fix: don't overwrite config keys unless they've really changed

docs/lib/content/commands/npm-config.md

@@ -35,7 +35,7 @@ npm set key=value [key=value...]
 
 Sets each of the config keys to the value provided.
 
-If value is omitted, then it sets it to an empty string.
+If value is omitted, the key will be removed from your config file entirely.
 
 Note: for backwards compatibility, `npm config set key value` is supported
 as an alias for `npm config set key=value`.

lib/commands/config.js

@@ -163,7 +163,13 @@ class Config extends BaseCommand {
           `The \`${baseKey}\` option is deprecated, and can not be set in this way${deprecated}`
         )
       }
-      this.npm.config.set(key, val || '', where)
+
+      if (val === '') {
+        this.npm.config.delete(key, where)
+      } else {
+        this.npm.config.set(key, val, where)
+      }
+
       if (!this.npm.config.validate(where)) {
         log.warn('config', 'omitting invalid config values')
       }

test/lib/commands/config.js

@@ -298,13 +298,13 @@ t.test('config set key1 value1 key2=value2 key3', async t => {
 
   t.equal(sandbox.config.get('access'), 'restricted', 'access was set')
   t.equal(sandbox.config.get('all'), false, 'all was set')
-  t.equal(sandbox.config.get('audit'), false, 'audit was set')
+  t.equal(sandbox.config.get('audit'), true, 'audit was unset and restored to its default')
 
   const contents = await fs.readFile(join(home, '.npmrc'), { encoding: 'utf8' })
   const rc = ini.parse(contents)
   t.equal(rc.access, 'restricted', 'access is set to restricted')
   t.equal(rc.all, false, 'all is set to false')
-  t.equal(rc.audit, false, 'audit is set to false')
+  t.not(contents.includes('audit='), 'config file does not set audit')
 })
 
 t.test('config set invalid key logs warning', async t => {