deps: upgrade npm to 11.6.4

PR-URL: #60853
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>

Author: npm-cli-bot

deps/npm/README.md

@@ -31,7 +31,6 @@ npm <command>
 * [**Documentation**](https://docs.npmjs.com/) - Official docs & how-tos for all things **npm**
     * Note: you can also search docs locally with `npm help-search <query>`
 * [**Bug Tracker**](https://github.com/npm/cli/issues) - Search or submit bugs against the CLI
-* [**Roadmap**](https://github.com/orgs/github/projects/4247/views/1?filterQuery=npm) - Track & follow along with our public roadmap
 * [**Community Feedback and Discussions**](https://github.com/orgs/community/discussions/categories/npm) - Contribute ideas & discussion around the npm registry, website & CLI
 * [**RFCs**](https://github.com/npm/rfcs) - Contribute ideas & specifications for the API/design of the npm CLI
 * [**Service Status**](https://status.npmjs.org/) - Monitor the current status & see incident reports for the website & registry

deps/npm/docs/content/commands/npm-ls.md

@@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages.
 For example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-[email protected].3 /path/to/npm
+[email protected].4 /path/to/npm
 └─┬ [email protected]
   └── [email protected]
 ```

deps/npm/docs/content/commands/npm.md

@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-11.6.3
+11.6.4
 
 ### Description
 
@@ -64,7 +64,7 @@ In particular, npm has two modes of operation:
   npm installs packages into the current project directory, which defaults to the current working directory.
   Packages install to `./node_modules`, and bins to `./node_modules/.bin`.
 * global mode:
-  npm installs packages into the install prefix at `$npm_config_prefix/lib/node_modules` and bins to `$npm_config_prefix/bin`.
+  npm installs packages into the install prefix at `$NPM_CONFIG_PREFIX/lib/node_modules` and bins to `$NPM_CONFIG_PREFIX/bin`.
 
 Local mode is the default.
 Use `-g` or `--global` on any command to run in global mode instead.
@@ -98,8 +98,8 @@ It reads its configuration options from 5 places.
   All keys take a value, even if they are booleans (the config parser doesn't know what the options are at the time of parsing).
   If you do not provide a value (`--key`) then the option is set to boolean `true`.
 * Environment Variables:
-  Set any config by prefixing the name in an environment variable with `npm_config_`.
-  For example, `export npm_config_key=val`.
+  Set any config by prefixing the name in an environment variable with `NPM_CONFIG_`.
+  For example, `export NPM_CONFIG_KEY=val`.
 * User Configs:
   The file at `$HOME/.npmrc` is an ini-formatted list of configs.
   If present, it is parsed.

deps/npm/docs/content/configuring-npm/package-json.md

@@ -65,6 +65,16 @@ Put keywords in it.
 It's an array of strings.
 This helps people discover your package as it's listed in `npm search`.
 
+Example:
+
+```json
+"keywords": [
+  "node",
+  "javascript",
+  "npm"
+]
+```
+
 ### homepage
 
 The URL to the project homepage.

deps/npm/docs/content/configuring-npm/package-lock-json.md

@@ -119,6 +119,12 @@ Package descriptors have the following fields:
 
 * bin, license, engines, dependencies, optionalDependencies: fields from `package.json`
 
+* os: An array of operating systems this package is compatible with, as specified in `package.json`. This field is included when the package specifies OS restrictions.
+
+* cpu: An array of CPU architectures this package is compatible with, as specified in `package.json`. This field is included when the package specifies CPU restrictions.
+
+* funding: Funding information for the package, as specified in `package.json`. This field contains details about how to support the package maintainers.
+
 #### dependencies
 
 Legacy data for supporting versions of npm that use `lockfileVersion: 1`.

deps/npm/docs/content/using-npm/config.md

@@ -31,6 +31,8 @@ For details see [this issue](https://github.com/npm/npm/issues/14528).
 
 Notice that you need to use underscores instead of dashes, so `--allow-same-version` would become `npm_config_allow_same_version=true`.
 
+**Important:** When defining custom configuration keys in `.npmrc` files, use hyphens instead of underscores (e.g., `custom-key=value`). This ensures they can be overridden by environment variables, since npm automatically converts underscores to hyphens when reading environment variables. Keys with underscores in `.npmrc` files cannot be overridden via environment variables.
+
 #### npmrc Files
 
 The four relevant files are:

deps/npm/docs/content/using-npm/scripts.md

@@ -43,7 +43,7 @@ These scripts happen in addition to the `pre<event>`, `post<event>`, and
 * Runs BEFORE the package is packed, i.e.
 during `npm publish` and `npm pack`
 * Runs on local `npm install` without any arguments
-* Runs AFTER `prepublish`, but BEFORE `prepublishOnly`
+* Runs AFTER `prepublishOnly` and `prepack`, but BEFORE `postpack`
 * Runs for a package if it's being installed as a link through `npm install <folder>`
 
 * NOTE: If a package being installed through git contains a `prepare` script, its `dependencies` and `devDependencies` will be installed, and the prepare script will be run, before the package is packaged and installed.
@@ -333,7 +333,7 @@ They just have to be some kind of executable file.
 Read through [`package.json`](/configuring-npm/package-json) to see all the things that you can specify and enable by simply describing your package appropriately.
 In general, this will lead to a more robust and consistent state.
 * Inspect the env to determine where to put things.
-For instance, if the `npm_config_binroot` environment variable is set to `/home/user/bin`, then don't try to install executables into `/usr/local/bin`.
+For instance, if the `NPM_CONFIG_BINROOT` environment variable is set to `/home/user/bin`, then don't try to install executables into `/usr/local/bin`.
 The user probably set it up that way for a reason.
 * Don't prefix your script commands with "sudo".  If root permissions are required for some reason, then it'll fail with that error, and the user will sudo the npm command in question.
 * Don't use `install`.

deps/npm/docs/content/using-npm/workspaces.md

@@ -86,6 +86,26 @@ If you want to add a dependency named `abbrev` from the registry as a dependency
 npm install abbrev -w a
 ```
 
+**Adding a workspace as a dependency of another workspace:**
+
+If you want to add workspace **b** as a dependency of workspace **a**, you can use the workspace protocol in the dependency specifier:
+
+```
+npm install b@workspace:* -w a
+```
+
+This will add an entry to workspace **a**'s `package.json` like:
+
+```json
+{
+  "dependencies": {
+    "b": "workspace:*"
+  }
+}
+```
+
+The `workspace:` protocol tells npm to link to the local workspace rather than fetching from the registry. The `*` version means it will use whatever version is defined in workspace **b**'s `package.json`.
+
 Note: other installing commands such as `uninstall`, `ci`, etc will also respect the provided `workspace` configuration.
 
 ### Using workspaces

deps/npm/docs/output/commands/npm-access.html

@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-access----1163">
+<h1 id="----npm-access----1164">
     <span>npm-access</span>
-    <span class="version">@11.6.3</span>
+    <span class="version">@11.6.4</span>
 </h1>
 <span class="description">Set access level on published packages</span>
 </header>

deps/npm/docs/output/commands/npm-adduser.html

@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-adduser----1163">
+<h1 id="----npm-adduser----1164">
     <span>npm-adduser</span>
-    <span class="version">@11.6.3</span>
+    <span class="version">@11.6.4</span>
 </h1>
 <span class="description">Add a registry user account</span>
 </header>