+++ b/deps/npm/lib/utils/metrics-launch.js
@@ -1,4 +1,3 @@
-'use strict'
 /* eslint-disable camelcase */
 module.exports = launchSendMetrics
 var fs = require('graceful-fs')
diff --git a/deps/npm/lib/utils/metrics.js b/deps/npm/lib/utils/metrics.js
index c394f1d34f..432f8dc703 100644
--- a/deps/npm/lib/utils/metrics.js
+++ b/deps/npm/lib/utils/metrics.js
@@ -1,4 +1,3 @@
-'use strict'
 exports.start = startMetrics
 exports.stop = stopMetrics
 exports.save = saveMetrics
diff --git a/deps/npm/lib/utils/module-name.js b/deps/npm/lib/utils/module-name.js
index 6152f1258c..c58050e55e 100644
--- a/deps/npm/lib/utils/module-name.js
+++ b/deps/npm/lib/utils/module-name.js
@@ -1,4 +1,3 @@
-'use strict'
 var path = require('path')
 
 module.exports = moduleName
diff --git a/deps/npm/lib/utils/no-progress-while-running.js b/deps/npm/lib/utils/no-progress-while-running.js
index 13c2c50e11..c2e6a01b23 100644
--- a/deps/npm/lib/utils/no-progress-while-running.js
+++ b/deps/npm/lib/utils/no-progress-while-running.js
@@ -1,4 +1,3 @@
-'use strict'
 var log = require('npmlog')
 var progressEnabled
 var running = 0
diff --git a/deps/npm/lib/utils/open-url.js b/deps/npm/lib/utils/open-url.js
index 4d9de4f57f..28c2d038a4 100644
--- a/deps/npm/lib/utils/open-url.js
+++ b/deps/npm/lib/utils/open-url.js
@@ -1,4 +1,3 @@
-'use strict'
 const npm = require('../npm.js')
 const output = require('./output.js')
 const opener = require('opener')
diff --git a/deps/npm/lib/utils/otplease.js b/deps/npm/lib/utils/otplease.js
index 3210f3e912..ca271526cc 100644
--- a/deps/npm/lib/utils/otplease.js
+++ b/deps/npm/lib/utils/otplease.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const prompt = 'This operation requires a one-time password.\nEnter OTP:'
 const readUserInfo = require('./read-user-info.js')
 
diff --git a/deps/npm/lib/utils/pulse-till-done.js b/deps/npm/lib/utils/pulse-till-done.js
index 215a514c8d..9d145eee97 100644
--- a/deps/npm/lib/utils/pulse-till-done.js
+++ b/deps/npm/lib/utils/pulse-till-done.js
@@ -1,4 +1,3 @@
-'use strict'
 const validate = require('aproba')
 const log = require('npmlog')
 
diff --git a/deps/npm/lib/utils/read-local-package.js b/deps/npm/lib/utils/read-local-package.js
index 91a1e3a5b1..7ab130c1f3 100644
--- a/deps/npm/lib/utils/read-local-package.js
+++ b/deps/npm/lib/utils/read-local-package.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { resolve } = require('path')
 const readJson = require('read-package-json-fast')
 const npm = require('../npm.js')
diff --git a/deps/npm/lib/utils/read-user-info.js b/deps/npm/lib/utils/read-user-info.js
index 9977d2d60b..b0166e18c9 100644
--- a/deps/npm/lib/utils/read-user-info.js
+++ b/deps/npm/lib/utils/read-user-info.js
@@ -1,4 +1,3 @@
-'use strict'
 const { promisify } = require('util')
 const readAsync = promisify(require('read'))
 const userValidate = require('npm-user-validate')
diff --git a/deps/npm/lib/utils/replace-info.js b/deps/npm/lib/utils/replace-info.js
index e3e324c885..7c7489bc17 100644
--- a/deps/npm/lib/utils/replace-info.js
+++ b/deps/npm/lib/utils/replace-info.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const URL = require('url').URL
 
 // replaces auth info in an array of arguments or in a strings
diff --git a/deps/npm/lib/utils/usage.js b/deps/npm/lib/utils/usage.js
index 6369140613..ddcbd708b7 100644
--- a/deps/npm/lib/utils/usage.js
+++ b/deps/npm/lib/utils/usage.js
@@ -1,4 +1,3 @@
-'use strict'
 var aliases = require('../utils/cmd-list').aliases
 
 module.exports = function usage (cmd, txt, opt) {
diff --git a/deps/npm/lib/version.js b/deps/npm/lib/version.js
index abdd8d552b..a96f5d6051 100644
--- a/deps/npm/lib/version.js
+++ b/deps/npm/lib/version.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const libversion = require('libnpmversion')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1
index a8a25fea3d..17d8b35a2d 100644
--- a/deps/npm/man/man1/npm-explain.1
+++ b/deps/npm/man/man1/npm-explain.1
@@ -6,6 +6,8 @@
 .RS 2
 .nf
 npm explain <folder | specifier>
+
+alias: why
 .fi
 .RE
 .SS Description
diff --git a/deps/npm/man/man1/npm-link.1 b/deps/npm/man/man1/npm-link.1
index 8279583335..4d055aab4f 100644
--- a/deps/npm/man/man1/npm-link.1
+++ b/deps/npm/man/man1/npm-link.1
@@ -13,43 +13,46 @@ alias: npm ln
 .RE
 .SS Description
 .P
+This is handy for installing your own stuff, so that you can work on it and
+test iteratively without having to continually rebuild\.
+.P
 Package linking is a two\-step process\.
 .P
-First, \fBnpm link\fP in a package folder will create a symlink in the global folder
-\fB{prefix}/lib/node_modules/<package>\fP that links to the package where the \fBnpm
-link\fP command was executed\. It will also link any bins in the package to \fB{prefix}/bin/{name}\fP\|\.
-Note that \fBnpm link\fP uses the global prefix (see \fBnpm prefix \-g\fP for its value)\.
+First, \fBnpm link\fP in a package folder will create a symlink in the global
+folder \fB{prefix}/lib/node_modules/<package>\fP that links to the package
+where the \fBnpm link\fP command was executed\. It will also link any bins in
+the package to \fB{prefix}/bin/{name}\fP\|\.  Note that \fBnpm link\fP uses the global
+prefix (see \fBnpm prefix \-g\fP for its value)\.
 .P
 Next, in some other location, \fBnpm link package\-name\fP will create a
-symbolic link from globally\-installed \fBpackage\-name\fP to \fBnode_modules/\fP
-of the current folder\.
+symbolic link from globally\-installed \fBpackage\-name\fP to \fBnode_modules/\fP of
+the current folder\.
 .P
-Note that \fBpackage\-name\fP is taken from \fBpackage\.json\fP,
-not from directory name\.
+Note that \fBpackage\-name\fP is taken from \fBpackage\.json\fP, \fInot\fR from the
+directory name\.
 .P
-The package name can be optionally prefixed with a scope\. See npm help \fBscope\fP\|\.
-The scope must be preceded by an @\-symbol and followed by a slash\.
+The package name can be optionally prefixed with a scope\. See
+npm help \fBscope\fP\|\.  The scope must be preceded by an @\-symbol and
+followed by a slash\.
 .P
 When creating tarballs for \fBnpm publish\fP, the linked packages are
-"snapshotted" to their current state by resolving the symbolic links\.
-.P
-This is handy for installing your own stuff, so that you can work on it and
-test it iteratively without having to continually rebuild\.
+"snapshotted" to their current state by resolving the symbolic links, if
+they are included in \fBbundleDependencies\fP\|\.
 .P
 For example:
 .P
 .RS 2
 .nf
-    cd ~/projects/node\-redis    # go into the package directory
-    npm link                    # creates global link
-    cd ~/projects/node\-bloggy   # go into some other package directory\.
-    npm link redis              # link\-install the package
+cd ~/projects/node\-redis    # go into the package directory
+npm link                    # creates global link
+cd ~/projects/node\-bloggy   # go into some other package directory\.
+npm link redis              # link\-install the package
 .fi
 .RE
 .P
-Now, any changes to ~/projects/node\-redis will be reflected in
-~/projects/node\-bloggy/node_modules/node\-redis/\. Note that the link should
-be to the package name, not the directory name for that package\.
+Now, any changes to \fB~/projects/node\-redis\fP will be reflected in
+\fB~/projects/node\-bloggy/node_modules/node\-redis/\fP\|\. Note that the link
+should be to the package name, not the directory name for that package\.
 .P
 You may also shortcut the two steps in one\.  For example, to do the
 above use\-case in a shorter way:
@@ -73,16 +76,33 @@ npm link redis
 That is, it first creates a global link, and then links the global
 installation target into your project's \fBnode_modules\fP folder\.
 .P
-Note that in this case, you are referring to the directory name, \fBnode\-redis\fP,
-rather than the package name \fBredis\fP\|\.
+Note that in this case, you are referring to the directory name,
+\fBnode\-redis\fP, rather than the package name \fBredis\fP\|\.
 .P
-If your linked package is scoped (see npm help \fBscope\fP) your link command must include that scope, e\.g\.
+If your linked package is scoped (see npm help \fBscope\fP) your
+link command must include that scope, e\.g\.
 .P
 .RS 2
 .nf
 npm link @myorg/privatepackage
 .fi
 .RE
+.SS Caveat
+.P
+Note that package dependencies linked in this way are \fInot\fR saved to
+\fBpackage\.json\fP by default, on the assumption that the intention is to have
+a link stand in for a regular non\-link dependency\.  Otherwise, for example,
+if you depend on \fBredis@^3\.0\.1\fP, and ran \fBnpm link redis\fP, it would replace
+the \fB^3\.0\.1\fP dependency with \fBfile:\.\./path/to/node\-redis\fP, which you
+probably don't want!  Additionally, other users or developers on your
+project would run into issues if they do not have their folders set up
+exactly the same as yours\.
+.P
+If you are adding a \fInew\fR dependency as a link, you should add it to the
+relevant metadata by running \fBnpm install <dep> \-\-package\-lock\-only\fP\|\.
+.P
+If you \fIwant\fR to save the \fBfile:\fP reference in your \fBpackage\.json\fP and
+\fBpackage\-lock\.json\fP files, you can use \fBnpm link <dep> \-\-save\fP to do so\.
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-logout.1 b/deps/npm/man/man1/npm-logout.1
index c7c41a0c7e..5fd41d2ced 100644
--- a/deps/npm/man/man1/npm-logout.1
+++ b/deps/npm/man/man1/npm-logout.1
@@ -10,13 +10,13 @@ npm logout [\-\-registry=<url>] [\-\-scope=<@scope>]
 .RE
 .SS Description
 .P
-When logged into a registry that supports token\-based authentication, tell the
-server to end this token's session\. This will invalidate the token everywhere
-you're using it, not just for the current environment\.
+When logged into a registry that supports token\-based authentication, tell
+the server to end this token's session\. This will invalidate the token
+everywhere you're using it, not just for the current environment\.
 .P
-When logged into a legacy registry that uses username and password authentication, this will
-clear the credentials in your user configuration\. In this case, it will \fIonly\fR affect
-the current environment\.
+When logged into a legacy registry that uses username and password
+authentication, this will clear the credentials in your user configuration\.
+In this case, it will \fIonly\fR affect the current environment\.
 .P
 If \fB\-\-scope\fP is provided, this will find the credentials for the registry
 connected to that scope, if set\.
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index a11a5ebed0..0f486c67cc 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -13,18 +13,22 @@ aliases: list, la, ll
 .SS Description
 .P
 This command will print to stdout all the versions of packages that are
-installed, as well as their dependencies, in a tree\-structure\.
+installed, as well as their dependencies when \fB\-\-all\fP is specified, in a
+tree structure\.
 .P
-Positional arguments are \fBname@version\-range\fP identifiers, which will
-limit the results to only the paths to the packages named\.  Note that
-nested packages will \fIalso\fR show the paths to the specified packages\.
-For example, running \fBnpm ls promzard\fP in npm's source tree will show:
+Note: to get a "bottoms up" view of why a given package is included in the
+tree at all, use npm help \fBexplain\fP\|\.
+.P
+Positional arguments are \fBname@version\-range\fP identifiers, which will limit
+the results to only the paths to the packages named\.  Note that nested
+packages will \fIalso\fR show the paths to the specified packages\.  For
+example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-    npm@7\.1\.1 /path/to/npm
-    └─┬ init\-package\-json@0\.0\.4
-      └── promzard@0\.1\.5
+npm@7\.1\.2 /path/to/npm
+└─┬ init\-package\-json@0\.0\.4
+  └── promzard@0\.1\.5
 .fi
 .RE
 .P
@@ -35,10 +39,49 @@ in parentheses after the name@version to make it easier for users to
 recognize potential forks of a project\.
 .P
 The tree shown is the logical dependency tree, based on package
-dependencies, not the physical layout of your node_modules folder\.
+dependencies, not the physical layout of your \fBnode_modules\fP folder\.
 .P
 When run as \fBll\fP or \fBla\fP, it shows extended information by default\.
+.SS Note: Design Changes Pending
+.P
+The \fBnpm ls\fP command's output and behavior made a \fIton\fR of sense when npm
+created a \fBnode_modules\fP folder that naively nested every dependency\.  In
+such a case, the logical dependency graph and physical tree of packages on
+disk would be roughly identical\.
+.P
+With the advent of automatic install\-time deduplication of dependencies in
+npm v3, the \fBls\fP output was modified to display the logical dependency
+graph as a tree structure, since this was more useful to most users\.
+However, without using \fBnpm ls \-l\fP, it became impossible show \fIwhere\fR a
+package was actually installed much of the time!
+.P
+With the advent of automatic installation of \fBpeerDependencies\fP in npm v7,
+this gets even more curious, as \fBpeerDependencies\fP are logically
+"underneath" their dependents in the dependency graph, but are always
+physically at or above their location on disk\.
+.P
+Also, in the years since npm got an \fBls\fP command (in version 0\.0\.2!),
+dependency graphs have gotten much larger as a general rule\.  Therefor, in
+order to avoid dumping an excessive amount of content to the terminal, \fBnpm
+ls\fP now only shows the \fItop\fR level dependencies, unless \fB\-\-all\fP is
+provided\.
+.P
+A thorough re\-examination of the use cases, intention, behavior, and output
+of this command, is currently underway\.  Expect significant changes to at
+least the default human\-readable \fBnpm ls\fP output in npm v8\.
 .SS Configuration
+.SS all
+.RS 0
+.IP \(bu 2
+Default: \fBfalse\fP
+.IP \(bu 2
+Type: Boolean
+
+.RE
+.P
+When running \fBnpm outdated\fP and \fBnpm ls\fP, setting \fB\-\-all\fP will show all
+outdated or installed packages, rather than only those directly depended
+upon by the current project\.
 .SS json
 .RS 0
 .IP \(bu 2
@@ -142,6 +185,8 @@ Set it to false in order to use all\-ansi output\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm help explain
+.IP \(bu 2
 npm help config
 .IP \(bu 2
 npm help npmrc
diff --git a/deps/npm/man/man1/npm-org.1 b/deps/npm/man/man1/npm-org.1
index 905a0c2f55..c0e0a34972 100644
--- a/deps/npm/man/man1/npm-org.1
+++ b/deps/npm/man/man1/npm-org.1
@@ -61,12 +61,14 @@ $ npm org ls my\-org @mx\-santos
 .RE
 .SS Description
 .P
-You can use the \fBnpm org\fP commands to manage and view users of an organization\.
-It supports adding and removing users, changing their roles, listing them, and
-finding specific ones and their roles\.
+You can use the \fBnpm org\fP commands to manage and view users of an
+organization\.  It supports adding and removing users, changing their roles,
+listing them, and finding specific ones and their roles\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm help using orgs
+.IP \(bu 2
 Documentation on npm Orgs \fIhttps://docs\.npmjs\.com/orgs/\fR
 
 .RE
diff --git a/deps/npm/man/man1/npm-outdated.1 b/deps/npm/man/man1/npm-outdated.1
index 137d77d2fa..72f60b8167 100644
--- a/deps/npm/man/man1/npm-outdated.1
+++ b/deps/npm/man/man1/npm-outdated.1
@@ -13,33 +13,42 @@ npm outdated [[<@scope>/]<pkg> \.\.\.]
 This command will check the registry to see if any (or, specific) installed
 packages are currently outdated\.
 .P
+By default, only the direct dependencies of the root project are shown\.
+Use \fB\-\-all\fP to find all outdated meta\-dependencies as well\.
+.P
 In the output:
 .RS 0
 .IP \(bu 2
 \fBwanted\fP is the maximum version of the package that satisfies the semver
-range specified in \fBpackage\.json\fP\|\. If there's no available semver range (i\.e\.
-you're running \fBnpm outdated \-\-global\fP, or the package isn't included in
-\fBpackage\.json\fP), then \fBwanted\fP shows the currently\-installed version\.
+range specified in \fBpackage\.json\fP\|\. If there's no available semver range
+(i\.e\.  you're running \fBnpm outdated \-\-global\fP, or the package isn't
+included in \fBpackage\.json\fP), then \fBwanted\fP shows the currently\-installed
+version\.
 .IP \(bu 2
 \fBlatest\fP is the version of the package tagged as latest in the registry\.
-Running \fBnpm publish\fP with no special configuration will publish the package
-with a dist\-tag of \fBlatest\fP\|\. This may or may not be the maximum version of
-the package, or the most\-recently published version of the package, depending
-on how the package's developer manages the latest dist\-tag \fInpm\-dist\-tag\fR\|\.
+Running \fBnpm publish\fP with no special configuration will publish the
+package with a dist\-tag of \fBlatest\fP\|\. This may or may not be the maximum
+version of the package, or the most\-recently published version of the
+package, depending on how the package's developer manages the latest
+npm help dist\-tag\.
 .IP \(bu 2
 \fBlocation\fP is where in the physical tree the package is located\.
 .IP \(bu 2
 \fBdepended by\fP shows which package depends on the displayed dependency
 .IP \(bu 2
-\fBpackage type\fP (when using \fB\-\-long\fP / \fB\-l\fP) tells you whether this package is
-a \fBdependency\fP or a dev/peer/optional dependency\. Packages not included in \fBpackage\.json\fP
-are always marked \fBdependencies\fP\|\.
+\fBpackage type\fP (when using \fB\-\-long\fP / \fB\-l\fP) tells you whether this
+package is a \fBdependency\fP or a dev/peer/optional dependency\. Packages not
+included in \fBpackage\.json\fP are always marked \fBdependencies\fP\|\.
 .IP \(bu 2
-\fBhomepage\fP (when using \fB\-\-long\fP / \fB\-l\fP) is the \fBhomepage\fP value contained in the package's packument
+\fBhomepage\fP (when using \fB\-\-long\fP / \fB\-l\fP) is the \fBhomepage\fP value contained
+in the package's packument
 .IP \(bu 2
-Red means there's a newer version matching your semver requirements, so you should update now\.
+Red means there's a newer version matching your semver requirements, so
+you should update now\.
 .IP \(bu 2
-Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0\.x minor) so proceed with caution\.
+Yellow indicates that there's a newer version \fIabove\fR your semver
+requirements (usually new major, or new 0\.x minor) so proceed with
+caution\.
 
 .RE
 .SS An example
@@ -72,22 +81,23 @@ With these \fBdependencies\fP:
 A few things to note:
 .RS 0
 .IP \(bu 2
-\fBglob\fP requires \fB^5\fP, which prevents npm from installing \fBglob@6\fP, which is
-outside the semver range\.
+\fBglob\fP requires \fB^5\fP, which prevents npm from installing \fBglob@6\fP, which
+is outside the semver range\.
 .IP \(bu 2
-Git dependencies will always be reinstalled, because of how they're specified\.
-The installed committish might satisfy the dependency specifier (if it's
-something immutable, like a commit SHA), or it might not, so \fBnpm outdated\fP and
-\fBnpm update\fP have to fetch Git repos to check\. This is why currently doing a
-reinstall of a Git dependency always forces a new clone and install\.
+Git dependencies will always be reinstalled, because of how they're
+specified\.  The installed committish might satisfy the dependency
+specifier (if it's something immutable, like a commit SHA), or it might
+not, so \fBnpm outdated\fP and \fBnpm update\fP have to fetch Git repos to check\.
+This is why currently doing a reinstall of a Git dependency always forces
+a new clone and install\.
 .IP \(bu 2
-\fBnpm@3\.5\.2\fP is marked as "wanted", but "latest" is \fBnpm@3\.5\.1\fP because npm
-uses dist\-tags to manage its \fBlatest\fP and \fBnext\fP release channels\. \fBnpm update\fP
-will install the \fInewest\fR version, but \fBnpm install npm\fP (with no semver range)
-will install whatever's tagged as \fBlatest\fP\|\.
+\fBnpm@3\.5\.2\fP is marked as "wanted", but "latest" is \fBnpm@3\.5\.1\fP because
+npm uses dist\-tags to manage its \fBlatest\fP and \fBnext\fP release channels\.
+\fBnpm update\fP will install the \fInewest\fR version, but \fBnpm install npm\fP
+(with no semver range) will install whatever's tagged as \fBlatest\fP\|\.
 .IP \(bu 2
-\fBonce\fP is just plain out of date\. Reinstalling \fBnode_modules\fP from scratch or
-running \fBnpm update\fP will bring it up to spec\.
+\fBonce\fP is just plain out of date\. Reinstalling \fBnode_modules\fP from
+scratch or running \fBnpm update\fP will bring it up to spec\.
 
 .RE
 .SS Configuration
diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1
index 158220d0e7..55b7580b94 100644
--- a/deps/npm/man/man1/npm-owner.1
+++ b/deps/npm/man/man1/npm-owner.1
@@ -17,17 +17,14 @@ aliases: author
 Manage ownership of published packages\.
 .RS 0
 .IP \(bu 2
-ls:
-List all the users who have access to modify a package and push new versions\.
-Handy when you need to know who to bug for help\.
+ls: List all the users who have access to modify a package and push new
+versions\.  Handy when you need to know who to bug for help\.
 .IP \(bu 2
-add:
-Add a new user as a maintainer of a package\.  This user is enabled to modify
-metadata, publish new versions, and add other owners\.
+add: Add a new user as a maintainer of a package\.  This user is enabled
+to modify metadata, publish new versions, and add other owners\.
 .IP \(bu 2
-rm:
-Remove a user from the package owner list\.  This immediately revokes their
-privileges\.
+rm: Remove a user from the package owner list\.  This immediately revokes
+their privileges\.
 
 .RE
 .P
@@ -35,12 +32,14 @@ Note that there is only one level of access\.  Either you can modify a package,
 or you can't\.  Future versions may contain more fine\-grained access levels, but
 that is not implemented at this time\.
 .P
-If you have two\-factor authentication enabled with \fBauth\-and\-writes\fP then
-you'll need to include an otp on the command line when changing ownership
-with \fB\-\-otp\fP\|\.
+If you have two\-factor authentication enabled with \fBauth\-and\-writes\fP (see
+npm help \fBnpm\-profile\fP) then you'll need to include an otp
+on the command line when changing ownership with \fB\-\-otp\fP\|\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm help profile
+.IP \(bu 2
 npm help publish
 .IP \(bu 2
 npm help registry
diff --git a/deps/npm/man/man1/npm-pack.1 b/deps/npm/man/man1/npm-pack.1
index 64ce95a4b1..d6fbeef43e 100644
--- a/deps/npm/man/man1/npm-pack.1
+++ b/deps/npm/man/man1/npm-pack.1
@@ -11,10 +11,10 @@ npm pack [[<@scope>/]<pkg>\.\.\.] [\-\-dry\-run]
 .SS Description
 .P
 For anything that's installable (that is, a package folder, tarball,
-tarball url, name@tag, name@version, name, or scoped name), this
-command will fetch it to the cache, and then copy the tarball to the
-current working directory as \fB<name>\-<version>\.tgz\fP, and then write
-the filenames out to stdout\.
+tarball url, git url, name@tag, name@version, name, or scoped name), this
+command will fetch it to the cache, copy the tarball to the current working
+directory as \fB<name>\-<version>\.tgz\fP, and then write the filenames out to
+stdout\.
 .P
 If the same package is specified multiple times, then the file will be
 overwritten the second time\.
@@ -22,10 +22,13 @@ overwritten the second time\.
 If no arguments are supplied, then npm packs the current package folder\.
 .P
 The \fB\-\-dry\-run\fP argument will do everything that pack usually does without
-actually packing anything\. Reports on what would have gone into the tarball\.
+actually packing anything\.  That is, it reports on what would have gone
+into the tarball, but nothing else\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm\-packlist package \fIhttp://npm\.im/npm\-packlist\fR
+.IP \(bu 2
 npm help cache
 .IP \(bu 2
 npm help publish
diff --git a/deps/npm/man/man1/npm-ping.1 b/deps/npm/man/man1/npm-ping.1
index 5912ad0824..95caf91ba5 100644
--- a/deps/npm/man/man1/npm-ping.1
+++ b/deps/npm/man/man1/npm-ping.1
@@ -29,6 +29,8 @@ Ping error: {*Detail about error}
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm help doctor
+.IP \(bu 2
 npm help config
 .IP \(bu 2
 npm help npmrc
diff --git a/deps/npm/man/man1/npm-profile.1 b/deps/npm/man/man1/npm-profile.1
index db8a068b6f..906ce6f9a0 100644
--- a/deps/npm/man/man1/npm-profile.1
+++ b/deps/npm/man/man1/npm-profile.1
@@ -14,13 +14,13 @@ npm profile disable\-2fa
 .RE
 .SS Description
 .P
-Change your profile information on the registry\.  This not be available if
-you're using a non\-npmjs registry\.
+Change your profile information on the registry\.  Note that this command
+depends on the registry implementation, so third\-party registries may not
+support this interface\.
 .RS 0
 .IP \(bu 2
-\fBnpm profile get [<property>]\fP:
-Display all of the properties of your profile, or one or more specific
-properties\.  It looks like:
+\fBnpm profile get [<property>]\fP: Display all of the properties of your
+profile, or one or more specific properties\.  It looks like:
 
 .RE
 .P
@@ -51,31 +51,30 @@ properties\.  It looks like:
 .RE
 .RS 0
 .IP \(bu 2
-\fBnpm profile set <property> <value>\fP:
-Set the value of a profile property\. You can set the following properties this way:
-  email, fullname, homepage, freenode, twitter, github
+\fBnpm profile set <property> <value>\fP: Set the value of a profile
+property\. You can set the following properties this way: email, fullname,
+homepage, freenode, twitter, github
 .IP \(bu 2
-\fBnpm profile set password\fP:
-Change your password\.  This is interactive, you'll be prompted for your
-current password and a new password\.  You'll also be prompted for an OTP
-if you have two\-factor authentication enabled\.
+\fBnpm profile set password\fP: Change your password\.  This is interactive,
+you'll be prompted for your current password and a new password\.  You'll
+also be prompted for an OTP if you have two\-factor authentication
+enabled\.
 .IP \(bu 2
-\fBnpm profile enable\-2fa [auth\-and\-writes|auth\-only]\fP:
-Enables two\-factor authentication\. Defaults to \fBauth\-and\-writes\fP mode\. Modes are:
+\fBnpm profile enable\-2fa [auth\-and\-writes|auth\-only]\fP: Enables two\-factor
+authentication\. Defaults to \fBauth\-and\-writes\fP mode\. Modes are:
 .RS
 .IP \(bu 2
 \fBauth\-only\fP: Require an OTP when logging in or making changes to your
 account's authentication\.  The OTP will be required on both the website
 and the command line\.
 .IP \(bu 2
-\fBauth\-and\-writes\fP: Requires an OTP at all the times \fBauth\-only\fP does, and also requires one when
-publishing a module, setting the \fBlatest\fP dist\-tag, or changing access
-via \fBnpm access\fP and \fBnpm owner\fP\|\.
+\fBauth\-and\-writes\fP: Requires an OTP at all the times \fBauth\-only\fP does,
+and also requires one when publishing a module, setting the \fBlatest\fP
+dist\-tag, or changing access via \fBnpm access\fP and \fBnpm owner\fP\|\.
 
 .RE
 .IP \(bu 2
-\fBnpm profile disable\-2fa\fP:
-Disables two\-factor authentication\.
+\fBnpm profile disable\-2fa\fP: Disables two\-factor authentication\.
 
 .RE
 .SS Details
@@ -86,6 +85,10 @@ available on non npmjs\.com registries\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm help adduser
+.IP \(bu 2
+npm help logout
+.IP \(bu 2
 npm help config
 
 .RE
diff --git a/deps/npm/man/man1/npm-prune.1 b/deps/npm/man/man1/npm-prune.1
index a60b131ea1..0e56bdfa73 100644
--- a/deps/npm/man/man1/npm-prune.1
+++ b/deps/npm/man/man1/npm-prune.1
@@ -10,29 +10,26 @@ npm prune [[<@scope>/]<pkg>\.\.\.] [\-\-production] [\-\-dry\-run] [\-\-json]
 .RE
 .SS Description
 .P
-This command removes "extraneous" packages\.  If a package name is
-provided, then only packages matching one of the supplied names are
-removed\.
+This command removes "extraneous" packages\.  If a package name is provided,
+then only packages matching one of the supplied names are removed\.
 .P
-Extraneous packages are packages that are not listed on the parent
-package's dependencies list\.
+Extraneous packages are those present in the \fBnode_modules\fP folder that are
+not listed as any package's dependency list\.
 .P
 If the \fB\-\-production\fP flag is specified or the \fBNODE_ENV\fP environment
 variable is set to \fBproduction\fP, this command will remove the packages
-specified in your \fBdevDependencies\fP\|\. Setting \fB\-\-no\-production\fP will
-negate \fBNODE_ENV\fP being set to \fBproduction\fP\|\.
+specified in your \fBdevDependencies\fP\|\. Setting \fB\-\-no\-production\fP will negate
+\fBNODE_ENV\fP being set to \fBproduction\fP\|\.
 .P
 If the \fB\-\-dry\-run\fP flag is used then no changes will actually be made\.
 .P
-If the \fB\-\-json\fP flag is used then the changes \fBnpm prune\fP made (or would
+If the \fB\-\-json\fP flag is used, then the changes \fBnpm prune\fP made (or would
 have made with \fB\-\-dry\-run\fP) are printed as a JSON object\.
 .P
-In normal operation with package\-locks enabled, extraneous modules are
-pruned automatically when modules are installed and you'll only need
-this command with the \fB\-\-production\fP flag\.
-.P
-If you've disabled package\-locks then extraneous modules will not be removed
-and it's up to you to run \fBnpm prune\fP from time\-to\-time to remove them\.
+In normal operation, extraneous modules are pruned automatically, so you'll
+only need this command with the \fB\-\-production\fP flag\.  However, in the real
+world, operation is not always "normal"\.  When crashes or mistakes happen,
+this command can help clean up any resulting garbage\.
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1
index eea0d29da0..2ade35c42e 100644
--- a/deps/npm/man/man1/npm-publish.1
+++ b/deps/npm/man/man1/npm-publish.1
@@ -13,62 +13,95 @@ Sets tag 'latest' if no \-\-tag specified
 .RE
 .SS Description
 .P
-Publishes a package to the registry so that it can be installed by name\. All
-files in the package directory are included if no local \fB\|\.gitignore\fP or
-\fB\|\.npmignore\fP file exists\. If both files exist and a file is ignored by
-\fB\|\.gitignore\fP but not by \fB\|\.npmignore\fP then it will be included\.  See
-npm help \fBdevelopers\fP for full details on what's included in the published package, as well as details on how the package is built\.
+Publishes a package to the registry so that it can be installed by name\.
 .P
-By default npm will publish to the public registry\. This can be overridden by
-specifying a different default registry or using a npm help \fBscope\fP in the name (see npm help \fBpackage\.json\fP)\.
+By default npm will publish to the public registry\. This can be overridden
+by specifying a different default registry or using a
+npm help \fBscope\fP in the name (see
+npm help \fBpackage\.json\fP)\.
 .RS 0
 .IP \(bu 2
-\fB<folder>\fP:
-A folder containing a package\.json file
+\fB<folder>\fP: A folder containing a package\.json file
 .IP \(bu 2
-\fB<tarball>\fP:
-A url or file path to a gzipped tar archive containing a single folder
-with a package\.json file inside\.
+\fB<tarball>\fP: A url or file path to a gzipped tar archive containing a
+single folder with a package\.json file inside\.
 .IP \(bu 2
-\fB[\-\-tag <tag>]\fP
-Registers the published package with the given tag, such that
-\fBnpm install <name>@<tag>\fP will install this version\.  By default,
+\fB[\-\-tag <tag>]\fP: Registers the published package with the given tag, such
+that \fBnpm install <name>@<tag>\fP will install this version\.  By default,
 \fBnpm publish\fP updates and \fBnpm install\fP installs the \fBlatest\fP tag\. See
 \fBnpm\-dist\-tag\fP \fInpm\-dist\-tag\fR for details about tags\.
 .IP \(bu 2
-\fB[\-\-access <public|restricted>]\fP
-Tells the registry whether this package should be published as public or
-restricted\. Only applies to scoped packages, which default to \fBrestricted\fP\|\.
-If you don't have a paid account, you must publish with \fB\-\-access public\fP
-to publish scoped packages\.
+\fB[\-\-access <public|restricted>]\fP: Tells the registry whether this package
+should be published as public or restricted\. Only applies to scoped
+packages, which default to \fBrestricted\fP\|\.  If you don't have a paid
+account, you must publish with \fB\-\-access public\fP to publish scoped
+packages\.
 .IP \(bu 2
-\fB[\-\-otp <otpcode>]\fP
-If you have two\-factor authentication enabled in \fBauth\-and\-writes\fP mode
-then you can provide a code from your authenticator with this\. If you
-don't include this and you're running from a TTY then you'll be prompted\.
+\fB[\-\-otp <otpcode>]\fP: If you have two\-factor authentication enabled in
+\fBauth\-and\-writes\fP mode then you can provide a code from your
+authenticator with this\. If you don't include this and you're running
+from a TTY then you'll be prompted\.
 .IP \(bu 2
-\fB[\-\-dry\-run]\fP
-As of \fBnpm@6\fP, does everything publish would do except actually publishing
-to the registry\. Reports the details of what would have been published\.
+\fB[\-\-dry\-run]\fP: As of \fBnpm@6\fP, does everything publish would do except
+actually publishing to the registry\. Reports the details of what would
+have been published\.
 
 .RE
 .P
-Fails if the package name and version combination already exists in
-the specified registry\.
+The publish will fail if the package name and version combination already
+exists in the specified registry\.
 .P
-Once a package is published with a given name and version, that
-specific name and version combination can never be used again, even if
-it is removed with npm help \fBunpublish\fP\|\.
+Once a package is published with a given name and version, that specific
+name and version combination can never be used again, even if it is removed
+with npm help \fBunpublish\fP\|\.
 .P
 As of \fBnpm@5\fP, both a sha1sum and an integrity field with a sha512sum of the
 tarball will be submitted to the registry during publication\. Subsequent
 installs will use the strongest supported algorithm to verify downloads\.
 .P
-Similar to \fB\-\-dry\-run\fP see npm help \fBpack\fP, which figures out the files to be
-included and packs them into a tarball to be uploaded to the registry\.
+Similar to \fB\-\-dry\-run\fP see npm help \fBpack\fP, which figures
+out the files to be included and packs them into a tarball to be uploaded
+to the registry\.
+.SS Files included in package
+.P
+To see what will be included in your package, run \fBnpx npm\-packlist\fP\|\.  All
+files are included by default, with the following exceptions:
+.RS 0
+.IP \(bu 2
+Certain files that are relevant to package installation and distribution
+are always included\.  For example, \fBpackage\.json\fP, \fBREADME\.md\fP,
+\fBLICENSE\fP, and so on\.
+.IP \(bu 2
+If there is a "files" list in
+npm help \fBpackage\.json\fP, then only the files
+specified will be included\.  (If directories are specified, then they
+will be walked recursively and their contents included, subject to the
+same ignore rules\.)
+.IP \(bu 2
+If there is a \fB\|\.gitignore\fP or \fB\|\.npmignore\fP file, then ignored files in
+that and all child directories will be excluded from the package\.  If
+\fIboth\fR files exist, then the \fB\|\.gitignore\fP is ignored, and only the
+\fB\|\.npmignore\fP is used\.
+\fB\|\.npmignore\fP files follow the same pattern
+rules \fIhttps://git\-scm\.com/book/en/v2/Git\-Basics\-Recording\-Changes\-to\-the\-Repository#_ignoring\fR
+as \fB\|\.gitignore\fP files
+.IP \(bu 2
+If the file matches certain patterns, then it will \fInever\fR be included,
+unless explicitly added to the \fB"files"\fP list in \fBpackage\.json\fP, or
+un\-ignored with a \fB!\fP rule in a \fB\|\.npmignore\fP or \fB\|\.gitignore\fP file\.
+.IP \(bu 2
+Symbolic links are never included in npm packages\.
+
+.RE
+.P
+See npm help \fBdevelopers\fP for full details on what's
+included in the published package, as well as details on how the package is
+built\.
 .SS See Also
 .RS 0
 .IP \(bu 2
+npm\-packlist package \fIhttp://npm\.im/npm\-packlist\fR
+.IP \(bu 2
 npm help registry
 .IP \(bu 2
 npm help scope
diff --git a/deps/npm/man/man1/npm-rebuild.1 b/deps/npm/man/man1/npm-rebuild.1
index 93a75ce734..d7fff484e3 100644
--- a/deps/npm/man/man1/npm-rebuild.1
+++ b/deps/npm/man/man1/npm-rebuild.1
@@ -5,19 +5,25 @@
 .P
 .RS 2
 .nf
-npm rebuild [[<@scope>/<name>]\.\.\.]
+npm rebuild [[<@scope>/]<name>[@<version>] \.\.\.]
 
-alias: npm rb
+alias: rb
 .fi
 .RE
 .SS Description
 .P
-This command runs the \fBnpm build\fP command on the matched folders\.  This is useful when you install a new version of node, and must recompile all your C++ addons with the new binary\.
+This command runs the \fBnpm build\fP command on the matched folders\.  This is
+useful when you install a new version of node, and must recompile all your
+C++ addons with the new binary\.  It is also useful when installing with
+\fB\-\-ignore\-scripts\fP and \fB\-\-no\-bin\-links\fP, to explicitly choose which
+packages to build and/or link bins\.
+.P
+If one or more package names (and optionally version ranges) are provided,
+then only packages with a name and version matching one of the specifiers
+will be rebuilt\.
 .SS See Also
 .RS 0
 .IP \(bu 2
-npm help build
-.IP \(bu 2
 npm help install
 
 .RE
diff --git a/deps/npm/man/man1/npm-repo.1 b/deps/npm/man/man1/npm-repo.1
index f08b62c174..fce87ad18e 100644
--- a/deps/npm/man/man1/npm-repo.1
+++ b/deps/npm/man/man1/npm-repo.1
@@ -11,9 +11,9 @@ npm repo [<pkgname> [<pkgname> \.\.\.]]
 .SS Description
 .P
 This command tries to guess at the likely location of a package's
-repository URL, and then tries to open it using the \fB\-\-browser\fP
-config param\. If no package name is provided, it will search for
-a \fBpackage\.json\fP in the current folder and use the \fBname\fP property\.
+repository URL, and then tries to open it using the \fB\-\-browser\fP config
+param\. If no package name is provided, it will search for a \fBpackage\.json\fP
+in the current folder and use the \fBrepository\fP property\.
 .SS Configuration
 .SS browser
 .RS 0
diff --git a/deps/npm/man/man1/npm-restart.1 b/deps/npm/man/man1/npm-restart.1
index a3f9d6a9b8..60e00a33d5 100644
--- a/deps/npm/man/man1/npm-restart.1
+++ b/deps/npm/man/man1/npm-restart.1
@@ -10,10 +10,23 @@ npm restart [\-\- <args>]
 .RE
 .SS Description
 .P
-This restarts a package\.
+This restarts a project\.  It is equivalent to running \fBnpm run\-script
+restart\fP\|\.
 .P
-This runs a package's "stop", "restart", and "start" scripts, and associated
-pre\- and post\- scripts, in the order given below:
+If the current project has a \fB"restart"\fP script specified in
+\fBpackage\.json\fP, then the following scripts will be run:
+.RS 0
+.IP 1. 3
+prerestart
+.IP 2. 3
+restart
+.IP 3. 3
+postrestart
+
+.RE
+.P
+If it does \fInot\fR have a \fB"restart"\fP script specified, but it does have
+\fBstop\fP and/or \fBstart\fP scripts, then the following scripts will be run:
 .RS 0
 .IP 1. 3
 prerestart
@@ -24,24 +37,15 @@ stop
 .IP 4. 3
 poststop
 .IP 5. 3
-restart
-.IP 6. 3
 prestart
-.IP 7. 3
+.IP 6. 3
 start
-.IP 8. 3
+.IP 7. 3
 poststart
-.IP 9. 3
+.IP 8. 3
 postrestart
 
 .RE
-.SS Note
-.P
-Note that the "restart" script is run \fBin addition to\fR the "stop"
-and "start" scripts, not instead of them\.
-.P
-This is the behavior as of \fBnpm\fP major version 2\.  A change in this
-behavior will be accompanied by an increase in major version number
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-root.1 b/deps/npm/man/man1/npm-root.1
index b7c2fba376..e1ba4ef6ca 100644
--- a/deps/npm/man/man1/npm-root.1
+++ b/deps/npm/man/man1/npm-root.1
@@ -11,6 +11,17 @@ npm root [\-g]
 .SS Description
 .P
 Print the effective \fBnode_modules\fP folder to standard out\.
+.P
+Useful for using npm in shell scripts that do things with the
+\fBnode_modules\fP folder\.  For example:
+.P
+.RS 2
+.nf
+#!/bin/bash
+global_node_modules="$(npm root \-\-global)"
+echo "Global packages installed in: ${global_node_modules}"
+.fi
+.RE
 .SS See Also
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1
index 8ed1c64e46..2fb476eed7 100644
--- a/deps/npm/man/man1/npm-run-script.1
+++ b/deps/npm/man/man1/npm-run-script.1
@@ -5,23 +5,25 @@
 .P
 .RS 2
 .nf
-npm run\-script <command> [\-\-silent] [\-\- <args>\.\.\.]
+npm run\-script <command> [\-\-if\-present] [\-\-silent] [\-\- <args>]
 
-alias: npm run
+aliases: run, rum, urn
 .fi
 .RE
 .SS Description
 .P
 This runs an arbitrary command from a package's \fB"scripts"\fP object\.  If no
-\fB"command"\fP is provided, it will list the available scripts\.  \fBrun[\-script]\fP is
-used by the test, start, restart, and stop commands, but can be called
-directly, as well\. When the scripts in the package are printed out, they're
-separated into lifecycle (test, start, restart) and directly\-run scripts\.
+\fB"command"\fP is provided, it will list the available scripts\.
 .P
-As of \fBnpm@2\.0\.0\fP \fIhttps://blog\.npmjs\.org/post/98131109725/npm\-2\-0\-0\fR, you can
-use custom arguments when executing scripts\. The special option \fB\-\-\fP is used by
-getopt \fIhttps://goo\.gl/KxMmtG\fR to delimit the end of the options\. npm will pass
-all the arguments after the \fB\-\-\fP directly to your script:
+\fBrun[\-script]\fP is used by the test, start, restart, and stop commands, but
+can be called directly, as well\. When the scripts in the package are
+printed out, they're separated into lifecycle (test, start, restart) and
+directly\-run scripts\.
+.P
+Any positional arguments are passed to the specified script\.  Use \fB\-\-\fP to
+pass \fB\-\fP\-prefixed flags and options which would otherwise be parsed by npm\.
+.P
+For example:
 .P
 .RS 2
 .nf
@@ -38,14 +40,14 @@ environment variables that will be available to the script at runtime\. If an
 built\-in\.
 .P
 In addition to the shell's pre\-existing \fBPATH\fP, \fBnpm run\fP adds
-\fBnode_modules/\.bin\fP to the \fBPATH\fP provided to scripts\. Any binaries provided by
-locally\-installed dependencies can be used without the \fBnode_modules/\.bin\fP
-prefix\. For example, if there is a \fBdevDependency\fP on \fBtap\fP in your package,
-you should write:
+\fBnode_modules/\.bin\fP to the \fBPATH\fP provided to scripts\. Any binaries
+provided by locally\-installed dependencies can be used without the
+\fBnode_modules/\.bin\fP prefix\. For example, if there is a \fBdevDependency\fP on
+\fBtap\fP in your package, you should write:
 .P
 .RS 2
 .nf
-"scripts": {"test": "tap test/\\*\.js"}
+"scripts": {"test": "tap test/*\.js"}
 .fi
 .RE
 .P
@@ -53,20 +55,17 @@ instead of
 .P
 .RS 2
 .nf
-"scripts": {"test": "node_modules/\.bin/tap test/\\*\.js"}
+"scripts": {"test": "node_modules/\.bin/tap test/*\.js"}
 .fi
 .RE
 .P
-to run your tests\.
-.P
 The actual shell your script is run within is platform dependent\. By default,
 on Unix\-like systems it is the \fB/bin/sh\fP command, on Windows it is the \fBcmd\.exe\fP\|\.
 The actual shell referred to by \fB/bin/sh\fP also depends on the system\.
-As of \fBnpm@5\.1\.0\fP \fIhttps://github\.com/npm/npm/releases/tag/v5\.1\.0\fR you can
-customize the shell with the \fBscript\-shell\fP configuration\.
+You can customize the shell with the \fBscript\-shell\fP configuration\.
 .P
-Scripts are run from the root of the module, regardless of what your current
-working directory is when you call \fBnpm run\fP\|\. If you want your script to
+Scripts are run from the root of the module, regardless of what the current
+working directory is when \fBnpm run\fP is called\. If you want your script to
 use different behavior based on what subdirectory you're in, you can use the
 \fBINIT_CWD\fP environment variable, which holds the full path you were in when
 you ran \fBnpm run\fP\|\.
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 818b7b9f82..59655ec71e 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm <command> [args]
 .RE
 .SS Version
 .P
-7\.1\.1
+7\.1\.2
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7
index c6dac32f92..e24b78cff7 100644
--- a/deps/npm/man/man7/developers.7
+++ b/deps/npm/man/man7/developers.7
@@ -53,68 +53,63 @@ git+https://user@hostname/project/blah\.git#commit\-ish
 .RE
 .P
 The \fBcommit\-ish\fP can be any tag, sha, or branch which can be supplied as
-an argument to \fBgit checkout\fP\|\.  The default is \fBmaster\fP\|\.
+an argument to \fBgit checkout\fP\|\.  The default is whatever the repository uses
+as its default branch\.
 .SS The package\.json File
 .P
 You need to have a \fBpackage\.json\fP file in the root of your project to do
 much of anything with npm\.  That is basically the whole interface\.
 .P
-See npm help \fBpackage\.json\fP for details about what goes in that file\.  At the very
-least, you need:
+See npm help \fBpackage\.json\fP for details about what
+goes in that file\.  At the very least, you need:
 .RS 0
 .IP \(bu 2
-name:
-This should be a string that identifies your project\.  Please do not
-use the name to specify that it runs on node, or is in JavaScript\.
-You can use the "engines" field to explicitly state the versions of
-node (or whatever else) that your program requires, and it's pretty
-well assumed that it's JavaScript\.
+name: This should be a string that identifies your project\.  Please do
+not use the name to specify that it runs on node, or is in JavaScript\.
+You can use the "engines" field to explicitly state the versions of node
+(or whatever else) that your program requires, and it's pretty well
+assumed that it's JavaScript\.
 It does not necessarily need to match your github repository name\.
 So, \fBnode\-foo\fP and \fBbar\-js\fP are bad names\.  \fBfoo\fP or \fBbar\fP are better\.
 .IP \(bu 2
-version:
-A semver\-compatible version\.
+version: A semver\-compatible version\.
 .IP \(bu 2
-engines:
-Specify the versions of node (or whatever else) that your program
-runs on\.  The node API changes a lot, and there may be bugs or new
-functionality that you depend on\.  Be explicit\.
+engines: Specify the versions of node (or whatever else) that your
+program runs on\.  The node API changes a lot, and there may be bugs or
+new functionality that you depend on\.  Be explicit\.
 .IP \(bu 2
-author:
-Take some credit\.
+author: Take some credit\.
 .IP \(bu 2
-scripts:
-If you have a special compilation or installation script, then you
-should put it in the \fBscripts\fP object\.  You should definitely have at
-least a basic smoke\-test command as the "scripts\.test" field\.
-See npm help scripts\.
+scripts: If you have a special compilation or installation script, then
+you should put it in the \fBscripts\fP object\.  You should definitely have at
+least a basic smoke\-test command as the "scripts\.test" field\.  See
+npm help scripts\.
 .IP \(bu 2
-main:
-If you have a single module that serves as the entry point to your
-program (like what the "foo" package gives you at require("foo")),
-then you need to specify that in the "main" field\.
+main: If you have a single module that serves as the entry point to your
+program (like what the "foo" package gives you at require("foo")), then
+you need to specify that in the "main" field\.
 .IP \(bu 2
-directories:
-This is an object mapping names to folders\.  The best ones to include are
-"lib" and "doc", but if you use "man" to specify a folder full of man pages,
-they'll get installed just like these ones\.
+directories: This is an object mapping names to folders\.  The best ones
+to include are "lib" and "doc", but if you use "man" to specify a folder
+full of man pages, they'll get installed just like these ones\.
 
 .RE
 .P
 You can use \fBnpm init\fP in the root of your package in order to get you
-started with a pretty basic package\.json file\.  See
-npm help \fBinit\fP for more info\.
+started with a pretty basic package\.json file\.  See npm help \fBnpm
+init\fP for more info\.
 .SS Keeping files \fIout\fR of your package
 .P
-Use a \fB\|\.npmignore\fP file to keep stuff out of your package\.  If there's
-no \fB\|\.npmignore\fP file, but there \fIis\fR a \fB\|\.gitignore\fP file, then npm will
-ignore the stuff matched by the \fB\|\.gitignore\fP file\.  If you \fIwant\fR to
-include something that is excluded by your \fB\|\.gitignore\fP file, you can
-create an empty \fB\|\.npmignore\fP file to override it\. Like \fBgit\fP, \fBnpm\fP looks
-for \fB\|\.npmignore\fP and \fB\|\.gitignore\fP files in all subdirectories of your
-package, not only the root directory\.
+Use a \fB\|\.npmignore\fP file to keep stuff out of your package\.  If there's no
+\fB\|\.npmignore\fP file, but there \fIis\fR a \fB\|\.gitignore\fP file, then npm will ignore
+the stuff matched by the \fB\|\.gitignore\fP file\.  If you \fIwant\fR to include
+something that is excluded by your \fB\|\.gitignore\fP file, you can create an
+empty \fB\|\.npmignore\fP file to override it\. Like \fBgit\fP, \fBnpm\fP looks for
+\fB\|\.npmignore\fP and \fB\|\.gitignore\fP files in all subdirectories of your package,
+not only the root directory\.
 .P
-\fB\|\.npmignore\fP files follow the same pattern rules \fIhttps://git\-scm\.com/book/en/v2/Git\-Basics\-Recording\-Changes\-to\-the\-Repository#_ignoring\fR
+\fB\|\.npmignore\fP files follow the same pattern
+rules \fIhttps://git\-scm\.com/book/en/v2/Git\-Basics\-Recording\-Changes\-to\-the\-Repository#_ignoring\fR
 as \fB\|\.gitignore\fP files:
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index b16f208556..1f979ba140 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -808,7 +808,7 @@ module.exports = cls => class Reifier extends cls {
 
         if (req.registry) {
           const version = child.version
-          const prefixRange = this[_savePrefix] + version
+          const prefixRange = version ? this[_savePrefix] + version : '*'
           // if we installed a range, then we save the range specified
           // if it is not a subset of the ^x.y.z.  eg, installing a range
           // of `1.x <1.2.3` will not be saved as `^1.2.0`, because that
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index c8dce9a2b0..2f3ccb6131 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.5",
diff --git a/deps/npm/node_modules/@npmcli/config/lib/set-envs.js b/deps/npm/node_modules/@npmcli/config/lib/set-envs.js
index b1b1db35c5..0893337961 100644
--- a/deps/npm/node_modules/@npmcli/config/lib/set-envs.js
+++ b/deps/npm/node_modules/@npmcli/config/lib/set-envs.js
@@ -59,6 +59,8 @@ const setEnvs = (config) => {
   else
     env.PREFIX = globalPrefix
 
+  env.INIT_CWD = env.INIT_CWD || process.cwd()
+
   // if the key is the default value,
   //   if the environ is NOT the default value,
   //     set the environ
@@ -94,7 +96,7 @@ const setEnvs = (config) => {
 
   if (require.main && require.main.filename)
     env.npm_execpath = require.main.filename
-  env.npm_node_execpath = config.execPath
+  env.NODE = env.npm_node_execpath = config.execPath
 }
 
 module.exports = setEnvs
diff --git a/deps/npm/node_modules/@npmcli/config/package.json b/deps/npm/node_modules/@npmcli/config/package.json
index eebb8d23e9..f8334ab51d 100644
--- a/deps/npm/node_modules/@npmcli/config/package.json
+++ b/deps/npm/node_modules/@npmcli/config/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/config",
-  "version": "1.2.4",
+  "version": "1.2.6",
   "files": [
     "lib"
   ],
diff --git a/deps/npm/node_modules/function-bind/.jscs.json b/deps/npm/node_modules/function-bind/.jscs.json
index 773f4ced19..8c4479480b 100644
--- a/deps/npm/node_modules/function-bind/.jscs.json
+++ b/deps/npm/node_modules/function-bind/.jscs.json
@@ -173,3 +173,4 @@
 
 	"requireUseStrict": true
 }
+
diff --git a/deps/npm/node_modules/function-bind/LICENSE b/deps/npm/node_modules/function-bind/LICENSE
index 5b1b5dc368..62d6d237ff 100644
--- a/deps/npm/node_modules/function-bind/LICENSE
+++ b/deps/npm/node_modules/function-bind/LICENSE
@@ -17,3 +17,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
+
diff --git a/deps/npm/node_modules/ini/ini.js b/deps/npm/node_modules/ini/ini.js
index 040125886a..b576f08d7a 100644
--- a/deps/npm/node_modules/ini/ini.js
+++ b/deps/npm/node_modules/ini/ini.js
@@ -15,7 +15,7 @@ function encode (obj, opt) {
   if (typeof opt === 'string') {
     opt = {
       section: opt,
-      whitespace: false
+      whitespace: false,
     }
   } else {
     opt = opt || {}
@@ -30,27 +30,25 @@ function encode (obj, opt) {
       val.forEach(function (item) {
         out += safe(k + '[]') + separator + safe(item) + '\n'
       })
-    } else if (val && typeof val === 'object') {
+    } else if (val && typeof val === 'object')
       children.push(k)
-    } else {
+    else
       out += safe(k) + separator + safe(val) + eol
-    }
   })
 
-  if (opt.section && out.length) {
+  if (opt.section && out.length)
     out = '[' + safe(opt.section) + ']' + eol + out
-  }
 
   children.forEach(function (k, _, __) {
     var nk = dotSplit(k).join('\\.')
     var section = (opt.section ? opt.section + '.' : '') + nk
     var child = encode(obj[k], {
       section: section,
-      whitespace: opt.whitespace
+      whitespace: opt.whitespace,
     })
-    if (out.length && child.length) {
+    if (out.length && child.length)
       out += eol
-    }
+
     out += child
   })
 
@@ -62,7 +60,7 @@ function dotSplit (str) {
     .replace(/\\\./g, '\u0001')
     .split(/\./).map(function (part) {
       return part.replace(/\1/g, '\\.')
-      .replace(/\2LITERAL\\1LITERAL\2/g, '\u0001')
+        .replace(/\2LITERAL\\1LITERAL\2/g, '\u0001')
     })
 }
 
@@ -75,9 +73,11 @@ function decode (str) {
   var lines = str.split(/[\r\n]+/g)
 
   lines.forEach(function (line, _, __) {
-    if (!line || line.match(/^\s*[;#]/)) return
+    if (!line || line.match(/^\s*[;#]/))
+      return
     var match = line.match(re)
-    if (!match) return
+    if (!match)
+      return
     if (match[1] !== undefined) {
       section = unsafe(match[1])
       if (section === '__proto__') {
@@ -90,6 +90,8 @@ function decode (str) {
       return
     }
     var key = unsafe(match[2])
+    if (key === '__proto__')
+      return
     var value = match[3] ? unsafe(match[4]) : true
     switch (value) {
       case 'true':
@@ -100,21 +102,20 @@ function decode (str) {
     // Convert keys with '[]' suffix to an array
     if (key.length > 2 && key.slice(-2) === '[]') {
       key = key.substring(0, key.length - 2)
-      if (key === '__proto__') return
-      if (!p[key]) {
+      if (key === '__proto__')
+        return
+      if (!p[key])
         p[key] = []
-      } else if (!Array.isArray(p[key])) {
+      else if (!Array.isArray(p[key]))
         p[key] = [p[key]]
-      }
     }
 
     // safeguard against resetting a previously defined
     // array by accidentally forgetting the brackets
-    if (Array.isArray(p[key])) {
+    if (Array.isArray(p[key]))
       p[key].push(value)
-    } else {
+    else
       p[key] = value
-    }
   })
 
   // {a:{y:1},"a.b":{x:2}} --> {a:{y:1,b:{x:2}}}
@@ -122,9 +123,9 @@ function decode (str) {
   Object.keys(out).filter(function (k, _, __) {
     if (!out[k] ||
       typeof out[k] !== 'object' ||
-      Array.isArray(out[k])) {
+      Array.isArray(out[k]))
       return false
-    }
+
     // see if the parent section is also an object.
     // if so, add it to that, and mark this one for deletion
     var parts = dotSplit(k)
@@ -132,13 +133,15 @@ function decode (str) {
     var l = parts.pop()
     var nl = l.replace(/\\\./g, '.')
     parts.forEach(function (part, _, __) {
-      if (part === '__proto__') return
-      if (!p[part] || typeof p[part] !== 'object') p[part] = {}
+      if (part === '__proto__')
+        return
+      if (!p[part] || typeof p[part] !== 'object')
+        p[part] = {}
       p = p[part]
     })
-    if (p === out && nl === l) {
+    if (p === out && nl === l)
       return false
-    }
+
     p[nl] = out[k]
     return true
   }).forEach(function (del, _, __) {
@@ -160,18 +163,20 @@ function safe (val) {
     (val.length > 1 &&
      isQuoted(val)) ||
     val !== val.trim())
-      ? JSON.stringify(val)
-      : val.replace(/;/g, '\\;').replace(/#/g, '\\#')
+    ? JSON.stringify(val)
+    : val.replace(/;/g, '\\;').replace(/#/g, '\\#')
 }
 
 function unsafe (val, doUnesc) {
   val = (val || '').trim()
   if (isQuoted(val)) {
     // remove the single quotes before calling JSON.parse
-    if (val.charAt(0) === "'") {
+    if (val.charAt(0) === "'")
       val = val.substr(1, val.length - 2)
-    }
-    try { val = JSON.parse(val) } catch (_) {}
+
+    try {
+      val = JSON.parse(val)
+    } catch (_) {}
   } else {
     // walk the val to find the first not-escaped ; character
     var esc = false
@@ -179,23 +184,22 @@ function unsafe (val, doUnesc) {
     for (var i = 0, l = val.length; i < l; i++) {
       var c = val.charAt(i)
       if (esc) {
-        if ('\\;#'.indexOf(c) !== -1) {
+        if ('\\;#'.indexOf(c) !== -1)
           unesc += c
-        } else {
+        else
           unesc += '\\' + c
-        }
+
         esc = false
-      } else if (';#'.indexOf(c) !== -1) {
+      } else if (';#'.indexOf(c) !== -1)
         break
-      } else if (c === '\\') {
+      else if (c === '\\')
         esc = true
-      } else {
+      else
         unesc += c
-      }
     }
-    if (esc) {
+    if (esc)
       unesc += '\\'
-    }
+
     return unesc.trim()
   }
   return val
diff --git a/deps/npm/node_modules/ini/package.json b/deps/npm/node_modules/ini/package.json
index c23bc875dd..c830a3556e 100644
--- a/deps/npm/node_modules/ini/package.json
+++ b/deps/npm/node_modules/ini/package.json
@@ -2,26 +2,29 @@
   "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",
   "name": "ini",
   "description": "An ini encoder/decoder for node",
-  "version": "1.3.6",
+  "version": "1.3.8",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/ini.git"
   },
   "main": "ini.js",
   "scripts": {
-    "pretest": "standard ini.js",
-    "test": "tap test/*.js --100 -J",
+    "eslint": "eslint",
+    "lint": "npm run eslint -- ini.js test/*.js",
+    "lintfix": "npm run lint -- --fix",
+    "test": "tap",
+    "posttest": "npm run lint",
     "preversion": "npm test",
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags"
   },
-  "engines": {
-    "node": "*"
-  },
-  "dependencies": {},
   "devDependencies": {
-    "standard": "^10.0.3",
-    "tap": "^10.7.3 || 11"
+    "eslint": "^7.9.0",
+    "eslint-plugin-import": "^2.22.0",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-promise": "^4.2.1",
+    "eslint-plugin-standard": "^4.0.1",
+    "tap": "14"
   },
   "license": "ISC",
   "files": [
diff --git a/deps/npm/node_modules/puka/README.md b/deps/npm/node_modules/puka/README.md
index edbda4d3a2..2670f742b3 100644
--- a/deps/npm/node_modules/puka/README.md
+++ b/deps/npm/node_modules/puka/README.md
@@ -228,7 +228,7 @@ particular platform.
     `'win32'`, `'linux'`, etc.; determines how the string is to be formatted.
     When omitted, effectively the same as `process.platform`.
 
-Returns **[String][2]**
+Returns **[String][2]** 
 
 ##### sh
 
@@ -236,7 +236,7 @@ Returns **[String][2]**
 that this function returns a ShellString which has not yet been formatted
 into a String.
 
-Returns **[ShellString][5]**
+Returns **[ShellString][5]** 
 
 ### Secret API
 
diff --git a/deps/npm/package.json b/deps/npm/package.json
index cea27e6e0c..89cb0e6aad 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.1.1",
+  "version": "7.1.2",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "keywords": [
@@ -42,16 +42,15 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@npmcli/arborist": "^2.0.0",
+    "@npmcli/arborist": "^2.0.1",
     "@npmcli/ci-detect": "^1.2.0",
-    "@npmcli/config": "^1.2.4",
+    "@npmcli/config": "^1.2.6",
     "@npmcli/run-script": "^1.8.1",
     "abbrev": "~1.1.1",
     "ansicolors": "~0.3.2",
     "ansistyles": "~0.1.3",
     "aproba": "^2.0.0",
     "archy": "~1.0.0",
-    "bin-links": "^2.2.1",
     "byte-size": "^7.0.0",
     "cacache": "^15.0.5",
     "chalk": "^4.1.0",
@@ -63,8 +62,7 @@
     "glob": "^7.1.4",
     "graceful-fs": "^4.2.3",
     "hosted-git-info": "^3.0.6",
-    "inherits": "^2.0.4",
-    "ini": "^1.3.6",
+    "ini": "^1.3.8",
     "init-package-json": "^2.0.1",
     "is-cidr": "^4.0.2",
     "leven": "^3.1.0",
@@ -78,12 +76,13 @@
     "libnpmteam": "^2.0.2",
     "libnpmversion": "^1.0.7",
     "make-fetch-happen": "^8.0.12",
+    "minipass": "^3.1.3",
+    "minipass-pipeline": "^1.2.4",
     "mkdirp": "^1.0.4",
     "mkdirp-infer-owner": "^2.0.0",
     "ms": "^2.1.2",
     "node-gyp": "^7.1.2",
     "nopt": "^5.0.0",
-    "normalize-package-data": "^3.0.0",
     "npm-audit-report": "^2.1.4",
     "npm-package-arg": "^8.1.0",
     "npm-pick-manifest": "^6.1.0",
@@ -105,6 +104,7 @@
     "tar": "^6.0.5",
     "text-table": "~0.2.0",
     "tiny-relative-date": "^1.3.0",
+    "treeverse": "^1.0.4",
     "uuid": "^8.3.1",
     "validate-npm-package-name": "~3.0.0",
     "which": "^2.0.2",
@@ -120,7 +120,6 @@
     "ansistyles",
     "aproba",
     "archy",
-    "bin-links",
     "byte-size",
     "cacache",
     "chalk",
@@ -132,10 +131,10 @@
     "glob",
     "graceful-fs",
     "hosted-git-info",
-    "inherits",
     "ini",
     "init-package-json",
     "is-cidr",
+    "json-parse-even-better-errors",
     "leven",
     "libnpmaccess",
     "libnpmfund",
@@ -147,12 +146,13 @@
     "libnpmteam",
     "libnpmversion",
     "make-fetch-happen",
+    "minipass",
+    "minipass-pipeline",
     "mkdirp",
     "mkdirp-infer-owner",
     "ms",
     "node-gyp",
     "nopt",
-    "normalize-package-data",
     "npm-audit-report",
     "npm-package-arg",
     "npm-pick-manifest",
@@ -174,6 +174,7 @@
     "tar",
     "text-table",
     "tiny-relative-date",
+    "treeverse",
     "uuid",
     "validate-npm-package-name",
     "which",
@@ -187,6 +188,7 @@
     "eslint-plugin-promise": "^4.2.1",
     "eslint-plugin-standard": "^5.0.0",
     "jsdom": "^16.4.0",
+    "json-parse-even-better-errors": "^2.3.1",
     "marked-man": "^0.7.0",
     "require-inject": "^1.4.4",
     "tap": "^14.11.0",
diff --git a/deps/npm/tap-snapshots/test-lib-search.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-search.js-TAP.test.js
new file mode 100644
index 0000000000..4b4dc75ea3
--- /dev/null
+++ b/deps/npm/tap-snapshots/test-lib-search.js-TAP.test.js
@@ -0,0 +1,20 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below.  Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/search.js TAP empty search results > should have expected search results 1`] = `
+No matches found for "foo"
+`
+
+exports[`test/lib/search.js TAP search <name> --searchexclude --searchopts > should have filtered expected search results 1`] = `
+NAME                      | AUTHOR          | DATE        | VERSION  | KEYWORDS
+foo                       | =foo            | prehistoric | 1.0.0    |         
+`
+
+exports[`test/lib/search.js TAP search <name> > should have expected search results 1`] = `
+NAME                      | AUTHOR          | DATE       | VERSION  | KEYWORDS                   
+libnpm                    | =nlf…           | 2019-07-16 | 3.0.1    | npm api package manager liblibnpmaccess              | =nlf…           | 2020-11-03 | 4.0.1    | @evocateur/libnpmaccess   | =evocateur      | 2019-07-16 | 3.1.2    | @evocateur/libnpmpublish  | =evocateur      | 2019-07-16 | 1.2.2    | libnpmorg                 | =nlf…           | 2020-11-03 | 2.0.1    | libnpm npm package manager api orgs teamslibnpmsearch              | =nlf…           | 2020-12-08 | 3.1.0    | npm search api libnpmlibnpmteam                | =nlf…           | 2020-11-03 | 2.0.2    | libnpmhook                | =nlf…           | 2020-11-03 | 6.0.1    | npm hooks registry npm apilibnpmpublish             | =nlf…           | 2020-11-03 | 4.0.0    | libnpmfund                | =nlf…           | 2020-12-08 | 1.0.2    | npm npmcli libnpm cli git fund gitfund@npmcli/map-workspaces    | =nlf…           | 2020-09-30 | 1.0.1    | npm npmcli libnpm cli workspaces map-workspaceslibnpmversion             | =nlf…           | 2020-11-04 | 1.0.7    | @types/libnpmsearch       | =types          | 2019-09-26 | 2.0.1    | 
+`
diff --git a/deps/npm/tap-snapshots/test-lib-team.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-team.js-TAP.test.js
new file mode 100644
index 0000000000..73123ee1af
--- /dev/null
+++ b/deps/npm/tap-snapshots/test-lib-team.js-TAP.test.js
@@ -0,0 +1,85 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below.  Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/team.js TAP team add <scope:team> <user> --parseable > should output success result for parseable add user 1`] = `
+foo	npmcli:developers	added
+`
+
+exports[`test/lib/team.js TAP team add <scope:team> <user> default output > should output success result for add user 1`] = `
+foo added to @npmcli:developers
+`
+
+exports[`test/lib/team.js TAP team create <scope:team> --parseable > should output parseable success result for create team 1`] = `
+npmcli:newteam	created
+`
+
+exports[`test/lib/team.js TAP team create <scope:team> default output > should output success result for create team 1`] = `
++@npmcli:newteam
+`
+
+exports[`test/lib/team.js TAP team destroy <scope:team> --parseable > should output parseable result for destroy team 1`] = `
+npmcli:newteam	deleted
+`
+
+exports[`test/lib/team.js TAP team destroy <scope:team> default output > should output success result for destroy team 1`] = `
+-@npmcli:newteam
+`
+
+exports[`test/lib/team.js TAP team ls <scope:team> --parseable > should list users for a parseable scope:team 1`] = `
+darcyclarke
+isaacs
+nlf
+ruyadorno
+`
+
+exports[`test/lib/team.js TAP team ls <scope:team> default output > should list users for a given scope:team 1`] = `
+
+@npmcli:developers has 4 users:
+darcyclarke isaacs nlf ruyadorno
+`
+
+exports[`test/lib/team.js TAP team ls <scope:team> no users > should list no users for a given scope 1`] = `
+
+@npmcli:developers has 0 users
+`
+
+exports[`test/lib/team.js TAP team ls <scope:team> single user > should list single user for a given scope 1`] = `
+
+@npmcli:developers has 1 user:
+foo
+`
+
+exports[`test/lib/team.js TAP team ls <scope> --parseable > should list teams for a parseable scope 1`] = `
+npmcli:designers
+npmcli:developers
+npmcli:product
+`
+
+exports[`test/lib/team.js TAP team ls <scope> default output > should list teams for a given scope 1`] = `
+
+@npmcli has 3 teams:
+@npmcli:designers @npmcli:developers @npmcli:product
+`
+
+exports[`test/lib/team.js TAP team ls <scope> no teams > should list no teams for a given scope 1`] = `
+
+@npmcli has 0 teams
+`
+
+exports[`test/lib/team.js TAP team ls <scope> single team > should list single team for a given scope 1`] = `
+
+@npmcli has 1 team:
+@npmcli:developers
+`
+
+exports[`test/lib/team.js TAP team rm <scope:team> <user> --parseable > should output parseable result for remove user 1`] = `
+foo	npmcli:newteam	removed
+`
+
+exports[`test/lib/team.js TAP team rm <scope:team> <user> default output > should output success result for remove user 1`] = `
+foo removed from @npmcli:newteam
+`
diff --git a/deps/npm/test/coverage-map.js b/deps/npm/test/coverage-map.js
index 6353109da2..f247c051f0 100644
--- a/deps/npm/test/coverage-map.js
+++ b/deps/npm/test/coverage-map.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const full = process.env.npm_lifecycle_event === 'check-coverage'
 const coverageMap = (filename) => {
   if (full && /load-all.js$/.test(filename)) {
diff --git a/deps/npm/test/fixtures/libnpmsearch-stream-result.js b/deps/npm/test/fixtures/libnpmsearch-stream-result.js
new file mode 100644
index 0000000000..4d3aca396f
--- /dev/null
+++ b/deps/npm/test/fixtures/libnpmsearch-stream-result.js
@@ -0,0 +1,277 @@
+module.exports = [
+  {
+    name: 'libnpm',
+    scope: 'unscoped',
+    version: '3.0.1',
+    description: 'Collection of programmatic APIs for the npm CLI',
+    keywords: ['npm', 'api', 'package manager', 'lib'],
+    date: new Date('2019-07-16T17:50:00.572Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpm',
+      homepage: 'https://github.com/npm/libnpm#readme',
+      repository: 'https://github.com/npm/libnpm',
+      bugs: 'https://github.com/npm/libnpm/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@zkat.tech' },
+    publisher: { username: 'isaacs', email: 'i@izs.me' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmaccess',
+    scope: 'unscoped',
+    version: '4.0.1',
+    description: 'programmatic library for `npm access` commands',
+    date: new Date('2020-11-03T19:19:00.526Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmaccess',
+      homepage: 'https://npmjs.com/package/libnpmaccess',
+      repository: 'https://github.com/npm/libnpmaccess',
+      bugs: 'https://github.com/npm/libnpmaccess/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@sykosomatic.org' },
+    publisher: { username: 'nlf', email: 'quitlahok@gmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: '@evocateur/libnpmaccess',
+    scope: 'evocateur',
+    version: '3.1.2',
+    description: 'programmatic library for `npm access` commands',
+    date: new Date('2019-07-16T19:43:33.959Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/%40evocateur%2Flibnpmaccess',
+      homepage: 'https://npmjs.com/package/@evocateur/libnpmaccess',
+      repository: 'https://github.com/evocateur/libnpmaccess',
+      bugs: 'https://github.com/evocateur/libnpmaccess/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@zkat.tech' },
+    publisher: { username: 'evocateur', email: 'daniel.stockman@gmail.com' },
+    maintainers: [{ username: 'evocateur', email: 'daniel.stockman@gmail.com' }],
+  },
+  {
+    name: '@evocateur/libnpmpublish',
+    scope: 'evocateur',
+    version: '1.2.2',
+    description: 'Programmatic API for the bits behind npm publish and unpublish',
+    date: new Date('2019-07-16T19:40:40.850Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/%40evocateur%2Flibnpmpublish',
+      homepage: 'https://npmjs.com/package/@evocateur/libnpmpublish',
+      repository: 'https://github.com/evocateur/libnpmpublish',
+      bugs: 'https://github.com/evocateur/libnpmpublish/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@zkat.tech' },
+    publisher: { username: 'evocateur', email: 'daniel.stockman@gmail.com' },
+    maintainers: [{ username: 'evocateur', email: 'daniel.stockman@gmail.com' }],
+  },
+  {
+    name: 'libnpmorg',
+    scope: 'unscoped',
+    version: '2.0.1',
+    description: 'Programmatic api for `npm org` commands',
+    keywords: ['libnpm', 'npm', 'package manager', 'api', 'orgs', 'teams'],
+    date: new Date('2020-11-03T19:21:57.757Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmorg',
+      homepage: 'https://npmjs.com/package/libnpmorg',
+      repository: 'https://github.com/npm/libnpmorg',
+      bugs: 'https://github.com/npm/libnpmorg/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@sykosomatic.org' },
+    publisher: { username: 'nlf', email: 'quitlahok@gmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmsearch',
+    scope: 'unscoped',
+    version: '3.1.0',
+    description: 'Programmatic API for searching in npm and compatible registries.',
+    keywords: ['npm', 'search', 'api', 'libnpm'],
+    date: new Date('2020-12-08T23:54:18.374Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmsearch',
+      homepage: 'https://npmjs.com/package/libnpmsearch',
+      repository: 'https://github.com/npm/libnpmsearch',
+      bugs: 'https://github.com/npm/libnpmsearch/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@sykosomatic.org' },
+    publisher: { username: 'isaacs', email: 'i@izs.me' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmteam',
+    scope: 'unscoped',
+    version: '2.0.2',
+    description: 'npm Team management APIs',
+    date: new Date('2020-11-03T19:24:42.380Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmteam',
+      homepage: 'https://npmjs.com/package/libnpmteam',
+      repository: 'https://github.com/npm/libnpmteam',
+      bugs: 'https://github.com/npm/libnpmteam/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@zkat.tech' },
+    publisher: { username: 'nlf', email: 'quitlahok@gmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmhook',
+    scope: 'unscoped',
+    version: '6.0.1',
+    description: 'programmatic API for managing npm registry hooks',
+    keywords: ['npm', 'hooks', 'registry', 'npm api'],
+    date: new Date('2020-11-03T19:20:45.818Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmhook',
+      homepage: 'https://github.com/npm/libnpmhook#readme',
+      repository: 'https://github.com/npm/libnpmhook',
+      bugs: 'https://github.com/npm/libnpmhook/issues',
+    },
+    author: { name: 'Kat Marchán', email: 'kzm@sykosomatic.org' },
+    publisher: { username: 'nlf', email: 'quitlahok@gmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmpublish',
+    scope: 'unscoped',
+    version: '4.0.0',
+    description: 'Programmatic API for the bits behind npm publish and unpublish',
+    date: new Date('2020-11-03T19:13:43.780Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmpublish',
+      homepage: 'https://npmjs.com/package/libnpmpublish',
+      repository: 'https://github.com/npm/libnpmpublish',
+      bugs: 'https://github.com/npm/libnpmpublish/issues',
+    },
+    author: { name: 'npm Inc.', email: 'support@npmjs.com' },
+    publisher: { username: 'nlf', email: 'quitlahok@gmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmfund',
+    scope: 'unscoped',
+    version: '1.0.2',
+    description: 'Programmatic API for npm fund',
+    keywords: [
+      'npm', 'npmcli',
+      'libnpm', 'cli',
+      'git', 'fund',
+      'gitfund',
+    ],
+    date: new Date('2020-12-08T23:22:00.213Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmfund',
+      homepage: 'https://github.com/npm/libnpmfund#readme',
+      repository: 'https://github.com/npm/libnpmfund',
+      bugs: 'https://github.com/npm/libnpmfund/issues',
+    },
+    author: { name: 'npm Inc.', email: 'support@npmjs.com' },
+    publisher: { username: 'isaacs', email: 'i@izs.me' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: '@npmcli/map-workspaces',
+    scope: 'npmcli',
+    version: '1.0.1',
+    description: 'Retrieves a name:pathname Map for a given workspaces config',
+    keywords: [
+      'npm',
+      'npmcli',
+      'libnpm',
+      'cli',
+      'workspaces',
+      'map-workspaces',
+    ],
+    date: new Date('2020-09-30T15:16:29.017Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/%40npmcli%2Fmap-workspaces',
+      homepage: 'https://github.com/npm/map-workspaces#readme',
+      repository: 'https://github.com/npm/map-workspaces',
+      bugs: 'https://github.com/npm/map-workspaces/issues',
+    },
+    author: { name: 'npm Inc.', email: 'support@npmjs.com' },
+    publisher: { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: 'libnpmversion',
+    scope: 'unscoped',
+    version: '1.0.7',
+    description: "library to do the things that 'npm version' does",
+    date: new Date('2020-11-04T00:21:41.069Z'),
+    links: {
+      npm: 'https://www.npmjs.com/package/libnpmversion',
+      homepage: 'https://github.com/npm/libnpmversion#readme',
+      repository: 'https://github.com/npm/libnpmversion',
+      bugs: 'https://github.com/npm/libnpmversion/issues',
+    },
+    author: {
+      name: 'Isaac Z. Schlueter',
+      email: 'i@izs.me',
+      url: 'https://izs.me',
+      username: 'isaacs',
+    },
+    publisher: { username: 'isaacs', email: 'i@izs.me' },
+    maintainers: [
+      { username: 'nlf', email: 'quitlahok@gmail.com' },
+      { username: 'ruyadorno', email: 'ruyadorno@hotmail.com' },
+      { username: 'darcyclarke', email: 'darcy@darcyclarke.me' },
+      { username: 'isaacs', email: 'i@izs.me' },
+    ],
+  },
+  {
+    name: '@types/libnpmsearch',
+    scope: 'types',
+    version: '2.0.1',
+    description: 'TypeScript definitions for libnpmsearch',
+    date: new Date('2019-09-26T22:24:28.713Z'),
+    links: { npm: 'https://www.npmjs.com/package/%40types%2Flibnpmsearch' },
+    publisher: { username: 'types', email: 'ts-npm-types@microsoft.com' },
+    maintainers: [{ username: 'types', email: 'ts-npm-types@microsoft.com' }],
+  },
+]
diff --git a/deps/npm/test/lib/ci.js b/deps/npm/test/lib/ci.js
index 8ddb8f8aad..c32fb83279 100644
--- a/deps/npm/test/lib/ci.js
+++ b/deps/npm/test/lib/ci.js
@@ -6,7 +6,16 @@ const { test } = require('tap')
 
 const requireInject = require('require-inject')
 
-test('should use Arborist', (t) => {
+test('should use Arborist and run-script', (t) => {
+  const scripts = [
+    'preinstall',
+    'install',
+    'postinstall',
+    'prepublish', // XXX should we remove this finally??
+    'preprepare',
+    'prepare',
+    'postprepare',
+  ]
   const ci = requireInject('../../lib/ci.js', {
     '../../lib/npm.js': {
       prefix: 'foo',
@@ -15,6 +24,9 @@ test('should use Arborist', (t) => {
       },
     },
     '../../lib/utils/reify-finish.js': async () => {},
+    '@npmcli/run-script': opts => {
+      t.match(opts, { event: scripts.shift() })
+    },
     '@npmcli/arborist': function (args) {
       t.ok(args, 'gets options object')
       this.loadVirtual = () => {
@@ -40,6 +52,7 @@ test('should use Arborist', (t) => {
   ci(null, er => {
     if (er)
       throw er
+    t.strictSame(scripts, [], 'called all scripts')
     t.end()
   })
 })
@@ -53,6 +66,7 @@ test('should pass flatOptions to Arborist.reify', (t) => {
       },
     },
     '../../lib/utils/reify-finish.js': async () => {},
+    '@npmcli/run-script': opts => {},
     '@npmcli/arborist': function () {
       this.loadVirtual = () => Promise.resolve(true)
       this.reify = async (options) => {
@@ -80,6 +94,7 @@ test('should throw if package-lock.json or npm-shrinkwrap missing', (t) => {
         global: false,
       },
     },
+    '@npmcli/run-script': opts => {},
     '../../lib/utils/reify-finish.js': async () => {},
     npmlog: {
       verbose: () => {
@@ -102,6 +117,7 @@ test('should throw ECIGLOBAL', (t) => {
         global: true,
       },
     },
+    '@npmcli/run-script': opts => {},
     '../../lib/utils/reify-finish.js': async () => {},
   })
   ci(null, (err, res) => {
@@ -125,6 +141,7 @@ test('should remove existing node_modules before installing', (t) => {
         global: false,
       },
     },
+    '@npmcli/run-script': opts => {},
     '../../lib/utils/reify-finish.js': async () => {},
     '@npmcli/arborist': function () {
       this.loadVirtual = () => Promise.resolve(true)
diff --git a/deps/npm/test/lib/completion.js b/deps/npm/test/lib/completion.js
new file mode 100644
index 0000000000..367a1c03ab
--- /dev/null
+++ b/deps/npm/test/lib/completion.js
@@ -0,0 +1,587 @@
+const { test } = require('tap')
+const requireInject = require('require-inject')
+const fs = require('fs')
+const path = require('path')
+
+const completionScript = fs.readFileSync(path.resolve(__dirname, '../../lib/utils/completion.sh'), { encoding: 'utf8' }).replace(/^#!.*?\n/, '')
+
+const output = []
+const npmConfig = {}
+let accessCompletionError = false
+
+const npm = {
+  config: {
+    set: (key, value) => {
+      npmConfig[key] = value
+    },
+    clear: () => {
+      for (const key in npmConfig)
+        delete npmConfig[key]
+    },
+  },
+  commands: {
+    completion: {
+      completion: (opts, cb) => {
+        return cb(null, [['>>', '~/.bashrc']])
+      },
+    },
+    adduser: {},
+    access: {
+      completion: (opts, cb) => {
+        if (accessCompletionError)
+          return cb(new Error('access completion failed'))
+
+        return cb(null, ['public', 'restricted'])
+      },
+    },
+    donothing: {
+      completion: (opts, cb) => {
+        return cb(null, null)
+      },
+    },
+    driveaboat: {
+      completion: (opts, cb) => {
+        // the leading space here is to exercise the escape method
+        return cb(null, ' fast')
+      },
+    },
+  },
+}
+
+const cmdList = {
+  aliases: {
+    login: 'adduser',
+  },
+  cmdList: [
+    'access',
+    'adduser',
+    'completion',
+  ],
+  plumbing: [],
+}
+
+const config = {
+  types: {
+    global: Boolean,
+    browser: [null, Boolean, String],
+    registry: [null, String],
+  },
+  shorthands: {
+    reg: ['--registry'],
+  },
+}
+
+const deref = (cmd) => {
+  return cmd
+}
+
+const completion = requireInject('../../lib/completion.js', {
+  '../../lib/npm.js': npm,
+  '../../lib/utils/cmd-list.js': cmdList,
+  '../../lib/utils/config.js': config,
+  '../../lib/utils/deref-command.js': deref,
+  '../../lib/utils/is-windows-shell.js': false,
+  '../../lib/utils/output.js': (line) => {
+    output.push(line)
+  },
+})
+
+test('completion completion', t => {
+  const home = process.env.HOME
+  t.teardown(() => {
+    process.env.HOME = home
+  })
+
+  process.env.HOME = t.testdir({
+    '.bashrc': '',
+    '.zshrc': '',
+  })
+
+  completion.completion({ w: 2 }, (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(res, [
+      ['>>', '~/.zshrc'],
+      ['>>', '~/.bashrc'],
+    ], 'identifies both shells')
+    t.end()
+  })
+})
+
+test('completion completion no known shells', t => {
+  const home = process.env.HOME
+  t.teardown(() => {
+    process.env.HOME = home
+  })
+
+  process.env.HOME = t.testdir()
+
+  completion.completion({ w: 2 }, (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(res, [], 'no responses')
+    t.end()
+  })
+})
+
+test('completion completion wrong word count', t => {
+  completion.completion({ w: 3 }, (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(res, undefined, 'no responses')
+    t.end()
+  })
+})
+
+test('completion errors in windows without bash', t => {
+  const compl = requireInject('../../lib/completion.js', {
+    '../../lib/utils/is-windows-shell.js': true,
+  })
+
+  compl({}, (err) => {
+    t.match(err, {
+      code: 'ENOTSUP',
+      message: /completion supported only in MINGW/,
+    }, 'returns the correct error')
+    t.end()
+  })
+})
+
+test('dump script when completion is not being attempted', t => {
+  const _write = process.stdout.write
+  const _on = process.stdout.on
+  t.teardown(() => {
+    process.stdout.write = _write
+    process.stdout.on = _on
+  })
+
+  let errorHandler
+  process.stdout.on = (event, handler) => {
+    errorHandler = handler
+    process.stdout.on = _on
+  }
+
+  let data
+  process.stdout.write = (chunk, callback) => {
+    data = chunk
+    process.stdout.write = _write
+    process.nextTick(() => {
+      callback()
+      errorHandler({ errno: 'EPIPE' })
+    })
+  }
+
+  completion({}, (err) => {
+    if (err)
+      throw err
+
+    t.equal(data, completionScript, 'wrote the completion script')
+    t.end()
+  })
+})
+
+test('dump script exits correctly when EPIPE is emitted on stdout', t => {
+  const _write = process.stdout.write
+  const _on = process.stdout.on
+  t.teardown(() => {
+    process.stdout.write = _write
+    process.stdout.on = _on
+  })
+
+  let errorHandler
+  process.stdout.on = (event, handler) => {
+    errorHandler = handler
+    process.stdout.on = _on
+  }
+
+  let data
+  process.stdout.write = (chunk, callback) => {
+    data = chunk
+    process.stdout.write = _write
+    process.nextTick(() => {
+      errorHandler({ errno: 'EPIPE' })
+      callback()
+    })
+  }
+
+  completion({}, (err) => {
+    if (err)
+      throw err
+
+    t.equal(data, completionScript, 'wrote the completion script')
+    t.end()
+  })
+})
+
+test('non EPIPE errors cause failures', t => {
+  const _write = process.stdout.write
+  const _on = process.stdout.on
+  t.teardown(() => {
+    process.stdout.write = _write
+    process.stdout.on = _on
+  })
+
+  let errorHandler
+  process.stdout.on = (event, handler) => {
+    errorHandler = handler
+    process.stdout.on = _on
+  }
+
+  let data
+  process.stdout.write = (chunk, callback) => {
+    data = chunk
+    process.stdout.write = _write
+    process.nextTick(() => {
+      errorHandler({ errno: 'ESOMETHINGELSE' })
+      callback()
+    })
+  }
+
+  completion({}, (err) => {
+    t.equal(err.errno, 'ESOMETHINGELSE', 'propagated error')
+    t.equal(data, completionScript, 'wrote the completion script')
+    t.end()
+  })
+})
+
+test('completion completes single command name', t => {
+  process.env.COMP_CWORD = 1
+  process.env.COMP_LINE = 'npm c'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'c'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(output, ['completion'], 'correctly completed a command name')
+    t.end()
+  })
+})
+
+test('completion completes command names', t => {
+  process.env.COMP_CWORD = 1
+  process.env.COMP_LINE = 'npm a'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'a'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(output, [['access', 'adduser'].join('\n')], 'correctly completed a command name')
+    t.end()
+  })
+})
+
+test('completion of invalid command name does nothing', t => {
+  process.env.COMP_CWORD = 1
+  process.env.COMP_LINE = 'npm compute'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'compute'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(output, [], 'returns no results')
+    t.end()
+  })
+})
+
+test('completion triggers command completions', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm access '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'access', ''], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'access'],
+        cooked: ['npm', 'access'],
+        original: ['npm', 'access'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, [['public', 'restricted'].join('\n')], 'correctly completed a subcommand name')
+    t.end()
+  })
+})
+
+test('completion triggers filtered command completions', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm access p'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'access', 'p'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'access'],
+        cooked: ['npm', 'access'],
+        original: ['npm', 'access'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, ['public'], 'correctly completed a subcommand name')
+    t.end()
+  })
+})
+
+test('completions for commands that return nested arrays are joined', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm completion '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'completion', ''], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'completion'],
+        cooked: ['npm', 'completion'],
+        original: ['npm', 'completion'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, ['>> ~/.bashrc'], 'joins nested arrays')
+    t.end()
+  })
+})
+
+test('completions for commands that return nothing work correctly', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm donothing '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'donothing', ''], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'donothing'],
+        cooked: ['npm', 'donothing'],
+        original: ['npm', 'donothing'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, [], 'returns nothing')
+    t.end()
+  })
+})
+
+test('completions for commands that return a single item work correctly', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm driveaboat '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'driveaboat', ''], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'driveaboat'],
+        cooked: ['npm', 'driveaboat'],
+        original: ['npm', 'driveaboat'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, ['\' fast\''], 'returns the correctly escaped string')
+    t.end()
+  })
+})
+
+test('command completion for commands with no completion return no results', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm adduser '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  // quotes around adduser are to ensure coverage when unescaping commands
+  completion(['npm', '\'adduser\'', ''], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'adduser'],
+        cooked: ['npm', 'adduser'],
+        original: ['npm', 'adduser'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, [], 'correctly completed a subcommand name')
+    t.end()
+  })
+})
+
+test('command completion errors propagate', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm access '
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+  accessCompletionError = true
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+    accessCompletionError = false
+  })
+
+  completion(['npm', 'access', ''], (err, res) => {
+    t.match(err, /access completion failed/, 'catches the appropriate error')
+    t.strictSame(npmConfig, {
+      argv: {
+        remain: ['npm', 'access'],
+        cooked: ['npm', 'access'],
+        original: ['npm', 'access'],
+      },
+    }, 'applies command config appropriately')
+    t.strictSame(output, [], 'returns no results')
+    t.end()
+  })
+})
+
+test('completion can complete flags', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm install --'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', 'install', '--'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {}, 'does not apply command config')
+    t.strictSame(output, [['--global', '--browser', '--registry', '--reg', '--no-global', '--no-browser'].join('\n')], 'correctly completes flag names')
+    t.end()
+  })
+})
+
+test('double dashes escape from flag completion', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm -- install --'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', '--', 'install', '--'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {}, 'does not apply command config')
+    t.strictSame(output, [['access', 'adduser', 'completion', 'login'].join('\n')], 'correctly completes flag names')
+    t.end()
+  })
+})
+
+test('completion cannot complete options that take a value in mid-command', t => {
+  process.env.COMP_CWORD = 2
+  process.env.COMP_LINE = 'npm --registry install'
+  process.env.COMP_POINT = process.env.COMP_LINE.length
+
+  t.teardown(() => {
+    delete process.env.COMP_CWORD
+    delete process.env.COMP_LINE
+    delete process.env.COMP_POINT
+    npm.config.clear()
+    output.length = 0
+  })
+
+  completion(['npm', '--registry', 'install'], (err, res) => {
+    if (err)
+      throw err
+
+    t.strictSame(npmConfig, {}, 'does not apply command config')
+    t.strictSame(output, [], 'does not try to complete option arguments in the middle of a command')
+    t.end()
+  })
+})
diff --git a/deps/npm/test/lib/doctor.js b/deps/npm/test/lib/doctor.js
new file mode 100644
index 0000000000..c2c3fdb978
--- /dev/null
+++ b/deps/npm/test/lib/doctor.js
@@ -0,0 +1,943 @@
+const { test } = require('tap')
+const requireInject = require('require-inject')
+
+const { join } = require('path')
+const fs = require('fs')
+const ansiTrim = require('../../lib/utils/ansi-trim.js')
+const isWindows = require('../../lib/utils/is-windows.js')
+
+// getuid and getgid do not exist in windows, so we shim them
+// to return 0, as that is the value that lstat will assign the
+// gid and uid properties for fs.Stats objects
+if (isWindows) {
+  process.getuid = () => 0
+  process.getgid = () => 0
+}
+
+const output = []
+
+let pingError
+const ping = async () => {
+  if (pingError)
+    throw pingError
+}
+
+const nodeVersions = [
+  { version: 'v14.0.0', lts: false },
+  { version: 'v13.0.0', lts: false },
+  // it's necessary to allow tests in node 10.x to not mark 12.x as lts
+  { version: 'v12.0.0', lts: false },
+  { version: 'v10.13.0', lts: 'Dubnium' },
+]
+
+const fetch = async () => {
+  return {
+    json: async () => {
+      return nodeVersions
+    },
+  }
+}
+
+const logs = {
+  info: [],
+}
+
+const clearLogs = (obj = logs) => {
+  output.length = 0
+  for (const key in obj) {
+    if (Array.isArray(obj[key]))
+      obj[key].length = 0
+    else
+      delete obj[key]
+  }
+}
+
+const npm = {
+  flatOptions: {
+    registry: 'https://registry.npmjs.org/',
+  },
+  log: {
+    info: (msg) => {
+      logs.info.push(msg)
+    },
+    newItem: (name) => {
+      logs[name] = {}
+
+      return {
+        info: (_, msg) => {
+          if (!logs[name].info)
+            logs[name].info = []
+          logs[name].info.push(msg)
+        },
+        warn: (_, msg) => {
+          if (!logs[name].warn)
+            logs[name].warn = []
+          logs[name].warn.push(msg)
+        },
+        error: (_, msg) => {
+          if (!logs[name].error)
+            logs[name].error = []
+          logs[name].error.push(msg)
+        },
+        silly: (_, msg) => {
+          if (!logs[name].silly)
+            logs[name].silly = []
+          logs[name].silly.push(msg)
+        },
+        completeWork: () => {},
+        finish: () => {
+          logs[name].finished = true
+        },
+      }
+    },
+    level: 'error',
+    levels: {
+      info: 1,
+      error: 0,
+    },
+  },
+  version: '7.1.0',
+}
+
+let latestNpm = npm.version
+const pacote = {
+  manifest: async () => {
+    return { version: latestNpm }
+  },
+}
+
+let whichError = null
+const which = async () => {
+  if (whichError)
+    throw whichError
+  return '/path/to/git'
+}
+
+let verifyResponse = { verifiedCount: 1, verifiedContent: 1 }
+const cacache = {
+  verify: async () => {
+    return verifyResponse
+  },
+}
+
+const doctor = requireInject('../../lib/doctor.js', {
+  '../../lib/utils/is-windows.js': false,
+  '../../lib/utils/ping.js': ping,
+  '../../lib/utils/output.js': (data) => {
+    output.push(data)
+  },
+  '../../lib/npm.js': npm,
+  cacache,
+  pacote,
+  'make-fetch-happen': fetch,
+  which,
+})
+
+test('npm doctor checks ok', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    if (err) {
+      t.fail(output)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor supports silent', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  npm.log.level = 'info'
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    npm.log.level = 'error'
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    if (err) {
+      t.fail(err)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.strictSame(output, [], 'did not print output')
+    t.end()
+  })
+})
+
+test('npm doctor supports color', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  npm.color = true
+  pingError = { message: 'generic error' }
+  const _consoleError = console.error
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    delete npm.color
+    pingError = null
+    console.error = _consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the ping error')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping.*not ok/, 'ping output is ok')
+    t.match(output, /npm -v.*ok/, 'npm -v output is ok')
+    t.match(output, /node -v.*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry.*ok.*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git.*ok/, 'which git output is ok')
+    t.match(output, /cached files.*ok/, 'cached files are ok')
+    t.match(output, /local node_modules.*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules.*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder.*ok/, 'local bin is ok')
+    t.match(output, /global bin folder.*ok/, 'global bin is ok')
+    t.match(output, /cache contents.*ok/, 'cache contents is ok')
+    t.notEqual(output[0], ansiTrim(output[0]), 'output should contain color codes')
+    t.end()
+  })
+})
+
+test('npm doctor skips some tests in windows', t => {
+  const winDoctor = requireInject('../../lib/doctor.js', {
+    '../../lib/utils/is-windows.js': true,
+    '../../lib/utils/ping.js': ping,
+    '../../lib/utils/output.js': (data) => {
+      output.push(data)
+    },
+    '../../lib/npm.js': npm,
+    cacache,
+    pacote,
+    'make-fetch-happen': fetch,
+    which,
+  })
+
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    clearLogs()
+  })
+
+  winDoctor([], (err) => {
+    if (err) {
+      t.fail(output)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: undefined,
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor ping error E{3}', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  pingError = { code: 'E111', message: 'this error is 111' }
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    pingError = null
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the ping error')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*not ok\s*111 this error is 111/, 'ping output contains trimmed error')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor generic ping error', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  pingError = { message: 'generic error' }
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    pingError = null
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the ping error')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*not ok\s*generic error/, 'ping output contains trimmed error')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor outdated npm version', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  latestNpm = '7.1.1'
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    latestNpm = npm.version
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the out of date npm')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*not ok/, 'npm -v output is not ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor outdated nodejs version', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  nodeVersions.push({ version: process.version.replace(/\d+$/, '999'), lts: false })
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    nodeVersions.pop()
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the out of date nodejs')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*not ok/, 'node -v output is not ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor file permission checks', t => {
+  const dir = t.testdir({
+    cache: {
+      one: 'one',
+      link: t.fixture('symlink', './one'),
+      unreadable: 'unreadable',
+      baddir: {},
+    },
+    local: {
+      two: 'two',
+      notmine: 'notmine',
+    },
+    global: {
+      three: 'three',
+      broken: 'broken',
+    },
+    localBin: {
+      four: 'four',
+      five: 'five',
+    },
+    globalBin: {
+      six: 'six',
+      seven: 'seven',
+    },
+  })
+
+  const _fsLstat = fs.lstat
+  fs.lstat = (p, cb) => {
+    let err = null
+    let stat = null
+
+    try {
+      stat = fs.lstatSync(p)
+    } catch (err) {
+      return cb(err)
+    }
+
+    switch (p) {
+      case join(dir, 'local', 'notmine'):
+        stat.uid += 1
+        stat.gid += 1
+        break
+      case join(dir, 'global', 'broken'):
+        err = new Error('broken')
+        break
+    }
+
+    return cb(err, stat)
+  }
+
+  const _fsReaddir = fs.readdir
+  fs.readdir = (p, cb) => {
+    let err = null
+    let result = null
+
+    try {
+      result = fs.readdirSync(p)
+    } catch (err) {
+      return cb(err)
+    }
+
+    if (p === join(dir, 'cache', 'baddir'))
+      err = new Error('broken')
+
+    return cb(err, result)
+  }
+
+  const _fsAccess = fs.access
+  fs.access = (p, mask, cb) => {
+    const err = new Error('failed')
+    switch (p) {
+      case join(dir, 'cache', 'unreadable'):
+      case join(dir, 'localBin', 'four'):
+      case join(dir, 'globalBin', 'six'):
+        return cb(err)
+      default:
+        return cb(null)
+    }
+  }
+
+  const doctor = requireInject('../../lib/doctor.js', {
+    '../../lib/utils/is-windows.js': false,
+    '../../lib/utils/ping.js': ping,
+    '../../lib/utils/output.js': (data) => {
+      output.push(data)
+    },
+    '../../lib/npm.js': npm,
+    cacache,
+    pacote,
+    'make-fetch-happen': fetch,
+    which,
+    fs,
+  })
+  // it's necessary to allow tests in node 10.x to not mark 12.x as lted
+
+  npm.cache = npm.flatOptions.cache = join(dir, 'cache')
+  npm.localDir = join(dir, 'local')
+  npm.globalDir = join(dir, 'global')
+  npm.localBin = join(dir, 'localBin')
+  npm.globalBin = join(dir, 'globalBin')
+  const _consoleError = console.error
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    console.error = _consoleError
+    fs.lstat = _fsLstat
+    fs.readdir = _fsReaddir
+    fs.access = _fsAccess
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'identified problems')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [join(dir, 'cache')]: { finished: true },
+      [join(dir, 'local')]: { finished: true },
+      [join(dir, 'global')]: { finished: true },
+      [join(dir, 'localBin')]: { finished: true },
+      [join(dir, 'globalBin')]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*not ok/, 'cached files are not ok')
+    t.match(output, /local node_modules\s*not ok/, 'local node_modules are not ok')
+    t.match(output, /global node_modules\s*not ok/, 'global node_modules are not ok')
+    t.match(output, /local bin folder\s*not ok/, 'local bin is not ok')
+    t.match(output, /global bin folder\s*not ok/, 'global bin is not ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor missing git', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  whichError = new Error('boom')
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    whichError = null
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    t.match(err, /Some problems found/, 'detected the missing git')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*not ok/, 'which git output is not ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
+
+test('npm doctor cache verification showed bad content', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  const _verifyResponse = verifyResponse
+  verifyResponse = {
+    ...verifyResponse,
+    badContentCount: 1,
+  }
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    verifyResponse = _verifyResponse
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    // cache verification problems get fixed and so do not throw an error
+    if (err) {
+      t.fail(output)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is not ok')
+    t.end()
+  })
+})
+
+test('npm doctor cache verification showed reclaimed content', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  const _verifyResponse = verifyResponse
+  verifyResponse = {
+    ...verifyResponse,
+    reclaimedCount: 1,
+    reclaimedSize: 100,
+  }
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    verifyResponse = _verifyResponse
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    // cache verification problems get fixed and so do not throw an error
+    if (err) {
+      t.fail(output)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is not ok')
+    t.end()
+  })
+})
+
+test('npm doctor cache verification showed missing content', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  const _verifyResponse = verifyResponse
+  verifyResponse = {
+    ...verifyResponse,
+    missingContent: 1,
+  }
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    verifyResponse = _verifyResponse
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    // cache verification problems get fixed and so do not throw an error
+    if (err) {
+      t.fail(output)
+      return t.end()
+    }
+
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*ok\s*using default/, 'npm config get registry output is ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is not ok')
+    t.end()
+  })
+})
+
+test('npm doctor not using default registry', t => {
+  const dir = t.testdir()
+  npm.cache = npm.flatOptions.cache = dir
+  npm.localDir = dir
+  npm.globalDir = dir
+  npm.localBin = dir
+  npm.globalBin = dir
+  const _currentRegistry = npm.flatOptions.registry
+  npm.flatOptions.registry = 'https://google.com'
+  const consoleError = console.error
+  // we just print an empty line here, so swallow it and ignore
+  console.error = () => {}
+
+  t.teardown(() => {
+    delete npm.cache
+    delete npm.flatOptions.cache
+    delete npm.localDir
+    delete npm.globalDir
+    delete npm.localBin
+    delete npm.globalBin
+    npm.flatOptions.registry = _currentRegistry
+    console.error = consoleError
+    clearLogs()
+  })
+
+  doctor([], (err) => {
+    // cache verification problems get fixed and so do not throw an error
+    t.match(err, /Some problems found/, 'detected the non-default registry')
+    t.match(logs, {
+      checkPing: { finished: true },
+      getLatestNpmVersion: { finished: true },
+      getLatestNodejsVersion: { finished: true },
+      getGitPath: { finished: true },
+      [dir]: { finished: true },
+      verifyCachedFiles: { finished: true },
+    }, 'trackers all finished')
+    t.match(output, /npm ping\s*ok/, 'ping output is ok')
+    t.match(output, /npm -v\s*ok/, 'npm -v output is ok')
+    t.match(output, /node -v\s*ok/, 'node -v output is ok')
+    t.match(output, /npm config get registry\s*not ok/, 'npm config get registry output is not ok')
+    t.match(output, /which git\s*ok/, 'which git output is ok')
+    t.match(output, /cached files\s*ok/, 'cached files are ok')
+    t.match(output, /local node_modules\s*ok/, 'local node_modules are ok')
+    t.match(output, /global node_modules\s*ok/, 'global node_modules are ok')
+    t.match(output, /local bin folder\s*ok/, 'local bin is ok')
+    t.match(output, /global bin folder\s*ok/, 'global bin is ok')
+    t.match(output, /cache contents\s*ok/, 'cache contents is ok')
+    t.end()
+  })
+})
diff --git a/deps/npm/test/lib/fund.js b/deps/npm/test/lib/fund.js
index a23fc88ced..73f639b6ce 100644
--- a/deps/npm/test/lib/fund.js
+++ b/deps/npm/test/lib/fund.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const { test } = require('tap')
 const requireInject = require('require-inject')
 
diff --git a/deps/npm/test/lib/npm.js b/deps/npm/test/lib/npm.js
index 6bfb5b4376..2c71d229a7 100644
--- a/deps/npm/test/lib/npm.js
+++ b/deps/npm/test/lib/npm.js
@@ -1,4 +1,3 @@
-'use strict'
 const t = require('tap')
 const fs = require('fs')
 
diff --git a/deps/npm/test/lib/search.js b/deps/npm/test/lib/search.js
new file mode 100644
index 0000000000..1dba1250e0
--- /dev/null
+++ b/deps/npm/test/lib/search.js
@@ -0,0 +1,193 @@
+const Minipass = require('minipass')
+const t = require('tap')
+const requireInject = require('require-inject')
+const libnpmsearchResultFixture =
+  require('../fixtures/libnpmsearch-stream-result.js')
+
+let result = ''
+const flatOptions = {
+  search: {
+    exclude: null,
+    limit: 20,
+    opts: '',
+  },
+}
+const npm = { flatOptions: { ...flatOptions } }
+const npmlog = {
+  silly () {},
+  clearProgress () {},
+}
+const libnpmsearch = {
+  stream () {},
+}
+const mocks = {
+  npmlog,
+  libnpmsearch,
+  '../../lib/npm.js': npm,
+  '../../lib/utils/output.js': (...msg) => {
+    result += msg.join('\n')
+  },
+  '../../lib/utils/usage.js': () => 'usage instructions',
+  // '../../lib/search/format-package-stream.js': a => a,
+}
+
+t.afterEach(cb => {
+  result = ''
+  npm.flatOptions = flatOptions
+  cb()
+})
+
+const search = requireInject('../../lib/search.js', mocks)
+
+t.test('no args', t => {
+  search([], err => {
+    t.match(
+      err,
+      /search must be called with arguments/,
+      'should throw usage instructions'
+    )
+    t.end()
+  })
+})
+
+t.test('search <name>', t => {
+  const src = new Minipass()
+  src.objectMode = true
+  const libnpmsearch = {
+    stream () {
+      return src
+    },
+  }
+
+  const search = requireInject('../../lib/search.js', {
+    ...mocks,
+    libnpmsearch,
+  })
+
+  search(['libnpm'], err => {
+    if (err)
+      throw err
+
+    t.matchSnapshot(result, 'should have expected search results')
+
+    t.end()
+  })
+
+  for (const i of libnpmsearchResultFixture)
+    src.write(i)
+
+  src.end()
+})
+
+t.test('search <name> --searchexclude --searchopts', t => {
+  npm.flatOptions.search = {
+    ...flatOptions.search,
+    exclude: '',
+  }
+
+  const src = new Minipass()
+  src.objectMode = true
+  const libnpmsearch = {
+    stream () {
+      return src
+    },
+  }
+
+  const search = requireInject('../../lib/search.js', {
+    ...mocks,
+    libnpmsearch,
+  })
+
+  search(['foo'], err => {
+    if (err)
+      throw err
+
+    t.matchSnapshot(result, 'should have filtered expected search results')
+
+    t.end()
+  })
+
+  src.write({
+    name: 'foo',
+    scope: 'unscoped',
+    version: '1.0.0',
+    description: '',
+    keywords: [],
+    date: null,
+    author: { name: 'Foo', email: 'foo@npmjs.com' },
+    publisher: { name: 'Foo', email: 'foo@npmjs.com' },
+    maintainers: [
+      { username: 'foo', email: 'foo@npmjs.com' },
+    ],
+  })
+  src.write({
+    name: 'libnpmversion',
+    scope: 'unscoped',
+    version: '1.0.0',
+    description: '',
+    keywords: [],
+    date: null,
+    author: { name: 'Foo', email: 'foo@npmjs.com' },
+    publisher: { name: 'Foo', email: 'foo@npmjs.com' },
+    maintainers: [
+      { username: 'foo', email: 'foo@npmjs.com' },
+    ],
+  })
+
+  src.end()
+})
+
+t.test('empty search results', t => {
+  const src = new Minipass()
+  src.objectMode = true
+  const libnpmsearch = {
+    stream () {
+      return src
+    },
+  }
+
+  const search = requireInject('../../lib/search.js', {
+    ...mocks,
+    libnpmsearch,
+  })
+
+  search(['foo'], err => {
+    if (err)
+      throw err
+
+    t.matchSnapshot(result, 'should have expected search results')
+
+    t.end()
+  })
+
+  src.end()
+})
+
+t.test('search api response error', t => {
+  const src = new Minipass()
+  src.objectMode = true
+  const libnpmsearch = {
+    stream () {
+      return src
+    },
+  }
+
+  const search = requireInject('../../lib/search.js', {
+    ...mocks,
+    libnpmsearch,
+  })
+
+  search(['foo'], err => {
+    t.match(
+      err,
+      /ERR/,
+      'should throw response error'
+    )
+
+    t.end()
+  })
+
+  src.emit('error', new Error('ERR'))
+
+  src.end()
+})
diff --git a/deps/npm/test/lib/team.js b/deps/npm/test/lib/team.js
new file mode 100644
index 0000000000..c534cc8327
--- /dev/null
+++ b/deps/npm/test/lib/team.js
@@ -0,0 +1,572 @@
+const t = require('tap')
+const requireInject = require('require-inject')
+
+let result = ''
+const libnpmteam = {
+  async add () {},
+  async create () {},
+  async destroy () {},
+  async lsTeams () {},
+  async lsUsers () {},
+  async rm () {},
+}
+const npm = { flatOptions: {} }
+const mocks = {
+  libnpmteam,
+  'cli-columns': a => a.join(' '),
+  '../../lib/npm.js': npm,
+  '../../lib/utils/output.js': (...msg) => {
+    result += msg.join('\n')
+  },
+  '../../lib/utils/otplease.js': async (opts, fn) => fn(opts),
+  '../../lib/utils/usage.js': () => 'usage instructions',
+}
+
+t.afterEach(cb => {
+  result = ''
+  npm.flatOptions = {}
+  cb()
+})
+
+const team = requireInject('../../lib/team.js', mocks)
+
+t.test('no args', t => {
+  team([], err => {
+    t.match(
+      err,
+      'usage instructions',
+      'should throw usage instructions'
+    )
+    t.end()
+  })
+})
+
+t.test('team add <scope:team> <user>', t => {
+  t.test('default output', t => {
+    team(['add', '@npmcli:developers', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output success result for add user')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['add', '@npmcli:developers', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(
+        result,
+        'should output success result for parseable add user'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['add', '@npmcli:developers', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        {
+          added: true,
+          team: 'npmcli:developers',
+          user: 'foo',
+        },
+        'should output success result for add user json'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['add', '@npmcli:developers', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not output success if silent')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('team create <scope:team>', t => {
+  t.test('default output', t => {
+    team(['create', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output success result for create team')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['create', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(
+        result,
+        'should output parseable success result for create team'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['create', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        {
+          created: true,
+          team: 'npmcli:newteam',
+        },
+        'should output success result for create team'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['create', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not output create success if silent')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('team destroy <scope:team>', t => {
+  t.test('default output', t => {
+    team(['destroy', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output success result for destroy team')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['destroy', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output parseable result for destroy team')
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['destroy', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        {
+          deleted: true,
+          team: 'npmcli:newteam',
+        },
+        'should output parseable result for destroy team'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['destroy', '@npmcli:newteam'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not output destroy if silent')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('team ls <scope>', t => {
+  const libnpmteam = {
+    async lsTeams () {
+      return [
+        'npmcli:developers',
+        'npmcli:designers',
+        'npmcli:product',
+      ]
+    },
+  }
+
+  const team = requireInject('../../lib/team.js', {
+    ...mocks,
+    libnpmteam,
+  })
+
+  t.test('default output', t => {
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list teams for a given scope')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list teams for a parseable scope')
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        [
+          'npmcli:designers',
+          'npmcli:developers',
+          'npmcli:product',
+        ],
+        'should json list teams for a scope json'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not list teams if silent')
+      t.end()
+    })
+  })
+
+  t.test('no teams', t => {
+    const libnpmteam = {
+      async lsTeams () {
+        return []
+      },
+    }
+
+    const team = requireInject('../../lib/team.js', {
+      ...mocks,
+      libnpmteam,
+    })
+
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list no teams for a given scope')
+      t.end()
+    })
+  })
+
+  t.test('single team', t => {
+    const libnpmteam = {
+      async lsTeams () {
+        return ['npmcli:developers']
+      },
+    }
+
+    const team = requireInject('../../lib/team.js', {
+      ...mocks,
+      libnpmteam,
+    })
+
+    team(['ls', '@npmcli'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list single team for a given scope')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('team ls <scope:team>', t => {
+  const libnpmteam = {
+    async lsUsers () {
+      return ['nlf', 'ruyadorno', 'darcyclarke', 'isaacs']
+    },
+  }
+  const team = requireInject('../../lib/team.js', {
+    ...mocks,
+    libnpmteam,
+  })
+
+  t.test('default output', t => {
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list users for a given scope:team')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list users for a parseable scope:team')
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        [
+          'darcyclarke',
+          'isaacs',
+          'nlf',
+          'ruyadorno',
+        ],
+        'should list users for a scope:team json'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not output users if silent')
+      t.end()
+    })
+  })
+
+  t.test('no users', t => {
+    const libnpmteam = {
+      async lsUsers () {
+        return []
+      },
+    }
+
+    const team = requireInject('../../lib/team.js', {
+      ...mocks,
+      libnpmteam,
+    })
+
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list no users for a given scope')
+      t.end()
+    })
+  })
+
+  t.test('single user', t => {
+    const libnpmteam = {
+      async lsUsers () {
+        return ['foo']
+      },
+    }
+
+    const team = requireInject('../../lib/team.js', {
+      ...mocks,
+      libnpmteam,
+    })
+
+    team(['ls', '@npmcli:developers'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should list single user for a given scope')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('team rm <scope:team> <user>', t => {
+  t.test('default output', t => {
+    team(['rm', '@npmcli:newteam', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output success result for remove user')
+      t.end()
+    })
+  })
+
+  t.test('--parseable', t => {
+    npm.flatOptions.parseable = true
+
+    team(['rm', '@npmcli:newteam', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.matchSnapshot(result, 'should output parseable result for remove user')
+      t.end()
+    })
+  })
+
+  t.test('--json', t => {
+    npm.flatOptions.json = true
+
+    team(['rm', '@npmcli:newteam', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(
+        JSON.parse(result),
+        {
+          removed: true,
+          team: 'npmcli:newteam',
+          user: 'foo',
+        },
+        'should output json result for remove user'
+      )
+      t.end()
+    })
+  })
+
+  t.test('--silent', t => {
+    npm.flatOptions.silent = true
+
+    team(['rm', '@npmcli:newteam', 'foo'], err => {
+      if (err)
+        throw err
+
+      t.deepEqual(result, '', 'should not output rm result if silent')
+      t.end()
+    })
+  })
+
+  t.end()
+})
+
+t.test('completion', t => {
+  const { completion } = team
+
+  t.test('npm team autocomplete', t => {
+    completion({
+      conf: {
+        argv: {
+          remain: ['npm', 'team'],
+        },
+      },
+    }, (err, res) => {
+      if (err)
+        throw err
+
+      t.strictSame(
+        res,
+        ['create', 'destroy', 'add', 'rm', 'ls'],
+        'should auto complete with subcommands'
+      )
+
+      t.end()
+    })
+  })
+
+  t.test('npm team <subcommand> autocomplete', async t => {
+    const check = (subcmd) => new Promise((res, rej) =>
+      completion({
+        conf: {
+          argv: {
+            remain: ['npm', 'team', subcmd],
+          },
+        },
+      }, (err, response) => {
+        if (err)
+          rej(err)
+
+        t.strictSame(
+          response,
+          [],
+          `should not autocomplete ${subcmd} subcommand`
+        )
+        res()
+      }))
+
+    await ['create', 'destroy', 'add', 'rm', 'ls'].map(check)
+  })
+
+  t.test('npm team unknown subcommand autocomplete', t => {
+    completion({
+      conf: {
+        argv: {
+          remain: ['npm', 'team', 'missing-subcommand'],
+        },
+      },
+    }, (err, res) => {
+      t.match(
+        err,
+        /missing-subcommand not recognized/,
+        'should throw a a not recognized error'
+      )
+
+      t.end()
+    })
+  })
+
+  t.end()
+})
diff --git a/deps/npm/test/lib/utils/flat-options.js b/deps/npm/test/lib/utils/flat-options.js
index 3cbf06a48b..ee7620fa78 100644
--- a/deps/npm/test/lib/utils/flat-options.js
+++ b/deps/npm/test/lib/utils/flat-options.js
@@ -1,6 +1,7 @@
 const t = require('tap')
 
 process.env.NODE = '/path/to/some/node'
+process.env.NODE_ENV = 'development'
 
 const logs = []
 const log = require('npmlog')
@@ -195,43 +196,56 @@ t.test('tag emits warning', t => {
 
 t.test('omit/include options', t => {
   t.test('omit explicitly', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       omit: ['dev', 'optional', 'peer'],
     })
     t.strictSame(flatOptions(npm).omit, ['dev', 'optional', 'peer'])
+    t.equal(process.env.NODE_ENV, 'production')
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
   t.test('omit and include some', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       omit: ['dev', 'optional', 'peer'],
       include: ['peer'],
     })
     t.strictSame(flatOptions(npm).omit, ['dev', 'optional'])
+    t.equal(process.env.NODE_ENV, 'production')
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
   t.test('dev flag', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       omit: ['dev', 'optional', 'peer'],
       include: [],
       dev: true,
     })
     t.strictSame(flatOptions(npm).omit, ['optional', 'peer'])
+    t.equal(process.env.NODE_ENV, NODE_ENV)
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
   t.test('production flag', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       omit: [],
       include: [],
       production: true,
     })
     t.strictSame(flatOptions(npm).omit, ['dev'])
+    t.equal(process.env.NODE_ENV, 'production')
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
   t.test('only', t => {
+    const { NODE_ENV } = process.env
     const cases = ['prod', 'production']
     t.plan(cases.length)
     cases.forEach(c => t.test(c, t => {
@@ -241,26 +255,34 @@ t.test('omit/include options', t => {
         only: c,
       })
       t.strictSame(flatOptions(npm).omit, ['dev'])
+      t.equal(process.env.NODE_ENV, 'production')
+      process.env.NODE_ENV = NODE_ENV
       t.end()
     }))
   })
 
   t.test('also dev', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       omit: ['dev', 'optional', 'peer'],
       also: 'dev',
     })
     t.strictSame(flatOptions(npm).omit, ['optional', 'peer'])
+    t.equal(process.env.NODE_ENV, NODE_ENV)
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
   t.test('no-optional', t => {
+    const { NODE_ENV } = process.env
     const npm = new Mocknpm({
       optional: false,
       omit: null,
       include: null,
     })
     t.strictSame(flatOptions(npm).omit, ['optional'])
+    t.equal(process.env.NODE_ENV, NODE_ENV)
+    process.env.NODE_ENV = NODE_ENV
     t.end()
   })
 
diff --git a/deps/npm/test/lib/utils/reify-output.js b/deps/npm/test/lib/utils/reify-output.js
index b905c9ab0f..f7fd96ee87 100644
--- a/deps/npm/test/lib/utils/reify-output.js
+++ b/deps/npm/test/lib/utils/reify-output.js
@@ -1,5 +1,3 @@
-'use strict'
-
 const t = require('tap')
 const requireInject = require('require-inject')