npm · wraithgar · Sep 30, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 28, 2025
@@ -89,7 +89,7 @@ The `sig` is generated using the following template: `${package.name}@${package.
 Keys response:
 
 - `expires`: null or a simplified extended [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601): `YYYY-MM-DDTHH:mm:ss.sssZ`
-- `keydid`: sha256 fingerprint of the public key
+- `keyid`: sha256 fingerprint of the public key
 - `keytype`: only `ecdsa-sha2-nistp256` is currently supported by the npm CLI
 - `scheme`: only `ecdsa-sha2-nistp256` is currently supported by the npm CLI
 - `key`: base64 encoded public key

@@ -1149,7 +1149,7 @@ The `devEngines` field aids engineers working on a codebase to all be using the
 
 You can specify a `devEngines` property in your `package.json` which will run before `install`, `ci`, and `run` commands. 
 
-> Note: `engines` and `devEngines` differ in object shape. They also function very differently. `engines` is designed to alert the user when a dependency uses a differening npm or node version that the project it's being used in, whereas `devEngines` is used to alert people interacting with the source code of a project.
+> Note: `engines` and `devEngines` differ in object shape. They also function very differently. `engines` is designed to alert the user when a dependency uses a different npm or node version than the project it's being used in, whereas `devEngines` is used to alert people interacting with the source code of a project.
 
 The supported keys under the `devEngines` property are `cpu`, `os`, `libc`, `runtime`, and `packageManager`. Each property can be an object or an array of objects. Objects must contain `name`, and optionally can specify `version`, and `onFail`. `onFail` can be `warn`, `error`, or `ignore`, and if left undefined is of the same value as `error`. `npm` will assume that you're running with `node`.
 Here's an example of a project that will fail if the environment is not `node` and `npm`. If you set `runtime.name` or `packageManager.name` to any other string, it will fail within the npm CLI.

@@ -65,7 +65,7 @@ situations. These scripts happen in addition to the `pre<event>`, `post<event>`,
 
 **prepack**
 * Runs BEFORE a tarball is packed (on "`npm pack`", "`npm publish`", and when installing a git dependency).
-* NOTE: "`npm run pack`" is NOT the same as "`npm pack`". "`npm run pack`" is an arbitrary user defined script name, where as, "`npm pack`" is a CLI defined command.
+* NOTE: "`npm run pack`" is NOT the same as "`npm pack`". "`npm run pack`" is an arbitrary user defined script name, whereas, "`npm pack`" is a CLI defined command.
 
 **postpack**
 * Runs AFTER the tarball has been generated but before it is moved to its final destination (if at all, publish does not save the tarball locally)
@@ -221,8 +221,8 @@ While npm v6 had `uninstall` lifecycle scripts, npm v7 does not. Removal of a pa
 Reasons for a package removal include:
 
 * a user directly uninstalled this package
-* a user uninstalled a dependant package and so this dependency is being uninstalled
-* a user uninstalled a dependant package but another package also depends on this version
+* a user uninstalled a dependent package and so this dependency is being uninstalled
+* a user uninstalled a dependent package but another package also depends on this version
 * this version has been merged as a duplicate with another version
 * etc.