Update npm to v10

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
npm (source)	^6.14.18 -> ^10.2.0

---

Release Notes

npm/cli (npm)

v10.2.0

Compare Source

Features

• 7c459d2 #​6801 add npm sbom command (#​6801) (@​bdehamer)
• 81a460f #​6732 add package-lock-only mode to npm query (@​wraithgar)
• 0d29855 #​6732 add no-package-lock mode to npm audit (@​wraithgar)

Bug Fixes

• 2207628 #​6823 use strip-ansi module instead of internal regex (#​6823) (@​wraithgar)
• d46d052 #​6798 tolerate null bugs URLs (#​6798) (@​vladh)
• fb1b674 #​6758 deprecate: ignore implicit workspace mode (#​6758) (@​wraithgar)

Documentation

• 68031f2 #​6844 update CONTRIBUTING.md to prevent errors (#​6844) (@​darcyclarke)
• 3ac703c #​6831 add include param to commands that have omit param (#​6831) (@​siemhesda)
• 03912db #​6819 add init-specific params to init docs/help (#​6819) (@​wraithgar)
• 8088325 #​6800 Update npm-doctor.md (#​6800) (@​siemhesda)

Dependencies

• aa6728b #​6859 tar@6.2.0
• ce9089f #​6859 npm-package-arg@11.0.1
• 39d7f04 #​6859 minipass@7.0.4
• 0a47af5 #​6859 hosted-git-info@7.0.1
• af93130 #​6859 glob@10.3.10
• 3ebc474 #​6859 @npmcli/query@3.0.1
• 284cbfd #​6858 @npmcli/agent@2.2.0
• Workspace: @npmcli/arborist@7.2.0
• Workspace: @npmcli/config@8.0.0
• Workspace: libnpmaccess@8.0.1
• Workspace: libnpmdiff@6.0.2
• Workspace: libnpmexec@7.0.2
• Workspace: libnpmfund@5.0.0
• Workspace: libnpmorg@6.0.1
• Workspace: libnpmpack@6.0.2
• Workspace: libnpmpublish@9.0.1

v10.1.0

Compare Source

Features

• 1c93c44 #​6755 Add --cpu and --os option to override platform specific install (#​6755) (@​yukukotani)

Bug Fixes

• 7bf2374 #​6762 make $npm_execpath always point to npm (@​rotu)

Documentation

• 09d8e0a #​6759 fix versions of node.js in readme (#​6759) (@​JoaoOtavioS)

Dependencies

• f76066a #​6771 @npmcli/agent@2.1.1
• Workspace: @npmcli/arborist@7.1.0
• Workspace: @npmcli/config@7.2.0
• Workspace: libnpmdiff@6.0.1
• Workspace: libnpmexec@7.0.1
• Workspace: libnpmfund@4.1.1
• Workspace: libnpmpack@6.0.1

v10.0.0

Compare Source

Features

• 48a7b07 remove prerelease flags (@​lukekarrys)

Dependencies

• Workspace: @npmcli/arborist@7.0.0
• Workspace: @npmcli/config@7.1.0
• Workspace: libnpmaccess@8.0.0
• Workspace: libnpmdiff@6.0.0
• Workspace: libnpmexec@7.0.0
• Workspace: libnpmfund@4.1.0
• Workspace: libnpmhook@10.0.0
• Workspace: libnpmorg@6.0.0
• Workspace: libnpmpack@6.0.0
• Workspace: libnpmpublish@9.0.0
• Workspace: libnpmsearch@7.0.0
• Workspace: libnpmteam@6.0.0
• Workspace: libnpmversion@5.0.0

v9.8.1

Compare Source

Bug Fixes

• 38351c9 #​6651 warn on autocorrected package.json entries during publish (@​wraithgar)
• 02c7ddb #​6642 much clearer npx 'canceled' error (#​6642) (@​rahulio96, @​AaronHamilton965)

Documentation

• 36bf5fe #​6643 Added steps for using npm/npx locally to CONTRIBUTING.md (#​6643) (@​AaronHamilton965, @​rahulio96)

Dependencies

• a0763d3 #​6651 @npmcli/package-json@4.0.1
• 24f5a8b #​6653 supports-color@9.4.0
• f45498b #​6653 chalk@5.3.0
• 44d60eb #​6653 minimatch@9.0.3
• fc9a843 #​6653 bin-links@3.0.2
• daad9ad #​6653 semver@7.5.4
• c1ffd6a #​6653 move @​npmcli/fs, @​npmcli/promise-spawn into dependencies
• Workspace: libnpmexec@6.0.3

v9.8.0

Compare Source

Features

• 67459e7 #​6626 add pkg fix subcommand (@​wraithgar)
• 89b2741 #​6548 add ps1 scripts (#​6548) (@​mribbons, @​lukekarrys)

Dependencies

• b252164 #​6626 @npmcli/package-json@4.0.0
• 9238682 #​6623 sigstore@1.7.0 (#​6623)
• Workspace: @npmcli/arborist@6.3.0
• Workspace: libnpmdiff@5.0.19
• Workspace: libnpmexec@6.0.2
• Workspace: libnpmfund@4.0.19
• Workspace: libnpmpack@5.0.19
• Workspace: libnpmpublish@7.5.0

v9.7.2

Compare Source

Bug Fixes

• 939a188 #​6574 ignore node prereleases in npm engines check (#​6574) (@​wraithgar)
• d980405 #​6556 better color support detection (#​6556) (@​lukekarrys)
• 40d7e09 #​6555 remove unnecessary package.json values (#​6555) (@​lukekarrys)
• 3a7378d #​6554 cleanup bin contents (@​lukekarrys)
• e722439 #​6497 move all definitions to @​npmcli/config package (@​lukekarrys)

Documentation

• 405ffbf #​6557 remove redundant statement about files attribute (#​6557) (@​DaviDevMod)
• cd1e6aa #​6551 add flag package-lock-only for npm install (#​6551) (@​m4rch3n1ng)

Dependencies

• aebc523 #​6585 safe-buffer@5.2.1 string_decoder@1.3.0 (#​6585)
• bb6054b #​6573 tuf-js@1.1.7
• aee4a30 #​6573 strip-ansi@7.1.0
• 6105dbc #​6573 path-scurry@1.9.2
• 22d44e8 #​6573 read-package-json@6.0.4
• fdd02fd #​6573 jackspeak@2.2.1
• 7797075 #​6573 is-core-module@2.12.1
• f9780cc #​6573 sigstore@1.6.0
• 72d6a79 #​6573 semver@7.5.2
• 98f1f5f #​6573 nopt@7.2.0
• 8710ff8 #​6573 pacote@15.2.0
• 0cb539d #​6573 node-gyp@9.4.0
• 39ad586 #​6573 ini@4.1.1
• 5e0070c #​6573 glob@10.2.7 minimatch@9.0.1
• 26cf235 #​6573 cacache@17.1.3
• Workspace: @npmcli/arborist@6.2.10
• Workspace: @npmcli/config@6.2.1
• Workspace: libnpmdiff@5.0.18
• Workspace: libnpmexec@6.0.1
• Workspace: libnpmfund@4.0.18
• Workspace: libnpmpack@5.0.18
• Workspace: libnpmpublish@7.4.0

v9.7.1

Compare Source

Dependencies

• 7467ff6 #​6518 @npmcli/package-json@3.1.1, @npmcli/git@4.1.0

v9.7.0

Compare Source

⚠️ DEPRECATED ⚠️

Features

• a63a6d8 #​6490 add provenanceFile option for libnpmpublish (@​bdehamer)
• 2a8f4f2 #​6490 add new exclusive config item publish-file (@​wraithgar)
• 361e194 #​6483 implement flag --prefer-dedupe for npm install (#​6483) (@​m4rch3n1ng)

Bug Fixes

• 38eb39b #​6514 strip ansi characters from search results (#​6514) (@​wraithgar)
• 4b5ccfc #​6477 make usage and completion static functions (#​6477) (@​lukekarrys)
• 4f39e8c #​6479 refactor engines validation to lint syntax (#​6479) (@​lukekarrys)
• f3cfe12 #​6482 remove unused lib/npm relics (#​6482) (@​lukekarrys)
• 87de0c7 #​6472 move explore command to @​npmcli/package-json (@​wraithgar)
• 636e29e #​6472 move to @​npmcli/package-json where possible (@​wraithgar)
• 37cc797 #​6418 retrieve registry keys via TUF (#​6418) (@​bdehamer)

Documentation

• 83cd5bd #​6480 add global option for uninstall (#​6480) (@​m4rch3n1ng)
• 0400ce3 #​6481 add cli params to npm set, npm get (#​6481) (@​m4rch3n1ng)
• c3638ce #​6468 remove package-lock option for npm ci (#​6468) (@​m4rch3n1ng)

Dependencies

• 060d587 chalk@5.2.0, npm-audit-report@5.0.0
• fc52ca8 #​6472 remove read-package-json-fast
• 3238aa7 #​6472 remove read-package-json
• Workspace: @npmcli/config@6.2.0
• Workspace: libnpmexec@6.0.0
• Workspace: libnpmpublish@7.3.0

v9.6.7

Compare Source

Bug Fixes

• 9202c7d #​6464 npm cache completion (#​6464) (@​m4rch3n1ng)
• 6ce99a8 #​6461 exit codes in node v20 (#​6461) (@​MichaelBitard)
• 23c865f #​6434 deprecate ci-name config (#​6434) (@​wraithgar)

Documentation

• 7751dd4 #​6413 add a comma (#​6413) (@​darryltec)

Dependencies

• afc38a5 #​6458 cacache@17.1.2
• afb936c #​6458 tuf-js@1.1.6
• f6a0884 #​6458 readable-stream@4.4.0
• 858f0ca #​6458 postcss-selector-parser@6.0.13
• 53ecb84 #​6458 path-scurry@1.9.1
• d93f70c #​6458 signal-exit@4.0.2
• 19214b5 #​6458 @npmcli/package-json@3.1.0
• f53e6ff #​6458 sigstore@1.5.2
• 94d6ee7 #​6458 glob@10.2.4
• 902cb80 #​6458 semver@7.5.1
• 35e2e9a #​6458 @npmcli/run-script@6.0.2
• Workspace: @npmcli/config@6.1.7
• Workspace: libnpmpublish@7.2.0

v9.6.6

Compare Source

Dependencies

• 70e65b1 #​6423 tuf-js@1.1.5 (#​6423)
• 72291f7 #​6416 read-package-json@6.0.3
• e498f82 #​6416 minimatch@9.0.0
• 13aa7b7 #​6416 minipass@5.0.0
• f2a5678 #​6416 tar@6.1.14
• 69d4dd2 #​6416 npm update
• abdca39 #​6416 sigstore@1.4.0
• 16f68fb #​6416 glob@10.2.2
• 67fcfb1 #​6416 ignore-walk@6.0.3
• bfa2ff3 #​6416 make-fetch-happen@11.1.1
• 877591a #​6416 npm-registry-fetch@14.0.5
• 7630517 #​6416 pacote@15.1.3
• c2d6e0a #​6416 write-file-atomic@5.0.1
• acdf97e #​6416 which@3.0.1
• 00c541a #​6416 ssri@10.0.4
• 1b95e73 #​6416 read-package-json@6.0.2
• 6927fd3 #​6416 fs-minipass@3.0.2
• 3eec56e #​6416 cacache@17.1.0
• 7a2ce3f #​6416 @npmcli/run-script@6.0.1
• 3881770 #​6416 @npmcli/map-workspaces@3.0.4
• Workspace: @npmcli/arborist@6.2.9
• Workspace: libnpmdiff@5.0.17
• Workspace: libnpmexec@5.0.17
• Workspace: libnpmfund@4.0.17
• Workspace: libnpmorg@5.0.4
• Workspace: libnpmpack@5.0.17
• Workspace: libnpmpublish@7.1.4

v9.6.5

Compare Source

Bug Fixes

• 33dc428 #​6374 account for npx package-name with no spec (@​wraithgar)
• 82879f6 #​6225 lazy loading of arborist and pacote (#​6225) (@​wraithgar)
• f4e73ab #​6322 remove incompatible params from ci (#​6322) (@​wraithgar)
• c7fe1c7 #​6328 save raw data to file, not parsed data (@​wraithgar)

Documentation

• 31214a6 #​6381 Update description for publish --provenance flag (#​6381) (@​feelepxyz)
• 997bcdf #​6329 fix npm cache folder location for windows (#​6329) (@​charlie-wong)

Dependencies

• fae5e00 #​6372 sigstore@1.3.0 (#​6372)
• 3fa9542 #​6363 semver@7.5.0
• e49844e #​6363 minipass-fetch@3.0.2
• 357cc29 #​6363 walk-up-path@3.0.1
• 2c80b1e #​6363 ini@4.1.0
• 5933841 #​6363 minipass@4.2.8
• b39d54e #​6363 minimatch@7.4.6
• 201aa5a #​6363 ssri@10.0.3
• acb9120 #​6363 read@2.1.0
• 2472205 #​6363 npm-registry-fetch@14.0.4
• 2780714 #​6363 npm-install-checks@6.1.1
• b5af015 #​6363 make-fetch-happen@11.1.0
• 14c498d #​6363 @npmcli/metavuln-calculator@5.0.1
• Workspace: @npmcli/arborist@6.2.8
• Workspace: @npmcli/config@6.1.6
• Workspace: libnpmdiff@5.0.16
• Workspace: libnpmexec@5.0.16
• Workspace: libnpmfund@4.0.16
• Workspace: libnpmpack@5.0.16

v9.6.4

Compare Source

Documentation

• 54795a3 #​6312 filter archives out of version manager search (#​6312) (@​ljharb)
• 530c285 #​6306 remove reference to npm-packlist (#​6306) (@​staff0rd)

Dependencies

• 85935ac #​6325 ssri@10.0.2 (#​6325)
• f1388b4 #​6317 npm update
• 7dd0129 #​6317 glob@9.3.2
• deca335 #​6317 promise-call-limit@1.0.2
• Workspace: @npmcli/arborist@6.2.7
• Workspace: libnpmdiff@5.0.15
• Workspace: libnpmexec@5.0.15
• Workspace: libnpmfund@4.0.15
• Workspace: libnpmpack@5.0.15

v9.6.3

Compare Source

Bug Fixes

• 829503b #​6304 don't break up log message across lines (@​wraithgar)
• 1435fcf #​6304 do less work loading ./lib/npm.js (@​wraithgar)
• 09b58e4 #​6284 make all color output use an npm instance of chalk (#​6284) (@​lukekarrys)
• e252532 #​6283 do less work looking up commands (#​6283) (@​wraithgar)
• 6a4bcba #​6275 clean up man sorting (@​wraithgar)
• 8a96b65 #​6275 ignore ts and map files (@​wraithgar)
• 94d2b39 #​6271 Do not log warnings about log cleanup when logs_max=0 (#​6271) (@​jmealo)
• 2def359 #​6277 updated ebadplatform messaging to be generated based on the error (#​6277) (@​nlf)

Documentation

• 1e2eb81 #​6311 replace version manager list with a github search (#​6311) (@​wraithgar)
• 9d2be4e #​6289 remove npm bin link (#​6289) (@​KevinRouchut)

Dependencies

• e652dbd #​6308 minimatch@7.4.3 (#​6308)
• 01986d1 #​6307 sigstore@1.2.0 (#​6307)
• ea12627 #​6275 minimatch@7.4.2
• ec3e020 #​6275 glob@9.3.1
• 952fbed #​6275 read-package-json@6.0.1
• dd43d30 #​6275 parse-conflict-json@3.0.1
• d5ce7ca #​6275 npm-install-checks@6.1.0
• 704cd1e #​6275 nopt@7.1.0
• a6da22a #​6275 ignore-walk@6.0.2
• 55955fd #​6275 cacache@17.0.5
• 839b670 #​6275 @npmcli/map-workspaces@3.0.3
• 9a7b8e8 #​6275 @npmcli/git@4.0.4
• 57c0a55 #​6275 npm update
• 74c80f5 #​6275 minipass@4.2.5
• b174c90 #​6275 graceful-fs@4.2.11
• Workspace: @npmcli/arborist@6.2.6
• Workspace: @npmcli/config@6.1.5
• Workspace: libnpmdiff@5.0.14
• Workspace: libnpmexec@5.0.14
• Workspace: libnpmfund@4.0.14
• Workspace: libnpmpack@5.0.14
• Workspace: libnpmpublish@7.1.3

v9.6.2

Compare Source

Bug Fixes

• 4622b42 #​6247 add provenance publish notice (#​6247) (@​bdehamer)

Dependencies

• 434b461 #​6255 sigstore@1.1.1 (#​6255)
• Workspace: @npmcli/config@6.1.4
• Workspace: libnpmpublish@7.1.2

v9.6.1

Compare Source

Bug Fixes

• e455e3f #​6211 send options with grant/revoke requests (#​6211) (@​DavidTanner)
• e4de224 #​6220 clean uri from audit error (#​6220) (@​wraithgar)

Dependencies

• cb45b21 #​6231 npm update
• 1f60a7e #​6231 minipass@4.2.4
• Workspace: @npmcli/arborist@6.2.5
• Workspace: libnpmdiff@5.0.13
• Workspace: libnpmexec@5.0.13
• Workspace: libnpmfund@4.0.13
• Workspace: libnpmpack@5.0.13
• Workspace: libnpmpublish@7.1.1

v9.6.0

Compare Source

Features

• 84fbaf2 #​6216 add preliminary fish shell completion (@​wraithgar)

Bug Fixes

• c4c8754 audit: add signatures to completion (@​wraithgar)
• fc46489 access: only complete once (@​wraithgar)
• b43961a cmd-list: alias only to real commands (@​wraithgar)

Documentation

• 2695e1f #​6187 npm v9 creates package-lock.json v3 (#​6187) (@​tuukka)

Dependencies

• 71ae406 #​6218 @npmcli/installed-package-contents@2.0.2
• Workspace: @npmcli/arborist@6.2.4
• Workspace: libnpmdiff@5.0.12
• Workspace: libnpmexec@5.0.12
• Workspace: libnpmfund@4.0.12
• Workspace: libnpmpack@5.0.12

v9.5.1

Compare Source

Documentation

• 9bc455b #​6188 fixing typos (#​6188) (@​deining)
• ec8c95c #​6186 update OSI link (#​6186) (@​roerohan)

Dependencies

• 7ba3e17 #​6189 npm update
• f7a5200 pacote@15.1.1
• Workspace: @npmcli/arborist@6.2.3
• Workspace: libnpmdiff@5.0.11
• Workspace: libnpmexec@5.0.11
• Workspace: libnpmfund@4.0.11
• Workspace: libnpmpack@5.0.11

v9.5.0

Compare Source

Features

• 79bfd03 #​6153 audit signatures verifies attestations (@​feelepxyz)
• 5fc6473 add provenance attestation (@​bdehamer)

Bug Fixes

• 53f75a4 #​6158 gracefully fallback from auth-type=web (#​6158) (@​MylesBorins)
• ed59aae #​6162 refactor error reporting in audit command (@​bdehamer)

Dependencies

• fad0473 minipass@4.0.3
• 678c6bf minimatch@6.2.0
• 9b4b366 ci-info@3.8.0
• d20ee2a pacote@15.1.0
• Workspace: libnpmpublish@7.1.0
• Workspace: libnpmteam@5.0.3

v9.4.2

Compare Source

Bug Fixes

• d02da52 #​6142 revert install-links default back to false (#​6142) (@​nlf)

Documentation

• 6ea2cd7 #​6134 update references to OTP to be accurate (#​6134) (@​MylesBorins)

Dependencies

• cb6713d #​6143 rebuild package-lock (#​6143)
• 8200f4f #​6133 ignore-walk@6.0.1
• d43f881 map-workspaces@3.0.2
• 99457f1 minimatch@6.1.6
• f4c8c62 init-package-json@5.0.0
• 3c6615f npm-user-validate@2.0.0
• 10445ca remove mkdirp
• ab82492 node-gyp@9.3.1
• 74c5cbb minipass@4.0.2
• 1138038 make-fetch-happen@11.0.3
• c1ccfa1 glob@8.1.0
• 3dc17ce fs-minipass@3.0.1
• 5c84a99 ci-info@3.7.1
• fc5332f read@2.0.0
• Workspace: @npmcli/arborist@6.2.2
• Workspace: @npmcli/config@6.1.3
• Workspace: libnpmdiff@5.0.10
• Workspace: libnpmexec@5.0.10
• Workspace: libnpmfund@4.0.10
• Workspace: libnpmhook@9.0.3
• Workspace: libnpmorg@5.0.3
• Workspace: libnpmpack@5.0.10
• Workspace: libnpmpublish@7.0.8

v9.4.1

Compare Source

Bug Fixes

• 1525a5e #​6082 unpublish with scoped registry (@​wraithgar)

Dependencies

• 721fe3f #​6118 read-package-json-fast@3.0.2
• 6e4a649 pacote@15.0.8
• 1820afe cacache@17.0.4
• 24b2ec4 @npmcli/promise-spawn@6.0.2
• 4b8046e @npmcli/name-from-folder@2.0.0
• 1d4be7a @npmcli/map-workspaces@3.0.1
• a39556f @npmcli/template-oss@4.11.3
• 64b06ed #​6115 http-cache-semantics@4.1.1
• Workspace: @npmcli/arborist@6.2.1
• Workspace: @npmcli/config@6.1.2
• Workspace: libnpmaccess@7.0.2
• Workspace: libnpmdiff@5.0.9
• Workspace: libnpmexec@5.0.9
• Workspace: libnpmfund@4.0.9
• Workspace: libnpmhook@9.0.2
• Workspace: libnpmorg@5.0.2
• [Workspace](https://togithub.com/npm/c

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.