From 4394f3cc5b96af15f98aec18c417ada7e5bca75a Mon Sep 17 00:00:00 2001 From: npm CLI robot Date: Wed, 25 Feb 2026 23:04:49 +0000 Subject: [PATCH] deps: upgrade npm to 11.11.0 --- deps/npm/docs/content/commands/npm-ls.md | 2 +- deps/npm/docs/content/commands/npm-trust.md | 24 + deps/npm/docs/content/commands/npm.md | 2 +- .../content/using-npm/dependency-selectors.md | 2 +- deps/npm/docs/output/commands/npm-access.html | 4 +- .../npm/docs/output/commands/npm-adduser.html | 4 +- deps/npm/docs/output/commands/npm-audit.html | 4 +- deps/npm/docs/output/commands/npm-bugs.html | 4 +- deps/npm/docs/output/commands/npm-cache.html | 4 +- deps/npm/docs/output/commands/npm-ci.html | 4 +- .../docs/output/commands/npm-completion.html | 4 +- deps/npm/docs/output/commands/npm-config.html | 4 +- deps/npm/docs/output/commands/npm-dedupe.html | 4 +- .../docs/output/commands/npm-deprecate.html | 4 +- deps/npm/docs/output/commands/npm-diff.html | 4 +- .../docs/output/commands/npm-dist-tag.html | 4 +- deps/npm/docs/output/commands/npm-docs.html | 4 +- deps/npm/docs/output/commands/npm-doctor.html | 4 +- deps/npm/docs/output/commands/npm-edit.html | 4 +- deps/npm/docs/output/commands/npm-exec.html | 4 +- .../npm/docs/output/commands/npm-explain.html | 4 +- .../npm/docs/output/commands/npm-explore.html | 4 +- .../docs/output/commands/npm-find-dupes.html | 4 +- deps/npm/docs/output/commands/npm-fund.html | 4 +- deps/npm/docs/output/commands/npm-get.html | 4 +- .../docs/output/commands/npm-help-search.html | 4 +- deps/npm/docs/output/commands/npm-help.html | 4 +- deps/npm/docs/output/commands/npm-init.html | 4 +- .../output/commands/npm-install-ci-test.html | 4 +- .../output/commands/npm-install-test.html | 4 +- .../npm/docs/output/commands/npm-install.html | 4 +- deps/npm/docs/output/commands/npm-link.html | 4 +- deps/npm/docs/output/commands/npm-ll.html | 4 +- deps/npm/docs/output/commands/npm-login.html | 4 +- deps/npm/docs/output/commands/npm-logout.html | 4 +- deps/npm/docs/output/commands/npm-ls.html | 6 +- deps/npm/docs/output/commands/npm-org.html | 4 +- .../docs/output/commands/npm-outdated.html | 4 +- deps/npm/docs/output/commands/npm-owner.html | 4 +- deps/npm/docs/output/commands/npm-pack.html | 4 +- deps/npm/docs/output/commands/npm-ping.html | 4 +- deps/npm/docs/output/commands/npm-pkg.html | 4 +- deps/npm/docs/output/commands/npm-prefix.html | 4 +- .../npm/docs/output/commands/npm-profile.html | 4 +- deps/npm/docs/output/commands/npm-prune.html | 4 +- .../npm/docs/output/commands/npm-publish.html | 4 +- deps/npm/docs/output/commands/npm-query.html | 4 +- .../npm/docs/output/commands/npm-rebuild.html | 4 +- deps/npm/docs/output/commands/npm-repo.html | 4 +- .../npm/docs/output/commands/npm-restart.html | 4 +- deps/npm/docs/output/commands/npm-root.html | 4 +- deps/npm/docs/output/commands/npm-run.html | 4 +- deps/npm/docs/output/commands/npm-sbom.html | 4 +- deps/npm/docs/output/commands/npm-search.html | 4 +- deps/npm/docs/output/commands/npm-set.html | 4 +- .../docs/output/commands/npm-shrinkwrap.html | 4 +- deps/npm/docs/output/commands/npm-star.html | 4 +- deps/npm/docs/output/commands/npm-stars.html | 4 +- deps/npm/docs/output/commands/npm-start.html | 4 +- deps/npm/docs/output/commands/npm-stop.html | 4 +- deps/npm/docs/output/commands/npm-team.html | 4 +- deps/npm/docs/output/commands/npm-test.html | 4 +- deps/npm/docs/output/commands/npm-token.html | 4 +- deps/npm/docs/output/commands/npm-trust.html | 86 +- .../docs/output/commands/npm-undeprecate.html | 4 +- .../docs/output/commands/npm-uninstall.html | 4 +- .../docs/output/commands/npm-unpublish.html | 4 +- deps/npm/docs/output/commands/npm-unstar.html | 4 +- deps/npm/docs/output/commands/npm-update.html | 4 +- .../npm/docs/output/commands/npm-version.html | 4 +- deps/npm/docs/output/commands/npm-view.html | 4 +- deps/npm/docs/output/commands/npm-whoami.html | 4 +- deps/npm/docs/output/commands/npm.html | 6 +- deps/npm/docs/output/commands/npx.html | 4 +- .../docs/output/configuring-npm/folders.html | 4 +- .../docs/output/configuring-npm/install.html | 4 +- .../output/configuring-npm/npm-global.html | 4 +- .../docs/output/configuring-npm/npm-json.html | 4 +- .../configuring-npm/npm-shrinkwrap-json.html | 4 +- .../docs/output/configuring-npm/npmrc.html | 4 +- .../output/configuring-npm/package-json.html | 4 +- .../configuring-npm/package-lock-json.html | 4 +- deps/npm/docs/output/using-npm/config.html | 4 +- .../using-npm/dependency-selectors.html | 6 +- .../npm/docs/output/using-npm/developers.html | 4 +- deps/npm/docs/output/using-npm/logging.html | 4 +- deps/npm/docs/output/using-npm/orgs.html | 4 +- .../docs/output/using-npm/package-spec.html | 4 +- deps/npm/docs/output/using-npm/registry.html | 4 +- deps/npm/docs/output/using-npm/removal.html | 4 +- deps/npm/docs/output/using-npm/scope.html | 4 +- deps/npm/docs/output/using-npm/scripts.html | 4 +- .../npm/docs/output/using-npm/workspaces.html | 4 +- deps/npm/lib/commands/trust/circleci.js | 179 ++++ deps/npm/lib/commands/trust/index.js | 1 + deps/npm/lib/commands/trust/list.js | 5 +- deps/npm/lib/trust-cmd.js | 3 +- deps/npm/lib/utils/oidc.js | 12 +- deps/npm/lib/utils/sbom-cyclonedx.js | 21 +- deps/npm/lib/utils/sbom-spdx.js | 5 + deps/npm/lib/utils/verify-signatures.js | 2 +- deps/npm/man/man1/npm-access.1 | 2 +- deps/npm/man/man1/npm-adduser.1 | 2 +- deps/npm/man/man1/npm-audit.1 | 2 +- deps/npm/man/man1/npm-bugs.1 | 2 +- deps/npm/man/man1/npm-cache.1 | 2 +- deps/npm/man/man1/npm-ci.1 | 2 +- deps/npm/man/man1/npm-completion.1 | 2 +- deps/npm/man/man1/npm-config.1 | 2 +- deps/npm/man/man1/npm-dedupe.1 | 2 +- deps/npm/man/man1/npm-deprecate.1 | 2 +- deps/npm/man/man1/npm-diff.1 | 2 +- deps/npm/man/man1/npm-dist-tag.1 | 2 +- deps/npm/man/man1/npm-docs.1 | 2 +- deps/npm/man/man1/npm-doctor.1 | 2 +- deps/npm/man/man1/npm-edit.1 | 2 +- deps/npm/man/man1/npm-exec.1 | 2 +- deps/npm/man/man1/npm-explain.1 | 2 +- deps/npm/man/man1/npm-explore.1 | 2 +- deps/npm/man/man1/npm-find-dupes.1 | 2 +- deps/npm/man/man1/npm-fund.1 | 2 +- deps/npm/man/man1/npm-get.1 | 2 +- deps/npm/man/man1/npm-help-search.1 | 2 +- deps/npm/man/man1/npm-help.1 | 2 +- deps/npm/man/man1/npm-init.1 | 2 +- deps/npm/man/man1/npm-install-ci-test.1 | 2 +- deps/npm/man/man1/npm-install-test.1 | 2 +- deps/npm/man/man1/npm-install.1 | 2 +- deps/npm/man/man1/npm-link.1 | 2 +- deps/npm/man/man1/npm-ll.1 | 2 +- deps/npm/man/man1/npm-login.1 | 2 +- deps/npm/man/man1/npm-logout.1 | 2 +- deps/npm/man/man1/npm-ls.1 | 4 +- deps/npm/man/man1/npm-org.1 | 2 +- deps/npm/man/man1/npm-outdated.1 | 2 +- deps/npm/man/man1/npm-owner.1 | 2 +- deps/npm/man/man1/npm-pack.1 | 2 +- deps/npm/man/man1/npm-ping.1 | 2 +- deps/npm/man/man1/npm-pkg.1 | 2 +- deps/npm/man/man1/npm-prefix.1 | 2 +- deps/npm/man/man1/npm-profile.1 | 2 +- deps/npm/man/man1/npm-prune.1 | 2 +- deps/npm/man/man1/npm-publish.1 | 2 +- deps/npm/man/man1/npm-query.1 | 2 +- deps/npm/man/man1/npm-rebuild.1 | 2 +- deps/npm/man/man1/npm-repo.1 | 2 +- deps/npm/man/man1/npm-restart.1 | 2 +- deps/npm/man/man1/npm-root.1 | 2 +- deps/npm/man/man1/npm-run.1 | 2 +- deps/npm/man/man1/npm-sbom.1 | 2 +- deps/npm/man/man1/npm-search.1 | 2 +- deps/npm/man/man1/npm-set.1 | 2 +- deps/npm/man/man1/npm-shrinkwrap.1 | 2 +- deps/npm/man/man1/npm-star.1 | 2 +- deps/npm/man/man1/npm-stars.1 | 2 +- deps/npm/man/man1/npm-start.1 | 2 +- deps/npm/man/man1/npm-stop.1 | 2 +- deps/npm/man/man1/npm-team.1 | 2 +- deps/npm/man/man1/npm-test.1 | 2 +- deps/npm/man/man1/npm-token.1 | 2 +- deps/npm/man/man1/npm-trust.1 | 15 +- deps/npm/man/man1/npm-undeprecate.1 | 2 +- deps/npm/man/man1/npm-uninstall.1 | 2 +- deps/npm/man/man1/npm-unpublish.1 | 2 +- deps/npm/man/man1/npm-unstar.1 | 2 +- deps/npm/man/man1/npm-update.1 | 2 +- deps/npm/man/man1/npm-version.1 | 2 +- deps/npm/man/man1/npm-view.1 | 2 +- deps/npm/man/man1/npm-whoami.1 | 2 +- deps/npm/man/man1/npm.1 | 4 +- deps/npm/man/man1/npx.1 | 2 +- deps/npm/man/man5/folders.5 | 2 +- deps/npm/man/man5/install.5 | 2 +- deps/npm/man/man5/npm-global.5 | 2 +- deps/npm/man/man5/npm-json.5 | 2 +- deps/npm/man/man5/npm-shrinkwrap-json.5 | 2 +- deps/npm/man/man5/npmrc.5 | 2 +- deps/npm/man/man5/package-json.5 | 2 +- deps/npm/man/man5/package-lock-json.5 | 2 +- deps/npm/man/man7/config.7 | 2 +- deps/npm/man/man7/dependency-selectors.7 | 4 +- deps/npm/man/man7/developers.7 | 2 +- deps/npm/man/man7/logging.7 | 2 +- deps/npm/man/man7/orgs.7 | 2 +- deps/npm/man/man7/package-spec.7 | 2 +- deps/npm/man/man7/registry.7 | 2 +- deps/npm/man/man7/removal.7 | 2 +- deps/npm/man/man7/scope.7 | 2 +- deps/npm/man/man7/scripts.7 | 2 +- deps/npm/man/man7/workspaces.7 | 2 +- .../{encoding => @gar/promise-retry}/LICENSE | 13 +- .../@gar/promise-retry/lib/index.js | 28 + .../promise-retry/node_modules/retry/License | 21 + .../node_modules/retry/example/dns.js | 31 + .../node_modules/retry/example/stop.js | 40 + .../promise-retry/node_modules/retry/index.js | 1 + .../node_modules/retry/lib/retry.js | 100 ++ .../node_modules/retry/lib/retry_operation.js | 162 +++ .../node_modules/retry/package.json | 36 + .../@gar/promise-retry/package.json | 48 + .../arborist/lib/arborist/isolated-reifier.js | 41 +- .../@npmcli/arborist/lib/arborist/rebuild.js | 6 +- .../@npmcli/arborist/lib/arborist/reify.js | 2 +- .../arborist/lib/query-selector-all.js | 10 +- .../@npmcli/arborist/lib/shrinkwrap.js | 1 + .../@npmcli/arborist/package.json | 2 +- .../npm/node_modules/@npmcli/git/lib/spawn.js | 2 +- .../npm/node_modules/@npmcli/git/package.json | 4 +- .../node_modules/balanced-match/package.json | 6 +- .../node_modules/brace-expansion/package.json | 6 +- .../npm/node_modules/encoding/lib/encoding.js | 83 -- deps/npm/node_modules/encoding/package.json | 18 - deps/npm/node_modules/encoding/test/test.js | 49 - .../iconv-lite/encodings/dbcs-codec.js | 985 ++++++++---------- .../iconv-lite/encodings/dbcs-data.js | 361 ++++--- .../iconv-lite/encodings/index.js | 30 +- .../iconv-lite/encodings/internal.js | 316 +++--- .../iconv-lite/encodings/sbcs-codec.js | 107 +- .../iconv-lite/encodings/sbcs-data.js | 349 ++++--- .../iconv-lite/encodings/utf16.js | 252 +++-- .../iconv-lite/encodings/utf32.js | 464 ++++----- .../node_modules/iconv-lite/encodings/utf7.js | 423 ++++---- .../iconv-lite/lib/bom-handling.js | 64 +- .../iconv-lite/lib/helpers/merge-exports.js | 13 + deps/npm/node_modules/iconv-lite/lib/index.js | 248 ++--- .../node_modules/iconv-lite/lib/streams.js | 188 ++-- deps/npm/node_modules/iconv-lite/package.json | 42 +- deps/npm/node_modules/libnpmdiff/package.json | 4 +- .../node_modules/libnpmexec/lib/with-lock.js | 14 +- deps/npm/node_modules/libnpmexec/package.json | 6 +- deps/npm/node_modules/libnpmfund/package.json | 4 +- deps/npm/node_modules/libnpmpack/package.json | 4 +- .../make-fetch-happen/lib/remote.js | 2 +- .../make-fetch-happen/package.json | 4 +- .../node_modules/minipass-fetch/lib/body.js | 38 +- .../node_modules/minipass-fetch/package.json | 6 +- .../node_modules/npm-packlist/lib/index.js | 2 +- .../node_modules/npm-packlist/package.json | 8 +- deps/npm/node_modules/pacote/README.md | 1 + deps/npm/node_modules/pacote/lib/fetcher.js | 5 +- deps/npm/node_modules/pacote/lib/registry.js | 7 +- deps/npm/node_modules/pacote/package.json | 4 +- .../node_modules/spdx-license-ids/index.json | 28 + .../spdx-license-ids/package.json | 2 +- deps/npm/package.json | 20 +- .../test/lib/commands/completion.js.test.cjs | 1 + .../tap-snapshots/test/lib/docs.js.test.cjs | 5 + .../test/lib/utils/sbom-cyclonedx.js.test.cjs | 148 +++ .../test/lib/utils/sbom-spdx.js.test.cjs | 135 +++ deps/npm/test/fixtures/mock-oidc.js | 23 +- .../keyless-sigstore-attestations.json | 54 + deps/npm/test/lib/commands/audit.js | 41 + deps/npm/test/lib/commands/publish.js | 31 +- deps/npm/test/lib/commands/trust/circleci.js | 476 +++++++++ deps/npm/test/lib/commands/trust/list.js | 38 + deps/npm/test/lib/utils/sbom-cyclonedx.js | 47 + deps/npm/test/lib/utils/sbom-spdx.js | 47 + 257 files changed, 4180 insertions(+), 2476 deletions(-) create mode 100644 deps/npm/lib/commands/trust/circleci.js rename deps/npm/node_modules/{encoding => @gar/promise-retry}/LICENSE (76%) create mode 100644 deps/npm/node_modules/@gar/promise-retry/lib/index.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/License create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/dns.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/stop.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/index.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry_operation.js create mode 100644 deps/npm/node_modules/@gar/promise-retry/node_modules/retry/package.json create mode 100644 deps/npm/node_modules/@gar/promise-retry/package.json delete mode 100644 deps/npm/node_modules/encoding/lib/encoding.js delete mode 100644 deps/npm/node_modules/encoding/package.json delete mode 100644 deps/npm/node_modules/encoding/test/test.js create mode 100644 deps/npm/node_modules/iconv-lite/lib/helpers/merge-exports.js create mode 100644 deps/npm/test/fixtures/sigstore/keyless-sigstore-attestations.json create mode 100644 deps/npm/test/lib/commands/trust/circleci.js diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index 807b4bfd4c8de9..63db0081de3a24 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@11.10.1 /path/to/npm +npm@11.11.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` diff --git a/deps/npm/docs/content/commands/npm-trust.md b/deps/npm/docs/content/commands/npm-trust.md index dd5adb110cf5a9..cdd00c26851b01 100644 --- a/deps/npm/docs/content/commands/npm-trust.md +++ b/deps/npm/docs/content/commands/npm-trust.md @@ -94,6 +94,30 @@ npm trust gitlab [package] --file [--project|--repo|--repository] [--env|--envir | `--registry` | "https://registry.npmjs.org/" | URL | The base URL of the npm registry. | | `--yes`, `-y` | null | null or Boolean | Automatically answer "yes" to any prompts that npm might print on the command line. | +### `npm trust circleci` + +Create a trusted relationship between a package and CircleCI + +#### Synopsis + +```bash +npm trust circleci [package] --org-id --project-id --pipeline-definition-id --vcs-origin [--context-id ...] [-y|--yes] +``` + +#### Flags + +| Flag | Default | Type | Description | +| --- | --- | --- | --- | +| `--org-id` | null | String (required) | CircleCI organization UUID | +| `--project-id` | null | String (required) | CircleCI project UUID | +| `--pipeline-definition-id` | null | String (required) | CircleCI pipeline definition UUID | +| `--vcs-origin` | null | String (required) | CircleCI repository origin in format 'provider/owner/repo' | +| `--context-id` | null | null or String (can be set multiple times) | CircleCI context UUID to match | +| `--dry-run` | false | Boolean | Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, `install`, `update`, `dedupe`, `uninstall`, as well as `pack` and `publish`. Note: This is NOT honored by other network related commands, eg `dist-tags`, `owner`, etc. | +| `--json` | false | Boolean | Whether or not to output JSON data, rather than the normal output. * In `npm pkg set` it enables parsing set values with JSON.parse() before saving them to your `package.json`. Not supported by all npm commands. | +| `--registry` | "https://registry.npmjs.org/" | URL | The base URL of the npm registry. | +| `--yes`, `-y` | null | null or Boolean | Automatically answer "yes" to any prompts that npm might print on the command line. | + ### `npm trust list` List trusted relationships for a package diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index b9e951aaf30b88..e85c05b84902a1 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. ### Version -11.10.1 +11.11.0 ### Description diff --git a/deps/npm/docs/content/using-npm/dependency-selectors.md b/deps/npm/docs/content/using-npm/dependency-selectors.md index b12c640c586ec7..ea4a2314676366 100644 --- a/deps/npm/docs/content/using-npm/dependency-selectors.md +++ b/deps/npm/docs/content/using-npm/dependency-selectors.md @@ -62,7 +62,7 @@ The [`npm query`](/commands/npm-query) command exposes a new dependency selector - `:missing` when a dependency is not found on disk - `:semver(, [selector], [function])` match a valid [`node-semver`](https://github.com/npm/node-semver) version or range to a selector - `:path()` [glob](https://www.npmjs.com/package/glob) matching based on dependencies path relative to the project -- `:type()` [based on currently recognized types](https://github.com/npm/npm-package-arg#result-object) +- `:type()` [based on currently recognized types](https://github.com/npm/npm-package-arg#result-object). You can also use the aggregate type of `registry` for any registry dependency (e.g. tag, version, range, alias) - `:outdated()` when a dependency is outdated - `:vuln()` when a dependency has a known vulnerability diff --git a/deps/npm/docs/output/commands/npm-access.html b/deps/npm/docs/output/commands/npm-access.html index 90181343fd63b5..703b4b0c59bd55 100644 --- a/deps/npm/docs/output/commands/npm-access.html +++ b/deps/npm/docs/output/commands/npm-access.html @@ -186,9 +186,9 @@
-

+

npm-access - @11.10.1 + @11.11.0

Set access level on published packages
diff --git a/deps/npm/docs/output/commands/npm-adduser.html b/deps/npm/docs/output/commands/npm-adduser.html index 956502bf1b6207..2694392d938b10 100644 --- a/deps/npm/docs/output/commands/npm-adduser.html +++ b/deps/npm/docs/output/commands/npm-adduser.html @@ -186,9 +186,9 @@
-

+

npm-adduser - @11.10.1 + @11.11.0

Add a registry user account
diff --git a/deps/npm/docs/output/commands/npm-audit.html b/deps/npm/docs/output/commands/npm-audit.html index 79ed03d6686cb9..424288ea335503 100644 --- a/deps/npm/docs/output/commands/npm-audit.html +++ b/deps/npm/docs/output/commands/npm-audit.html @@ -186,9 +186,9 @@
-

+

npm-audit - @11.10.1 + @11.11.0

Run a security audit
diff --git a/deps/npm/docs/output/commands/npm-bugs.html b/deps/npm/docs/output/commands/npm-bugs.html index 7c6d75eba89295..511a206d1b055d 100644 --- a/deps/npm/docs/output/commands/npm-bugs.html +++ b/deps/npm/docs/output/commands/npm-bugs.html @@ -186,9 +186,9 @@
-

+

npm-bugs - @11.10.1 + @11.11.0

Report bugs for a package in a web browser
diff --git a/deps/npm/docs/output/commands/npm-cache.html b/deps/npm/docs/output/commands/npm-cache.html index bcc06a488fe1c5..1e6e9e45c1cc57 100644 --- a/deps/npm/docs/output/commands/npm-cache.html +++ b/deps/npm/docs/output/commands/npm-cache.html @@ -186,9 +186,9 @@
-

+

npm-cache - @11.10.1 + @11.11.0

Manipulates packages cache
diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html index 83c37a17abf54e..af7b4c27d41ddd 100644 --- a/deps/npm/docs/output/commands/npm-ci.html +++ b/deps/npm/docs/output/commands/npm-ci.html @@ -186,9 +186,9 @@
-

+

npm-ci - @11.10.1 + @11.11.0

Clean install a project
diff --git a/deps/npm/docs/output/commands/npm-completion.html b/deps/npm/docs/output/commands/npm-completion.html index a6f617636a87e4..50759a5f865c8d 100644 --- a/deps/npm/docs/output/commands/npm-completion.html +++ b/deps/npm/docs/output/commands/npm-completion.html @@ -186,9 +186,9 @@
-

+

npm-completion - @11.10.1 + @11.11.0

Tab Completion for npm
diff --git a/deps/npm/docs/output/commands/npm-config.html b/deps/npm/docs/output/commands/npm-config.html index acc2e26ffdfa1f..c54962e9094d67 100644 --- a/deps/npm/docs/output/commands/npm-config.html +++ b/deps/npm/docs/output/commands/npm-config.html @@ -186,9 +186,9 @@
-

+

npm-config - @11.10.1 + @11.11.0

Manage the npm configuration files
diff --git a/deps/npm/docs/output/commands/npm-dedupe.html b/deps/npm/docs/output/commands/npm-dedupe.html index 2a19d893e7c18a..f2ef16750b3369 100644 --- a/deps/npm/docs/output/commands/npm-dedupe.html +++ b/deps/npm/docs/output/commands/npm-dedupe.html @@ -186,9 +186,9 @@
-

+

npm-dedupe - @11.10.1 + @11.11.0

Reduce duplication in the package tree
diff --git a/deps/npm/docs/output/commands/npm-deprecate.html b/deps/npm/docs/output/commands/npm-deprecate.html index 654943740ec3d6..716191ad4afa87 100644 --- a/deps/npm/docs/output/commands/npm-deprecate.html +++ b/deps/npm/docs/output/commands/npm-deprecate.html @@ -186,9 +186,9 @@
-

+

npm-deprecate - @11.10.1 + @11.11.0

Deprecate a version of a package
diff --git a/deps/npm/docs/output/commands/npm-diff.html b/deps/npm/docs/output/commands/npm-diff.html index 846e5a9b1736b0..1c9fada601ef9d 100644 --- a/deps/npm/docs/output/commands/npm-diff.html +++ b/deps/npm/docs/output/commands/npm-diff.html @@ -186,9 +186,9 @@
-

+

npm-diff - @11.10.1 + @11.11.0

The registry diff command
diff --git a/deps/npm/docs/output/commands/npm-dist-tag.html b/deps/npm/docs/output/commands/npm-dist-tag.html index 8886ba8d211428..a12638e23e496c 100644 --- a/deps/npm/docs/output/commands/npm-dist-tag.html +++ b/deps/npm/docs/output/commands/npm-dist-tag.html @@ -186,9 +186,9 @@
-

+

npm-dist-tag - @11.10.1 + @11.11.0

Modify package distribution tags
diff --git a/deps/npm/docs/output/commands/npm-docs.html b/deps/npm/docs/output/commands/npm-docs.html index 618255cc441c08..4db6e52b4f681d 100644 --- a/deps/npm/docs/output/commands/npm-docs.html +++ b/deps/npm/docs/output/commands/npm-docs.html @@ -186,9 +186,9 @@
-

+

npm-docs - @11.10.1 + @11.11.0

Open documentation for a package in a web browser
diff --git a/deps/npm/docs/output/commands/npm-doctor.html b/deps/npm/docs/output/commands/npm-doctor.html index 1ea36dbafb4ddc..ab8172dcc93055 100644 --- a/deps/npm/docs/output/commands/npm-doctor.html +++ b/deps/npm/docs/output/commands/npm-doctor.html @@ -186,9 +186,9 @@
-

+

npm-doctor - @11.10.1 + @11.11.0

Check the health of your npm environment
diff --git a/deps/npm/docs/output/commands/npm-edit.html b/deps/npm/docs/output/commands/npm-edit.html index 2b80cbc4c58e7d..0f08e1698a91f4 100644 --- a/deps/npm/docs/output/commands/npm-edit.html +++ b/deps/npm/docs/output/commands/npm-edit.html @@ -186,9 +186,9 @@
-

+

npm-edit - @11.10.1 + @11.11.0

Edit an installed package
diff --git a/deps/npm/docs/output/commands/npm-exec.html b/deps/npm/docs/output/commands/npm-exec.html index e940ef5eeca6a8..44a91638730ee1 100644 --- a/deps/npm/docs/output/commands/npm-exec.html +++ b/deps/npm/docs/output/commands/npm-exec.html @@ -186,9 +186,9 @@
-

+

npm-exec - @11.10.1 + @11.11.0

Run a command from a local or remote npm package
diff --git a/deps/npm/docs/output/commands/npm-explain.html b/deps/npm/docs/output/commands/npm-explain.html index 143c532fad04a7..dde3546884c2c6 100644 --- a/deps/npm/docs/output/commands/npm-explain.html +++ b/deps/npm/docs/output/commands/npm-explain.html @@ -186,9 +186,9 @@
-

+

npm-explain - @11.10.1 + @11.11.0

Explain installed packages
diff --git a/deps/npm/docs/output/commands/npm-explore.html b/deps/npm/docs/output/commands/npm-explore.html index 96e7944d88bc03..e636584ffdcbce 100644 --- a/deps/npm/docs/output/commands/npm-explore.html +++ b/deps/npm/docs/output/commands/npm-explore.html @@ -186,9 +186,9 @@
-

+

npm-explore - @11.10.1 + @11.11.0

Browse an installed package
diff --git a/deps/npm/docs/output/commands/npm-find-dupes.html b/deps/npm/docs/output/commands/npm-find-dupes.html index a383932c3fd7bd..0d82625008b36e 100644 --- a/deps/npm/docs/output/commands/npm-find-dupes.html +++ b/deps/npm/docs/output/commands/npm-find-dupes.html @@ -186,9 +186,9 @@
-

+

npm-find-dupes - @11.10.1 + @11.11.0

Find duplication in the package tree
diff --git a/deps/npm/docs/output/commands/npm-fund.html b/deps/npm/docs/output/commands/npm-fund.html index 4d46b59e79f492..5fc4fc3eb6a57e 100644 --- a/deps/npm/docs/output/commands/npm-fund.html +++ b/deps/npm/docs/output/commands/npm-fund.html @@ -186,9 +186,9 @@
-

+

npm-fund - @11.10.1 + @11.11.0

Retrieve funding information
diff --git a/deps/npm/docs/output/commands/npm-get.html b/deps/npm/docs/output/commands/npm-get.html index f66d2d8cf61aad..813ba55be475b2 100644 --- a/deps/npm/docs/output/commands/npm-get.html +++ b/deps/npm/docs/output/commands/npm-get.html @@ -186,9 +186,9 @@
-

+

npm-get - @11.10.1 + @11.11.0

Get a value from the npm configuration
diff --git a/deps/npm/docs/output/commands/npm-help-search.html b/deps/npm/docs/output/commands/npm-help-search.html index 1e09e109da2750..dccf8d128b3d22 100644 --- a/deps/npm/docs/output/commands/npm-help-search.html +++ b/deps/npm/docs/output/commands/npm-help-search.html @@ -186,9 +186,9 @@
-

+

npm-help-search - @11.10.1 + @11.11.0

Search npm help documentation
diff --git a/deps/npm/docs/output/commands/npm-help.html b/deps/npm/docs/output/commands/npm-help.html index 6822feba0d3913..22f69c8f68d9bf 100644 --- a/deps/npm/docs/output/commands/npm-help.html +++ b/deps/npm/docs/output/commands/npm-help.html @@ -186,9 +186,9 @@
-

+

npm-help - @11.10.1 + @11.11.0

Get help on npm
diff --git a/deps/npm/docs/output/commands/npm-init.html b/deps/npm/docs/output/commands/npm-init.html index 8050ea825b69ac..b495f87f83b837 100644 --- a/deps/npm/docs/output/commands/npm-init.html +++ b/deps/npm/docs/output/commands/npm-init.html @@ -186,9 +186,9 @@
-

+

npm-init - @11.10.1 + @11.11.0

Create a package.json file
diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html index 610ee0882ad298..2b05373fb8ee8f 100644 --- a/deps/npm/docs/output/commands/npm-install-ci-test.html +++ b/deps/npm/docs/output/commands/npm-install-ci-test.html @@ -186,9 +186,9 @@
-

+

npm-install-ci-test - @11.10.1 + @11.11.0

Install a project with a clean slate and run tests
diff --git a/deps/npm/docs/output/commands/npm-install-test.html b/deps/npm/docs/output/commands/npm-install-test.html index 900baed5d7b51e..6b7ed9b5531f33 100644 --- a/deps/npm/docs/output/commands/npm-install-test.html +++ b/deps/npm/docs/output/commands/npm-install-test.html @@ -186,9 +186,9 @@
-

+

npm-install-test - @11.10.1 + @11.11.0

Install package(s) and run tests
diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html index 5d0674df08e57b..b0d72b6006cece 100644 --- a/deps/npm/docs/output/commands/npm-install.html +++ b/deps/npm/docs/output/commands/npm-install.html @@ -186,9 +186,9 @@
-

+

npm-install - @11.10.1 + @11.11.0

Install a package
diff --git a/deps/npm/docs/output/commands/npm-link.html b/deps/npm/docs/output/commands/npm-link.html index f0aa834a2be0ee..857eff466dab14 100644 --- a/deps/npm/docs/output/commands/npm-link.html +++ b/deps/npm/docs/output/commands/npm-link.html @@ -186,9 +186,9 @@
-

+

npm-link - @11.10.1 + @11.11.0

Symlink a package folder
diff --git a/deps/npm/docs/output/commands/npm-ll.html b/deps/npm/docs/output/commands/npm-ll.html index 62043a5e166799..02b17bede5dede 100644 --- a/deps/npm/docs/output/commands/npm-ll.html +++ b/deps/npm/docs/output/commands/npm-ll.html @@ -186,9 +186,9 @@
-

+

npm-ll - @11.10.1 + @11.11.0

List installed packages
diff --git a/deps/npm/docs/output/commands/npm-login.html b/deps/npm/docs/output/commands/npm-login.html index 85063b721fb505..5e4cdff4ec54b1 100644 --- a/deps/npm/docs/output/commands/npm-login.html +++ b/deps/npm/docs/output/commands/npm-login.html @@ -186,9 +186,9 @@
-

+

npm-login - @11.10.1 + @11.11.0

Login to a registry user account
diff --git a/deps/npm/docs/output/commands/npm-logout.html b/deps/npm/docs/output/commands/npm-logout.html index 00e61124397413..9dfbc04b73ea03 100644 --- a/deps/npm/docs/output/commands/npm-logout.html +++ b/deps/npm/docs/output/commands/npm-logout.html @@ -186,9 +186,9 @@
-

+

npm-logout - @11.10.1 + @11.11.0

Log out of the registry
diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index a410ba31d0d5dc..18e2535e780293 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -186,9 +186,9 @@
-

+

npm-ls - @11.10.1 + @11.11.0

List installed packages
@@ -209,7 +209,7 @@

Description

Positional arguments are name@version-range identifiers, which will limit the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@11.10.1 /path/to/npm
+
npm@11.11.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm-org.html b/deps/npm/docs/output/commands/npm-org.html
index 054dbecf15819a..f12c24ccd08677 100644
--- a/deps/npm/docs/output/commands/npm-org.html
+++ b/deps/npm/docs/output/commands/npm-org.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-org
-    @11.10.1
+    @11.11.0
 

 Manage orgs
 

diff --git a/deps/npm/docs/output/commands/npm-outdated.html b/deps/npm/docs/output/commands/npm-outdated.html
index 0ee5d927bbda5c..85013138e96410 100644
--- a/deps/npm/docs/output/commands/npm-outdated.html
+++ b/deps/npm/docs/output/commands/npm-outdated.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-outdated
-    @11.10.1
+    @11.11.0
 

 Check for outdated packages
 

diff --git a/deps/npm/docs/output/commands/npm-owner.html b/deps/npm/docs/output/commands/npm-owner.html
index b4cda07e5bc5ac..418a012852bbba 100644
--- a/deps/npm/docs/output/commands/npm-owner.html
+++ b/deps/npm/docs/output/commands/npm-owner.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-owner
-    @11.10.1
+    @11.11.0
 

 Manage package owners
 

diff --git a/deps/npm/docs/output/commands/npm-pack.html b/deps/npm/docs/output/commands/npm-pack.html
index fa15bdbd453cac..9e7bc2495c4953 100644
--- a/deps/npm/docs/output/commands/npm-pack.html
+++ b/deps/npm/docs/output/commands/npm-pack.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-pack
-    @11.10.1
+    @11.11.0
 

 Create a tarball from a package
 

diff --git a/deps/npm/docs/output/commands/npm-ping.html b/deps/npm/docs/output/commands/npm-ping.html
index 123a1c4712c950..5d4cf7159bd5f5 100644
--- a/deps/npm/docs/output/commands/npm-ping.html
+++ b/deps/npm/docs/output/commands/npm-ping.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-ping
-    @11.10.1
+    @11.11.0
 

 Ping npm registry
 

diff --git a/deps/npm/docs/output/commands/npm-pkg.html b/deps/npm/docs/output/commands/npm-pkg.html
index 7119e4073027f0..e7f28ef03626a1 100644
--- a/deps/npm/docs/output/commands/npm-pkg.html
+++ b/deps/npm/docs/output/commands/npm-pkg.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-pkg
-    @11.10.1
+    @11.11.0
 

 Manages your package.json
 

diff --git a/deps/npm/docs/output/commands/npm-prefix.html b/deps/npm/docs/output/commands/npm-prefix.html
index 14b06ca7e096db..a296f1c2e6b4dd 100644
--- a/deps/npm/docs/output/commands/npm-prefix.html
+++ b/deps/npm/docs/output/commands/npm-prefix.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-prefix
-    @11.10.1
+    @11.11.0
 

 Display prefix
 

diff --git a/deps/npm/docs/output/commands/npm-profile.html b/deps/npm/docs/output/commands/npm-profile.html
index 39b5ff54e8df49..c33cc5765687ca 100644
--- a/deps/npm/docs/output/commands/npm-profile.html
+++ b/deps/npm/docs/output/commands/npm-profile.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-profile
-    @11.10.1
+    @11.11.0
 

 Change settings on your registry profile
 

diff --git a/deps/npm/docs/output/commands/npm-prune.html b/deps/npm/docs/output/commands/npm-prune.html
index 06d1002b03758d..7294045e9ffe65 100644
--- a/deps/npm/docs/output/commands/npm-prune.html
+++ b/deps/npm/docs/output/commands/npm-prune.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-prune
-    @11.10.1
+    @11.11.0
 

 Remove extraneous packages
 

diff --git a/deps/npm/docs/output/commands/npm-publish.html b/deps/npm/docs/output/commands/npm-publish.html
index 74701633ad7797..6aab3b9374a5e2 100644
--- a/deps/npm/docs/output/commands/npm-publish.html
+++ b/deps/npm/docs/output/commands/npm-publish.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-publish
-    @11.10.1
+    @11.11.0
 

 Publish a package
 

diff --git a/deps/npm/docs/output/commands/npm-query.html b/deps/npm/docs/output/commands/npm-query.html
index 8c96409f900de3..56c1b211099f28 100644
--- a/deps/npm/docs/output/commands/npm-query.html
+++ b/deps/npm/docs/output/commands/npm-query.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-query
-    @11.10.1
+    @11.11.0
 

 Dependency selector query
 

diff --git a/deps/npm/docs/output/commands/npm-rebuild.html b/deps/npm/docs/output/commands/npm-rebuild.html
index 8c4ad0790a5a62..26d26ffe16f47b 100644
--- a/deps/npm/docs/output/commands/npm-rebuild.html
+++ b/deps/npm/docs/output/commands/npm-rebuild.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-rebuild
-    @11.10.1
+    @11.11.0
 

 Rebuild a package
 

diff --git a/deps/npm/docs/output/commands/npm-repo.html b/deps/npm/docs/output/commands/npm-repo.html
index 32f6cbf604dd7a..ef019253fa5109 100644
--- a/deps/npm/docs/output/commands/npm-repo.html
+++ b/deps/npm/docs/output/commands/npm-repo.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-repo
-    @11.10.1
+    @11.11.0
 

 Open package repository page in the browser
 

diff --git a/deps/npm/docs/output/commands/npm-restart.html b/deps/npm/docs/output/commands/npm-restart.html
index cb82857ae8f7de..123e15d48d85b4 100644
--- a/deps/npm/docs/output/commands/npm-restart.html
+++ b/deps/npm/docs/output/commands/npm-restart.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-restart
-    @11.10.1
+    @11.11.0
 

 Restart a package
 

diff --git a/deps/npm/docs/output/commands/npm-root.html b/deps/npm/docs/output/commands/npm-root.html
index 2c50261bcdc338..c87ed80cc733ad 100644
--- a/deps/npm/docs/output/commands/npm-root.html
+++ b/deps/npm/docs/output/commands/npm-root.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-root
-    @11.10.1
+    @11.11.0
 

 Display npm root
 

diff --git a/deps/npm/docs/output/commands/npm-run.html b/deps/npm/docs/output/commands/npm-run.html
index 4de340a9d77b9c..363590f8443e2d 100644
--- a/deps/npm/docs/output/commands/npm-run.html
+++ b/deps/npm/docs/output/commands/npm-run.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-run
-    @11.10.1
+    @11.11.0
 

 Run arbitrary package scripts
 

diff --git a/deps/npm/docs/output/commands/npm-sbom.html b/deps/npm/docs/output/commands/npm-sbom.html
index a537db9d25e56a..66cfa902200837 100644
--- a/deps/npm/docs/output/commands/npm-sbom.html
+++ b/deps/npm/docs/output/commands/npm-sbom.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-sbom
-    @11.10.1
+    @11.11.0
 

 Generate a Software Bill of Materials (SBOM)
 

diff --git a/deps/npm/docs/output/commands/npm-search.html b/deps/npm/docs/output/commands/npm-search.html
index 54c434bab83a2d..17af8e24ab6979 100644
--- a/deps/npm/docs/output/commands/npm-search.html
+++ b/deps/npm/docs/output/commands/npm-search.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-search
-    @11.10.1
+    @11.11.0
 

 Search for packages
 

diff --git a/deps/npm/docs/output/commands/npm-set.html b/deps/npm/docs/output/commands/npm-set.html
index 59046e91191d64..c106498372d977 100644
--- a/deps/npm/docs/output/commands/npm-set.html
+++ b/deps/npm/docs/output/commands/npm-set.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-set
-    @11.10.1
+    @11.11.0
 

 Set a value in the npm configuration
 

diff --git a/deps/npm/docs/output/commands/npm-shrinkwrap.html b/deps/npm/docs/output/commands/npm-shrinkwrap.html
index c0138b21952843..2c9592acf95945 100644
--- a/deps/npm/docs/output/commands/npm-shrinkwrap.html
+++ b/deps/npm/docs/output/commands/npm-shrinkwrap.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-shrinkwrap
-    @11.10.1
+    @11.11.0
 

 Lock down dependency versions for publication
 

diff --git a/deps/npm/docs/output/commands/npm-star.html b/deps/npm/docs/output/commands/npm-star.html
index 684c1891120005..b922de136847bb 100644
--- a/deps/npm/docs/output/commands/npm-star.html
+++ b/deps/npm/docs/output/commands/npm-star.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-star
-    @11.10.1
+    @11.11.0
 

 Mark your favorite packages
 

diff --git a/deps/npm/docs/output/commands/npm-stars.html b/deps/npm/docs/output/commands/npm-stars.html
index 56ef96e1a8b549..b2bcb0584e61f0 100644
--- a/deps/npm/docs/output/commands/npm-stars.html
+++ b/deps/npm/docs/output/commands/npm-stars.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-stars
-    @11.10.1
+    @11.11.0
 

 View packages marked as favorites
 

diff --git a/deps/npm/docs/output/commands/npm-start.html b/deps/npm/docs/output/commands/npm-start.html
index 9f9099ca7316b7..577e283ca51278 100644
--- a/deps/npm/docs/output/commands/npm-start.html
+++ b/deps/npm/docs/output/commands/npm-start.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-start
-    @11.10.1
+    @11.11.0
 

 Start a package
 

diff --git a/deps/npm/docs/output/commands/npm-stop.html b/deps/npm/docs/output/commands/npm-stop.html
index 79793beabb92a5..2b54db5b7463f3 100644
--- a/deps/npm/docs/output/commands/npm-stop.html
+++ b/deps/npm/docs/output/commands/npm-stop.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-stop
-    @11.10.1
+    @11.11.0
 

 Stop a package
 

diff --git a/deps/npm/docs/output/commands/npm-team.html b/deps/npm/docs/output/commands/npm-team.html
index 63924d254cb689..3c7eae9e8967bb 100644
--- a/deps/npm/docs/output/commands/npm-team.html
+++ b/deps/npm/docs/output/commands/npm-team.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-team
-    @11.10.1
+    @11.11.0
 

 Manage organization teams and team memberships
 

diff --git a/deps/npm/docs/output/commands/npm-test.html b/deps/npm/docs/output/commands/npm-test.html
index 8048ed0207905e..2bd1be34b98cd1 100644
--- a/deps/npm/docs/output/commands/npm-test.html
+++ b/deps/npm/docs/output/commands/npm-test.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-test
-    @11.10.1
+    @11.11.0
 

 Test a package
 

diff --git a/deps/npm/docs/output/commands/npm-token.html b/deps/npm/docs/output/commands/npm-token.html
index b7441d2ca7ce9c..4e1121c7dab2b4 100644
--- a/deps/npm/docs/output/commands/npm-token.html
+++ b/deps/npm/docs/output/commands/npm-token.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-token
-    @11.10.1
+    @11.11.0
 

 Manage your authentication tokens
 

diff --git a/deps/npm/docs/output/commands/npm-trust.html b/deps/npm/docs/output/commands/npm-trust.html
index 3e00c001a8cf32..777b1b91529baf 100644
--- a/deps/npm/docs/output/commands/npm-trust.html
+++ b/deps/npm/docs/output/commands/npm-trust.html
@@ -186,16 +186,16 @@
 
 

 

-

+

     npm-trust
-    @11.10.1
+    @11.11.0
 

 Manage trusted publishing relationships between packages and CI/CD providers
 

 
 

 
Table of contents

-

+

 

 
 
Synopsis

@@ -348,12 +348,84 @@ 
Flags

 
 
 
+
npm trust circleci

+
Create a trusted relationship between a package and CircleCI

+
Synopsis

+
npm trust circleci [package] --org-id <uuid> --project-id <uuid> --pipeline-definition-id <uuid> --vcs-origin <origin> [--context-id <uuid>...] [-y|--yes]
+

+
Flags

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
FlagDefaultTypeDescription
--org-idnullString (required)CircleCI organization UUID
--project-idnullString (required)CircleCI project UUID
--pipeline-definition-idnullString (required)CircleCI pipeline definition UUID
--vcs-originnullString (required)CircleCI repository origin in format 'provider/owner/repo'
--context-idnullnull or String (can be set multiple times)CircleCI context UUID to match
--dry-runfalseBooleanIndicates that you don't want npm to make any changes and that it should       only report what it would have done.  This can be passed into any of the       commands that modify your local installation, eg, install,       update, dedupe, uninstall, as well as pack and       publish.        Note: This is NOT honored by other network related commands, eg       dist-tags, owner, etc.
--jsonfalseBooleanWhether or not to output JSON data, rather than the normal output.        * In npm pkg set it enables parsing set values with JSON.parse()       before saving them to your package.json.        Not supported by all npm commands.
--registry"https://registry.npmjs.org/"URLThe base URL of the npm registry.
--yes, -ynullnull or BooleanAutomatically answer "yes" to any prompts that npm might print on       the command line.

 
npm trust list

 
List trusted relationships for a package

-
Synopsis

+
Synopsis

 
npm trust list [package]
 

-
Flags

+
Flags

 
@@ -380,10 +452,10 @@ 
Flags

 
 

 

 
npm trust revoke

 
Revoke a trusted relationship for a package

-
Synopsis

+
Synopsis

 
npm trust revoke [package] --id=<trust-id>
 

-
Flags

+
Flags

 
diff --git a/deps/npm/docs/output/commands/npm-undeprecate.html b/deps/npm/docs/output/commands/npm-undeprecate.html
index 531199eab9e445..961da2379eee38 100644
--- a/deps/npm/docs/output/commands/npm-undeprecate.html
+++ b/deps/npm/docs/output/commands/npm-undeprecate.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-undeprecate
-    @11.10.1
+    @11.11.0
 

 Undeprecate a version of a package
 

diff --git a/deps/npm/docs/output/commands/npm-uninstall.html b/deps/npm/docs/output/commands/npm-uninstall.html
index f63f38bcc009fc..70dff9cfcfb4cc 100644
--- a/deps/npm/docs/output/commands/npm-uninstall.html
+++ b/deps/npm/docs/output/commands/npm-uninstall.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-uninstall
-    @11.10.1
+    @11.11.0
 

 Remove a package
 

diff --git a/deps/npm/docs/output/commands/npm-unpublish.html b/deps/npm/docs/output/commands/npm-unpublish.html
index c7e160999c35ec..b31d1337409445 100644
--- a/deps/npm/docs/output/commands/npm-unpublish.html
+++ b/deps/npm/docs/output/commands/npm-unpublish.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-unpublish
-    @11.10.1
+    @11.11.0
 

 Remove a package from the registry
 

diff --git a/deps/npm/docs/output/commands/npm-unstar.html b/deps/npm/docs/output/commands/npm-unstar.html
index c2172972b3e376..2b66840d5d748e 100644
--- a/deps/npm/docs/output/commands/npm-unstar.html
+++ b/deps/npm/docs/output/commands/npm-unstar.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-unstar
-    @11.10.1
+    @11.11.0
 

 Remove an item from your favorite packages
 

diff --git a/deps/npm/docs/output/commands/npm-update.html b/deps/npm/docs/output/commands/npm-update.html
index 938112559a8c25..062f516cdcc1e7 100644
--- a/deps/npm/docs/output/commands/npm-update.html
+++ b/deps/npm/docs/output/commands/npm-update.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-update
-    @11.10.1
+    @11.11.0
 

 Update packages
 

diff --git a/deps/npm/docs/output/commands/npm-version.html b/deps/npm/docs/output/commands/npm-version.html
index 6ebd1337d2ad14..afc26227983beb 100644
--- a/deps/npm/docs/output/commands/npm-version.html
+++ b/deps/npm/docs/output/commands/npm-version.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-version
-    @11.10.1
+    @11.11.0
 

 Bump a package version
 

diff --git a/deps/npm/docs/output/commands/npm-view.html b/deps/npm/docs/output/commands/npm-view.html
index cdc11e95cb90fb..962fb3e917a597 100644
--- a/deps/npm/docs/output/commands/npm-view.html
+++ b/deps/npm/docs/output/commands/npm-view.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-view
-    @11.10.1
+    @11.11.0
 

 View registry info
 

diff --git a/deps/npm/docs/output/commands/npm-whoami.html b/deps/npm/docs/output/commands/npm-whoami.html
index af3cfa49551d24..bbe839b749e927 100644
--- a/deps/npm/docs/output/commands/npm-whoami.html
+++ b/deps/npm/docs/output/commands/npm-whoami.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-whoami
-    @11.10.1
+    @11.11.0
 

 Display npm username
 

diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index d4e4d0e33e16ae..f2426536a0a57e 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm
-    @11.10.1
+    @11.11.0
 

 javascript package manager
 

@@ -203,7 +203,7 @@ 
Table of contents

 
 
Note: This command is unaware of workspaces.

 
Version

-
11.10.1

+
11.11.0

 
Description

 
npm is the package manager for the Node JavaScript platform.
 It puts modules in place so that node can find them, and manages dependency conflicts intelligently.

diff --git a/deps/npm/docs/output/commands/npx.html b/deps/npm/docs/output/commands/npx.html
index 0b5b9dbde9d785..1d8e36310c207d 100644
--- a/deps/npm/docs/output/commands/npx.html
+++ b/deps/npm/docs/output/commands/npx.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npx
-    @11.10.1
+    @11.11.0
 

 Run a command from a local or remote npm package
 

diff --git a/deps/npm/docs/output/configuring-npm/folders.html b/deps/npm/docs/output/configuring-npm/folders.html
index a8dfc978f4353d..47da8cc4d77d2e 100644
--- a/deps/npm/docs/output/configuring-npm/folders.html
+++ b/deps/npm/docs/output/configuring-npm/folders.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     Folders
-    @11.10.1
+    @11.11.0
 

 Folder structures used by npm
 

diff --git a/deps/npm/docs/output/configuring-npm/install.html b/deps/npm/docs/output/configuring-npm/install.html
index ac078eefc99d0a..ff278db8f72ece 100644
--- a/deps/npm/docs/output/configuring-npm/install.html
+++ b/deps/npm/docs/output/configuring-npm/install.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     Install
-    @11.10.1
+    @11.11.0
 

 Download and install node and npm
 

diff --git a/deps/npm/docs/output/configuring-npm/npm-global.html b/deps/npm/docs/output/configuring-npm/npm-global.html
index a8dfc978f4353d..47da8cc4d77d2e 100644
--- a/deps/npm/docs/output/configuring-npm/npm-global.html
+++ b/deps/npm/docs/output/configuring-npm/npm-global.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     Folders
-    @11.10.1
+    @11.11.0
 

 Folder structures used by npm
 

diff --git a/deps/npm/docs/output/configuring-npm/npm-json.html b/deps/npm/docs/output/configuring-npm/npm-json.html
index 78eb2e0322869a..5b6c4ae33b70c8 100644
--- a/deps/npm/docs/output/configuring-npm/npm-json.html
+++ b/deps/npm/docs/output/configuring-npm/npm-json.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     package.json
-    @11.10.1
+    @11.11.0
 

 Specifics of npm's package.json handling
 

diff --git a/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html b/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
index 969d9d34148fe2..6576d09f77fbd1 100644
--- a/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
+++ b/deps/npm/docs/output/configuring-npm/npm-shrinkwrap-json.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     npm-shrinkwrap.json
-    @11.10.1
+    @11.11.0
 

 A publishable lockfile
 

diff --git a/deps/npm/docs/output/configuring-npm/npmrc.html b/deps/npm/docs/output/configuring-npm/npmrc.html
index 41b2bfa8a446c5..34b344f7da087c 100644
--- a/deps/npm/docs/output/configuring-npm/npmrc.html
+++ b/deps/npm/docs/output/configuring-npm/npmrc.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     .npmrc
-    @11.10.1
+    @11.11.0
 

 The npm config files
 

diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html
index 78eb2e0322869a..5b6c4ae33b70c8 100644
--- a/deps/npm/docs/output/configuring-npm/package-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-json.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     package.json
-    @11.10.1
+    @11.11.0
 

 Specifics of npm's package.json handling
 

diff --git a/deps/npm/docs/output/configuring-npm/package-lock-json.html b/deps/npm/docs/output/configuring-npm/package-lock-json.html
index c105214e75456a..1b6398d7315a41 100644
--- a/deps/npm/docs/output/configuring-npm/package-lock-json.html
+++ b/deps/npm/docs/output/configuring-npm/package-lock-json.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     package-lock.json
-    @11.10.1
+    @11.11.0
 

 A manifestation of the manifest
 

diff --git a/deps/npm/docs/output/using-npm/config.html b/deps/npm/docs/output/using-npm/config.html
index 1cceceed6cb164..c80f9aef29940a 100644
--- a/deps/npm/docs/output/using-npm/config.html
+++ b/deps/npm/docs/output/using-npm/config.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     Config
-    @11.10.1
+    @11.11.0
 

 About npm configuration
 

diff --git a/deps/npm/docs/output/using-npm/dependency-selectors.html b/deps/npm/docs/output/using-npm/dependency-selectors.html
index 76917c21379cac..d05e6b11d01bce 100644
--- a/deps/npm/docs/output/using-npm/dependency-selectors.html
+++ b/deps/npm/docs/output/using-npm/dependency-selectors.html
@@ -186,9 +186,9 @@
 
 

 

-

+

     Dependency Selectors
-    @11.10.1
+    @11.11.0
 

 Dependency Selector Syntax & Querying
 

@@ -255,7 +255,7 @@ 
Pseudo Selectors

 
  • :missing when a dependency is not found on disk
    • 
 
  • :semver(<spec>, [selector], [function]) match a valid node-semver version or range to a selector
    • 
 
  • :path(<path>) glob matching based on dependencies path relative to the project
    • 
-
  • :type(<type>) based on currently recognized types
    • 
+
  • :type(<type>) based on currently recognized types.  You can also use the aggregate type of registry for any registry dependency (e.g. tag, version, range, alias)
    • 
 
  • :outdated(<type>) when a dependency is outdated
    • 
 
  • :vuln(<selector>) when a dependency has a known vulnerability
    • 
 
diff --git a/deps/npm/docs/output/using-npm/developers.html b/deps/npm/docs/output/using-npm/developers.html
index 16a74d6a0c2c7d..30cc68a686b84e 100644
--- a/deps/npm/docs/output/using-npm/developers.html
+++ b/deps/npm/docs/output/using-npm/developers.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Developers
-    @11.10.1
+    @11.11.0
 
    
 Developer guide
 
    
diff --git a/deps/npm/docs/output/using-npm/logging.html b/deps/npm/docs/output/using-npm/logging.html
index c8ac0db586f5be..1169069dd85831 100644
--- a/deps/npm/docs/output/using-npm/logging.html
+++ b/deps/npm/docs/output/using-npm/logging.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Logging
-    @11.10.1
+    @11.11.0
 
    
 Why, What & How we Log
 
    
diff --git a/deps/npm/docs/output/using-npm/orgs.html b/deps/npm/docs/output/using-npm/orgs.html
index e744c91b418b8b..103db8e1b477ea 100644
--- a/deps/npm/docs/output/using-npm/orgs.html
+++ b/deps/npm/docs/output/using-npm/orgs.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Organizations
-    @11.10.1
+    @11.11.0
 
    
 Working with teams & organizations
 
    
diff --git a/deps/npm/docs/output/using-npm/package-spec.html b/deps/npm/docs/output/using-npm/package-spec.html
index 0dfc7a6162e0fd..9ca82242a8fee0 100644
--- a/deps/npm/docs/output/using-npm/package-spec.html
+++ b/deps/npm/docs/output/using-npm/package-spec.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Package spec
-    @11.10.1
+    @11.11.0
 
    
 Package name specifier
 
    
diff --git a/deps/npm/docs/output/using-npm/registry.html b/deps/npm/docs/output/using-npm/registry.html
index 9a755f513e5fb7..63d5d7f6c48b43 100644
--- a/deps/npm/docs/output/using-npm/registry.html
+++ b/deps/npm/docs/output/using-npm/registry.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Registry
-    @11.10.1
+    @11.11.0
 
    
 The JavaScript Package Registry
 
    
diff --git a/deps/npm/docs/output/using-npm/removal.html b/deps/npm/docs/output/using-npm/removal.html
index 63ffc04bda59e5..330f6bd6467780 100644
--- a/deps/npm/docs/output/using-npm/removal.html
+++ b/deps/npm/docs/output/using-npm/removal.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Removal
-    @11.10.1
+    @11.11.0
 
    
 Cleaning the slate
 
    
diff --git a/deps/npm/docs/output/using-npm/scope.html b/deps/npm/docs/output/using-npm/scope.html
index 5b27891d71c7b7..59a73ec4c0a501 100644
--- a/deps/npm/docs/output/using-npm/scope.html
+++ b/deps/npm/docs/output/using-npm/scope.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Scope
-    @11.10.1
+    @11.11.0
 
    
 Scoped packages
 
    
diff --git a/deps/npm/docs/output/using-npm/scripts.html b/deps/npm/docs/output/using-npm/scripts.html
index e3acc1b439dbeb..0b8857e3799fb8 100644
--- a/deps/npm/docs/output/using-npm/scripts.html
+++ b/deps/npm/docs/output/using-npm/scripts.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Scripts
-    @11.10.1
+    @11.11.0
 
    
 How npm handles the "scripts" field
 
    
diff --git a/deps/npm/docs/output/using-npm/workspaces.html b/deps/npm/docs/output/using-npm/workspaces.html
index e1a0cc58593471..9b4982f2a0de29 100644
--- a/deps/npm/docs/output/using-npm/workspaces.html
+++ b/deps/npm/docs/output/using-npm/workspaces.html
@@ -186,9 +186,9 @@
 
 
    
 
    
-
    
+
    
     Workspaces
-    @11.10.1
+    @11.11.0
 
    
 Working with workspaces
 
    
diff --git a/deps/npm/lib/commands/trust/circleci.js b/deps/npm/lib/commands/trust/circleci.js
new file mode 100644
index 00000000000000..34d25b80182688
--- /dev/null
+++ b/deps/npm/lib/commands/trust/circleci.js
@@ -0,0 +1,179 @@
+const Definition = require('@npmcli/config/lib/definitions/definition.js')
+const globalDefinitions = require('@npmcli/config/lib/definitions/definitions.js')
+const TrustCommand = require('../../trust-cmd.js')
+
+// UUID validation regex
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+
+class TrustCircleCI extends TrustCommand {
+  static description = 'Create a trusted relationship between a package and CircleCI'
+  static name = 'circleci'
+  static positionals = 1 // expects at most 1 positional (package name)
+  static providerName = 'CircleCI'
+  static providerEntity = 'CircleCI pipeline'
+
+  static usage = [
+    '[package] --org-id  --project-id  --pipeline-definition-id  --vcs-origin  [--context-id ...] [-y|--yes]',
+  ]
+
+  static definitions = [
+    new Definition('org-id', {
+      default: null,
+      type: String,
+      required: true,
+      description: 'CircleCI organization UUID',
+    }),
+    new Definition('project-id', {
+      default: null,
+      type: String,
+      required: true,
+      description: 'CircleCI project UUID',
+    }),
+    new Definition('pipeline-definition-id', {
+      default: null,
+      type: String,
+      required: true,
+      description: 'CircleCI pipeline definition UUID',
+    }),
+    new Definition('vcs-origin', {
+      default: null,
+      type: String,
+      required: true,
+      description: "CircleCI repository origin in format 'provider/owner/repo'",
+    }),
+    new Definition('context-id', {
+      default: null,
+      type: [null, String, Array],
+      description: 'CircleCI context UUID to match',
+    }),
+    // globals are alphabetical
+    globalDefinitions['dry-run'],
+    globalDefinitions.json,
+    globalDefinitions.registry,
+    globalDefinitions.yes,
+  ]
+
+  validateUuid (value, fieldName) {
+    if (!UUID_REGEX.test(value)) {
+      throw new Error(`${fieldName} must be a valid UUID`)
+    }
+  }
+
+  validateVcsOrigin (value) {
+    // Expected format: provider/owner/repo (e.g., github.com/owner/repo, bitbucket.org/owner/repo)
+    if (value.includes('://')) {
+      throw new Error("vcs-origin must not include a scheme (e.g., use 'github.com/owner/repo' not 'https://github.com/owner/repo')")
+    }
+    const parts = value.split('/')
+    if (parts.length < 3) {
+      throw new Error("vcs-origin must be in format 'provider/owner/repo'")
+    }
+  }
+
+  // Generate a URL from vcs-origin (e.g., github.com/npm/repo -> https://github.com/npm/repo)
+  getVcsOriginUrl (vcsOrigin) {
+    if (!vcsOrigin) {
+      return null
+    }
+    // vcs-origin format: github.com/owner/repo or bitbucket.org/owner/repo
+    return `https://${vcsOrigin}`
+  }
+
+  static optionsToBody (options) {
+    const { orgId, projectId, pipelineDefinitionId, vcsOrigin, contextIds } = options
+    const trustConfig = {
+      type: 'circleci',
+      claims: {
+        'oidc.circleci.com/org-id': orgId,
+        'oidc.circleci.com/project-id': projectId,
+        'oidc.circleci.com/pipeline-definition-id': pipelineDefinitionId,
+        'oidc.circleci.com/vcs-origin': vcsOrigin,
+      },
+    }
+    if (contextIds && contextIds.length > 0) {
+      trustConfig.claims['oidc.circleci.com/context-ids'] = contextIds
+    }
+    return trustConfig
+  }
+
+  static bodyToOptions (body) {
+    return {
+      ...(body.id) && { id: body.id },
+      ...(body.type) && { type: body.type },
+      ...(body.claims?.['oidc.circleci.com/org-id']) && { orgId: body.claims['oidc.circleci.com/org-id'] },
+      ...(body.claims?.['oidc.circleci.com/project-id']) && { projectId: body.claims['oidc.circleci.com/project-id'] },
+      ...(body.claims?.['oidc.circleci.com/pipeline-definition-id']) && {
+        pipelineDefinitionId: body.claims['oidc.circleci.com/pipeline-definition-id'],
+      },
+      ...(body.claims?.['oidc.circleci.com/vcs-origin']) && { vcsOrigin: body.claims['oidc.circleci.com/vcs-origin'] },
+      ...(body.claims?.['oidc.circleci.com/context-ids']) && { contextIds: body.claims['oidc.circleci.com/context-ids'] },
+    }
+  }
+
+  // Override flagsToOptions since CircleCI doesn't use file/entity pattern
+  async flagsToOptions ({ positionalArgs, flags }) {
+    const content = await this.optionalPkgJson()
+    const pkgName = positionalArgs[0] || content.name
+
+    if (!pkgName) {
+      throw new Error('Package name must be specified either as an argument or in package.json file')
+    }
+
+    const orgId = flags['org-id']
+    const projectId = flags['project-id']
+    const pipelineDefinitionId = flags['pipeline-definition-id']
+    const vcsOrigin = flags['vcs-origin']
+    const contextIds = flags['context-id']
+
+    // Validate required flags
+    if (!orgId) {
+      throw new Error('org-id is required')
+    }
+    if (!projectId) {
+      throw new Error('project-id is required')
+    }
+    if (!pipelineDefinitionId) {
+      throw new Error('pipeline-definition-id is required')
+    }
+    if (!vcsOrigin) {
+      throw new Error('vcs-origin is required')
+    }
+
+    // Validate formats
+    this.validateUuid(orgId, 'org-id')
+    this.validateUuid(projectId, 'project-id')
+    this.validateUuid(pipelineDefinitionId, 'pipeline-definition-id')
+    this.validateVcsOrigin(vcsOrigin)
+    if (contextIds?.length > 0) {
+      for (const contextId of contextIds) {
+        this.validateUuid(contextId, 'context-id')
+      }
+    }
+
+    return {
+      values: {
+        package: pkgName,
+        orgId,
+        projectId,
+        pipelineDefinitionId,
+        vcsOrigin,
+        ...(contextIds?.length > 0 && { contextIds }),
+      },
+      fromPackageJson: {},
+      warnings: [],
+      urls: {
+        package: this.getFrontendUrl({ pkgName }),
+        vcsOrigin: this.getVcsOriginUrl(vcsOrigin),
+      },
+    }
+  }
+
+  async exec (positionalArgs, flags) {
+    await this.createConfigCommand({
+      positionalArgs,
+      flags,
+    })
+  }
+}
+
+module.exports = TrustCircleCI
diff --git a/deps/npm/lib/commands/trust/index.js b/deps/npm/lib/commands/trust/index.js
index cabcfa7c34cb80..9c3bf070a4ce1a 100644
--- a/deps/npm/lib/commands/trust/index.js
+++ b/deps/npm/lib/commands/trust/index.js
@@ -7,6 +7,7 @@ class Trust extends BaseCommand {
   static subcommands = {
     github: require('./github.js'),
     gitlab: require('./gitlab.js'),
+    circleci: require('./circleci.js'),
     list: require('./list.js'),
     revoke: require('./revoke.js'),
   }
diff --git a/deps/npm/lib/commands/trust/list.js b/deps/npm/lib/commands/trust/list.js
index 8e1147566b056b..3d5c3aeb0dbc1a 100644
--- a/deps/npm/lib/commands/trust/list.js
+++ b/deps/npm/lib/commands/trust/list.js
@@ -1,6 +1,7 @@
 const { otplease } = require('../../utils/auth.js')
 const npmFetch = require('npm-registry-fetch')
 const npa = require('npm-package-arg')
+const TrustCircleCI = require('./circleci.js')
 const TrustGithub = require('./github.js')
 const TrustGitlab = require('./gitlab.js')
 const TrustCommand = require('../../trust-cmd.js')
@@ -21,7 +22,9 @@ class TrustList extends TrustCommand {
   ]
 
   static bodyToOptions (body) {
-    if (body.type === 'github') {
+    if (body.type === 'circleci') {
+      return TrustCircleCI.bodyToOptions(body)
+    } else if (body.type === 'github') {
       return TrustGithub.bodyToOptions(body)
     } else if (body.type === 'gitlab') {
       return TrustGitlab.bodyToOptions(body)
diff --git a/deps/npm/lib/trust-cmd.js b/deps/npm/lib/trust-cmd.js
index c267c1373e91c1..5fab8df1d21aa2 100644
--- a/deps/npm/lib/trust-cmd.js
+++ b/deps/npm/lib/trust-cmd.js
@@ -55,6 +55,7 @@ class TrustCommand extends BaseCommand {
 
     const json = this.config.get('json')
     if (json) {
+      // Disable redaction: trust config values (e.g. CircleCI UUIDs) are not secrets
       output.standard(JSON.stringify(options.values, null, 2), { [META]: true, redact: false })
       return
     }
@@ -95,7 +96,7 @@ class TrustCommand extends BaseCommand {
         }
         if (urlLines.length > 0) {
           output.standard()
-          output.standard(urlLines.join('\n'))
+          output.standard(urlLines.join('\n'), { [META]: true, redact: false })
         }
       }
       if (pad) {
diff --git a/deps/npm/lib/utils/oidc.js b/deps/npm/lib/utils/oidc.js
index 24524f4b4bf72d..690bc96dba4a4a 100644
--- a/deps/npm/lib/utils/oidc.js
+++ b/deps/npm/lib/utils/oidc.js
@@ -8,8 +8,8 @@ const libaccess = require('libnpmaccess')
 /**
  * Handles OpenID Connect (OIDC) token retrieval and exchange for CI environments.
  *
- * This function is designed to work in Continuous Integration (CI) environments such as GitHub Actions
- * and GitLab. It retrieves an OIDC token from the CI environment, exchanges it for an npm token, and
+ * This function is designed to work in Continuous Integration (CI) environments such as GitHub Actions,
+ * GitLab, and CircleCI. It retrieves an OIDC token from the CI environment, exchanges it for an npm token, and
  * sets the token in the provided configuration for authentication with the npm registry.
  *
  * This function is intended to never throw, as it mutates the state of the `opts` and `config` objects on success.
@@ -17,6 +17,7 @@ const libaccess = require('libnpmaccess')
  *
  * @see https://github.com/watson/ci-info for CI environment detection.
  * @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect for GitHub Actions OIDC.
+ * @see https://circleci.com/docs/openid-connect-tokens/ for CircleCI OIDC.
  */
 async function oidc ({ packageName, registry, opts, config }) {
   /*
@@ -29,7 +30,9 @@ async function oidc ({ packageName, registry, opts, config }) {
       /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L152 */
       ciInfo.GITHUB_ACTIONS ||
       /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L161C13-L161C22 */
-      ciInfo.GITLAB
+      ciInfo.GITLAB ||
+      /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L78 */
+      ciInfo.CIRCLE
     )) {
       return undefined
     }
@@ -143,7 +146,8 @@ async function oidc ({ packageName, registry, opts, config }) {
 
     try {
       const isDefaultProvenance = config.isDefault('provenance')
-      if (isDefaultProvenance) {
+      // CircleCI doesn't support provenance yet, so skip the auto-enable logic
+      if (isDefaultProvenance && !ciInfo.CIRCLE) {
         const [headerB64, payloadB64] = idToken.split('.')
         if (headerB64 && payloadB64) {
           const payloadJson = Buffer.from(payloadB64, 'base64').toString('utf8')
diff --git a/deps/npm/lib/utils/sbom-cyclonedx.js b/deps/npm/lib/utils/sbom-cyclonedx.js
index 0cd170fbbcbee0..f8283397989d5b 100644
--- a/deps/npm/lib/utils/sbom-cyclonedx.js
+++ b/deps/npm/lib/utils/sbom-cyclonedx.js
@@ -84,15 +84,20 @@ const toCyclonedxItem = (node, { packageType }) => {
     node.package = toNormalize.content
   }
 
-  let parsedLicense
-  try {
-    let license = node.package?.license
-    if (license) {
-      if (typeof license === 'object') {
-        license = license.type
-      }
+  let license = node.package?.license
+  if (license) {
+    if (typeof license === 'object') {
+      license = license.type
     }
+  } else if (Array.isArray(node.package?.licenses)) {
+    license = node.package.licenses
+      .map(l => (typeof l === 'object' ? l.type : l))
+      .filter(Boolean)
+      .join(' OR ')
+  }
 
+  let parsedLicense
+  try {
     parsedLicense = parseLicense(license)
   } catch {
     parsedLicense = null
@@ -158,7 +163,7 @@ const toCyclonedxItem = (node, { packageType }) => {
     component.licenses = [{ license: { id: parsedLicense.license } }]
     // If license is a conjunction, use the expression field
   } else if (parsedLicense?.conjunction) {
-    component.licenses = [{ expression: node.package.license }]
+    component.licenses = [{ expression: license }]
   }
 
   return component
diff --git a/deps/npm/lib/utils/sbom-spdx.js b/deps/npm/lib/utils/sbom-spdx.js
index 074a6f57f98bf0..38824f263681d0 100644
--- a/deps/npm/lib/utils/sbom-spdx.js
+++ b/deps/npm/lib/utils/sbom-spdx.js
@@ -110,6 +110,11 @@ const toSpdxItem = (node, { packageType }) => {
     if (typeof license === 'object') {
       license = license.type
     }
+  } else if (Array.isArray(node.package?.licenses)) {
+    license = node.package.licenses
+      .map(l => (typeof l === 'object' ? l.type : l))
+      .filter(Boolean)
+      .join(' OR ')
   }
 
   const pkg = {
diff --git a/deps/npm/lib/utils/verify-signatures.js b/deps/npm/lib/utils/verify-signatures.js
index 2130c847b60ec4..c9b39591eadc8a 100644
--- a/deps/npm/lib/utils/verify-signatures.js
+++ b/deps/npm/lib/utils/verify-signatures.js
@@ -45,7 +45,7 @@ class VerifySignatures {
 
     // Didn't find any dependencies that could be verified, e.g. only local
     // deps, missing version, not on a registry etc.
-    if (!this.auditedWithKeysCount) {
+    if (!this.auditedWithKeysCount && !this.verifiedAttestationCount) {
       throw new Error('found no dependencies to audit that were installed from ' +
                       'a supported registry')
     }
diff --git a/deps/npm/man/man1/npm-access.1 b/deps/npm/man/man1/npm-access.1
index 9f9d409d7258d1..56bda5adf7c1a7 100644
--- a/deps/npm/man/man1/npm-access.1
+++ b/deps/npm/man/man1/npm-access.1
@@ -1,4 +1,4 @@
-.TH "NPM-ACCESS" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-ACCESS" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-access\fR - Set access level on published packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-adduser.1 b/deps/npm/man/man1/npm-adduser.1
index f9585f17655a19..b0a8a368f157a6 100644
--- a/deps/npm/man/man1/npm-adduser.1
+++ b/deps/npm/man/man1/npm-adduser.1
@@ -1,4 +1,4 @@
-.TH "NPM-ADDUSER" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-ADDUSER" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-adduser\fR - Add a registry user account
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1
index 831e58c2523c04..ae1e4ff9c846ed 100644
--- a/deps/npm/man/man1/npm-audit.1
+++ b/deps/npm/man/man1/npm-audit.1
@@ -1,4 +1,4 @@
-.TH "NPM-AUDIT" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-AUDIT" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-audit\fR - Run a security audit
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-bugs.1 b/deps/npm/man/man1/npm-bugs.1
index e35fabe3baf58d..24106ee21fe71e 100644
--- a/deps/npm/man/man1/npm-bugs.1
+++ b/deps/npm/man/man1/npm-bugs.1
@@ -1,4 +1,4 @@
-.TH "NPM-BUGS" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-BUGS" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-bugs\fR - Report bugs for a package in a web browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-cache.1 b/deps/npm/man/man1/npm-cache.1
index 80a1616948371b..ac8ce843afa6ef 100644
--- a/deps/npm/man/man1/npm-cache.1
+++ b/deps/npm/man/man1/npm-cache.1
@@ -1,4 +1,4 @@
-.TH "NPM-CACHE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-CACHE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-cache\fR - Manipulates packages cache
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1
index 4b1bcc8d05136b..7c1a4c33f5a5fb 100644
--- a/deps/npm/man/man1/npm-ci.1
+++ b/deps/npm/man/man1/npm-ci.1
@@ -1,4 +1,4 @@
-.TH "NPM-CI" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-CI" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-ci\fR - Clean install a project
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-completion.1 b/deps/npm/man/man1/npm-completion.1
index 705689eb4c2101..858399832a39e1 100644
--- a/deps/npm/man/man1/npm-completion.1
+++ b/deps/npm/man/man1/npm-completion.1
@@ -1,4 +1,4 @@
-.TH "NPM-COMPLETION" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-COMPLETION" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-completion\fR - Tab Completion for npm
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-config.1 b/deps/npm/man/man1/npm-config.1
index 2ccf69bb3aa2b1..4cb726ffd2cdab 100644
--- a/deps/npm/man/man1/npm-config.1
+++ b/deps/npm/man/man1/npm-config.1
@@ -1,4 +1,4 @@
-.TH "NPM-CONFIG" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-CONFIG" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-config\fR - Manage the npm configuration files
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-dedupe.1 b/deps/npm/man/man1/npm-dedupe.1
index c44d3aed759860..69b8f89e831765 100644
--- a/deps/npm/man/man1/npm-dedupe.1
+++ b/deps/npm/man/man1/npm-dedupe.1
@@ -1,4 +1,4 @@
-.TH "NPM-DEDUPE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DEDUPE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-dedupe\fR - Reduce duplication in the package tree
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-deprecate.1 b/deps/npm/man/man1/npm-deprecate.1
index 4fe54b1dc0f310..c81e6f048c0e2a 100644
--- a/deps/npm/man/man1/npm-deprecate.1
+++ b/deps/npm/man/man1/npm-deprecate.1
@@ -1,4 +1,4 @@
-.TH "NPM-DEPRECATE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DEPRECATE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-deprecate\fR - Deprecate a version of a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-diff.1 b/deps/npm/man/man1/npm-diff.1
index 3de2926a0ec3eb..e502ea264ef881 100644
--- a/deps/npm/man/man1/npm-diff.1
+++ b/deps/npm/man/man1/npm-diff.1
@@ -1,4 +1,4 @@
-.TH "NPM-DIFF" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DIFF" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-diff\fR - The registry diff command
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-dist-tag.1 b/deps/npm/man/man1/npm-dist-tag.1
index 7a3c1ca973b21f..8e3f3c1ca8eb15 100644
--- a/deps/npm/man/man1/npm-dist-tag.1
+++ b/deps/npm/man/man1/npm-dist-tag.1
@@ -1,4 +1,4 @@
-.TH "NPM-DIST-TAG" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DIST-TAG" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-dist-tag\fR - Modify package distribution tags
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-docs.1 b/deps/npm/man/man1/npm-docs.1
index 4a6ba9406cc93e..ad43cda739b107 100644
--- a/deps/npm/man/man1/npm-docs.1
+++ b/deps/npm/man/man1/npm-docs.1
@@ -1,4 +1,4 @@
-.TH "NPM-DOCS" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DOCS" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-docs\fR - Open documentation for a package in a web browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-doctor.1 b/deps/npm/man/man1/npm-doctor.1
index 302ab1b63aceba..8d5bda4832eb20 100644
--- a/deps/npm/man/man1/npm-doctor.1
+++ b/deps/npm/man/man1/npm-doctor.1
@@ -1,4 +1,4 @@
-.TH "NPM-DOCTOR" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-DOCTOR" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-doctor\fR - Check the health of your npm environment
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-edit.1 b/deps/npm/man/man1/npm-edit.1
index 40fffba1996f56..35c025535a70fc 100644
--- a/deps/npm/man/man1/npm-edit.1
+++ b/deps/npm/man/man1/npm-edit.1
@@ -1,4 +1,4 @@
-.TH "NPM-EDIT" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-EDIT" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-edit\fR - Edit an installed package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1
index 0365cc68ee8a5e..c4ae1db70f6f0d 100644
--- a/deps/npm/man/man1/npm-exec.1
+++ b/deps/npm/man/man1/npm-exec.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXEC" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-EXEC" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-exec\fR - Run a command from a local or remote npm package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1
index 45930af8f7e1a8..99b4f567a5a4bb 100644
--- a/deps/npm/man/man1/npm-explain.1
+++ b/deps/npm/man/man1/npm-explain.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXPLAIN" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-EXPLAIN" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-explain\fR - Explain installed packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-explore.1 b/deps/npm/man/man1/npm-explore.1
index e63896088fd354..6d508bbaf80d46 100644
--- a/deps/npm/man/man1/npm-explore.1
+++ b/deps/npm/man/man1/npm-explore.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXPLORE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-EXPLORE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-explore\fR - Browse an installed package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-find-dupes.1 b/deps/npm/man/man1/npm-find-dupes.1
index 19521aab95c618..afea51be5d5864 100644
--- a/deps/npm/man/man1/npm-find-dupes.1
+++ b/deps/npm/man/man1/npm-find-dupes.1
@@ -1,4 +1,4 @@
-.TH "NPM-FIND-DUPES" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-FIND-DUPES" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-find-dupes\fR - Find duplication in the package tree
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-fund.1 b/deps/npm/man/man1/npm-fund.1
index 63707de3419526..a4d9c91b177fe1 100644
--- a/deps/npm/man/man1/npm-fund.1
+++ b/deps/npm/man/man1/npm-fund.1
@@ -1,4 +1,4 @@
-.TH "NPM-FUND" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-FUND" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-fund\fR - Retrieve funding information
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-get.1 b/deps/npm/man/man1/npm-get.1
index 85a6b12cc25477..7c436651daa492 100644
--- a/deps/npm/man/man1/npm-get.1
+++ b/deps/npm/man/man1/npm-get.1
@@ -1,4 +1,4 @@
-.TH "NPM-GET" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-GET" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-get\fR - Get a value from the npm configuration
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-help-search.1 b/deps/npm/man/man1/npm-help-search.1
index 3952cf04f49199..c49353ee685556 100644
--- a/deps/npm/man/man1/npm-help-search.1
+++ b/deps/npm/man/man1/npm-help-search.1
@@ -1,4 +1,4 @@
-.TH "NPM-HELP-SEARCH" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-HELP-SEARCH" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-help-search\fR - Search npm help documentation
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-help.1 b/deps/npm/man/man1/npm-help.1
index da2d67e6904980..7c208d49e76a57 100644
--- a/deps/npm/man/man1/npm-help.1
+++ b/deps/npm/man/man1/npm-help.1
@@ -1,4 +1,4 @@
-.TH "NPM-HELP" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-HELP" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-help\fR - Get help on npm
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1
index 1863be5d4f7e6d..16f1d1980b4725 100644
--- a/deps/npm/man/man1/npm-init.1
+++ b/deps/npm/man/man1/npm-init.1
@@ -1,4 +1,4 @@
-.TH "NPM-INIT" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-INIT" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-init\fR - Create a package.json file
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1
index f5e11905595ec3..45ef15113df761 100644
--- a/deps/npm/man/man1/npm-install-ci-test.1
+++ b/deps/npm/man/man1/npm-install-ci-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL-CI-TEST" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-INSTALL-CI-TEST" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-install-ci-test\fR - Install a project with a clean slate and run tests
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-install-test.1 b/deps/npm/man/man1/npm-install-test.1
index 4a3eed7844315b..82e58aaf14e043 100644
--- a/deps/npm/man/man1/npm-install-test.1
+++ b/deps/npm/man/man1/npm-install-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL-TEST" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-INSTALL-TEST" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-install-test\fR - Install package(s) and run tests
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1
index 4cf689b5cc905a..3b40d3633608b2 100644
--- a/deps/npm/man/man1/npm-install.1
+++ b/deps/npm/man/man1/npm-install.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-INSTALL" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-install\fR - Install a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-link.1 b/deps/npm/man/man1/npm-link.1
index 579f3170f3d041..4b554a2492751a 100644
--- a/deps/npm/man/man1/npm-link.1
+++ b/deps/npm/man/man1/npm-link.1
@@ -1,4 +1,4 @@
-.TH "NPM-LINK" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-LINK" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-link\fR - Symlink a package folder
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ll.1 b/deps/npm/man/man1/npm-ll.1
index aaf6f044c7f03b..712a4b96c37cb5 100644
--- a/deps/npm/man/man1/npm-ll.1
+++ b/deps/npm/man/man1/npm-ll.1
@@ -1,4 +1,4 @@
-.TH "NPM-LL" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-LL" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-ll\fR - List installed packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-login.1 b/deps/npm/man/man1/npm-login.1
index ae067523ebdf3e..84ee231156b786 100644
--- a/deps/npm/man/man1/npm-login.1
+++ b/deps/npm/man/man1/npm-login.1
@@ -1,4 +1,4 @@
-.TH "NPM-LOGIN" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-LOGIN" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-login\fR - Login to a registry user account
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-logout.1 b/deps/npm/man/man1/npm-logout.1
index e2420f25d7cde8..35fe68417a461e 100644
--- a/deps/npm/man/man1/npm-logout.1
+++ b/deps/npm/man/man1/npm-logout.1
@@ -1,4 +1,4 @@
-.TH "NPM-LOGOUT" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-LOGOUT" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-logout\fR - Log out of the registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 3388810b7ee4b4..b3028b8dd393ed 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -1,4 +1,4 @@
-.TH "NPM-LS" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-LS" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-ls\fR - List installed packages
 .SS "Synopsis"
@@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit
 .P
 .RS 2
 .nf
-npm@11.10.1 /path/to/npm
+npm@11.11.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 .fi
diff --git a/deps/npm/man/man1/npm-org.1 b/deps/npm/man/man1/npm-org.1
index 7d5748586c318e..83fb117858ec88 100644
--- a/deps/npm/man/man1/npm-org.1
+++ b/deps/npm/man/man1/npm-org.1
@@ -1,4 +1,4 @@
-.TH "NPM-ORG" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-ORG" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-org\fR - Manage orgs
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-outdated.1 b/deps/npm/man/man1/npm-outdated.1
index bcb384d11ce6ed..3c0e64bdf84935 100644
--- a/deps/npm/man/man1/npm-outdated.1
+++ b/deps/npm/man/man1/npm-outdated.1
@@ -1,4 +1,4 @@
-.TH "NPM-OUTDATED" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-OUTDATED" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-outdated\fR - Check for outdated packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1
index 38e5b7f83a79fd..81b2fec8ff27ac 100644
--- a/deps/npm/man/man1/npm-owner.1
+++ b/deps/npm/man/man1/npm-owner.1
@@ -1,4 +1,4 @@
-.TH "NPM-OWNER" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-OWNER" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-owner\fR - Manage package owners
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-pack.1 b/deps/npm/man/man1/npm-pack.1
index 103aabb0f92ce5..8f5488d7a3b7a6 100644
--- a/deps/npm/man/man1/npm-pack.1
+++ b/deps/npm/man/man1/npm-pack.1
@@ -1,4 +1,4 @@
-.TH "NPM-PACK" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PACK" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-pack\fR - Create a tarball from a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ping.1 b/deps/npm/man/man1/npm-ping.1
index f61708debbd3e2..a80faff74ff914 100644
--- a/deps/npm/man/man1/npm-ping.1
+++ b/deps/npm/man/man1/npm-ping.1
@@ -1,4 +1,4 @@
-.TH "NPM-PING" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PING" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-ping\fR - Ping npm registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-pkg.1 b/deps/npm/man/man1/npm-pkg.1
index faee84f1733fcf..8667ddbe27c6ff 100644
--- a/deps/npm/man/man1/npm-pkg.1
+++ b/deps/npm/man/man1/npm-pkg.1
@@ -1,4 +1,4 @@
-.TH "NPM-PKG" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PKG" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-pkg\fR - Manages your package.json
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-prefix.1 b/deps/npm/man/man1/npm-prefix.1
index a6f07c3087709a..6cd9f675b34fb5 100644
--- a/deps/npm/man/man1/npm-prefix.1
+++ b/deps/npm/man/man1/npm-prefix.1
@@ -1,4 +1,4 @@
-.TH "NPM-PREFIX" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PREFIX" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-prefix\fR - Display prefix
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-profile.1 b/deps/npm/man/man1/npm-profile.1
index ecf4f55d07194c..67b1c3170e518f 100644
--- a/deps/npm/man/man1/npm-profile.1
+++ b/deps/npm/man/man1/npm-profile.1
@@ -1,4 +1,4 @@
-.TH "NPM-PROFILE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PROFILE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-profile\fR - Change settings on your registry profile
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-prune.1 b/deps/npm/man/man1/npm-prune.1
index f5c526f937f85b..2569575bbb1a28 100644
--- a/deps/npm/man/man1/npm-prune.1
+++ b/deps/npm/man/man1/npm-prune.1
@@ -1,4 +1,4 @@
-.TH "NPM-PRUNE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PRUNE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-prune\fR - Remove extraneous packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1
index 93347d35059d44..bab2c123579bb1 100644
--- a/deps/npm/man/man1/npm-publish.1
+++ b/deps/npm/man/man1/npm-publish.1
@@ -1,4 +1,4 @@
-.TH "NPM-PUBLISH" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-PUBLISH" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-publish\fR - Publish a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-query.1 b/deps/npm/man/man1/npm-query.1
index 8d48a3680c06f8..0811845c1c4ae2 100644
--- a/deps/npm/man/man1/npm-query.1
+++ b/deps/npm/man/man1/npm-query.1
@@ -1,4 +1,4 @@
-.TH "NPM-QUERY" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-QUERY" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-query\fR - Dependency selector query
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-rebuild.1 b/deps/npm/man/man1/npm-rebuild.1
index 55e347a8480ba6..d138bf51dc91c4 100644
--- a/deps/npm/man/man1/npm-rebuild.1
+++ b/deps/npm/man/man1/npm-rebuild.1
@@ -1,4 +1,4 @@
-.TH "NPM-REBUILD" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-REBUILD" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-rebuild\fR - Rebuild a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-repo.1 b/deps/npm/man/man1/npm-repo.1
index e19fe8149bcf5e..8746de5cc2ea39 100644
--- a/deps/npm/man/man1/npm-repo.1
+++ b/deps/npm/man/man1/npm-repo.1
@@ -1,4 +1,4 @@
-.TH "NPM-REPO" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-REPO" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-repo\fR - Open package repository page in the browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-restart.1 b/deps/npm/man/man1/npm-restart.1
index 0c121135136d29..81a86e23397605 100644
--- a/deps/npm/man/man1/npm-restart.1
+++ b/deps/npm/man/man1/npm-restart.1
@@ -1,4 +1,4 @@
-.TH "NPM-RESTART" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-RESTART" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-restart\fR - Restart a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-root.1 b/deps/npm/man/man1/npm-root.1
index 17176bbae2f868..537d4c306a120f 100644
--- a/deps/npm/man/man1/npm-root.1
+++ b/deps/npm/man/man1/npm-root.1
@@ -1,4 +1,4 @@
-.TH "NPM-ROOT" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-ROOT" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-root\fR - Display npm root
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-run.1 b/deps/npm/man/man1/npm-run.1
index 4d3a9a5bb85dab..20a5032fe62a85 100644
--- a/deps/npm/man/man1/npm-run.1
+++ b/deps/npm/man/man1/npm-run.1
@@ -1,4 +1,4 @@
-.TH "NPM-RUN" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-RUN" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-run\fR - Run arbitrary package scripts
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-sbom.1 b/deps/npm/man/man1/npm-sbom.1
index 3745977f3c3a26..7894164e892e64 100644
--- a/deps/npm/man/man1/npm-sbom.1
+++ b/deps/npm/man/man1/npm-sbom.1
@@ -1,4 +1,4 @@
-.TH "NPM-SBOM" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-SBOM" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-sbom\fR - Generate a Software Bill of Materials (SBOM)
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-search.1 b/deps/npm/man/man1/npm-search.1
index 0ed57d0df778e7..22ef258454ae15 100644
--- a/deps/npm/man/man1/npm-search.1
+++ b/deps/npm/man/man1/npm-search.1
@@ -1,4 +1,4 @@
-.TH "NPM-SEARCH" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-SEARCH" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-search\fR - Search for packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-set.1 b/deps/npm/man/man1/npm-set.1
index d40bf8be42161d..ef485c3521738e 100644
--- a/deps/npm/man/man1/npm-set.1
+++ b/deps/npm/man/man1/npm-set.1
@@ -1,4 +1,4 @@
-.TH "NPM-SET" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-SET" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-set\fR - Set a value in the npm configuration
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-shrinkwrap.1 b/deps/npm/man/man1/npm-shrinkwrap.1
index d90167af72cf0e..846b7affa62b6c 100644
--- a/deps/npm/man/man1/npm-shrinkwrap.1
+++ b/deps/npm/man/man1/npm-shrinkwrap.1
@@ -1,4 +1,4 @@
-.TH "NPM-SHRINKWRAP" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-SHRINKWRAP" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-shrinkwrap\fR - Lock down dependency versions for publication
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-star.1 b/deps/npm/man/man1/npm-star.1
index 7d18a9b387f8f5..bdc27193d061c1 100644
--- a/deps/npm/man/man1/npm-star.1
+++ b/deps/npm/man/man1/npm-star.1
@@ -1,4 +1,4 @@
-.TH "NPM-STAR" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-STAR" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-star\fR - Mark your favorite packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-stars.1 b/deps/npm/man/man1/npm-stars.1
index a01f377a511ba9..6a49b6305e4dd4 100644
--- a/deps/npm/man/man1/npm-stars.1
+++ b/deps/npm/man/man1/npm-stars.1
@@ -1,4 +1,4 @@
-.TH "NPM-STARS" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-STARS" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-stars\fR - View packages marked as favorites
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-start.1 b/deps/npm/man/man1/npm-start.1
index 12ef36db1de48b..5f783b75308e67 100644
--- a/deps/npm/man/man1/npm-start.1
+++ b/deps/npm/man/man1/npm-start.1
@@ -1,4 +1,4 @@
-.TH "NPM-START" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-START" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-start\fR - Start a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-stop.1 b/deps/npm/man/man1/npm-stop.1
index b9d48a28ddb148..b417dd8a7e5e13 100644
--- a/deps/npm/man/man1/npm-stop.1
+++ b/deps/npm/man/man1/npm-stop.1
@@ -1,4 +1,4 @@
-.TH "NPM-STOP" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-STOP" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-stop\fR - Stop a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-team.1 b/deps/npm/man/man1/npm-team.1
index e95577f1ca9708..b48019f33e5249 100644
--- a/deps/npm/man/man1/npm-team.1
+++ b/deps/npm/man/man1/npm-team.1
@@ -1,4 +1,4 @@
-.TH "NPM-TEAM" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-TEAM" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-team\fR - Manage organization teams and team memberships
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-test.1 b/deps/npm/man/man1/npm-test.1
index 287c3c3751b204..b06b0b1ff8eb11 100644
--- a/deps/npm/man/man1/npm-test.1
+++ b/deps/npm/man/man1/npm-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-TEST" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-TEST" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-test\fR - Test a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-token.1 b/deps/npm/man/man1/npm-token.1
index 597c13472529dd..c31030d09f1e59 100644
--- a/deps/npm/man/man1/npm-token.1
+++ b/deps/npm/man/man1/npm-token.1
@@ -1,4 +1,4 @@
-.TH "NPM-TOKEN" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-TOKEN" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-token\fR - Manage your authentication tokens
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-trust.1 b/deps/npm/man/man1/npm-trust.1
index 3383444e491d2c..2b2223c9384307 100644
--- a/deps/npm/man/man1/npm-trust.1
+++ b/deps/npm/man/man1/npm-trust.1
@@ -1,4 +1,4 @@
-.TH "NPM-TRUST" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-TRUST" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-trust\fR - Manage trusted publishing relationships between packages and CI/CD providers
 .SS "Synopsis"
@@ -82,6 +82,19 @@ npm trust gitlab \[lB]package\[rB] --file \[lB]--project|--repo|--repository\[rB
 .SS "Flags"
 .P
 | Flag | Default | Type | Description | | --- | --- | --- | --- | | \fB--file\fR | null | String (required) | Name of pipeline file (e.g., .gitlab-ci.yml) | | \fB--project\fR | null | String | Name of the project in the format group/project or group/subgroup/project | | \fB--environment\fR, \fB--env\fR | null | String | CI environment name | | \fB--dry-run\fR | false | Boolean | Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, \fBinstall\fR, \fBupdate\fR, \fBdedupe\fR, \fBuninstall\fR, as well as \fBpack\fR and \fBpublish\fR. Note: This is NOT honored by other network related commands, eg \fBdist-tags\fR, \fBowner\fR, etc. | | \fB--json\fR | false | Boolean | Whether or not to output JSON data, rather than the normal output. * In \fBnpm pkg set\fR it enables parsing set values with JSON.parse() before saving them to your \fBpackage.json\fR. Not supported by all npm commands. | | \fB--registry\fR | "https://registry.npmjs.org/" | URL | The base URL of the npm registry. | | \fB--yes\fR, \fB-y\fR | null | null or Boolean | Automatically answer "yes" to any prompts that npm might print on the command line. |
+.SS "\fBnpm trust circleci\fR"
+.P
+Create a trusted relationship between a package and CircleCI
+.SS "Synopsis"
+.P
+.RS 2
+.nf
+npm trust circleci \[lB]package\[rB] --org-id  --project-id  --pipeline-definition-id  --vcs-origin  \[lB]--context-id ...\[rB] \[lB]-y|--yes\[rB]
+.fi
+.RE
+.SS "Flags"
+.P
+| Flag | Default | Type | Description | | --- | --- | --- | --- | | \fB--org-id\fR | null | String (required) | CircleCI organization UUID | | \fB--project-id\fR | null | String (required) | CircleCI project UUID | | \fB--pipeline-definition-id\fR | null | String (required) | CircleCI pipeline definition UUID | | \fB--vcs-origin\fR | null | String (required) | CircleCI repository origin in format 'provider/owner/repo' | | \fB--context-id\fR | null | null or String (can be set multiple times) | CircleCI context UUID to match | | \fB--dry-run\fR | false | Boolean | Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, \fBinstall\fR, \fBupdate\fR, \fBdedupe\fR, \fBuninstall\fR, as well as \fBpack\fR and \fBpublish\fR. Note: This is NOT honored by other network related commands, eg \fBdist-tags\fR, \fBowner\fR, etc. | | \fB--json\fR | false | Boolean | Whether or not to output JSON data, rather than the normal output. * In \fBnpm pkg set\fR it enables parsing set values with JSON.parse() before saving them to your \fBpackage.json\fR. Not supported by all npm commands. | | \fB--registry\fR | "https://registry.npmjs.org/" | URL | The base URL of the npm registry. | | \fB--yes\fR, \fB-y\fR | null | null or Boolean | Automatically answer "yes" to any prompts that npm might print on the command line. |
 .SS "\fBnpm trust list\fR"
 .P
 List trusted relationships for a package
diff --git a/deps/npm/man/man1/npm-undeprecate.1 b/deps/npm/man/man1/npm-undeprecate.1
index e71e2ff9663af3..7fccdf4d79b87b 100644
--- a/deps/npm/man/man1/npm-undeprecate.1
+++ b/deps/npm/man/man1/npm-undeprecate.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNDEPRECATE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-UNDEPRECATE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-undeprecate\fR - Undeprecate a version of a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-uninstall.1 b/deps/npm/man/man1/npm-uninstall.1
index e43b96e4961843..8c2645515bf469 100644
--- a/deps/npm/man/man1/npm-uninstall.1
+++ b/deps/npm/man/man1/npm-uninstall.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNINSTALL" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-UNINSTALL" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-uninstall\fR - Remove a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-unpublish.1 b/deps/npm/man/man1/npm-unpublish.1
index 47bc7ea639f25e..debc77cae0b8cd 100644
--- a/deps/npm/man/man1/npm-unpublish.1
+++ b/deps/npm/man/man1/npm-unpublish.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNPUBLISH" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-UNPUBLISH" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-unpublish\fR - Remove a package from the registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-unstar.1 b/deps/npm/man/man1/npm-unstar.1
index b3e432256ab763..48f1e1e60112e4 100644
--- a/deps/npm/man/man1/npm-unstar.1
+++ b/deps/npm/man/man1/npm-unstar.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNSTAR" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-UNSTAR" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-unstar\fR - Remove an item from your favorite packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1
index f9d32446333e90..6444774c6aee1e 100644
--- a/deps/npm/man/man1/npm-update.1
+++ b/deps/npm/man/man1/npm-update.1
@@ -1,4 +1,4 @@
-.TH "NPM-UPDATE" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-UPDATE" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-update\fR - Update packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-version.1 b/deps/npm/man/man1/npm-version.1
index 487479ef954713..fa5c13186c76fd 100644
--- a/deps/npm/man/man1/npm-version.1
+++ b/deps/npm/man/man1/npm-version.1
@@ -1,4 +1,4 @@
-.TH "NPM-VERSION" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-VERSION" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-version\fR - Bump a package version
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-view.1 b/deps/npm/man/man1/npm-view.1
index fc528772d09e76..a8b7f368ddd0c4 100644
--- a/deps/npm/man/man1/npm-view.1
+++ b/deps/npm/man/man1/npm-view.1
@@ -1,4 +1,4 @@
-.TH "NPM-VIEW" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-VIEW" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-view\fR - View registry info
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-whoami.1 b/deps/npm/man/man1/npm-whoami.1
index 6100a8d5e7a789..ee79598fadc52f 100644
--- a/deps/npm/man/man1/npm-whoami.1
+++ b/deps/npm/man/man1/npm-whoami.1
@@ -1,4 +1,4 @@
-.TH "NPM-WHOAMI" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-WHOAMI" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-whoami\fR - Display npm username
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 06c8262446e887..8c2522323757ea 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -1,4 +1,4 @@
-.TH "NPM" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPM" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm\fR - javascript package manager
 .SS "Synopsis"
@@ -12,7 +12,7 @@ npm
 Note: This command is unaware of workspaces.
 .SS "Version"
 .P
-11.10.1
+11.11.0
 .SS "Description"
 .P
 npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently.
diff --git a/deps/npm/man/man1/npx.1 b/deps/npm/man/man1/npx.1
index 2f9a523277dd2c..ac1e6a4b2a30e6 100644
--- a/deps/npm/man/man1/npx.1
+++ b/deps/npm/man/man1/npx.1
@@ -1,4 +1,4 @@
-.TH "NPX" "1" "February 2026" "NPM@11.10.1" ""
+.TH "NPX" "1" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpx\fR - Run a command from a local or remote npm package
 .SS "Synopsis"
diff --git a/deps/npm/man/man5/folders.5 b/deps/npm/man/man5/folders.5
index c234d1c9a9a723..dfbffb819d79b6 100644
--- a/deps/npm/man/man5/folders.5
+++ b/deps/npm/man/man5/folders.5
@@ -1,4 +1,4 @@
-.TH "FOLDERS" "5" "February 2026" "NPM@11.10.1" ""
+.TH "FOLDERS" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBFolders\fR - Folder structures used by npm
 .SS "Description"
diff --git a/deps/npm/man/man5/install.5 b/deps/npm/man/man5/install.5
index d93e54825dcf64..1ed6027eb63623 100644
--- a/deps/npm/man/man5/install.5
+++ b/deps/npm/man/man5/install.5
@@ -1,4 +1,4 @@
-.TH "INSTALL" "5" "February 2026" "NPM@11.10.1" ""
+.TH "INSTALL" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBInstall\fR - Download and install node and npm
 .SS "Description"
diff --git a/deps/npm/man/man5/npm-global.5 b/deps/npm/man/man5/npm-global.5
index c234d1c9a9a723..dfbffb819d79b6 100644
--- a/deps/npm/man/man5/npm-global.5
+++ b/deps/npm/man/man5/npm-global.5
@@ -1,4 +1,4 @@
-.TH "FOLDERS" "5" "February 2026" "NPM@11.10.1" ""
+.TH "FOLDERS" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBFolders\fR - Folder structures used by npm
 .SS "Description"
diff --git a/deps/npm/man/man5/npm-json.5 b/deps/npm/man/man5/npm-json.5
index 9bc25a4dcc7989..bae7f6290e798a 100644
--- a/deps/npm/man/man5/npm-json.5
+++ b/deps/npm/man/man5/npm-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE.JSON" "5" "February 2026" "NPM@11.10.1" ""
+.TH "PACKAGE.JSON" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBpackage.json\fR - Specifics of npm's package.json handling
 .SS "Description"
diff --git a/deps/npm/man/man5/npm-shrinkwrap-json.5 b/deps/npm/man/man5/npm-shrinkwrap-json.5
index 112353df02a54c..4a6d0d279330a0 100644
--- a/deps/npm/man/man5/npm-shrinkwrap-json.5
+++ b/deps/npm/man/man5/npm-shrinkwrap-json.5
@@ -1,4 +1,4 @@
-.TH "NPM-SHRINKWRAP.JSON" "5" "February 2026" "NPM@11.10.1" ""
+.TH "NPM-SHRINKWRAP.JSON" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBnpm-shrinkwrap.json\fR - A publishable lockfile
 .SS "Description"
diff --git a/deps/npm/man/man5/npmrc.5 b/deps/npm/man/man5/npmrc.5
index bc4ded58c3cee6..f788802907bef4 100644
--- a/deps/npm/man/man5/npmrc.5
+++ b/deps/npm/man/man5/npmrc.5
@@ -1,4 +1,4 @@
-.TH ".NPMRC" "5" "February 2026" "NPM@11.10.1" ""
+.TH ".NPMRC" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fB.npmrc\fR - The npm config files
 .SS "Description"
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index 9bc25a4dcc7989..bae7f6290e798a 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE.JSON" "5" "February 2026" "NPM@11.10.1" ""
+.TH "PACKAGE.JSON" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBpackage.json\fR - Specifics of npm's package.json handling
 .SS "Description"
diff --git a/deps/npm/man/man5/package-lock-json.5 b/deps/npm/man/man5/package-lock-json.5
index 0d28b1d5b66a9d..d95af3d209fe33 100644
--- a/deps/npm/man/man5/package-lock-json.5
+++ b/deps/npm/man/man5/package-lock-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE-LOCK.JSON" "5" "February 2026" "NPM@11.10.1" ""
+.TH "PACKAGE-LOCK.JSON" "5" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBpackage-lock.json\fR - A manifestation of the manifest
 .SS "Description"
diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7
index dd6762e3e9298a..6fa65fc4a6cf9a 100644
--- a/deps/npm/man/man7/config.7
+++ b/deps/npm/man/man7/config.7
@@ -1,4 +1,4 @@
-.TH "CONFIG" "7" "February 2026" "NPM@11.10.1" ""
+.TH "CONFIG" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBConfig\fR - About npm configuration
 .SS "Description"
diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7
index dd3e7a6ef34f38..6f81407c07bea7 100644
--- a/deps/npm/man/man7/dependency-selectors.7
+++ b/deps/npm/man/man7/dependency-selectors.7
@@ -1,4 +1,4 @@
-.TH "SELECTORS" "7" "February 2026" "NPM@11.10.1" ""
+.TH "SELECTORS" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBSelectors\fR - Dependency Selector Syntax & Querying
 .SS "Description"
@@ -99,7 +99,7 @@ the term "dependencies" is in reference to any \fBNode\fR found in a \fBtree\fR
 .IP \(bu 4
 \fB:path()\fR \fBglob\fR \fI\(lahttps://www.npmjs.com/package/glob\(ra\fR matching based on dependencies path relative to the project
 .IP \(bu 4
-\fB:type()\fR \fBbased on currently recognized types\fR \fI\(lahttps://github.com/npm/npm-package-arg#result-object\(ra\fR
+\fB:type()\fR \fBbased on currently recognized types\fR \fI\(lahttps://github.com/npm/npm-package-arg#result-object\(ra\fR. You can also use the aggregate type of \fBregistry\fR for any registry dependency (e.g. tag, version, range, alias)
 .IP \(bu 4
 \fB:outdated()\fR when a dependency is outdated
 .IP \(bu 4
diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7
index 0ab014e6e9a101..888e6ab1e0f981 100644
--- a/deps/npm/man/man7/developers.7
+++ b/deps/npm/man/man7/developers.7
@@ -1,4 +1,4 @@
-.TH "DEVELOPERS" "7" "February 2026" "NPM@11.10.1" ""
+.TH "DEVELOPERS" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBDevelopers\fR - Developer guide
 .SS "Description"
diff --git a/deps/npm/man/man7/logging.7 b/deps/npm/man/man7/logging.7
index 9a908aba36f6a5..41b6b0b1799c12 100644
--- a/deps/npm/man/man7/logging.7
+++ b/deps/npm/man/man7/logging.7
@@ -1,4 +1,4 @@
-.TH "LOGGING" "7" "February 2026" "NPM@11.10.1" ""
+.TH "LOGGING" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBLogging\fR - Why, What & How we Log
 .SS "Description"
diff --git a/deps/npm/man/man7/orgs.7 b/deps/npm/man/man7/orgs.7
index 8fd783364ac41f..dbebbe0bd09973 100644
--- a/deps/npm/man/man7/orgs.7
+++ b/deps/npm/man/man7/orgs.7
@@ -1,4 +1,4 @@
-.TH "ORGANIZATIONS" "7" "February 2026" "NPM@11.10.1" ""
+.TH "ORGANIZATIONS" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBOrganizations\fR - Working with teams & organizations
 .SS "Description"
diff --git a/deps/npm/man/man7/package-spec.7 b/deps/npm/man/man7/package-spec.7
index cb3dea0cdf1313..2e4c1e0ddf5035 100644
--- a/deps/npm/man/man7/package-spec.7
+++ b/deps/npm/man/man7/package-spec.7
@@ -1,4 +1,4 @@
-.TH "SPEC" "7" "February 2026" "NPM@11.10.1" ""
+.TH "SPEC" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBspec\fR - Package name specifier
 .SS "Description"
diff --git a/deps/npm/man/man7/registry.7 b/deps/npm/man/man7/registry.7
index 6804fce0cd3063..7ea6e6ced1a911 100644
--- a/deps/npm/man/man7/registry.7
+++ b/deps/npm/man/man7/registry.7
@@ -1,4 +1,4 @@
-.TH "REGISTRY" "7" "February 2026" "NPM@11.10.1" ""
+.TH "REGISTRY" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBRegistry\fR - The JavaScript Package Registry
 .SS "Description"
diff --git a/deps/npm/man/man7/removal.7 b/deps/npm/man/man7/removal.7
index f043dbf8a91e3c..2e9b4ea94e581a 100644
--- a/deps/npm/man/man7/removal.7
+++ b/deps/npm/man/man7/removal.7
@@ -1,4 +1,4 @@
-.TH "REMOVAL" "7" "February 2026" "NPM@11.10.1" ""
+.TH "REMOVAL" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBRemoval\fR - Cleaning the slate
 .SS "Synopsis"
diff --git a/deps/npm/man/man7/scope.7 b/deps/npm/man/man7/scope.7
index dad4fff844b650..70f869a059961e 100644
--- a/deps/npm/man/man7/scope.7
+++ b/deps/npm/man/man7/scope.7
@@ -1,4 +1,4 @@
-.TH "SCOPE" "7" "February 2026" "NPM@11.10.1" ""
+.TH "SCOPE" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBScope\fR - Scoped packages
 .SS "Description"
diff --git a/deps/npm/man/man7/scripts.7 b/deps/npm/man/man7/scripts.7
index bc351acb227627..561bea6c784a7e 100644
--- a/deps/npm/man/man7/scripts.7
+++ b/deps/npm/man/man7/scripts.7
@@ -1,4 +1,4 @@
-.TH "SCRIPTS" "7" "February 2026" "NPM@11.10.1" ""
+.TH "SCRIPTS" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBScripts\fR - How npm handles the "scripts" field
 .SS "Description"
diff --git a/deps/npm/man/man7/workspaces.7 b/deps/npm/man/man7/workspaces.7
index 8f734cbccb54e5..a8a8c4b0c8cedd 100644
--- a/deps/npm/man/man7/workspaces.7
+++ b/deps/npm/man/man7/workspaces.7
@@ -1,4 +1,4 @@
-.TH "WORKSPACES" "7" "February 2026" "NPM@11.10.1" ""
+.TH "WORKSPACES" "7" "February 2026" "NPM@11.11.0" ""
 .SH "NAME"
 \fBWorkspaces\fR - Working with workspaces
 .SS "Description"
diff --git a/deps/npm/node_modules/encoding/LICENSE b/deps/npm/node_modules/@gar/promise-retry/LICENSE
similarity index 76%
rename from deps/npm/node_modules/encoding/LICENSE
rename to deps/npm/node_modules/@gar/promise-retry/LICENSE
index 33f5a9a366f605..db5e914de1f585 100644
--- a/deps/npm/node_modules/encoding/LICENSE
+++ b/deps/npm/node_modules/@gar/promise-retry/LICENSE
@@ -1,16 +1,19 @@
-Copyright (c) 2012-2014 Andris Reinman
+Copyright (c) 2014 IndigoUnited
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/deps/npm/node_modules/@gar/promise-retry/lib/index.js b/deps/npm/node_modules/@gar/promise-retry/lib/index.js
new file mode 100644
index 00000000000000..9033419793aaf6
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/lib/index.js
@@ -0,0 +1,28 @@
+const retry = require('retry')
+
+const isRetryError = (err) => err?.code === 'EPROMISERETRY' && Object.hasOwn(err, 'retried')
+
+async function promiseRetry (fn, options = {}) {
+  const operation = retry.operation(options)
+
+  return new Promise(function (resolve, reject) {
+    operation.attempt(async number => {
+      try {
+        const result = await fn(err => {
+          throw Object.assign(new Error('Retrying'), { code: 'EPROMISERETRY', retried: err })
+        }, number, operation)
+        return resolve(result)
+      } catch (err) {
+        if (isRetryError(err)) {
+          if (operation.retry(err.retried || new Error())) {
+            return
+          }
+          return reject(err.retried)
+        }
+        return reject(err)
+      }
+    })
+  })
+}
+
+module.exports = { promiseRetry }
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/License b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/License
new file mode 100644
index 00000000000000..0b58de379fb308
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/License
@@ -0,0 +1,21 @@
+Copyright (c) 2011:
+Tim Koschützki (tim@debuggable.com)
+Felix Geisendörfer (felix@debuggable.com)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/dns.js b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/dns.js
new file mode 100644
index 00000000000000..446729b6f9af6b
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/dns.js
@@ -0,0 +1,31 @@
+var dns = require('dns');
+var retry = require('../lib/retry');
+
+function faultTolerantResolve(address, cb) {
+  var opts = {
+    retries: 2,
+    factor: 2,
+    minTimeout: 1 * 1000,
+    maxTimeout: 2 * 1000,
+    randomize: true
+  };
+  var operation = retry.operation(opts);
+
+  operation.attempt(function(currentAttempt) {
+    dns.resolve(address, function(err, addresses) {
+      if (operation.retry(err)) {
+        return;
+      }
+
+      cb(operation.mainError(), operation.errors(), addresses);
+    });
+  });
+}
+
+faultTolerantResolve('nodejs.org', function(err, errors, addresses) {
+  console.warn('err:');
+  console.log(err);
+
+  console.warn('addresses:');
+  console.log(addresses);
+});
\ No newline at end of file
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/stop.js b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/stop.js
new file mode 100644
index 00000000000000..e1ceafeebafc51
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/example/stop.js
@@ -0,0 +1,40 @@
+var retry = require('../lib/retry');
+
+function attemptAsyncOperation(someInput, cb) {
+  var opts = {
+    retries: 2,
+    factor: 2,
+    minTimeout: 1 * 1000,
+    maxTimeout: 2 * 1000,
+    randomize: true
+  };
+  var operation = retry.operation(opts);
+
+  operation.attempt(function(currentAttempt) {
+    failingAsyncOperation(someInput, function(err, result) {
+
+      if (err && err.message === 'A fatal error') {
+        operation.stop();
+        return cb(err);
+      }
+
+      if (operation.retry(err)) {
+        return;
+      }
+
+      cb(operation.mainError(), operation.errors(), result);
+    });
+  });
+}
+
+attemptAsyncOperation('test input', function(err, errors, result) {
+  console.warn('err:');
+  console.log(err);
+
+  console.warn('result:');
+  console.log(result);
+});
+
+function failingAsyncOperation(input, cb) {
+  return setImmediate(cb.bind(null, new Error('A fatal error')));
+}
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/index.js b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/index.js
new file mode 100644
index 00000000000000..ee62f3a112c28b
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/index.js
@@ -0,0 +1 @@
+module.exports = require('./lib/retry');
\ No newline at end of file
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry.js b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry.js
new file mode 100644
index 00000000000000..5e85e79197d36c
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry.js
@@ -0,0 +1,100 @@
+var RetryOperation = require('./retry_operation');
+
+exports.operation = function(options) {
+  var timeouts = exports.timeouts(options);
+  return new RetryOperation(timeouts, {
+      forever: options && (options.forever || options.retries === Infinity),
+      unref: options && options.unref,
+      maxRetryTime: options && options.maxRetryTime
+  });
+};
+
+exports.timeouts = function(options) {
+  if (options instanceof Array) {
+    return [].concat(options);
+  }
+
+  var opts = {
+    retries: 10,
+    factor: 2,
+    minTimeout: 1 * 1000,
+    maxTimeout: Infinity,
+    randomize: false
+  };
+  for (var key in options) {
+    opts[key] = options[key];
+  }
+
+  if (opts.minTimeout > opts.maxTimeout) {
+    throw new Error('minTimeout is greater than maxTimeout');
+  }
+
+  var timeouts = [];
+  for (var i = 0; i < opts.retries; i++) {
+    timeouts.push(this.createTimeout(i, opts));
+  }
+
+  if (options && options.forever && !timeouts.length) {
+    timeouts.push(this.createTimeout(i, opts));
+  }
+
+  // sort the array numerically ascending
+  timeouts.sort(function(a,b) {
+    return a - b;
+  });
+
+  return timeouts;
+};
+
+exports.createTimeout = function(attempt, opts) {
+  var random = (opts.randomize)
+    ? (Math.random() + 1)
+    : 1;
+
+  var timeout = Math.round(random * Math.max(opts.minTimeout, 1) * Math.pow(opts.factor, attempt));
+  timeout = Math.min(timeout, opts.maxTimeout);
+
+  return timeout;
+};
+
+exports.wrap = function(obj, options, methods) {
+  if (options instanceof Array) {
+    methods = options;
+    options = null;
+  }
+
+  if (!methods) {
+    methods = [];
+    for (var key in obj) {
+      if (typeof obj[key] === 'function') {
+        methods.push(key);
+      }
+    }
+  }
+
+  for (var i = 0; i < methods.length; i++) {
+    var method   = methods[i];
+    var original = obj[method];
+
+    obj[method] = function retryWrapper(original) {
+      var op       = exports.operation(options);
+      var args     = Array.prototype.slice.call(arguments, 1);
+      var callback = args.pop();
+
+      args.push(function(err) {
+        if (op.retry(err)) {
+          return;
+        }
+        if (err) {
+          arguments[0] = op.mainError();
+        }
+        callback.apply(this, arguments);
+      });
+
+      op.attempt(function() {
+        original.apply(obj, args);
+      });
+    }.bind(obj, original);
+    obj[method].options = options;
+  }
+};
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry_operation.js b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry_operation.js
new file mode 100644
index 00000000000000..105ce72b2be8e1
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/lib/retry_operation.js
@@ -0,0 +1,162 @@
+function RetryOperation(timeouts, options) {
+  // Compatibility for the old (timeouts, retryForever) signature
+  if (typeof options === 'boolean') {
+    options = { forever: options };
+  }
+
+  this._originalTimeouts = JSON.parse(JSON.stringify(timeouts));
+  this._timeouts = timeouts;
+  this._options = options || {};
+  this._maxRetryTime = options && options.maxRetryTime || Infinity;
+  this._fn = null;
+  this._errors = [];
+  this._attempts = 1;
+  this._operationTimeout = null;
+  this._operationTimeoutCb = null;
+  this._timeout = null;
+  this._operationStart = null;
+  this._timer = null;
+
+  if (this._options.forever) {
+    this._cachedTimeouts = this._timeouts.slice(0);
+  }
+}
+module.exports = RetryOperation;
+
+RetryOperation.prototype.reset = function() {
+  this._attempts = 1;
+  this._timeouts = this._originalTimeouts.slice(0);
+}
+
+RetryOperation.prototype.stop = function() {
+  if (this._timeout) {
+    clearTimeout(this._timeout);
+  }
+  if (this._timer) {
+    clearTimeout(this._timer);
+  }
+
+  this._timeouts       = [];
+  this._cachedTimeouts = null;
+};
+
+RetryOperation.prototype.retry = function(err) {
+  if (this._timeout) {
+    clearTimeout(this._timeout);
+  }
+
+  if (!err) {
+    return false;
+  }
+  var currentTime = new Date().getTime();
+  if (err && currentTime - this._operationStart >= this._maxRetryTime) {
+    this._errors.push(err);
+    this._errors.unshift(new Error('RetryOperation timeout occurred'));
+    return false;
+  }
+
+  this._errors.push(err);
+
+  var timeout = this._timeouts.shift();
+  if (timeout === undefined) {
+    if (this._cachedTimeouts) {
+      // retry forever, only keep last error
+      this._errors.splice(0, this._errors.length - 1);
+      timeout = this._cachedTimeouts.slice(-1);
+    } else {
+      return false;
+    }
+  }
+
+  var self = this;
+  this._timer = setTimeout(function() {
+    self._attempts++;
+
+    if (self._operationTimeoutCb) {
+      self._timeout = setTimeout(function() {
+        self._operationTimeoutCb(self._attempts);
+      }, self._operationTimeout);
+
+      if (self._options.unref) {
+          self._timeout.unref();
+      }
+    }
+
+    self._fn(self._attempts);
+  }, timeout);
+
+  if (this._options.unref) {
+      this._timer.unref();
+  }
+
+  return true;
+};
+
+RetryOperation.prototype.attempt = function(fn, timeoutOps) {
+  this._fn = fn;
+
+  if (timeoutOps) {
+    if (timeoutOps.timeout) {
+      this._operationTimeout = timeoutOps.timeout;
+    }
+    if (timeoutOps.cb) {
+      this._operationTimeoutCb = timeoutOps.cb;
+    }
+  }
+
+  var self = this;
+  if (this._operationTimeoutCb) {
+    this._timeout = setTimeout(function() {
+      self._operationTimeoutCb();
+    }, self._operationTimeout);
+  }
+
+  this._operationStart = new Date().getTime();
+
+  this._fn(this._attempts);
+};
+
+RetryOperation.prototype.try = function(fn) {
+  console.log('Using RetryOperation.try() is deprecated');
+  this.attempt(fn);
+};
+
+RetryOperation.prototype.start = function(fn) {
+  console.log('Using RetryOperation.start() is deprecated');
+  this.attempt(fn);
+};
+
+RetryOperation.prototype.start = RetryOperation.prototype.try;
+
+RetryOperation.prototype.errors = function() {
+  return this._errors;
+};
+
+RetryOperation.prototype.attempts = function() {
+  return this._attempts;
+};
+
+RetryOperation.prototype.mainError = function() {
+  if (this._errors.length === 0) {
+    return null;
+  }
+
+  var counts = {};
+  var mainError = null;
+  var mainErrorCount = 0;
+
+  for (var i = 0; i < this._errors.length; i++) {
+    var error = this._errors[i];
+    var message = error.message;
+    var count = (counts[message] || 0) + 1;
+
+    counts[message] = count;
+
+    if (count >= mainErrorCount) {
+      mainError = error;
+      mainErrorCount = count;
+    }
+  }
+
+  return mainError;
+};
diff --git a/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/package.json b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/package.json
new file mode 100644
index 00000000000000..48f35e8cff2859
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/node_modules/retry/package.json
@@ -0,0 +1,36 @@
+{
+  "author": "Tim Koschützki  (http://debuggable.com/)",
+  "name": "retry",
+  "description": "Abstraction for exponential and custom retry strategies for failed operations.",
+  "license": "MIT",
+  "version": "0.13.1",
+  "homepage": "https://github.com/tim-kos/node-retry",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/tim-kos/node-retry.git"
+  },
+  "files": [
+    "lib",
+    "example"
+  ],
+  "directories": {
+    "lib": "./lib"
+  },
+  "main": "index.js",
+  "engines": {
+    "node": ">= 4"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "fake": "0.2.0",
+    "istanbul": "^0.4.5",
+    "tape": "^4.8.0"
+  },
+  "scripts": {
+    "test": "./node_modules/.bin/istanbul cover ./node_modules/tape/bin/tape ./test/integration/*.js",
+    "release:major": "env SEMANTIC=major npm run release",
+    "release:minor": "env SEMANTIC=minor npm run release",
+    "release:patch": "env SEMANTIC=patch npm run release",
+    "release": "npm version ${SEMANTIC:-patch} -m \"Release %s\" && git push && git push --tags && npm publish"
+  }
+}
diff --git a/deps/npm/node_modules/@gar/promise-retry/package.json b/deps/npm/node_modules/@gar/promise-retry/package.json
new file mode 100644
index 00000000000000..0bd8e31a2aa021
--- /dev/null
+++ b/deps/npm/node_modules/@gar/promise-retry/package.json
@@ -0,0 +1,48 @@
+{
+  "name": "@gar/promise-retry",
+  "version": "1.0.2",
+  "description": "Retries a function that returns a promise, leveraging the power of the retry module.",
+  "main": "./lib/index.js",
+  "files": [
+    "lib"
+  ],
+  "type": "commonjs",
+  "exports": {
+    ".": [
+      {
+        "default": "./lib/index.js",
+        "types": "./lib/index.d.ts"
+      },
+      "./lib/index.js"
+    ]
+  },
+  "scripts": {
+    "lint": "npx standard",
+    "lint:fix": "npx standard --fix",
+    "test": "node --test --experimental-test-coverage --test-coverage-lines=100 --test-coverage-functions=100 --test-coverage-branches=100",
+    "typelint": "npx -p typescript tsc ./lib/index.d.ts",
+    "posttest": "npm run lint",
+    "postlint": "npm run typelint"
+  },
+  "bugs": {
+    "url": "https://github.com/wraithgar/node-promise-retry/issues/"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/wraithgar/node-promise-retry.git"
+  },
+  "keywords": [
+    "retry",
+    "promise",
+    "backoff",
+    "repeat",
+    "replay"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "retry": "^0.13.1"
+  },
+  "engines": {
+    "node": "^20.17.0 || >=22.9.0"
+  }
+}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/isolated-reifier.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/isolated-reifier.js
index 9822645d2527c0..8da64ce965b7ea 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/isolated-reifier.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/isolated-reifier.js
@@ -105,7 +105,7 @@ module.exports = cls => class IsolatedReifier extends cls {
         node.root.path,
         'node_modules',
         '.store',
-        `${node.name}@${node.version}`
+        `${node.packageName}@${node.version}`
       )
       mkdirSync(dir, { recursive: true })
       // TODO this approach feels wrong
@@ -145,6 +145,21 @@ module.exports = cls => class IsolatedReifier extends cls {
     const optionalDeps = edges.filter(e => e.optional).map(e => e.to.target)
     const nonOptionalDeps = edges.filter(e => !e.optional).map(e => e.to.target)
 
+    // When legacyPeerDeps is enabled, peer dep edges are not created on the
+    // node. Resolve them from the tree so they get symlinked in the store.
+    const peerDeps = node.package.peerDependencies
+    if (peerDeps && node.legacyPeerDeps) {
+      const edgeNames = new Set(edges.map(e => e.name))
+      for (const peerName of Object.keys(peerDeps)) {
+        if (!edgeNames.has(peerName)) {
+          const resolved = node.resolve(peerName)
+          if (resolved && resolved !== node && !resolved.inert) {
+            nonOptionalDeps.push(resolved)
+          }
+        }
+      }
+    }
+
     result.localDependencies = await Promise.all(nonOptionalDeps.filter(n => n.isWorkspace).map(this.workspaceProxyMemo))
     result.externalDependencies = await Promise.all(nonOptionalDeps.filter(n => !n.isWorkspace && !n.inert).map(this.externalProxyMemo))
     result.externalOptionalDependencies = await Promise.all(optionalDeps.filter(n => !n.inert).map(this.externalProxyMemo))
@@ -155,7 +170,9 @@ module.exports = cls => class IsolatedReifier extends cls {
     ]
     result.root = this.rootNode
     result.id = this.counter++
-    result.name = node.name
+    /* istanbul ignore next - packageName is always set for real packages */
+    result.name = result.isWorkspace ? (node.packageName || node.name) : node.name
+    result.packageName = node.packageName || node.name
     result.package = { ...node.package }
     result.package.bundleDependencies = undefined
     result.hasInstallScript = node.hasInstallScript
@@ -228,7 +245,7 @@ module.exports = cls => class IsolatedReifier extends cls {
         getChildren: node => node.dependencies,
         filter: node => node,
         visit: node => {
-          branch.push(`${node.name}@${node.version}`)
+          branch.push(`${node.packageName}@${node.version}`)
           deps.push(`${branch.join('->')}::${node.resolved}`)
         },
         leave: () => {
@@ -246,7 +263,7 @@ module.exports = cls => class IsolatedReifier extends cls {
     }
 
     const getKey = (idealTreeNode) => {
-      return `${idealTreeNode.name}@${idealTreeNode.version}-${treeHash(idealTreeNode)}`
+      return `${idealTreeNode.packageName}@${idealTreeNode.version}-${treeHash(idealTreeNode)}`
     }
 
     const root = {
@@ -301,7 +318,7 @@ module.exports = cls => class IsolatedReifier extends cls {
         isProjectRoot: false,
         isTop: false,
         location,
-        name: node.name,
+        name: node.packageName || node.name,
         optional: node.optional,
         top: { path: proxiedIdealTree.root.localPath },
         children: [],
@@ -335,7 +352,7 @@ module.exports = cls => class IsolatedReifier extends cls {
         return
       }
       processed.add(key)
-      const location = join('node_modules', '.store', key, 'node_modules', c.name)
+      const location = join('node_modules', '.store', key, 'node_modules', c.packageName)
       generateChild(c, location, c.package, true)
     })
     bundledTree.nodes.forEach(node => {
@@ -361,13 +378,17 @@ module.exports = cls => class IsolatedReifier extends cls {
 
       let from, nmFolder
       if (externalEdge) {
-        const fromLocation = join('node_modules', '.store', key, 'node_modules', node.name)
+        const fromLocation = join('node_modules', '.store', key, 'node_modules', node.packageName)
         from = root.children.find(c => c.location === fromLocation)
         nmFolder = join('node_modules', '.store', key, 'node_modules')
       } else {
         from = node.isProjectRoot ? root : root.fsChildren.find(c => c.location === node.localLocation)
         nmFolder = join(node.localLocation, 'node_modules')
       }
+      /* istanbul ignore next - strict-peer-deps can exclude nodes from the tree */
+      if (!from) {
+        return
+      }
 
       const processDeps = (dep, optional, external) => {
         optional = !!optional
@@ -379,12 +400,16 @@ module.exports = cls => class IsolatedReifier extends cls {
 
         let target
         if (external) {
-          const toLocation = join('node_modules', '.store', toKey, 'node_modules', dep.name)
+          const toLocation = join('node_modules', '.store', toKey, 'node_modules', dep.packageName)
           target = root.children.find(c => c.location === toLocation)
         } else {
           target = root.fsChildren.find(c => c.location === dep.localLocation)
         }
         // TODO: we should no-op is an edge has already been created with the same fromKey and toKey
+        /* istanbul ignore next - strict-peer-deps can exclude nodes from the tree */
+        if (!target) {
+          return
+        }
 
         binNames.forEach(bn => {
           target.binPaths.push(join(from.realpath, 'node_modules', '.bin', bn))
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
index eef557208208d9..317cfc1df8a728 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
@@ -295,12 +295,12 @@ module.exports = cls => class Builder extends cls {
         devOptional,
         package: pkg,
         location,
-        isStoreLink,
       } = node.target
 
       // skip any that we know we'll be deleting
-      // or storeLinks
-      if (this[_trashList].has(path) || isStoreLink) {
+      // or links to store entries (their scripts run on the store
+      // entry itself, not through the link)
+      if (this[_trashList].has(path) || (node.isLink && node.target?.isInStore)) {
         return
       }
 
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index defbdb1d255b56..5f376e94a4cecf 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -422,7 +422,7 @@ module.exports = cls => class Reifier extends cls {
       if (includeWorkspaces) {
         // add all ws nodes to filterNodes
         for (const ws of this.options.workspaces) {
-          const ideal = this.idealTree.children.get(ws)
+          const ideal = this.idealTree.children.get && this.idealTree.children.get(ws)
           if (ideal) {
             filterNodes.push(ideal)
           }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
index db0d8ea2edb113..71cfee736d9ccb 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
@@ -427,11 +427,19 @@ class Results {
     if (!this.currentAstNode.typeValue) {
       return this.initialItems
     }
+    // TODO this differs subtly with `:type()` because it now iterates on edgesIn, which means extraneous deps won't show up
+    // note how "@npmcli/abbrev@2.0.0-beta.45" is in the `:type()` results in the test but not in any of the other results.
     return this.initialItems
       .flatMap(node => {
         const found = []
+        const { typeValue } = this.currentAstNode
         for (const edge of node.edgesIn) {
-          if (npa(`${edge.name}@${edge.spec}`).type === this.currentAstNode.typeValue) {
+          const parsedArg = npa(`${edge.name}@${edge.spec}`)
+          if (typeValue === 'registry') {
+            if (parsedArg.registry) {
+              found.push(edge.to)
+            }
+          } else if (parsedArg.type === typeValue) {
             found.push(edge.to)
           }
         }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
index 8313e05d61c376..751c549fed63bc 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/shrinkwrap.js
@@ -95,6 +95,7 @@ const pkgMetaKeys = [
   'engines',
   'os',
   'cpu',
+  'libc',
   '_integrity',
   'license',
   '_hasShrinkwrap',
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index b00071df9186fa..3b49201fe966b8 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "9.3.1",
+  "version": "9.4.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
diff --git a/deps/npm/node_modules/@npmcli/git/lib/spawn.js b/deps/npm/node_modules/@npmcli/git/lib/spawn.js
index 03c1cbde215477..e4abd420098eec 100644
--- a/deps/npm/node_modules/@npmcli/git/lib/spawn.js
+++ b/deps/npm/node_modules/@npmcli/git/lib/spawn.js
@@ -1,5 +1,5 @@
 const spawn = require('@npmcli/promise-spawn')
-const promiseRetry = require('promise-retry')
+const { promiseRetry } = require('@gar/promise-retry')
 const { log } = require('proc-log')
 const makeError = require('./make-error.js')
 const makeOpts = require('./opts.js')
diff --git a/deps/npm/node_modules/@npmcli/git/package.json b/deps/npm/node_modules/@npmcli/git/package.json
index 78d077513dd81a..6a8083ba80df81 100644
--- a/deps/npm/node_modules/@npmcli/git/package.json
+++ b/deps/npm/node_modules/@npmcli/git/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/git",
-  "version": "7.0.1",
+  "version": "7.0.2",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -38,12 +38,12 @@
     "tap": "^16.0.1"
   },
   "dependencies": {
+    "@gar/promise-retry": "^1.0.0",
     "@npmcli/promise-spawn": "^9.0.0",
     "ini": "^6.0.0",
     "lru-cache": "^11.2.1",
     "npm-pick-manifest": "^11.0.1",
     "proc-log": "^6.0.0",
-    "promise-retry": "^2.0.1",
     "semver": "^7.3.5",
     "which": "^6.0.0"
   },
diff --git a/deps/npm/node_modules/balanced-match/package.json b/deps/npm/node_modules/balanced-match/package.json
index 9ed26bf64e24b5..48f1a638d0b67d 100644
--- a/deps/npm/node_modules/balanced-match/package.json
+++ b/deps/npm/node_modules/balanced-match/package.json
@@ -1,7 +1,7 @@
 {
   "name": "balanced-match",
   "description": "Match balanced character pairs, like \"{\" and \"}\"",
-  "version": "4.0.3",
+  "version": "4.0.4",
   "files": [
     "dist"
   ],
@@ -41,7 +41,7 @@
     "@types/node": "^25.2.1",
     "mkdirp": "^3.0.1",
     "prettier": "^3.3.2",
-    "tap": "^21.1.0",
+    "tap": "^21.6.2",
     "tshy": "^3.0.2",
     "typedoc": "^0.28.5"
   },
@@ -54,7 +54,7 @@
   ],
   "license": "MIT",
   "engines": {
-    "node": "20 || >=22"
+    "node": "18 || 20 || >=22"
   },
   "tshy": {
     "exports": {
diff --git a/deps/npm/node_modules/brace-expansion/package.json b/deps/npm/node_modules/brace-expansion/package.json
index a8c205a33db2ce..c921f0bed27ce9 100644
--- a/deps/npm/node_modules/brace-expansion/package.json
+++ b/deps/npm/node_modules/brace-expansion/package.json
@@ -1,7 +1,7 @@
 {
   "name": "brace-expansion",
   "description": "Brace expansion as known from sh/bash",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "files": [
     "dist"
   ],
@@ -37,7 +37,7 @@
     "@types/node": "^25.2.1",
     "mkdirp": "^3.0.1",
     "prettier": "^3.3.2",
-    "tap": "^21.5.0",
+    "tap": "^21.6.2",
     "tshy": "^3.0.2",
     "typedoc": "^0.28.5"
   },
@@ -46,7 +46,7 @@
   },
   "license": "MIT",
   "engines": {
-    "node": "20 || >=22"
+    "node": "18 || 20 || >=22"
   },
   "tshy": {
     "exports": {
diff --git a/deps/npm/node_modules/encoding/lib/encoding.js b/deps/npm/node_modules/encoding/lib/encoding.js
deleted file mode 100644
index 865c24bce2e06d..00000000000000
--- a/deps/npm/node_modules/encoding/lib/encoding.js
+++ /dev/null
@@ -1,83 +0,0 @@
-'use strict';
-
-var iconvLite = require('iconv-lite');
-
-// Expose to the world
-module.exports.convert = convert;
-
-/**
- * Convert encoding of an UTF-8 string or a buffer
- *
- * @param {String|Buffer} str String to be converted
- * @param {String} to Encoding to be converted to
- * @param {String} [from='UTF-8'] Encoding to be converted from
- * @return {Buffer} Encoded string
- */
-function convert(str, to, from) {
-    from = checkEncoding(from || 'UTF-8');
-    to = checkEncoding(to || 'UTF-8');
-    str = str || '';
-
-    var result;
-
-    if (from !== 'UTF-8' && typeof str === 'string') {
-        str = Buffer.from(str, 'binary');
-    }
-
-    if (from === to) {
-        if (typeof str === 'string') {
-            result = Buffer.from(str);
-        } else {
-            result = str;
-        }
-    } else {
-        try {
-            result = convertIconvLite(str, to, from);
-        } catch (E) {
-            console.error(E);
-            result = str;
-        }
-    }
-
-    if (typeof result === 'string') {
-        result = Buffer.from(result, 'utf-8');
-    }
-
-    return result;
-}
-
-/**
- * Convert encoding of astring with iconv-lite
- *
- * @param {String|Buffer} str String to be converted
- * @param {String} to Encoding to be converted to
- * @param {String} [from='UTF-8'] Encoding to be converted from
- * @return {Buffer} Encoded string
- */
-function convertIconvLite(str, to, from) {
-    if (to === 'UTF-8') {
-        return iconvLite.decode(str, from);
-    } else if (from === 'UTF-8') {
-        return iconvLite.encode(str, to);
-    } else {
-        return iconvLite.encode(iconvLite.decode(str, from), to);
-    }
-}
-
-/**
- * Converts charset name if needed
- *
- * @param {String} name Character set
- * @return {String} Character set name
- */
-function checkEncoding(name) {
-    return (name || '')
-        .toString()
-        .trim()
-        .replace(/^latin[\-_]?(\d+)$/i, 'ISO-8859-$1')
-        .replace(/^win(?:dows)?[\-_]?(\d+)$/i, 'WINDOWS-$1')
-        .replace(/^utf[\-_]?(\d+)$/i, 'UTF-$1')
-        .replace(/^ks_c_5601\-1987$/i, 'CP949')
-        .replace(/^us[\-_]?ascii$/i, 'ASCII')
-        .toUpperCase();
-}
diff --git a/deps/npm/node_modules/encoding/package.json b/deps/npm/node_modules/encoding/package.json
deleted file mode 100644
index 773a94384fa63b..00000000000000
--- a/deps/npm/node_modules/encoding/package.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "encoding",
-    "version": "0.1.13",
-    "description": "Convert encodings, uses iconv-lite",
-    "main": "lib/encoding.js",
-    "scripts": {
-        "test": "nodeunit test"
-    },
-    "repository": "https://github.com/andris9/encoding.git",
-    "author": "Andris Reinman",
-    "license": "MIT",
-    "dependencies": {
-        "iconv-lite": "^0.6.2"
-    },
-    "devDependencies": {
-        "nodeunit": "0.11.3"
-    }
-}
diff --git a/deps/npm/node_modules/encoding/test/test.js b/deps/npm/node_modules/encoding/test/test.js
deleted file mode 100644
index 3a7dfee9892242..00000000000000
--- a/deps/npm/node_modules/encoding/test/test.js
+++ /dev/null
@@ -1,49 +0,0 @@
-'use strict';
-
-var encoding = require('../lib/encoding');
-
-exports['General tests'] = {
-    'From UTF-8 to Latin_1': function (test) {
-        var input = 'ÕÄÖÜ',
-            expected = Buffer.from([0xd5, 0xc4, 0xd6, 0xdc]);
-        test.deepEqual(encoding.convert(input, 'latin1'), expected);
-        test.done();
-    },
-
-    'From Latin_1 to UTF-8': function (test) {
-        var input = Buffer.from([0xd5, 0xc4, 0xd6, 0xdc]),
-            expected = 'ÕÄÖÜ';
-        test.deepEqual(encoding.convert(input, 'utf-8', 'latin1').toString(), expected);
-        test.done();
-    },
-
-    'From UTF-8 to UTF-8': function (test) {
-        var input = 'ÕÄÖÜ',
-            expected = Buffer.from('ÕÄÖÜ');
-        test.deepEqual(encoding.convert(input, 'utf-8', 'utf-8'), expected);
-        test.done();
-    },
-
-    'From Latin_13 to Latin_15': function (test) {
-        var input = Buffer.from([0xd5, 0xc4, 0xd6, 0xdc, 0xd0]),
-            expected = Buffer.from([0xd5, 0xc4, 0xd6, 0xdc, 0xa6]);
-        test.deepEqual(encoding.convert(input, 'latin_15', 'latin13'), expected);
-        test.done();
-    }
-
-    /*
-    // ISO-2022-JP is not supported by iconv-lite
-    "From ISO-2022-JP to UTF-8 with Iconv": function (test) {
-        var input = Buffer.from(
-            "GyRCM1g5OzU7PVEwdzgmPSQ4IUYkMnFKczlwGyhC",
-            "base64"
-        ),
-        expected = Buffer.from(
-            "5a2m5qCh5oqA6KGT5ZOh56CU5L+u5qSc6KiO5Lya5aCx5ZGK",
-            "base64"
-        );
-        test.deepEqual(encoding.convert(input, "utf-8", "ISO-2022-JP"), expected);
-        test.done();
-    },
-    */
-};
diff --git a/deps/npm/node_modules/iconv-lite/encodings/dbcs-codec.js b/deps/npm/node_modules/iconv-lite/encodings/dbcs-codec.js
index fa839170367b27..bfec7f2ef9071e 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/dbcs-codec.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/dbcs-codec.js
@@ -1,597 +1,532 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
+"use strict"
+var Buffer = require("safer-buffer").Buffer
 
 // Multibyte codec. In this scheme, a character is represented by 1 or more bytes.
 // Our codec supports UTF-16 surrogates, extensions for GB18030 and unicode sequences.
 // To save memory and loading time, we read table files only when requested.
 
-exports._dbcs = DBCSCodec;
+exports._dbcs = DBCSCodec
 
-var UNASSIGNED = -1,
-    GB18030_CODE = -2,
-    SEQ_START  = -10,
-    NODE_START = -1000,
-    UNASSIGNED_NODE = new Array(0x100),
-    DEF_CHAR = -1;
-
-for (var i = 0; i < 0x100; i++)
-    UNASSIGNED_NODE[i] = UNASSIGNED;
+var UNASSIGNED = -1
+var GB18030_CODE = -2
+var SEQ_START = -10
+var NODE_START = -1000
+var UNASSIGNED_NODE = new Array(0x100)
+var DEF_CHAR = -1
 
+for (var i = 0; i < 0x100; i++) { UNASSIGNED_NODE[i] = UNASSIGNED }
 
 // Class DBCSCodec reads and initializes mapping tables.
-function DBCSCodec(codecOptions, iconv) {
-    this.encodingName = codecOptions.encodingName;
-    if (!codecOptions)
-        throw new Error("DBCS codec is called without the data.")
-    if (!codecOptions.table)
-        throw new Error("Encoding '" + this.encodingName + "' has no data.");
-
-    // Load tables.
-    var mappingTable = codecOptions.table();
-
-
-    // Decode tables: MBCS -> Unicode.
-
-    // decodeTables is a trie, encoded as an array of arrays of integers. Internal arrays are trie nodes and all have len = 256.
-    // Trie root is decodeTables[0].
-    // Values: >=  0 -> unicode character code. can be > 0xFFFF
-    //         == UNASSIGNED -> unknown/unassigned sequence.
-    //         == GB18030_CODE -> this is the end of a GB18030 4-byte sequence.
-    //         <= NODE_START -> index of the next node in our trie to process next byte.
-    //         <= SEQ_START  -> index of the start of a character code sequence, in decodeTableSeq.
-    this.decodeTables = [];
-    this.decodeTables[0] = UNASSIGNED_NODE.slice(0); // Create root node.
-
-    // Sometimes a MBCS char corresponds to a sequence of unicode chars. We store them as arrays of integers here. 
-    this.decodeTableSeq = [];
-
-    // Actual mapping tables consist of chunks. Use them to fill up decode tables.
-    for (var i = 0; i < mappingTable.length; i++)
-        this._addDecodeChunk(mappingTable[i]);
-
-    // Load & create GB18030 tables when needed.
-    if (typeof codecOptions.gb18030 === 'function') {
-        this.gb18030 = codecOptions.gb18030(); // Load GB18030 ranges.
-
-        // Add GB18030 common decode nodes.
-        var commonThirdByteNodeIdx = this.decodeTables.length;
-        this.decodeTables.push(UNASSIGNED_NODE.slice(0));
-
-        var commonFourthByteNodeIdx = this.decodeTables.length;
-        this.decodeTables.push(UNASSIGNED_NODE.slice(0));
-
-        // Fill out the tree
-        var firstByteNode = this.decodeTables[0];
-        for (var i = 0x81; i <= 0xFE; i++) {
-            var secondByteNode = this.decodeTables[NODE_START - firstByteNode[i]];
-            for (var j = 0x30; j <= 0x39; j++) {
-                if (secondByteNode[j] === UNASSIGNED) {
-                    secondByteNode[j] = NODE_START - commonThirdByteNodeIdx;
-                } else if (secondByteNode[j] > NODE_START) {
-                    throw new Error("gb18030 decode tables conflict at byte 2");
-                }
-
-                var thirdByteNode = this.decodeTables[NODE_START - secondByteNode[j]];
-                for (var k = 0x81; k <= 0xFE; k++) {
-                    if (thirdByteNode[k] === UNASSIGNED) {
-                        thirdByteNode[k] = NODE_START - commonFourthByteNodeIdx;
-                    } else if (thirdByteNode[k] === NODE_START - commonFourthByteNodeIdx) {
-                        continue;
-                    } else if (thirdByteNode[k] > NODE_START) {
-                        throw new Error("gb18030 decode tables conflict at byte 3");
-                    }
-
-                    var fourthByteNode = this.decodeTables[NODE_START - thirdByteNode[k]];
-                    for (var l = 0x30; l <= 0x39; l++) {
-                        if (fourthByteNode[l] === UNASSIGNED)
-                            fourthByteNode[l] = GB18030_CODE;
-                    }
-                }
-            }
+function DBCSCodec (codecOptions, iconv) {
+  this.encodingName = codecOptions.encodingName
+  if (!codecOptions) { throw new Error("DBCS codec is called without the data.") }
+  if (!codecOptions.table) { throw new Error("Encoding '" + this.encodingName + "' has no data.") }
+
+  // Load tables.
+  var mappingTable = codecOptions.table()
+
+  // Decode tables: MBCS -> Unicode.
+
+  // decodeTables is a trie, encoded as an array of arrays of integers. Internal arrays are trie nodes and all have len = 256.
+  // Trie root is decodeTables[0].
+  // Values: >=  0 -> unicode character code. can be > 0xFFFF
+  //         == UNASSIGNED -> unknown/unassigned sequence.
+  //         == GB18030_CODE -> this is the end of a GB18030 4-byte sequence.
+  //         <= NODE_START -> index of the next node in our trie to process next byte.
+  //         <= SEQ_START  -> index of the start of a character code sequence, in decodeTableSeq.
+  this.decodeTables = []
+  this.decodeTables[0] = UNASSIGNED_NODE.slice(0) // Create root node.
+
+  // Sometimes a MBCS char corresponds to a sequence of unicode chars. We store them as arrays of integers here.
+  this.decodeTableSeq = []
+
+  // Actual mapping tables consist of chunks. Use them to fill up decode tables.
+  for (var i = 0; i < mappingTable.length; i++) { this._addDecodeChunk(mappingTable[i]) }
+
+  // Load & create GB18030 tables when needed.
+  if (typeof codecOptions.gb18030 === "function") {
+    this.gb18030 = codecOptions.gb18030() // Load GB18030 ranges.
+
+    // Add GB18030 common decode nodes.
+    var commonThirdByteNodeIdx = this.decodeTables.length
+    this.decodeTables.push(UNASSIGNED_NODE.slice(0))
+
+    var commonFourthByteNodeIdx = this.decodeTables.length
+    this.decodeTables.push(UNASSIGNED_NODE.slice(0))
+
+    // Fill out the tree
+    var firstByteNode = this.decodeTables[0]
+    for (var i = 0x81; i <= 0xFE; i++) {
+      var secondByteNode = this.decodeTables[NODE_START - firstByteNode[i]]
+      for (var j = 0x30; j <= 0x39; j++) {
+        if (secondByteNode[j] === UNASSIGNED) {
+          secondByteNode[j] = NODE_START - commonThirdByteNodeIdx
+        } else if (secondByteNode[j] > NODE_START) {
+          throw new Error("gb18030 decode tables conflict at byte 2")
         }
-    }
 
-    this.defaultCharUnicode = iconv.defaultCharUnicode;
-
-    
-    // Encode tables: Unicode -> DBCS.
-
-    // `encodeTable` is array mapping from unicode char to encoded char. All its values are integers for performance.
-    // Because it can be sparse, it is represented as array of buckets by 256 chars each. Bucket can be null.
-    // Values: >=  0 -> it is a normal char. Write the value (if <=256 then 1 byte, if <=65536 then 2 bytes, etc.).
-    //         == UNASSIGNED -> no conversion found. Output a default char.
-    //         <= SEQ_START  -> it's an index in encodeTableSeq, see below. The character starts a sequence.
-    this.encodeTable = [];
-    
-    // `encodeTableSeq` is used when a sequence of unicode characters is encoded as a single code. We use a tree of
-    // objects where keys correspond to characters in sequence and leafs are the encoded dbcs values. A special DEF_CHAR key
-    // means end of sequence (needed when one sequence is a strict subsequence of another).
-    // Objects are kept separately from encodeTable to increase performance.
-    this.encodeTableSeq = [];
-
-    // Some chars can be decoded, but need not be encoded.
-    var skipEncodeChars = {};
-    if (codecOptions.encodeSkipVals)
-        for (var i = 0; i < codecOptions.encodeSkipVals.length; i++) {
-            var val = codecOptions.encodeSkipVals[i];
-            if (typeof val === 'number')
-                skipEncodeChars[val] = true;
-            else
-                for (var j = val.from; j <= val.to; j++)
-                    skipEncodeChars[j] = true;
+        var thirdByteNode = this.decodeTables[NODE_START - secondByteNode[j]]
+        for (var k = 0x81; k <= 0xFE; k++) {
+          if (thirdByteNode[k] === UNASSIGNED) {
+            thirdByteNode[k] = NODE_START - commonFourthByteNodeIdx
+          } else if (thirdByteNode[k] === NODE_START - commonFourthByteNodeIdx) {
+            continue
+          } else if (thirdByteNode[k] > NODE_START) {
+            throw new Error("gb18030 decode tables conflict at byte 3")
+          }
+
+          var fourthByteNode = this.decodeTables[NODE_START - thirdByteNode[k]]
+          for (var l = 0x30; l <= 0x39; l++) {
+            if (fourthByteNode[l] === UNASSIGNED) { fourthByteNode[l] = GB18030_CODE }
+          }
         }
-        
-    // Use decode trie to recursively fill out encode tables.
-    this._fillEncodeTable(0, 0, skipEncodeChars);
-
-    // Add more encoding pairs when needed.
-    if (codecOptions.encodeAdd) {
-        for (var uChar in codecOptions.encodeAdd)
-            if (Object.prototype.hasOwnProperty.call(codecOptions.encodeAdd, uChar))
-                this._setEncodeChar(uChar.charCodeAt(0), codecOptions.encodeAdd[uChar]);
+      }
     }
+  }
+
+  this.defaultCharUnicode = iconv.defaultCharUnicode
+
+  // Encode tables: Unicode -> DBCS.
+
+  // `encodeTable` is array mapping from unicode char to encoded char. All its values are integers for performance.
+  // Because it can be sparse, it is represented as array of buckets by 256 chars each. Bucket can be null.
+  // Values: >=  0 -> it is a normal char. Write the value (if <=256 then 1 byte, if <=65536 then 2 bytes, etc.).
+  //         == UNASSIGNED -> no conversion found. Output a default char.
+  //         <= SEQ_START  -> it's an index in encodeTableSeq, see below. The character starts a sequence.
+  this.encodeTable = []
+
+  // `encodeTableSeq` is used when a sequence of unicode characters is encoded as a single code. We use a tree of
+  // objects where keys correspond to characters in sequence and leafs are the encoded dbcs values. A special DEF_CHAR key
+  // means end of sequence (needed when one sequence is a strict subsequence of another).
+  // Objects are kept separately from encodeTable to increase performance.
+  this.encodeTableSeq = []
+
+  // Some chars can be decoded, but need not be encoded.
+  var skipEncodeChars = {}
+  if (codecOptions.encodeSkipVals) {
+    for (var i = 0; i < codecOptions.encodeSkipVals.length; i++) {
+      var val = codecOptions.encodeSkipVals[i]
+      if (typeof val === "number") { skipEncodeChars[val] = true } else {
+        for (var j = val.from; j <= val.to; j++) { skipEncodeChars[j] = true }
+      }
+    }
+  }
+
+  // Use decode trie to recursively fill out encode tables.
+  this._fillEncodeTable(0, 0, skipEncodeChars)
 
-    this.defCharSB  = this.encodeTable[0][iconv.defaultCharSingleByte.charCodeAt(0)];
-    if (this.defCharSB === UNASSIGNED) this.defCharSB = this.encodeTable[0]['?'];
-    if (this.defCharSB === UNASSIGNED) this.defCharSB = "?".charCodeAt(0);
+  // Add more encoding pairs when needed.
+  if (codecOptions.encodeAdd) {
+    for (var uChar in codecOptions.encodeAdd) {
+      if (Object.prototype.hasOwnProperty.call(codecOptions.encodeAdd, uChar)) { this._setEncodeChar(uChar.charCodeAt(0), codecOptions.encodeAdd[uChar]) }
+    }
+  }
+
+  this.defCharSB = this.encodeTable[0][iconv.defaultCharSingleByte.charCodeAt(0)]
+  if (this.defCharSB === UNASSIGNED) this.defCharSB = this.encodeTable[0]["?"]
+  if (this.defCharSB === UNASSIGNED) this.defCharSB = "?".charCodeAt(0)
 }
 
-DBCSCodec.prototype.encoder = DBCSEncoder;
-DBCSCodec.prototype.decoder = DBCSDecoder;
+DBCSCodec.prototype.encoder = DBCSEncoder
+DBCSCodec.prototype.decoder = DBCSDecoder
 
 // Decoder helpers
-DBCSCodec.prototype._getDecodeTrieNode = function(addr) {
-    var bytes = [];
-    for (; addr > 0; addr >>>= 8)
-        bytes.push(addr & 0xFF);
-    if (bytes.length == 0)
-        bytes.push(0);
-
-    var node = this.decodeTables[0];
-    for (var i = bytes.length-1; i > 0; i--) { // Traverse nodes deeper into the trie.
-        var val = node[bytes[i]];
-
-        if (val == UNASSIGNED) { // Create new node.
-            node[bytes[i]] = NODE_START - this.decodeTables.length;
-            this.decodeTables.push(node = UNASSIGNED_NODE.slice(0));
-        }
-        else if (val <= NODE_START) { // Existing node.
-            node = this.decodeTables[NODE_START - val];
-        }
-        else
-            throw new Error("Overwrite byte in " + this.encodingName + ", addr: " + addr.toString(16));
-    }
-    return node;
+DBCSCodec.prototype._getDecodeTrieNode = function (addr) {
+  var bytes = []
+  for (; addr > 0; addr >>>= 8) { bytes.push(addr & 0xFF) }
+  if (bytes.length == 0) { bytes.push(0) }
+
+  var node = this.decodeTables[0]
+  for (var i = bytes.length - 1; i > 0; i--) { // Traverse nodes deeper into the trie.
+    var val = node[bytes[i]]
+
+    if (val == UNASSIGNED) { // Create new node.
+      node[bytes[i]] = NODE_START - this.decodeTables.length
+      this.decodeTables.push(node = UNASSIGNED_NODE.slice(0))
+    } else if (val <= NODE_START) { // Existing node.
+      node = this.decodeTables[NODE_START - val]
+    } else { throw new Error("Overwrite byte in " + this.encodingName + ", addr: " + addr.toString(16)) }
+  }
+  return node
 }
 
-
-DBCSCodec.prototype._addDecodeChunk = function(chunk) {
-    // First element of chunk is the hex mbcs code where we start.
-    var curAddr = parseInt(chunk[0], 16);
-
-    // Choose the decoding node where we'll write our chars.
-    var writeTable = this._getDecodeTrieNode(curAddr);
-    curAddr = curAddr & 0xFF;
-
-    // Write all other elements of the chunk to the table.
-    for (var k = 1; k < chunk.length; k++) {
-        var part = chunk[k];
-        if (typeof part === "string") { // String, write as-is.
-            for (var l = 0; l < part.length;) {
-                var code = part.charCodeAt(l++);
-                if (0xD800 <= code && code < 0xDC00) { // Decode surrogate
-                    var codeTrail = part.charCodeAt(l++);
-                    if (0xDC00 <= codeTrail && codeTrail < 0xE000)
-                        writeTable[curAddr++] = 0x10000 + (code - 0xD800) * 0x400 + (codeTrail - 0xDC00);
-                    else
-                        throw new Error("Incorrect surrogate pair in "  + this.encodingName + " at chunk " + chunk[0]);
-                }
-                else if (0x0FF0 < code && code <= 0x0FFF) { // Character sequence (our own encoding used)
-                    var len = 0xFFF - code + 2;
-                    var seq = [];
-                    for (var m = 0; m < len; m++)
-                        seq.push(part.charCodeAt(l++)); // Simple variation: don't support surrogates or subsequences in seq.
-
-                    writeTable[curAddr++] = SEQ_START - this.decodeTableSeq.length;
-                    this.decodeTableSeq.push(seq);
-                }
-                else
-                    writeTable[curAddr++] = code; // Basic char
-            }
-        } 
-        else if (typeof part === "number") { // Integer, meaning increasing sequence starting with prev character.
-            var charCode = writeTable[curAddr - 1] + 1;
-            for (var l = 0; l < part; l++)
-                writeTable[curAddr++] = charCode++;
-        }
-        else
-            throw new Error("Incorrect type '" + typeof part + "' given in "  + this.encodingName + " at chunk " + chunk[0]);
-    }
-    if (curAddr > 0xFF)
-        throw new Error("Incorrect chunk in "  + this.encodingName + " at addr " + chunk[0] + ": too long" + curAddr);
+DBCSCodec.prototype._addDecodeChunk = function (chunk) {
+  // First element of chunk is the hex mbcs code where we start.
+  var curAddr = parseInt(chunk[0], 16)
+
+  // Choose the decoding node where we'll write our chars.
+  var writeTable = this._getDecodeTrieNode(curAddr)
+  curAddr = curAddr & 0xFF
+
+  // Write all other elements of the chunk to the table.
+  for (var k = 1; k < chunk.length; k++) {
+    var part = chunk[k]
+    if (typeof part === "string") { // String, write as-is.
+      for (var l = 0; l < part.length;) {
+        var code = part.charCodeAt(l++)
+        if (code >= 0xD800 && code < 0xDC00) { // Decode surrogate
+          var codeTrail = part.charCodeAt(l++)
+          if (codeTrail >= 0xDC00 && codeTrail < 0xE000) { writeTable[curAddr++] = 0x10000 + (code - 0xD800) * 0x400 + (codeTrail - 0xDC00) } else { throw new Error("Incorrect surrogate pair in " + this.encodingName + " at chunk " + chunk[0]) }
+        } else if (code > 0x0FF0 && code <= 0x0FFF) { // Character sequence (our own encoding used)
+          var len = 0xFFF - code + 2
+          var seq = []
+          for (var m = 0; m < len; m++) { seq.push(part.charCodeAt(l++)) } // Simple variation: don't support surrogates or subsequences in seq.
+
+          writeTable[curAddr++] = SEQ_START - this.decodeTableSeq.length
+          this.decodeTableSeq.push(seq)
+        } else { writeTable[curAddr++] = code } // Basic char
+      }
+    } else if (typeof part === "number") { // Integer, meaning increasing sequence starting with prev character.
+      var charCode = writeTable[curAddr - 1] + 1
+      for (var l = 0; l < part; l++) { writeTable[curAddr++] = charCode++ }
+    } else { throw new Error("Incorrect type '" + typeof part + "' given in " + this.encodingName + " at chunk " + chunk[0]) }
+  }
+  if (curAddr > 0xFF) { throw new Error("Incorrect chunk in " + this.encodingName + " at addr " + chunk[0] + ": too long" + curAddr) }
 }
 
 // Encoder helpers
-DBCSCodec.prototype._getEncodeBucket = function(uCode) {
-    var high = uCode >> 8; // This could be > 0xFF because of astral characters.
-    if (this.encodeTable[high] === undefined)
-        this.encodeTable[high] = UNASSIGNED_NODE.slice(0); // Create bucket on demand.
-    return this.encodeTable[high];
+DBCSCodec.prototype._getEncodeBucket = function (uCode) {
+  var high = uCode >> 8 // This could be > 0xFF because of astral characters.
+  if (this.encodeTable[high] === undefined) {
+    this.encodeTable[high] = UNASSIGNED_NODE.slice(0)
+  } // Create bucket on demand.
+  return this.encodeTable[high]
 }
 
-DBCSCodec.prototype._setEncodeChar = function(uCode, dbcsCode) {
-    var bucket = this._getEncodeBucket(uCode);
-    var low = uCode & 0xFF;
-    if (bucket[low] <= SEQ_START)
-        this.encodeTableSeq[SEQ_START-bucket[low]][DEF_CHAR] = dbcsCode; // There's already a sequence, set a single-char subsequence of it.
-    else if (bucket[low] == UNASSIGNED)
-        bucket[low] = dbcsCode;
+DBCSCodec.prototype._setEncodeChar = function (uCode, dbcsCode) {
+  var bucket = this._getEncodeBucket(uCode)
+  var low = uCode & 0xFF
+  if (bucket[low] <= SEQ_START) { this.encodeTableSeq[SEQ_START - bucket[low]][DEF_CHAR] = dbcsCode } // There's already a sequence, set a single-char subsequence of it.
+  else if (bucket[low] == UNASSIGNED) { bucket[low] = dbcsCode }
 }
 
-DBCSCodec.prototype._setEncodeSequence = function(seq, dbcsCode) {
-    
-    // Get the root of character tree according to first character of the sequence.
-    var uCode = seq[0];
-    var bucket = this._getEncodeBucket(uCode);
-    var low = uCode & 0xFF;
-
-    var node;
-    if (bucket[low] <= SEQ_START) {
-        // There's already a sequence with  - use it.
-        node = this.encodeTableSeq[SEQ_START-bucket[low]];
-    }
-    else {
-        // There was no sequence object - allocate a new one.
-        node = {};
-        if (bucket[low] !== UNASSIGNED) node[DEF_CHAR] = bucket[low]; // If a char was set before - make it a single-char subsequence.
-        bucket[low] = SEQ_START - this.encodeTableSeq.length;
-        this.encodeTableSeq.push(node);
+DBCSCodec.prototype._setEncodeSequence = function (seq, dbcsCode) {
+  // Get the root of character tree according to first character of the sequence.
+  var uCode = seq[0]
+  var bucket = this._getEncodeBucket(uCode)
+  var low = uCode & 0xFF
+
+  var node
+  if (bucket[low] <= SEQ_START) {
+    // There's already a sequence with  - use it.
+    node = this.encodeTableSeq[SEQ_START - bucket[low]]
+  } else {
+    // There was no sequence object - allocate a new one.
+    node = {}
+    if (bucket[low] !== UNASSIGNED) node[DEF_CHAR] = bucket[low] // If a char was set before - make it a single-char subsequence.
+    bucket[low] = SEQ_START - this.encodeTableSeq.length
+    this.encodeTableSeq.push(node)
+  }
+
+  // Traverse the character tree, allocating new nodes as needed.
+  for (var j = 1; j < seq.length - 1; j++) {
+    var oldVal = node[uCode]
+    if (typeof oldVal === "object") { node = oldVal } else {
+      node = node[uCode] = {}
+      if (oldVal !== undefined) { node[DEF_CHAR] = oldVal }
     }
+  }
 
-    // Traverse the character tree, allocating new nodes as needed.
-    for (var j = 1; j < seq.length-1; j++) {
-        var oldVal = node[uCode];
-        if (typeof oldVal === 'object')
-            node = oldVal;
-        else {
-            node = node[uCode] = {}
-            if (oldVal !== undefined)
-                node[DEF_CHAR] = oldVal
-        }
-    }
-
-    // Set the leaf to given dbcsCode.
-    uCode = seq[seq.length-1];
-    node[uCode] = dbcsCode;
+  // Set the leaf to given dbcsCode.
+  uCode = seq[seq.length - 1]
+  node[uCode] = dbcsCode
 }
 
-DBCSCodec.prototype._fillEncodeTable = function(nodeIdx, prefix, skipEncodeChars) {
-    var node = this.decodeTables[nodeIdx];
-    var hasValues = false;
-    var subNodeEmpty = {};
-    for (var i = 0; i < 0x100; i++) {
-        var uCode = node[i];
-        var mbCode = prefix + i;
-        if (skipEncodeChars[mbCode])
-            continue;
-
-        if (uCode >= 0) {
-            this._setEncodeChar(uCode, mbCode);
-            hasValues = true;
-        } else if (uCode <= NODE_START) {
-            var subNodeIdx = NODE_START - uCode;
-            if (!subNodeEmpty[subNodeIdx]) {  // Skip empty subtrees (they are too large in gb18030).
-                var newPrefix = (mbCode << 8) >>> 0;  // NOTE: '>>> 0' keeps 32-bit num positive.
-                if (this._fillEncodeTable(subNodeIdx, newPrefix, skipEncodeChars))
-                    hasValues = true;
-                else
-                    subNodeEmpty[subNodeIdx] = true;
-            }
-        } else if (uCode <= SEQ_START) {
-            this._setEncodeSequence(this.decodeTableSeq[SEQ_START - uCode], mbCode);
-            hasValues = true;
-        }
+DBCSCodec.prototype._fillEncodeTable = function (nodeIdx, prefix, skipEncodeChars) {
+  var node = this.decodeTables[nodeIdx]
+  var hasValues = false
+  var subNodeEmpty = {}
+  for (var i = 0; i < 0x100; i++) {
+    var uCode = node[i]
+    var mbCode = prefix + i
+    if (skipEncodeChars[mbCode]) { continue }
+
+    if (uCode >= 0) {
+      this._setEncodeChar(uCode, mbCode)
+      hasValues = true
+    } else if (uCode <= NODE_START) {
+      var subNodeIdx = NODE_START - uCode
+      if (!subNodeEmpty[subNodeIdx]) {  // Skip empty subtrees (they are too large in gb18030).
+        var newPrefix = (mbCode << 8) >>> 0  // NOTE: '>>> 0' keeps 32-bit num positive.
+        if (this._fillEncodeTable(subNodeIdx, newPrefix, skipEncodeChars)) { hasValues = true } else { subNodeEmpty[subNodeIdx] = true }
+      }
+    } else if (uCode <= SEQ_START) {
+      this._setEncodeSequence(this.decodeTableSeq[SEQ_START - uCode], mbCode)
+      hasValues = true
     }
-    return hasValues;
+  }
+  return hasValues
 }
 
-
-
 // == Encoder ==================================================================
 
-function DBCSEncoder(options, codec) {
-    // Encoder state
-    this.leadSurrogate = -1;
-    this.seqObj = undefined;
-    
-    // Static data
-    this.encodeTable = codec.encodeTable;
-    this.encodeTableSeq = codec.encodeTableSeq;
-    this.defaultCharSingleByte = codec.defCharSB;
-    this.gb18030 = codec.gb18030;
+function DBCSEncoder (options, codec) {
+  // Encoder state
+  this.leadSurrogate = -1
+  this.seqObj = undefined
+
+  // Static data
+  this.encodeTable = codec.encodeTable
+  this.encodeTableSeq = codec.encodeTableSeq
+  this.defaultCharSingleByte = codec.defCharSB
+  this.gb18030 = codec.gb18030
 }
 
-DBCSEncoder.prototype.write = function(str) {
-    var newBuf = Buffer.alloc(str.length * (this.gb18030 ? 4 : 3)),
-        leadSurrogate = this.leadSurrogate,
-        seqObj = this.seqObj, nextChar = -1,
-        i = 0, j = 0;
-
-    while (true) {
-        // 0. Get next character.
-        if (nextChar === -1) {
-            if (i == str.length) break;
-            var uCode = str.charCodeAt(i++);
-        }
-        else {
-            var uCode = nextChar;
-            nextChar = -1;    
-        }
+DBCSEncoder.prototype.write = function (str) {
+  var newBuf = Buffer.alloc(str.length * (this.gb18030 ? 4 : 3))
+  var leadSurrogate = this.leadSurrogate
+  var seqObj = this.seqObj
+  var nextChar = -1
+  var i = 0; var j = 0
+
+  while (true) {
+    // 0. Get next character.
+    if (nextChar === -1) {
+      if (i == str.length) break
+      var uCode = str.charCodeAt(i++)
+    } else {
+      var uCode = nextChar
+      nextChar = -1
+    }
 
-        // 1. Handle surrogates.
-        if (0xD800 <= uCode && uCode < 0xE000) { // Char is one of surrogates.
-            if (uCode < 0xDC00) { // We've got lead surrogate.
-                if (leadSurrogate === -1) {
-                    leadSurrogate = uCode;
-                    continue;
-                } else {
-                    leadSurrogate = uCode;
-                    // Double lead surrogate found.
-                    uCode = UNASSIGNED;
-                }
-            } else { // We've got trail surrogate.
-                if (leadSurrogate !== -1) {
-                    uCode = 0x10000 + (leadSurrogate - 0xD800) * 0x400 + (uCode - 0xDC00);
-                    leadSurrogate = -1;
-                } else {
-                    // Incomplete surrogate pair - only trail surrogate found.
-                    uCode = UNASSIGNED;
-                }
-                
-            }
+    // 1. Handle surrogates.
+    if (uCode >= 0xD800 && uCode < 0xE000) { // Char is one of surrogates.
+      if (uCode < 0xDC00) { // We've got lead surrogate.
+        if (leadSurrogate === -1) {
+          leadSurrogate = uCode
+          continue
+        } else {
+          leadSurrogate = uCode
+          // Double lead surrogate found.
+          uCode = UNASSIGNED
         }
-        else if (leadSurrogate !== -1) {
-            // Incomplete surrogate pair - only lead surrogate found.
-            nextChar = uCode; uCode = UNASSIGNED; // Write an error, then current char.
-            leadSurrogate = -1;
+      } else { // We've got trail surrogate.
+        if (leadSurrogate !== -1) {
+          uCode = 0x10000 + (leadSurrogate - 0xD800) * 0x400 + (uCode - 0xDC00)
+          leadSurrogate = -1
+        } else {
+          // Incomplete surrogate pair - only trail surrogate found.
+          uCode = UNASSIGNED
         }
+      }
+    } else if (leadSurrogate !== -1) {
+      // Incomplete surrogate pair - only lead surrogate found.
+      nextChar = uCode; uCode = UNASSIGNED // Write an error, then current char.
+      leadSurrogate = -1
+    }
 
-        // 2. Convert uCode character.
-        var dbcsCode = UNASSIGNED;
-        if (seqObj !== undefined && uCode != UNASSIGNED) { // We are in the middle of the sequence
-            var resCode = seqObj[uCode];
-            if (typeof resCode === 'object') { // Sequence continues.
-                seqObj = resCode;
-                continue;
-
-            } else if (typeof resCode == 'number') { // Sequence finished. Write it.
-                dbcsCode = resCode;
-
-            } else if (resCode == undefined) { // Current character is not part of the sequence.
-
-                // Try default character for this sequence
-                resCode = seqObj[DEF_CHAR];
-                if (resCode !== undefined) {
-                    dbcsCode = resCode; // Found. Write it.
-                    nextChar = uCode; // Current character will be written too in the next iteration.
-
-                } else {
-                    // TODO: What if we have no default? (resCode == undefined)
-                    // Then, we should write first char of the sequence as-is and try the rest recursively.
-                    // Didn't do it for now because no encoding has this situation yet.
-                    // Currently, just skip the sequence and write current char.
-                }
-            }
-            seqObj = undefined;
+    // 2. Convert uCode character.
+    var dbcsCode = UNASSIGNED
+    if (seqObj !== undefined && uCode != UNASSIGNED) { // We are in the middle of the sequence
+      var resCode = seqObj[uCode]
+      if (typeof resCode === "object") { // Sequence continues.
+        seqObj = resCode
+        continue
+      } else if (typeof resCode === "number") { // Sequence finished. Write it.
+        dbcsCode = resCode
+      } else if (resCode == undefined) { // Current character is not part of the sequence.
+        // Try default character for this sequence
+        resCode = seqObj[DEF_CHAR]
+        if (resCode !== undefined) {
+          dbcsCode = resCode // Found. Write it.
+          nextChar = uCode // Current character will be written too in the next iteration.
+        } else {
+          // TODO: What if we have no default? (resCode == undefined)
+          // Then, we should write first char of the sequence as-is and try the rest recursively.
+          // Didn't do it for now because no encoding has this situation yet.
+          // Currently, just skip the sequence and write current char.
         }
-        else if (uCode >= 0) {  // Regular character
-            var subtable = this.encodeTable[uCode >> 8];
-            if (subtable !== undefined)
-                dbcsCode = subtable[uCode & 0xFF];
-            
-            if (dbcsCode <= SEQ_START) { // Sequence start
-                seqObj = this.encodeTableSeq[SEQ_START-dbcsCode];
-                continue;
-            }
-
-            if (dbcsCode == UNASSIGNED && this.gb18030) {
-                // Use GB18030 algorithm to find character(s) to write.
-                var idx = findIdx(this.gb18030.uChars, uCode);
-                if (idx != -1) {
-                    var dbcsCode = this.gb18030.gbChars[idx] + (uCode - this.gb18030.uChars[idx]);
-                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 12600); dbcsCode = dbcsCode % 12600;
-                    newBuf[j++] = 0x30 + Math.floor(dbcsCode / 1260); dbcsCode = dbcsCode % 1260;
-                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 10); dbcsCode = dbcsCode % 10;
-                    newBuf[j++] = 0x30 + dbcsCode;
-                    continue;
-                }
-            }
+      }
+      seqObj = undefined
+    } else if (uCode >= 0) {  // Regular character
+      var subtable = this.encodeTable[uCode >> 8]
+      if (subtable !== undefined) { dbcsCode = subtable[uCode & 0xFF] }
+
+      if (dbcsCode <= SEQ_START) { // Sequence start
+        seqObj = this.encodeTableSeq[SEQ_START - dbcsCode]
+        continue
+      }
+
+      if (dbcsCode == UNASSIGNED && this.gb18030) {
+        // Use GB18030 algorithm to find character(s) to write.
+        var idx = findIdx(this.gb18030.uChars, uCode)
+        if (idx != -1) {
+          var dbcsCode = this.gb18030.gbChars[idx] + (uCode - this.gb18030.uChars[idx])
+          newBuf[j++] = 0x81 + Math.floor(dbcsCode / 12600); dbcsCode = dbcsCode % 12600
+          newBuf[j++] = 0x30 + Math.floor(dbcsCode / 1260); dbcsCode = dbcsCode % 1260
+          newBuf[j++] = 0x81 + Math.floor(dbcsCode / 10); dbcsCode = dbcsCode % 10
+          newBuf[j++] = 0x30 + dbcsCode
+          continue
         }
+      }
+    }
 
-        // 3. Write dbcsCode character.
-        if (dbcsCode === UNASSIGNED)
-            dbcsCode = this.defaultCharSingleByte;
-        
-        if (dbcsCode < 0x100) {
-            newBuf[j++] = dbcsCode;
-        }
-        else if (dbcsCode < 0x10000) {
-            newBuf[j++] = dbcsCode >> 8;   // high byte
-            newBuf[j++] = dbcsCode & 0xFF; // low byte
-        }
-        else if (dbcsCode < 0x1000000) {
-            newBuf[j++] = dbcsCode >> 16;
-            newBuf[j++] = (dbcsCode >> 8) & 0xFF;
-            newBuf[j++] = dbcsCode & 0xFF;
-        } else {
-            newBuf[j++] = dbcsCode >>> 24;
-            newBuf[j++] = (dbcsCode >>> 16) & 0xFF;
-            newBuf[j++] = (dbcsCode >>> 8) & 0xFF;
-            newBuf[j++] = dbcsCode & 0xFF;
-        }
+    // 3. Write dbcsCode character.
+    if (dbcsCode === UNASSIGNED) { dbcsCode = this.defaultCharSingleByte }
+
+    if (dbcsCode < 0x100) {
+      newBuf[j++] = dbcsCode
+    } else if (dbcsCode < 0x10000) {
+      newBuf[j++] = dbcsCode >> 8   // high byte
+      newBuf[j++] = dbcsCode & 0xFF // low byte
+    } else if (dbcsCode < 0x1000000) {
+      newBuf[j++] = dbcsCode >> 16
+      newBuf[j++] = (dbcsCode >> 8) & 0xFF
+      newBuf[j++] = dbcsCode & 0xFF
+    } else {
+      newBuf[j++] = dbcsCode >>> 24
+      newBuf[j++] = (dbcsCode >>> 16) & 0xFF
+      newBuf[j++] = (dbcsCode >>> 8) & 0xFF
+      newBuf[j++] = dbcsCode & 0xFF
     }
+  }
 
-    this.seqObj = seqObj;
-    this.leadSurrogate = leadSurrogate;
-    return newBuf.slice(0, j);
+  this.seqObj = seqObj
+  this.leadSurrogate = leadSurrogate
+  return newBuf.slice(0, j)
 }
 
-DBCSEncoder.prototype.end = function() {
-    if (this.leadSurrogate === -1 && this.seqObj === undefined)
-        return; // All clean. Most often case.
-
-    var newBuf = Buffer.alloc(10), j = 0;
-
-    if (this.seqObj) { // We're in the sequence.
-        var dbcsCode = this.seqObj[DEF_CHAR];
-        if (dbcsCode !== undefined) { // Write beginning of the sequence.
-            if (dbcsCode < 0x100) {
-                newBuf[j++] = dbcsCode;
-            }
-            else {
-                newBuf[j++] = dbcsCode >> 8;   // high byte
-                newBuf[j++] = dbcsCode & 0xFF; // low byte
-            }
-        } else {
-            // See todo above.
-        }
-        this.seqObj = undefined;
+DBCSEncoder.prototype.end = function () {
+  if (this.leadSurrogate === -1 && this.seqObj === undefined) { return } // All clean. Most often case.
+
+  var newBuf = Buffer.alloc(10); var j = 0
+
+  if (this.seqObj) { // We're in the sequence.
+    var dbcsCode = this.seqObj[DEF_CHAR]
+    if (dbcsCode !== undefined) { // Write beginning of the sequence.
+      if (dbcsCode < 0x100) {
+        newBuf[j++] = dbcsCode
+      } else {
+        newBuf[j++] = dbcsCode >> 8   // high byte
+        newBuf[j++] = dbcsCode & 0xFF // low byte
+      }
+    } else {
+      // See todo above.
     }
+    this.seqObj = undefined
+  }
 
-    if (this.leadSurrogate !== -1) {
-        // Incomplete surrogate pair - only lead surrogate found.
-        newBuf[j++] = this.defaultCharSingleByte;
-        this.leadSurrogate = -1;
-    }
-    
-    return newBuf.slice(0, j);
+  if (this.leadSurrogate !== -1) {
+    // Incomplete surrogate pair - only lead surrogate found.
+    newBuf[j++] = this.defaultCharSingleByte
+    this.leadSurrogate = -1
+  }
+
+  return newBuf.slice(0, j)
 }
 
 // Export for testing
-DBCSEncoder.prototype.findIdx = findIdx;
-
+DBCSEncoder.prototype.findIdx = findIdx
 
 // == Decoder ==================================================================
 
-function DBCSDecoder(options, codec) {
-    // Decoder state
-    this.nodeIdx = 0;
-    this.prevBytes = [];
+function DBCSDecoder (options, codec) {
+  // Decoder state
+  this.nodeIdx = 0
+  this.prevBytes = []
 
-    // Static data
-    this.decodeTables = codec.decodeTables;
-    this.decodeTableSeq = codec.decodeTableSeq;
-    this.defaultCharUnicode = codec.defaultCharUnicode;
-    this.gb18030 = codec.gb18030;
+  // Static data
+  this.decodeTables = codec.decodeTables
+  this.decodeTableSeq = codec.decodeTableSeq
+  this.defaultCharUnicode = codec.defaultCharUnicode
+  this.gb18030 = codec.gb18030
 }
 
-DBCSDecoder.prototype.write = function(buf) {
-    var newBuf = Buffer.alloc(buf.length*2),
-        nodeIdx = this.nodeIdx, 
-        prevBytes = this.prevBytes, prevOffset = this.prevBytes.length,
-        seqStart = -this.prevBytes.length, // idx of the start of current parsed sequence.
-        uCode;
-
-    for (var i = 0, j = 0; i < buf.length; i++) {
-        var curByte = (i >= 0) ? buf[i] : prevBytes[i + prevOffset];
-
-        // Lookup in current trie node.
-        var uCode = this.decodeTables[nodeIdx][curByte];
-
-        if (uCode >= 0) { 
-            // Normal character, just use it.
-        }
-        else if (uCode === UNASSIGNED) { // Unknown char.
-            // TODO: Callback with seq.
-            uCode = this.defaultCharUnicode.charCodeAt(0);
-            i = seqStart; // Skip one byte ('i' will be incremented by the for loop) and try to parse again.
-        }
-        else if (uCode === GB18030_CODE) {
-            if (i >= 3) {
-                var ptr = (buf[i-3]-0x81)*12600 + (buf[i-2]-0x30)*1260 + (buf[i-1]-0x81)*10 + (curByte-0x30);
-            } else {
-                var ptr = (prevBytes[i-3+prevOffset]-0x81)*12600 + 
-                          (((i-2 >= 0) ? buf[i-2] : prevBytes[i-2+prevOffset])-0x30)*1260 + 
-                          (((i-1 >= 0) ? buf[i-1] : prevBytes[i-1+prevOffset])-0x81)*10 + 
-                          (curByte-0x30);
-            }
-            var idx = findIdx(this.gb18030.gbChars, ptr);
-            uCode = this.gb18030.uChars[idx] + ptr - this.gb18030.gbChars[idx];
-        }
-        else if (uCode <= NODE_START) { // Go to next trie node.
-            nodeIdx = NODE_START - uCode;
-            continue;
-        }
-        else if (uCode <= SEQ_START) { // Output a sequence of chars.
-            var seq = this.decodeTableSeq[SEQ_START - uCode];
-            for (var k = 0; k < seq.length - 1; k++) {
-                uCode = seq[k];
-                newBuf[j++] = uCode & 0xFF;
-                newBuf[j++] = uCode >> 8;
-            }
-            uCode = seq[seq.length-1];
-        }
-        else
-            throw new Error("iconv-lite internal error: invalid decoding table value " + uCode + " at " + nodeIdx + "/" + curByte);
-
-        // Write the character to buffer, handling higher planes using surrogate pair.
-        if (uCode >= 0x10000) { 
-            uCode -= 0x10000;
-            var uCodeLead = 0xD800 | (uCode >> 10);
-            newBuf[j++] = uCodeLead & 0xFF;
-            newBuf[j++] = uCodeLead >> 8;
-
-            uCode = 0xDC00 | (uCode & 0x3FF);
-        }
-        newBuf[j++] = uCode & 0xFF;
-        newBuf[j++] = uCode >> 8;
-
-        // Reset trie node.
-        nodeIdx = 0; seqStart = i+1;
+DBCSDecoder.prototype.write = function (buf) {
+  var newBuf = Buffer.alloc(buf.length * 2)
+  var nodeIdx = this.nodeIdx
+  var prevBytes = this.prevBytes; var prevOffset = this.prevBytes.length
+  var seqStart = -this.prevBytes.length // idx of the start of current parsed sequence.
+  var uCode
+
+  for (var i = 0, j = 0; i < buf.length; i++) {
+    var curByte = (i >= 0) ? buf[i] : prevBytes[i + prevOffset]
+
+    // Lookup in current trie node.
+    var uCode = this.decodeTables[nodeIdx][curByte]
+
+    if (uCode >= 0) {
+      // Normal character, just use it.
+    } else if (uCode === UNASSIGNED) { // Unknown char.
+      // TODO: Callback with seq.
+      uCode = this.defaultCharUnicode.charCodeAt(0)
+      i = seqStart // Skip one byte ('i' will be incremented by the for loop) and try to parse again.
+    } else if (uCode === GB18030_CODE) {
+      if (i >= 3) {
+        var ptr = (buf[i - 3] - 0x81) * 12600 + (buf[i - 2] - 0x30) * 1260 + (buf[i - 1] - 0x81) * 10 + (curByte - 0x30)
+      } else {
+        var ptr = (prevBytes[i - 3 + prevOffset] - 0x81) * 12600 +
+                          (((i - 2 >= 0) ? buf[i - 2] : prevBytes[i - 2 + prevOffset]) - 0x30) * 1260 +
+                          (((i - 1 >= 0) ? buf[i - 1] : prevBytes[i - 1 + prevOffset]) - 0x81) * 10 +
+                          (curByte - 0x30)
+      }
+      var idx = findIdx(this.gb18030.gbChars, ptr)
+      uCode = this.gb18030.uChars[idx] + ptr - this.gb18030.gbChars[idx]
+    } else if (uCode <= NODE_START) { // Go to next trie node.
+      nodeIdx = NODE_START - uCode
+      continue
+    } else if (uCode <= SEQ_START) { // Output a sequence of chars.
+      var seq = this.decodeTableSeq[SEQ_START - uCode]
+      for (var k = 0; k < seq.length - 1; k++) {
+        uCode = seq[k]
+        newBuf[j++] = uCode & 0xFF
+        newBuf[j++] = uCode >> 8
+      }
+      uCode = seq[seq.length - 1]
+    } else { throw new Error("iconv-lite internal error: invalid decoding table value " + uCode + " at " + nodeIdx + "/" + curByte) }
+
+    // Write the character to buffer, handling higher planes using surrogate pair.
+    if (uCode >= 0x10000) {
+      uCode -= 0x10000
+      var uCodeLead = 0xD800 | (uCode >> 10)
+      newBuf[j++] = uCodeLead & 0xFF
+      newBuf[j++] = uCodeLead >> 8
+
+      uCode = 0xDC00 | (uCode & 0x3FF)
     }
+    newBuf[j++] = uCode & 0xFF
+    newBuf[j++] = uCode >> 8
+
+    // Reset trie node.
+    nodeIdx = 0; seqStart = i + 1
+  }
 
-    this.nodeIdx = nodeIdx;
-    this.prevBytes = (seqStart >= 0)
-        ? Array.prototype.slice.call(buf, seqStart)
-        : prevBytes.slice(seqStart + prevOffset).concat(Array.prototype.slice.call(buf));
+  this.nodeIdx = nodeIdx
+  this.prevBytes = (seqStart >= 0)
+    ? Array.prototype.slice.call(buf, seqStart)
+    : prevBytes.slice(seqStart + prevOffset).concat(Array.prototype.slice.call(buf))
 
-    return newBuf.slice(0, j).toString('ucs2');
+  return newBuf.slice(0, j).toString("ucs2")
 }
 
-DBCSDecoder.prototype.end = function() {
-    var ret = '';
+DBCSDecoder.prototype.end = function () {
+  var ret = ""
 
-    // Try to parse all remaining chars.
-    while (this.prevBytes.length > 0) {
-        // Skip 1 character in the buffer.
-        ret += this.defaultCharUnicode;
-        var bytesArr = this.prevBytes.slice(1);
+  // Try to parse all remaining chars.
+  while (this.prevBytes.length > 0) {
+    // Skip 1 character in the buffer.
+    ret += this.defaultCharUnicode
+    var bytesArr = this.prevBytes.slice(1)
 
-        // Parse remaining as usual.
-        this.prevBytes = [];
-        this.nodeIdx = 0;
-        if (bytesArr.length > 0)
-            ret += this.write(bytesArr);
-    }
+    // Parse remaining as usual.
+    this.prevBytes = []
+    this.nodeIdx = 0
+    if (bytesArr.length > 0) { ret += this.write(bytesArr) }
+  }
 
-    this.prevBytes = [];
-    this.nodeIdx = 0;
-    return ret;
+  this.prevBytes = []
+  this.nodeIdx = 0
+  return ret
 }
 
 // Binary search for GB18030. Returns largest i such that table[i] <= val.
-function findIdx(table, val) {
-    if (table[0] > val)
-        return -1;
-
-    var l = 0, r = table.length;
-    while (l < r-1) { // always table[l] <= val < table[r]
-        var mid = l + ((r-l+1) >> 1);
-        if (table[mid] <= val)
-            l = mid;
-        else
-            r = mid;
-    }
-    return l;
+function findIdx (table, val) {
+  if (table[0] > val) { return -1 }
+
+  var l = 0; var r = table.length
+  while (l < r - 1) { // always table[l] <= val < table[r]
+    var mid = l + ((r - l + 1) >> 1)
+    if (table[mid] <= val) { l = mid } else { r = mid }
+  }
+  return l
 }
-
diff --git a/deps/npm/node_modules/iconv-lite/encodings/dbcs-data.js b/deps/npm/node_modules/iconv-lite/encodings/dbcs-data.js
index 0d17e5821b3df9..a3858d4cf36253 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/dbcs-data.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/dbcs-data.js
@@ -1,188 +1,185 @@
-"use strict";
+"use strict"
 
 // Description of supported double byte encodings and aliases.
 // Tables are not require()-d until they are needed to speed up library load.
 // require()-s are direct to support Browserify.
 
 module.exports = {
-    
-    // == Japanese/ShiftJIS ====================================================
-    // All japanese encodings are based on JIS X set of standards:
-    // JIS X 0201 - Single-byte encoding of ASCII + ¥ + Kana chars at 0xA1-0xDF.
-    // JIS X 0208 - Main set of 6879 characters, placed in 94x94 plane, to be encoded by 2 bytes. 
-    //              Has several variations in 1978, 1983, 1990 and 1997.
-    // JIS X 0212 - Supplementary plane of 6067 chars in 94x94 plane. 1990. Effectively dead.
-    // JIS X 0213 - Extension and modern replacement of 0208 and 0212. Total chars: 11233.
-    //              2 planes, first is superset of 0208, second - revised 0212.
-    //              Introduced in 2000, revised 2004. Some characters are in Unicode Plane 2 (0x2xxxx)
-
-    // Byte encodings are:
-    //  * Shift_JIS: Compatible with 0201, uses not defined chars in top half as lead bytes for double-byte
-    //               encoding of 0208. Lead byte ranges: 0x81-0x9F, 0xE0-0xEF; Trail byte ranges: 0x40-0x7E, 0x80-0x9E, 0x9F-0xFC.
-    //               Windows CP932 is a superset of Shift_JIS. Some companies added more chars, notably KDDI.
-    //  * EUC-JP:    Up to 3 bytes per character. Used mostly on *nixes.
-    //               0x00-0x7F       - lower part of 0201
-    //               0x8E, 0xA1-0xDF - upper part of 0201
-    //               (0xA1-0xFE)x2   - 0208 plane (94x94).
-    //               0x8F, (0xA1-0xFE)x2 - 0212 plane (94x94).
-    //  * JIS X 208: 7-bit, direct encoding of 0208. Byte ranges: 0x21-0x7E (94 values). Uncommon.
-    //               Used as-is in ISO2022 family.
-    //  * ISO2022-JP: Stateful encoding, with escape sequences to switch between ASCII, 
-    //                0201-1976 Roman, 0208-1978, 0208-1983.
-    //  * ISO2022-JP-1: Adds esc seq for 0212-1990.
-    //  * ISO2022-JP-2: Adds esc seq for GB2313-1980, KSX1001-1992, ISO8859-1, ISO8859-7.
-    //  * ISO2022-JP-3: Adds esc seq for 0201-1976 Kana set, 0213-2000 Planes 1, 2.
-    //  * ISO2022-JP-2004: Adds 0213-2004 Plane 1.
-    //
-    // After JIS X 0213 appeared, Shift_JIS-2004, EUC-JISX0213 and ISO2022-JP-2004 followed, with just changing the planes.
-    //
-    // Overall, it seems that it's a mess :( http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
-
-    'shiftjis': {
-        type: '_dbcs',
-        table: function() { return require('./tables/shiftjis.json') },
-        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
-        encodeSkipVals: [{from: 0xED40, to: 0xF940}],
-    },
-    'csshiftjis': 'shiftjis',
-    'mskanji': 'shiftjis',
-    'sjis': 'shiftjis',
-    'windows31j': 'shiftjis',
-    'ms31j': 'shiftjis',
-    'xsjis': 'shiftjis',
-    'windows932': 'shiftjis',
-    'ms932': 'shiftjis',
-    '932': 'shiftjis',
-    'cp932': 'shiftjis',
-
-    'eucjp': {
-        type: '_dbcs',
-        table: function() { return require('./tables/eucjp.json') },
-        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
-    },
-
-    // TODO: KDDI extension to Shift_JIS
-    // TODO: IBM CCSID 942 = CP932, but F0-F9 custom chars and other char changes.
-    // TODO: IBM CCSID 943 = Shift_JIS = CP932 with original Shift_JIS lower 128 chars.
-
-
-    // == Chinese/GBK ==========================================================
-    // http://en.wikipedia.org/wiki/GBK
-    // We mostly implement W3C recommendation: https://www.w3.org/TR/encoding/#gbk-encoder
-
-    // Oldest GB2312 (1981, ~7600 chars) is a subset of CP936
-    'gb2312': 'cp936',
-    'gb231280': 'cp936',
-    'gb23121980': 'cp936',
-    'csgb2312': 'cp936',
-    'csiso58gb231280': 'cp936',
-    'euccn': 'cp936',
-
-    // Microsoft's CP936 is a subset and approximation of GBK.
-    'windows936': 'cp936',
-    'ms936': 'cp936',
-    '936': 'cp936',
-    'cp936': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json') },
-    },
-
-    // GBK (~22000 chars) is an extension of CP936 that added user-mapped chars and some other.
-    'gbk': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
-    },
-    'xgbk': 'gbk',
-    'isoir58': 'gbk',
-
-    // GB18030 is an algorithmic extension of GBK.
-    // Main source: https://www.w3.org/TR/encoding/#gbk-encoder
-    // http://icu-project.org/docs/papers/gb18030.html
-    // http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
-    // http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
-    'gb18030': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
-        gb18030: function() { return require('./tables/gb18030-ranges.json') },
-        encodeSkipVals: [0x80],
-        encodeAdd: {'€': 0xA2E3},
-    },
-
-    'chinese': 'gb18030',
-
-
-    // == Korean ===============================================================
-    // EUC-KR, KS_C_5601 and KS X 1001 are exactly the same.
-    'windows949': 'cp949',
-    'ms949': 'cp949',
-    '949': 'cp949',
-    'cp949': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp949.json') },
-    },
-
-    'cseuckr': 'cp949',
-    'csksc56011987': 'cp949',
-    'euckr': 'cp949',
-    'isoir149': 'cp949',
-    'korean': 'cp949',
-    'ksc56011987': 'cp949',
-    'ksc56011989': 'cp949',
-    'ksc5601': 'cp949',
-
-
-    // == Big5/Taiwan/Hong Kong ================================================
-    // There are lots of tables for Big5 and cp950. Please see the following links for history:
-    // http://moztw.org/docs/big5/  http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
-    // Variations, in roughly number of defined chars:
-    //  * Windows CP 950: Microsoft variant of Big5. Canonical: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
-    //  * Windows CP 951: Microsoft variant of Big5-HKSCS-2001. Seems to be never public. http://me.abelcheung.org/articles/research/what-is-cp951/
-    //  * Big5-2003 (Taiwan standard) almost superset of cp950.
-    //  * Unicode-at-on (UAO) / Mozilla 1.8. Falling out of use on the Web. Not supported by other browsers.
-    //  * Big5-HKSCS (-2001, -2004, -2008). Hong Kong standard. 
-    //    many unicode code points moved from PUA to Supplementary plane (U+2XXXX) over the years.
-    //    Plus, it has 4 combining sequences.
-    //    Seems that Mozilla refused to support it for 10 yrs. https://bugzilla.mozilla.org/show_bug.cgi?id=162431 https://bugzilla.mozilla.org/show_bug.cgi?id=310299
-    //    because big5-hkscs is the only encoding to include astral characters in non-algorithmic way.
-    //    Implementations are not consistent within browsers; sometimes labeled as just big5.
-    //    MS Internet Explorer switches from big5 to big5-hkscs when a patch applied.
-    //    Great discussion & recap of what's going on https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
-    //    In the encoder, it might make sense to support encoding old PUA mappings to Big5 bytes seq-s.
-    //    Official spec: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
-    //                   http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
-    // 
-    // Current understanding of how to deal with Big5(-HKSCS) is in the Encoding Standard, http://encoding.spec.whatwg.org/#big5-encoder
-    // Unicode mapping (http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT) is said to be wrong.
-
-    'windows950': 'cp950',
-    'ms950': 'cp950',
-    '950': 'cp950',
-    'cp950': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp950.json') },
-    },
-
-    // Big5 has many variations and is an extension of cp950. We use Encoding Standard's as a consensus.
-    'big5': 'big5hkscs',
-    'big5hkscs': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp950.json').concat(require('./tables/big5-added.json')) },
-        encodeSkipVals: [
-            // Although Encoding Standard says we should avoid encoding to HKSCS area (See Step 1 of
-            // https://encoding.spec.whatwg.org/#index-big5-pointer), we still do it to increase compatibility with ICU.
-            // But if a single unicode point can be encoded both as HKSCS and regular Big5, we prefer the latter.
-            0x8e69, 0x8e6f, 0x8e7e, 0x8eab, 0x8eb4, 0x8ecd, 0x8ed0, 0x8f57, 0x8f69, 0x8f6e, 0x8fcb, 0x8ffe,
-            0x906d, 0x907a, 0x90c4, 0x90dc, 0x90f1, 0x91bf, 0x92af, 0x92b0, 0x92b1, 0x92b2, 0x92d1, 0x9447, 0x94ca,
-            0x95d9, 0x96fc, 0x9975, 0x9b76, 0x9b78, 0x9b7b, 0x9bc6, 0x9bde, 0x9bec, 0x9bf6, 0x9c42, 0x9c53, 0x9c62,
-            0x9c68, 0x9c6b, 0x9c77, 0x9cbc, 0x9cbd, 0x9cd0, 0x9d57, 0x9d5a, 0x9dc4, 0x9def, 0x9dfb, 0x9ea9, 0x9eef,
-            0x9efd, 0x9f60, 0x9fcb, 0xa077, 0xa0dc, 0xa0df, 0x8fcc, 0x92c8, 0x9644, 0x96ed,
-
-            // Step 2 of https://encoding.spec.whatwg.org/#index-big5-pointer: Use last pointer for U+2550, U+255E, U+2561, U+256A, U+5341, or U+5345
-            0xa2a4, 0xa2a5, 0xa2a7, 0xa2a6, 0xa2cc, 0xa2ce,
-        ],
-    },
-
-    'cnbig5': 'big5hkscs',
-    'csbig5': 'big5hkscs',
-    'xxbig5': 'big5hkscs',
-};
+
+  // == Japanese/ShiftJIS ====================================================
+  // All japanese encodings are based on JIS X set of standards:
+  // JIS X 0201 - Single-byte encoding of ASCII + ¥ + Kana chars at 0xA1-0xDF.
+  // JIS X 0208 - Main set of 6879 characters, placed in 94x94 plane, to be encoded by 2 bytes.
+  //              Has several variations in 1978, 1983, 1990 and 1997.
+  // JIS X 0212 - Supplementary plane of 6067 chars in 94x94 plane. 1990. Effectively dead.
+  // JIS X 0213 - Extension and modern replacement of 0208 and 0212. Total chars: 11233.
+  //              2 planes, first is superset of 0208, second - revised 0212.
+  //              Introduced in 2000, revised 2004. Some characters are in Unicode Plane 2 (0x2xxxx)
+
+  // Byte encodings are:
+  //  * Shift_JIS: Compatible with 0201, uses not defined chars in top half as lead bytes for double-byte
+  //               encoding of 0208. Lead byte ranges: 0x81-0x9F, 0xE0-0xEF; Trail byte ranges: 0x40-0x7E, 0x80-0x9E, 0x9F-0xFC.
+  //               Windows CP932 is a superset of Shift_JIS. Some companies added more chars, notably KDDI.
+  //  * EUC-JP:    Up to 3 bytes per character. Used mostly on *nixes.
+  //               0x00-0x7F       - lower part of 0201
+  //               0x8E, 0xA1-0xDF - upper part of 0201
+  //               (0xA1-0xFE)x2   - 0208 plane (94x94).
+  //               0x8F, (0xA1-0xFE)x2 - 0212 plane (94x94).
+  //  * JIS X 208: 7-bit, direct encoding of 0208. Byte ranges: 0x21-0x7E (94 values). Uncommon.
+  //               Used as-is in ISO2022 family.
+  //  * ISO2022-JP: Stateful encoding, with escape sequences to switch between ASCII,
+  //                0201-1976 Roman, 0208-1978, 0208-1983.
+  //  * ISO2022-JP-1: Adds esc seq for 0212-1990.
+  //  * ISO2022-JP-2: Adds esc seq for GB2313-1980, KSX1001-1992, ISO8859-1, ISO8859-7.
+  //  * ISO2022-JP-3: Adds esc seq for 0201-1976 Kana set, 0213-2000 Planes 1, 2.
+  //  * ISO2022-JP-2004: Adds 0213-2004 Plane 1.
+  //
+  // After JIS X 0213 appeared, Shift_JIS-2004, EUC-JISX0213 and ISO2022-JP-2004 followed, with just changing the planes.
+  //
+  // Overall, it seems that it's a mess :( http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
+
+  shiftjis: {
+    type: "_dbcs",
+    table: function () { return require("./tables/shiftjis.json") },
+    encodeAdd: { "\u00a5": 0x5C, "\u203E": 0x7E },
+    encodeSkipVals: [{ from: 0xED40, to: 0xF940 }]
+  },
+  csshiftjis: "shiftjis",
+  mskanji: "shiftjis",
+  sjis: "shiftjis",
+  windows31j: "shiftjis",
+  ms31j: "shiftjis",
+  xsjis: "shiftjis",
+  windows932: "shiftjis",
+  ms932: "shiftjis",
+  932: "shiftjis",
+  cp932: "shiftjis",
+
+  eucjp: {
+    type: "_dbcs",
+    table: function () { return require("./tables/eucjp.json") },
+    encodeAdd: { "\u00a5": 0x5C, "\u203E": 0x7E }
+  },
+
+  // TODO: KDDI extension to Shift_JIS
+  // TODO: IBM CCSID 942 = CP932, but F0-F9 custom chars and other char changes.
+  // TODO: IBM CCSID 943 = Shift_JIS = CP932 with original Shift_JIS lower 128 chars.
+
+  // == Chinese/GBK ==========================================================
+  // http://en.wikipedia.org/wiki/GBK
+  // We mostly implement W3C recommendation: https://www.w3.org/TR/encoding/#gbk-encoder
+
+  // Oldest GB2312 (1981, ~7600 chars) is a subset of CP936
+  gb2312: "cp936",
+  gb231280: "cp936",
+  gb23121980: "cp936",
+  csgb2312: "cp936",
+  csiso58gb231280: "cp936",
+  euccn: "cp936",
+
+  // Microsoft's CP936 is a subset and approximation of GBK.
+  windows936: "cp936",
+  ms936: "cp936",
+  936: "cp936",
+  cp936: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp936.json") }
+  },
+
+  // GBK (~22000 chars) is an extension of CP936 that added user-mapped chars and some other.
+  gbk: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp936.json").concat(require("./tables/gbk-added.json")) }
+  },
+  xgbk: "gbk",
+  isoir58: "gbk",
+
+  // GB18030 is an algorithmic extension of GBK.
+  // Main source: https://www.w3.org/TR/encoding/#gbk-encoder
+  // http://icu-project.org/docs/papers/gb18030.html
+  // http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
+  // http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
+  gb18030: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp936.json").concat(require("./tables/gbk-added.json")) },
+    gb18030: function () { return require("./tables/gb18030-ranges.json") },
+    encodeSkipVals: [0x80],
+    encodeAdd: { "€": 0xA2E3 }
+  },
+
+  chinese: "gb18030",
+
+  // == Korean ===============================================================
+  // EUC-KR, KS_C_5601 and KS X 1001 are exactly the same.
+  windows949: "cp949",
+  ms949: "cp949",
+  949: "cp949",
+  cp949: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp949.json") }
+  },
+
+  cseuckr: "cp949",
+  csksc56011987: "cp949",
+  euckr: "cp949",
+  isoir149: "cp949",
+  korean: "cp949",
+  ksc56011987: "cp949",
+  ksc56011989: "cp949",
+  ksc5601: "cp949",
+
+  // == Big5/Taiwan/Hong Kong ================================================
+  // There are lots of tables for Big5 and cp950. Please see the following links for history:
+  // http://moztw.org/docs/big5/  http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
+  // Variations, in roughly number of defined chars:
+  //  * Windows CP 950: Microsoft variant of Big5. Canonical: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
+  //  * Windows CP 951: Microsoft variant of Big5-HKSCS-2001. Seems to be never public. http://me.abelcheung.org/articles/research/what-is-cp951/
+  //  * Big5-2003 (Taiwan standard) almost superset of cp950.
+  //  * Unicode-at-on (UAO) / Mozilla 1.8. Falling out of use on the Web. Not supported by other browsers.
+  //  * Big5-HKSCS (-2001, -2004, -2008). Hong Kong standard.
+  //    many unicode code points moved from PUA to Supplementary plane (U+2XXXX) over the years.
+  //    Plus, it has 4 combining sequences.
+  //    Seems that Mozilla refused to support it for 10 yrs. https://bugzilla.mozilla.org/show_bug.cgi?id=162431 https://bugzilla.mozilla.org/show_bug.cgi?id=310299
+  //    because big5-hkscs is the only encoding to include astral characters in non-algorithmic way.
+  //    Implementations are not consistent within browsers; sometimes labeled as just big5.
+  //    MS Internet Explorer switches from big5 to big5-hkscs when a patch applied.
+  //    Great discussion & recap of what's going on https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
+  //    In the encoder, it might make sense to support encoding old PUA mappings to Big5 bytes seq-s.
+  //    Official spec: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
+  //                   http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
+  //
+  // Current understanding of how to deal with Big5(-HKSCS) is in the Encoding Standard, http://encoding.spec.whatwg.org/#big5-encoder
+  // Unicode mapping (http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT) is said to be wrong.
+
+  windows950: "cp950",
+  ms950: "cp950",
+  950: "cp950",
+  cp950: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp950.json") }
+  },
+
+  // Big5 has many variations and is an extension of cp950. We use Encoding Standard's as a consensus.
+  big5: "big5hkscs",
+  big5hkscs: {
+    type: "_dbcs",
+    table: function () { return require("./tables/cp950.json").concat(require("./tables/big5-added.json")) },
+    encodeSkipVals: [
+      // Although Encoding Standard says we should avoid encoding to HKSCS area (See Step 1 of
+      // https://encoding.spec.whatwg.org/#index-big5-pointer), we still do it to increase compatibility with ICU.
+      // But if a single unicode point can be encoded both as HKSCS and regular Big5, we prefer the latter.
+      0x8e69, 0x8e6f, 0x8e7e, 0x8eab, 0x8eb4, 0x8ecd, 0x8ed0, 0x8f57, 0x8f69, 0x8f6e, 0x8fcb, 0x8ffe,
+      0x906d, 0x907a, 0x90c4, 0x90dc, 0x90f1, 0x91bf, 0x92af, 0x92b0, 0x92b1, 0x92b2, 0x92d1, 0x9447, 0x94ca,
+      0x95d9, 0x96fc, 0x9975, 0x9b76, 0x9b78, 0x9b7b, 0x9bc6, 0x9bde, 0x9bec, 0x9bf6, 0x9c42, 0x9c53, 0x9c62,
+      0x9c68, 0x9c6b, 0x9c77, 0x9cbc, 0x9cbd, 0x9cd0, 0x9d57, 0x9d5a, 0x9dc4, 0x9def, 0x9dfb, 0x9ea9, 0x9eef,
+      0x9efd, 0x9f60, 0x9fcb, 0xa077, 0xa0dc, 0xa0df, 0x8fcc, 0x92c8, 0x9644, 0x96ed,
+
+      // Step 2 of https://encoding.spec.whatwg.org/#index-big5-pointer: Use last pointer for U+2550, U+255E, U+2561, U+256A, U+5341, or U+5345
+      0xa2a4, 0xa2a5, 0xa2a7, 0xa2a6, 0xa2cc, 0xa2ce
+    ]
+  },
+
+  cnbig5: "big5hkscs",
+  csbig5: "big5hkscs",
+  xxbig5: "big5hkscs"
+}
diff --git a/deps/npm/node_modules/iconv-lite/encodings/index.js b/deps/npm/node_modules/iconv-lite/encodings/index.js
index d95c2441151a93..9d90e3cac6b09d 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/index.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/index.js
@@ -1,23 +1,23 @@
-"use strict";
+"use strict"
+
+var mergeModules = require("../lib/helpers/merge-exports")
 
 // Update this array if you add/rename/remove files in this directory.
 // We support Browserify by skipping automatic module discovery and requiring modules directly.
 var modules = [
-    require("./internal"),
-    require("./utf32"),
-    require("./utf16"),
-    require("./utf7"),
-    require("./sbcs-codec"),
-    require("./sbcs-data"),
-    require("./sbcs-data-generated"),
-    require("./dbcs-codec"),
-    require("./dbcs-data"),
-];
+  require("./internal"),
+  require("./utf32"),
+  require("./utf16"),
+  require("./utf7"),
+  require("./sbcs-codec"),
+  require("./sbcs-data"),
+  require("./sbcs-data-generated"),
+  require("./dbcs-codec"),
+  require("./dbcs-data")
+]
 
 // Put all encoding/alias/codec definitions to single object and export it.
 for (var i = 0; i < modules.length; i++) {
-    var module = modules[i];
-    for (var enc in module)
-        if (Object.prototype.hasOwnProperty.call(module, enc))
-            exports[enc] = module[enc];
+  var module = modules[i]
+  mergeModules(exports, module)
 }
diff --git a/deps/npm/node_modules/iconv-lite/encodings/internal.js b/deps/npm/node_modules/iconv-lite/encodings/internal.js
index dc1074f04f11a3..4e5c3ff25ac158 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/internal.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/internal.js
@@ -1,198 +1,218 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
+"use strict"
+var Buffer = require("safer-buffer").Buffer
 
 // Export Node.js internal encodings.
 
 module.exports = {
-    // Encodings
-    utf8:   { type: "_internal", bomAware: true},
-    cesu8:  { type: "_internal", bomAware: true},
-    unicode11utf8: "utf8",
-
-    ucs2:   { type: "_internal", bomAware: true},
-    utf16le: "ucs2",
-
-    binary: { type: "_internal" },
-    base64: { type: "_internal" },
-    hex:    { type: "_internal" },
-
-    // Codec.
-    _internal: InternalCodec,
-};
-
-//------------------------------------------------------------------------------
-
-function InternalCodec(codecOptions, iconv) {
-    this.enc = codecOptions.encodingName;
-    this.bomAware = codecOptions.bomAware;
-
-    if (this.enc === "base64")
-        this.encoder = InternalEncoderBase64;
-    else if (this.enc === "cesu8") {
-        this.enc = "utf8"; // Use utf8 for decoding.
-        this.encoder = InternalEncoderCesu8;
-
-        // Add decoder for versions of Node not supporting CESU-8
-        if (Buffer.from('eda0bdedb2a9', 'hex').toString() !== '💩') {
-            this.decoder = InternalDecoderCesu8;
-            this.defaultCharUnicode = iconv.defaultCharUnicode;
-        }
-    }
-}
+  // Encodings
+  utf8: { type: "_internal", bomAware: true },
+  cesu8: { type: "_internal", bomAware: true },
+  unicode11utf8: "utf8",
 
-InternalCodec.prototype.encoder = InternalEncoder;
-InternalCodec.prototype.decoder = InternalDecoder;
+  ucs2: { type: "_internal", bomAware: true },
+  utf16le: "ucs2",
 
-//------------------------------------------------------------------------------
+  binary: { type: "_internal" },
+  base64: { type: "_internal" },
+  hex: { type: "_internal" },
 
-// We use node.js internal decoder. Its signature is the same as ours.
-var StringDecoder = require('string_decoder').StringDecoder;
+  // Codec.
+  _internal: InternalCodec
+}
 
-if (!StringDecoder.prototype.end) // Node v0.8 doesn't have this method.
-    StringDecoder.prototype.end = function() {};
+// ------------------------------------------------------------------------------
 
+function InternalCodec (codecOptions, iconv) {
+  this.enc = codecOptions.encodingName
+  this.bomAware = codecOptions.bomAware
 
-function InternalDecoder(options, codec) {
-    this.decoder = new StringDecoder(codec.enc);
-}
+  if (this.enc === "base64") { this.encoder = InternalEncoderBase64 } else if (this.enc === "utf8") { this.encoder = InternalEncoderUtf8 } else if (this.enc === "cesu8") {
+    this.enc = "utf8" // Use utf8 for decoding.
+    this.encoder = InternalEncoderCesu8
 
-InternalDecoder.prototype.write = function(buf) {
-    if (!Buffer.isBuffer(buf)) {
-        buf = Buffer.from(buf);
+    // Add decoder for versions of Node not supporting CESU-8
+    if (Buffer.from("eda0bdedb2a9", "hex").toString() !== "💩") {
+      this.decoder = InternalDecoderCesu8
+      this.defaultCharUnicode = iconv.defaultCharUnicode
     }
+  }
+}
 
-    return this.decoder.write(buf);
+InternalCodec.prototype.encoder = InternalEncoder
+InternalCodec.prototype.decoder = InternalDecoder
+
+// ------------------------------------------------------------------------------
+
+// We use node.js internal decoder. Its signature is the same as ours.
+var StringDecoder = require("string_decoder").StringDecoder
+
+function InternalDecoder (options, codec) {
+  this.decoder = new StringDecoder(codec.enc)
 }
 
-InternalDecoder.prototype.end = function() {
-    return this.decoder.end();
+InternalDecoder.prototype.write = function (buf) {
+  if (!Buffer.isBuffer(buf)) {
+    buf = Buffer.from(buf)
+  }
+
+  return this.decoder.write(buf)
 }
 
+InternalDecoder.prototype.end = function () {
+  return this.decoder.end()
+}
 
-//------------------------------------------------------------------------------
+// ------------------------------------------------------------------------------
 // Encoder is mostly trivial
 
-function InternalEncoder(options, codec) {
-    this.enc = codec.enc;
+function InternalEncoder (options, codec) {
+  this.enc = codec.enc
 }
 
-InternalEncoder.prototype.write = function(str) {
-    return Buffer.from(str, this.enc);
+InternalEncoder.prototype.write = function (str) {
+  return Buffer.from(str, this.enc)
 }
 
-InternalEncoder.prototype.end = function() {
+InternalEncoder.prototype.end = function () {
 }
 
-
-//------------------------------------------------------------------------------
+// ------------------------------------------------------------------------------
 // Except base64 encoder, which must keep its state.
 
-function InternalEncoderBase64(options, codec) {
-    this.prevStr = '';
+function InternalEncoderBase64 (options, codec) {
+  this.prevStr = ""
 }
 
-InternalEncoderBase64.prototype.write = function(str) {
-    str = this.prevStr + str;
-    var completeQuads = str.length - (str.length % 4);
-    this.prevStr = str.slice(completeQuads);
-    str = str.slice(0, completeQuads);
+InternalEncoderBase64.prototype.write = function (str) {
+  str = this.prevStr + str
+  var completeQuads = str.length - (str.length % 4)
+  this.prevStr = str.slice(completeQuads)
+  str = str.slice(0, completeQuads)
 
-    return Buffer.from(str, "base64");
+  return Buffer.from(str, "base64")
 }
 
-InternalEncoderBase64.prototype.end = function() {
-    return Buffer.from(this.prevStr, "base64");
+InternalEncoderBase64.prototype.end = function () {
+  return Buffer.from(this.prevStr, "base64")
 }
 
-
-//------------------------------------------------------------------------------
+// ------------------------------------------------------------------------------
 // CESU-8 encoder is also special.
 
-function InternalEncoderCesu8(options, codec) {
+function InternalEncoderCesu8 (options, codec) {
+}
+
+InternalEncoderCesu8.prototype.write = function (str) {
+  var buf = Buffer.alloc(str.length * 3); var bufIdx = 0
+  for (var i = 0; i < str.length; i++) {
+    var charCode = str.charCodeAt(i)
+    // Naive implementation, but it works because CESU-8 is especially easy
+    // to convert from UTF-16 (which all JS strings are encoded in).
+    if (charCode < 0x80) { buf[bufIdx++] = charCode } else if (charCode < 0x800) {
+      buf[bufIdx++] = 0xC0 + (charCode >>> 6)
+      buf[bufIdx++] = 0x80 + (charCode & 0x3f)
+    } else { // charCode will always be < 0x10000 in javascript.
+      buf[bufIdx++] = 0xE0 + (charCode >>> 12)
+      buf[bufIdx++] = 0x80 + ((charCode >>> 6) & 0x3f)
+      buf[bufIdx++] = 0x80 + (charCode & 0x3f)
+    }
+  }
+  return buf.slice(0, bufIdx)
 }
 
-InternalEncoderCesu8.prototype.write = function(str) {
-    var buf = Buffer.alloc(str.length * 3), bufIdx = 0;
-    for (var i = 0; i < str.length; i++) {
-        var charCode = str.charCodeAt(i);
-        // Naive implementation, but it works because CESU-8 is especially easy
-        // to convert from UTF-16 (which all JS strings are encoded in).
-        if (charCode < 0x80)
-            buf[bufIdx++] = charCode;
-        else if (charCode < 0x800) {
-            buf[bufIdx++] = 0xC0 + (charCode >>> 6);
-            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
-        }
-        else { // charCode will always be < 0x10000 in javascript.
-            buf[bufIdx++] = 0xE0 + (charCode >>> 12);
-            buf[bufIdx++] = 0x80 + ((charCode >>> 6) & 0x3f);
-            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
+InternalEncoderCesu8.prototype.end = function () {
+}
+
+// ------------------------------------------------------------------------------
+// CESU-8 decoder is not implemented in Node v4.0+
+
+function InternalDecoderCesu8 (options, codec) {
+  this.acc = 0
+  this.contBytes = 0
+  this.accBytes = 0
+  this.defaultCharUnicode = codec.defaultCharUnicode
+}
+
+InternalDecoderCesu8.prototype.write = function (buf) {
+  var acc = this.acc; var contBytes = this.contBytes; var accBytes = this.accBytes
+  var res = ""
+  for (var i = 0; i < buf.length; i++) {
+    var curByte = buf[i]
+    if ((curByte & 0xC0) !== 0x80) { // Leading byte
+      if (contBytes > 0) { // Previous code is invalid
+        res += this.defaultCharUnicode
+        contBytes = 0
+      }
+
+      if (curByte < 0x80) { // Single-byte code
+        res += String.fromCharCode(curByte)
+      } else if (curByte < 0xE0) { // Two-byte code
+        acc = curByte & 0x1F
+        contBytes = 1; accBytes = 1
+      } else if (curByte < 0xF0) { // Three-byte code
+        acc = curByte & 0x0F
+        contBytes = 2; accBytes = 1
+      } else { // Four or more are not supported for CESU-8.
+        res += this.defaultCharUnicode
+      }
+    } else { // Continuation byte
+      if (contBytes > 0) { // We're waiting for it.
+        acc = (acc << 6) | (curByte & 0x3f)
+        contBytes--; accBytes++
+        if (contBytes === 0) {
+          // Check for overlong encoding, but support Modified UTF-8 (encoding NULL as C0 80)
+          if (accBytes === 2 && acc < 0x80 && acc > 0) {
+            res += this.defaultCharUnicode
+          } else if (accBytes === 3 && acc < 0x800) {
+            res += this.defaultCharUnicode
+          } else {
+            // Actually add character.
+            res += String.fromCharCode(acc)
+          }
         }
+      } else { // Unexpected continuation byte
+        res += this.defaultCharUnicode
+      }
     }
-    return buf.slice(0, bufIdx);
+  }
+  this.acc = acc; this.contBytes = contBytes; this.accBytes = accBytes
+  return res
 }
 
-InternalEncoderCesu8.prototype.end = function() {
+InternalDecoderCesu8.prototype.end = function () {
+  var res = 0
+  if (this.contBytes > 0) { res += this.defaultCharUnicode }
+  return res
 }
 
-//------------------------------------------------------------------------------
-// CESU-8 decoder is not implemented in Node v4.0+
+// ------------------------------------------------------------------------------
+// check the chunk boundaries for surrogate pair
 
-function InternalDecoderCesu8(options, codec) {
-    this.acc = 0;
-    this.contBytes = 0;
-    this.accBytes = 0;
-    this.defaultCharUnicode = codec.defaultCharUnicode;
-}
-
-InternalDecoderCesu8.prototype.write = function(buf) {
-    var acc = this.acc, contBytes = this.contBytes, accBytes = this.accBytes, 
-        res = '';
-    for (var i = 0; i < buf.length; i++) {
-        var curByte = buf[i];
-        if ((curByte & 0xC0) !== 0x80) { // Leading byte
-            if (contBytes > 0) { // Previous code is invalid
-                res += this.defaultCharUnicode;
-                contBytes = 0;
-            }
-
-            if (curByte < 0x80) { // Single-byte code
-                res += String.fromCharCode(curByte);
-            } else if (curByte < 0xE0) { // Two-byte code
-                acc = curByte & 0x1F;
-                contBytes = 1; accBytes = 1;
-            } else if (curByte < 0xF0) { // Three-byte code
-                acc = curByte & 0x0F;
-                contBytes = 2; accBytes = 1;
-            } else { // Four or more are not supported for CESU-8.
-                res += this.defaultCharUnicode;
-            }
-        } else { // Continuation byte
-            if (contBytes > 0) { // We're waiting for it.
-                acc = (acc << 6) | (curByte & 0x3f);
-                contBytes--; accBytes++;
-                if (contBytes === 0) {
-                    // Check for overlong encoding, but support Modified UTF-8 (encoding NULL as C0 80)
-                    if (accBytes === 2 && acc < 0x80 && acc > 0)
-                        res += this.defaultCharUnicode;
-                    else if (accBytes === 3 && acc < 0x800)
-                        res += this.defaultCharUnicode;
-                    else
-                        // Actually add character.
-                        res += String.fromCharCode(acc);
-                }
-            } else { // Unexpected continuation byte
-                res += this.defaultCharUnicode;
-            }
-        }
+function InternalEncoderUtf8 (options, codec) {
+  this.highSurrogate = ""
+}
+
+InternalEncoderUtf8.prototype.write = function (str) {
+  if (this.highSurrogate) {
+    str = this.highSurrogate + str
+    this.highSurrogate = ""
+  }
+
+  if (str.length > 0) {
+    var charCode = str.charCodeAt(str.length - 1)
+    if (charCode >= 0xd800 && charCode < 0xdc00) {
+      this.highSurrogate = str[str.length - 1]
+      str = str.slice(0, str.length - 1)
     }
-    this.acc = acc; this.contBytes = contBytes; this.accBytes = accBytes;
-    return res;
+  }
+
+  return Buffer.from(str, this.enc)
 }
 
-InternalDecoderCesu8.prototype.end = function() {
-    var res = 0;
-    if (this.contBytes > 0)
-        res += this.defaultCharUnicode;
-    return res;
+InternalEncoderUtf8.prototype.end = function () {
+  if (this.highSurrogate) {
+    var str = this.highSurrogate
+    this.highSurrogate = ""
+    return Buffer.from(str, this.enc)
+  }
 }
diff --git a/deps/npm/node_modules/iconv-lite/encodings/sbcs-codec.js b/deps/npm/node_modules/iconv-lite/encodings/sbcs-codec.js
index abac5ffaac97da..0e2fc924e1d40c 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/sbcs-codec.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/sbcs-codec.js
@@ -1,72 +1,75 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
+"use strict"
+var Buffer = require("safer-buffer").Buffer
 
 // Single-byte codec. Needs a 'chars' string parameter that contains 256 or 128 chars that
-// correspond to encoded bytes (if 128 - then lower half is ASCII). 
-
-exports._sbcs = SBCSCodec;
-function SBCSCodec(codecOptions, iconv) {
-    if (!codecOptions)
-        throw new Error("SBCS codec is called without the data.")
-    
-    // Prepare char buffer for decoding.
-    if (!codecOptions.chars || (codecOptions.chars.length !== 128 && codecOptions.chars.length !== 256))
-        throw new Error("Encoding '"+codecOptions.type+"' has incorrect 'chars' (must be of len 128 or 256)");
-    
-    if (codecOptions.chars.length === 128) {
-        var asciiString = "";
-        for (var i = 0; i < 128; i++)
-            asciiString += String.fromCharCode(i);
-        codecOptions.chars = asciiString + codecOptions.chars;
-    }
+// correspond to encoded bytes (if 128 - then lower half is ASCII).
 
-    this.decodeBuf = Buffer.from(codecOptions.chars, 'ucs2');
-    
-    // Encoding buffer.
-    var encodeBuf = Buffer.alloc(65536, iconv.defaultCharSingleByte.charCodeAt(0));
+exports._sbcs = SBCSCodec
+function SBCSCodec (codecOptions, iconv) {
+  if (!codecOptions) {
+    throw new Error("SBCS codec is called without the data.")
+  }
 
-    for (var i = 0; i < codecOptions.chars.length; i++)
-        encodeBuf[codecOptions.chars.charCodeAt(i)] = i;
+  // Prepare char buffer for decoding.
+  if (!codecOptions.chars || (codecOptions.chars.length !== 128 && codecOptions.chars.length !== 256)) {
+    throw new Error("Encoding '" + codecOptions.type + "' has incorrect 'chars' (must be of len 128 or 256)")
+  }
 
-    this.encodeBuf = encodeBuf;
-}
+  if (codecOptions.chars.length === 128) {
+    var asciiString = ""
+    for (var i = 0; i < 128; i++) {
+      asciiString += String.fromCharCode(i)
+    }
+    codecOptions.chars = asciiString + codecOptions.chars
+  }
+
+  this.decodeBuf = Buffer.from(codecOptions.chars, "ucs2")
 
-SBCSCodec.prototype.encoder = SBCSEncoder;
-SBCSCodec.prototype.decoder = SBCSDecoder;
+  // Encoding buffer.
+  var encodeBuf = Buffer.alloc(65536, iconv.defaultCharSingleByte.charCodeAt(0))
 
+  for (var i = 0; i < codecOptions.chars.length; i++) {
+    encodeBuf[codecOptions.chars.charCodeAt(i)] = i
+  }
 
-function SBCSEncoder(options, codec) {
-    this.encodeBuf = codec.encodeBuf;
+  this.encodeBuf = encodeBuf
 }
 
-SBCSEncoder.prototype.write = function(str) {
-    var buf = Buffer.alloc(str.length);
-    for (var i = 0; i < str.length; i++)
-        buf[i] = this.encodeBuf[str.charCodeAt(i)];
-    
-    return buf;
+SBCSCodec.prototype.encoder = SBCSEncoder
+SBCSCodec.prototype.decoder = SBCSDecoder
+
+function SBCSEncoder (options, codec) {
+  this.encodeBuf = codec.encodeBuf
 }
 
-SBCSEncoder.prototype.end = function() {
+SBCSEncoder.prototype.write = function (str) {
+  var buf = Buffer.alloc(str.length)
+  for (var i = 0; i < str.length; i++) {
+    buf[i] = this.encodeBuf[str.charCodeAt(i)]
+  }
+
+  return buf
 }
 
+SBCSEncoder.prototype.end = function () {
+}
 
-function SBCSDecoder(options, codec) {
-    this.decodeBuf = codec.decodeBuf;
+function SBCSDecoder (options, codec) {
+  this.decodeBuf = codec.decodeBuf
 }
 
-SBCSDecoder.prototype.write = function(buf) {
-    // Strings are immutable in JS -> we use ucs2 buffer to speed up computations.
-    var decodeBuf = this.decodeBuf;
-    var newBuf = Buffer.alloc(buf.length*2);
-    var idx1 = 0, idx2 = 0;
-    for (var i = 0; i < buf.length; i++) {
-        idx1 = buf[i]*2; idx2 = i*2;
-        newBuf[idx2] = decodeBuf[idx1];
-        newBuf[idx2+1] = decodeBuf[idx1+1];
-    }
-    return newBuf.toString('ucs2');
+SBCSDecoder.prototype.write = function (buf) {
+  // Strings are immutable in JS -> we use ucs2 buffer to speed up computations.
+  var decodeBuf = this.decodeBuf
+  var newBuf = Buffer.alloc(buf.length * 2)
+  var idx1 = 0; var idx2 = 0
+  for (var i = 0; i < buf.length; i++) {
+    idx1 = buf[i] * 2; idx2 = i * 2
+    newBuf[idx2] = decodeBuf[idx1]
+    newBuf[idx2 + 1] = decodeBuf[idx1 + 1]
+  }
+  return newBuf.toString("ucs2")
 }
 
-SBCSDecoder.prototype.end = function() {
+SBCSDecoder.prototype.end = function () {
 }
diff --git a/deps/npm/node_modules/iconv-lite/encodings/sbcs-data.js b/deps/npm/node_modules/iconv-lite/encodings/sbcs-data.js
index 066f904e5f1d3e..d8f8e1729e6af5 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/sbcs-data.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/sbcs-data.js
@@ -1,179 +1,178 @@
-"use strict";
+"use strict"
 
 // Manually added data to be used by sbcs codec in addition to generated one.
 
 module.exports = {
-    // Not supported by iconv, not sure why.
-    "10029": "maccenteuro",
-    "maccenteuro": {
-        "type": "_sbcs",
-        "chars": "ÄĀāÉĄÖÜáąČäčĆć鏟ĎíďĒēĖóėôöõúĚěü†°Ę£§•¶ß®©™ę¨≠ģĮįĪ≤≥īĶ∂∑łĻļĽľĹĺŅņѬ√ńŇ∆«»… ňŐÕőŌ–—“”‘’÷◊ōŔŕŘ‹›řŖŗŠ‚„šŚśÁŤťÍŽžŪÓÔūŮÚůŰűŲųÝýķŻŁżĢˇ"
-    },
-
-    "808": "cp808",
-    "ibm808": "cp808",
-    "cp808": {
-        "type": "_sbcs",
-        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№€■ "
-    },
-
-    "mik": {
-        "type": "_sbcs",
-        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя└┴┬├─┼╣║╚╔╩╦╠═╬┐░▒▓│┤№§╗╝┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-    },
-
-    "cp720": {
-        "type": "_sbcs",
-        "chars": "\x80\x81éâ\x84à\x86çêëèïî\x8d\x8e\x8f\x90\u0651\u0652ô¤ـûùءآأؤ£إئابةتثجحخدذرزسشص«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀ضطظعغفµقكلمنهوىي≡\u064b\u064c\u064d\u064e\u064f\u0650≈°∙·√ⁿ²■\u00a0"
-    },
-
-    // Aliases of generated encodings.
-    "ascii8bit": "ascii",
-    "usascii": "ascii",
-    "ansix34": "ascii",
-    "ansix341968": "ascii",
-    "ansix341986": "ascii",
-    "csascii": "ascii",
-    "cp367": "ascii",
-    "ibm367": "ascii",
-    "isoir6": "ascii",
-    "iso646us": "ascii",
-    "iso646irv": "ascii",
-    "us": "ascii",
-
-    "latin1": "iso88591",
-    "latin2": "iso88592",
-    "latin3": "iso88593",
-    "latin4": "iso88594",
-    "latin5": "iso88599",
-    "latin6": "iso885910",
-    "latin7": "iso885913",
-    "latin8": "iso885914",
-    "latin9": "iso885915",
-    "latin10": "iso885916",
-
-    "csisolatin1": "iso88591",
-    "csisolatin2": "iso88592",
-    "csisolatin3": "iso88593",
-    "csisolatin4": "iso88594",
-    "csisolatincyrillic": "iso88595",
-    "csisolatinarabic": "iso88596",
-    "csisolatingreek" : "iso88597",
-    "csisolatinhebrew": "iso88598",
-    "csisolatin5": "iso88599",
-    "csisolatin6": "iso885910",
-
-    "l1": "iso88591",
-    "l2": "iso88592",
-    "l3": "iso88593",
-    "l4": "iso88594",
-    "l5": "iso88599",
-    "l6": "iso885910",
-    "l7": "iso885913",
-    "l8": "iso885914",
-    "l9": "iso885915",
-    "l10": "iso885916",
-
-    "isoir14": "iso646jp",
-    "isoir57": "iso646cn",
-    "isoir100": "iso88591",
-    "isoir101": "iso88592",
-    "isoir109": "iso88593",
-    "isoir110": "iso88594",
-    "isoir144": "iso88595",
-    "isoir127": "iso88596",
-    "isoir126": "iso88597",
-    "isoir138": "iso88598",
-    "isoir148": "iso88599",
-    "isoir157": "iso885910",
-    "isoir166": "tis620",
-    "isoir179": "iso885913",
-    "isoir199": "iso885914",
-    "isoir203": "iso885915",
-    "isoir226": "iso885916",
-
-    "cp819": "iso88591",
-    "ibm819": "iso88591",
-
-    "cyrillic": "iso88595",
-
-    "arabic": "iso88596",
-    "arabic8": "iso88596",
-    "ecma114": "iso88596",
-    "asmo708": "iso88596",
-
-    "greek" : "iso88597",
-    "greek8" : "iso88597",
-    "ecma118" : "iso88597",
-    "elot928" : "iso88597",
-
-    "hebrew": "iso88598",
-    "hebrew8": "iso88598",
-
-    "turkish": "iso88599",
-    "turkish8": "iso88599",
-
-    "thai": "iso885911",
-    "thai8": "iso885911",
-
-    "celtic": "iso885914",
-    "celtic8": "iso885914",
-    "isoceltic": "iso885914",
-
-    "tis6200": "tis620",
-    "tis62025291": "tis620",
-    "tis62025330": "tis620",
-
-    "10000": "macroman",
-    "10006": "macgreek",
-    "10007": "maccyrillic",
-    "10079": "maciceland",
-    "10081": "macturkish",
-
-    "cspc8codepage437": "cp437",
-    "cspc775baltic": "cp775",
-    "cspc850multilingual": "cp850",
-    "cspcp852": "cp852",
-    "cspc862latinhebrew": "cp862",
-    "cpgr": "cp869",
-
-    "msee": "cp1250",
-    "mscyrl": "cp1251",
-    "msansi": "cp1252",
-    "msgreek": "cp1253",
-    "msturk": "cp1254",
-    "mshebr": "cp1255",
-    "msarab": "cp1256",
-    "winbaltrim": "cp1257",
-
-    "cp20866": "koi8r",
-    "20866": "koi8r",
-    "ibm878": "koi8r",
-    "cskoi8r": "koi8r",
-
-    "cp21866": "koi8u",
-    "21866": "koi8u",
-    "ibm1168": "koi8u",
-
-    "strk10482002": "rk1048",
-
-    "tcvn5712": "tcvn",
-    "tcvn57121": "tcvn",
-
-    "gb198880": "iso646cn",
-    "cn": "iso646cn",
-
-    "csiso14jisc6220ro": "iso646jp",
-    "jisc62201969ro": "iso646jp",
-    "jp": "iso646jp",
-
-    "cshproman8": "hproman8",
-    "r8": "hproman8",
-    "roman8": "hproman8",
-    "xroman8": "hproman8",
-    "ibm1051": "hproman8",
-
-    "mac": "macintosh",
-    "csmacintosh": "macintosh",
-};
-
+  // Not supported by iconv, not sure why.
+  10029: "maccenteuro",
+  maccenteuro: {
+    type: "_sbcs",
+    chars: "ÄĀāÉĄÖÜáąČäčĆć鏟ĎíďĒēĖóėôöõúĚěü†°Ę£§•¶ß®©™ę¨≠ģĮįĪ≤≥īĶ∂∑łĻļĽľĹĺŅņѬ√ńŇ∆«»… ňŐÕőŌ–—“”‘’÷◊ōŔŕŘ‹›řŖŗŠ‚„šŚśÁŤťÍŽžŪÓÔūŮÚůŰűŲųÝýķŻŁżĢˇ"
+  },
+
+  808: "cp808",
+  ibm808: "cp808",
+  cp808: {
+    type: "_sbcs",
+    chars: "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№€■ "
+  },
+
+  mik: {
+    type: "_sbcs",
+    chars: "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя└┴┬├─┼╣║╚╔╩╦╠═╬┐░▒▓│┤№§╗╝┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+
+  cp720: {
+    type: "_sbcs",
+    chars: "\x80\x81éâ\x84à\x86çêëèïî\x8d\x8e\x8f\x90\u0651\u0652ô¤ـûùءآأؤ£إئابةتثجحخدذرزسشص«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀ضطظعغفµقكلمنهوىي≡\u064b\u064c\u064d\u064e\u064f\u0650≈°∙·√ⁿ²■\u00a0"
+  },
+
+  // Aliases of generated encodings.
+  ascii8bit: "ascii",
+  usascii: "ascii",
+  ansix34: "ascii",
+  ansix341968: "ascii",
+  ansix341986: "ascii",
+  csascii: "ascii",
+  cp367: "ascii",
+  ibm367: "ascii",
+  isoir6: "ascii",
+  iso646us: "ascii",
+  iso646irv: "ascii",
+  us: "ascii",
+
+  latin1: "iso88591",
+  latin2: "iso88592",
+  latin3: "iso88593",
+  latin4: "iso88594",
+  latin5: "iso88599",
+  latin6: "iso885910",
+  latin7: "iso885913",
+  latin8: "iso885914",
+  latin9: "iso885915",
+  latin10: "iso885916",
+
+  csisolatin1: "iso88591",
+  csisolatin2: "iso88592",
+  csisolatin3: "iso88593",
+  csisolatin4: "iso88594",
+  csisolatincyrillic: "iso88595",
+  csisolatinarabic: "iso88596",
+  csisolatingreek: "iso88597",
+  csisolatinhebrew: "iso88598",
+  csisolatin5: "iso88599",
+  csisolatin6: "iso885910",
+
+  l1: "iso88591",
+  l2: "iso88592",
+  l3: "iso88593",
+  l4: "iso88594",
+  l5: "iso88599",
+  l6: "iso885910",
+  l7: "iso885913",
+  l8: "iso885914",
+  l9: "iso885915",
+  l10: "iso885916",
+
+  isoir14: "iso646jp",
+  isoir57: "iso646cn",
+  isoir100: "iso88591",
+  isoir101: "iso88592",
+  isoir109: "iso88593",
+  isoir110: "iso88594",
+  isoir144: "iso88595",
+  isoir127: "iso88596",
+  isoir126: "iso88597",
+  isoir138: "iso88598",
+  isoir148: "iso88599",
+  isoir157: "iso885910",
+  isoir166: "tis620",
+  isoir179: "iso885913",
+  isoir199: "iso885914",
+  isoir203: "iso885915",
+  isoir226: "iso885916",
+
+  cp819: "iso88591",
+  ibm819: "iso88591",
+
+  cyrillic: "iso88595",
+
+  arabic: "iso88596",
+  arabic8: "iso88596",
+  ecma114: "iso88596",
+  asmo708: "iso88596",
+
+  greek: "iso88597",
+  greek8: "iso88597",
+  ecma118: "iso88597",
+  elot928: "iso88597",
+
+  hebrew: "iso88598",
+  hebrew8: "iso88598",
+
+  turkish: "iso88599",
+  turkish8: "iso88599",
+
+  thai: "iso885911",
+  thai8: "iso885911",
+
+  celtic: "iso885914",
+  celtic8: "iso885914",
+  isoceltic: "iso885914",
+
+  tis6200: "tis620",
+  tis62025291: "tis620",
+  tis62025330: "tis620",
+
+  10000: "macroman",
+  10006: "macgreek",
+  10007: "maccyrillic",
+  10079: "maciceland",
+  10081: "macturkish",
+
+  cspc8codepage437: "cp437",
+  cspc775baltic: "cp775",
+  cspc850multilingual: "cp850",
+  cspcp852: "cp852",
+  cspc862latinhebrew: "cp862",
+  cpgr: "cp869",
+
+  msee: "cp1250",
+  mscyrl: "cp1251",
+  msansi: "cp1252",
+  msgreek: "cp1253",
+  msturk: "cp1254",
+  mshebr: "cp1255",
+  msarab: "cp1256",
+  winbaltrim: "cp1257",
+
+  cp20866: "koi8r",
+  20866: "koi8r",
+  ibm878: "koi8r",
+  cskoi8r: "koi8r",
+
+  cp21866: "koi8u",
+  21866: "koi8u",
+  ibm1168: "koi8u",
+
+  strk10482002: "rk1048",
+
+  tcvn5712: "tcvn",
+  tcvn57121: "tcvn",
+
+  gb198880: "iso646cn",
+  cn: "iso646cn",
+
+  csiso14jisc6220ro: "iso646jp",
+  jisc62201969ro: "iso646jp",
+  jp: "iso646jp",
+
+  cshproman8: "hproman8",
+  r8: "hproman8",
+  roman8: "hproman8",
+  xroman8: "hproman8",
+  ibm1051: "hproman8",
+
+  mac: "macintosh",
+  csmacintosh: "macintosh"
+}
diff --git a/deps/npm/node_modules/iconv-lite/encodings/utf16.js b/deps/npm/node_modules/iconv-lite/encodings/utf16.js
index 97d066925bbd5d..ae60d98e305145 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/utf16.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/utf16.js
@@ -1,70 +1,66 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
+"use strict"
+var Buffer = require("safer-buffer").Buffer
 
 // Note: UTF16-LE (or UCS2) codec is Node.js native. See encodings/internal.js
 
 // == UTF16-BE codec. ==========================================================
 
-exports.utf16be = Utf16BECodec;
-function Utf16BECodec() {
+exports.utf16be = Utf16BECodec
+function Utf16BECodec () {
 }
 
-Utf16BECodec.prototype.encoder = Utf16BEEncoder;
-Utf16BECodec.prototype.decoder = Utf16BEDecoder;
-Utf16BECodec.prototype.bomAware = true;
-
+Utf16BECodec.prototype.encoder = Utf16BEEncoder
+Utf16BECodec.prototype.decoder = Utf16BEDecoder
+Utf16BECodec.prototype.bomAware = true
 
 // -- Encoding
 
-function Utf16BEEncoder() {
+function Utf16BEEncoder () {
 }
 
-Utf16BEEncoder.prototype.write = function(str) {
-    var buf = Buffer.from(str, 'ucs2');
-    for (var i = 0; i < buf.length; i += 2) {
-        var tmp = buf[i]; buf[i] = buf[i+1]; buf[i+1] = tmp;
-    }
-    return buf;
+Utf16BEEncoder.prototype.write = function (str) {
+  var buf = Buffer.from(str, "ucs2")
+  for (var i = 0; i < buf.length; i += 2) {
+    var tmp = buf[i]; buf[i] = buf[i + 1]; buf[i + 1] = tmp
+  }
+  return buf
 }
 
-Utf16BEEncoder.prototype.end = function() {
+Utf16BEEncoder.prototype.end = function () {
 }
 
-
 // -- Decoding
 
-function Utf16BEDecoder() {
-    this.overflowByte = -1;
+function Utf16BEDecoder () {
+  this.overflowByte = -1
 }
 
-Utf16BEDecoder.prototype.write = function(buf) {
-    if (buf.length == 0)
-        return '';
+Utf16BEDecoder.prototype.write = function (buf) {
+  if (buf.length == 0) { return "" }
 
-    var buf2 = Buffer.alloc(buf.length + 1),
-        i = 0, j = 0;
+  var buf2 = Buffer.alloc(buf.length + 1)
+  var i = 0; var j = 0
 
-    if (this.overflowByte !== -1) {
-        buf2[0] = buf[0];
-        buf2[1] = this.overflowByte;
-        i = 1; j = 2;
-    }
+  if (this.overflowByte !== -1) {
+    buf2[0] = buf[0]
+    buf2[1] = this.overflowByte
+    i = 1; j = 2
+  }
 
-    for (; i < buf.length-1; i += 2, j+= 2) {
-        buf2[j] = buf[i+1];
-        buf2[j+1] = buf[i];
-    }
+  for (; i < buf.length - 1; i += 2, j += 2) {
+    buf2[j] = buf[i + 1]
+    buf2[j + 1] = buf[i]
+  }
 
-    this.overflowByte = (i == buf.length-1) ? buf[buf.length-1] : -1;
+  this.overflowByte = (i == buf.length - 1) ? buf[buf.length - 1] : -1
 
-    return buf2.slice(0, j).toString('ucs2');
+  return buf2.slice(0, j).toString("ucs2")
 }
 
-Utf16BEDecoder.prototype.end = function() {
-    this.overflowByte = -1;
+Utf16BEDecoder.prototype.end = function () {
+  this.overflowByte = -1
 }
 
-
 // == UTF-16 codec =============================================================
 // Decoder chooses automatically from UTF-16LE and UTF-16BE using BOM and space-based heuristic.
 // Defaults to UTF-16LE, as it's prevalent and default in Node.
@@ -73,125 +69,119 @@ Utf16BEDecoder.prototype.end = function() {
 
 // Encoder uses UTF-16LE and prepends BOM (which can be overridden with addBOM: false).
 
-exports.utf16 = Utf16Codec;
-function Utf16Codec(codecOptions, iconv) {
-    this.iconv = iconv;
+exports.utf16 = Utf16Codec
+function Utf16Codec (codecOptions, iconv) {
+  this.iconv = iconv
 }
 
-Utf16Codec.prototype.encoder = Utf16Encoder;
-Utf16Codec.prototype.decoder = Utf16Decoder;
-
+Utf16Codec.prototype.encoder = Utf16Encoder
+Utf16Codec.prototype.decoder = Utf16Decoder
 
 // -- Encoding (pass-through)
 
-function Utf16Encoder(options, codec) {
-    options = options || {};
-    if (options.addBOM === undefined)
-        options.addBOM = true;
-    this.encoder = codec.iconv.getEncoder('utf-16le', options);
+function Utf16Encoder (options, codec) {
+  options = options || {}
+  if (options.addBOM === undefined) { options.addBOM = true }
+  this.encoder = codec.iconv.getEncoder("utf-16le", options)
 }
 
-Utf16Encoder.prototype.write = function(str) {
-    return this.encoder.write(str);
+Utf16Encoder.prototype.write = function (str) {
+  return this.encoder.write(str)
 }
 
-Utf16Encoder.prototype.end = function() {
-    return this.encoder.end();
+Utf16Encoder.prototype.end = function () {
+  return this.encoder.end()
 }
 
-
 // -- Decoding
 
-function Utf16Decoder(options, codec) {
-    this.decoder = null;
-    this.initialBufs = [];
-    this.initialBufsLen = 0;
+function Utf16Decoder (options, codec) {
+  this.decoder = null
+  this.initialBufs = []
+  this.initialBufsLen = 0
 
-    this.options = options || {};
-    this.iconv = codec.iconv;
+  this.options = options || {}
+  this.iconv = codec.iconv
 }
 
-Utf16Decoder.prototype.write = function(buf) {
-    if (!this.decoder) {
-        // Codec is not chosen yet. Accumulate initial bytes.
-        this.initialBufs.push(buf);
-        this.initialBufsLen += buf.length;
-        
-        if (this.initialBufsLen < 16) // We need more bytes to use space heuristic (see below)
-            return '';
-
-        // We have enough bytes -> detect endianness.
-        var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
-
-        var resStr = '';
-        for (var i = 0; i < this.initialBufs.length; i++)
-            resStr += this.decoder.write(this.initialBufs[i]);
-
-        this.initialBufs.length = this.initialBufsLen = 0;
-        return resStr;
-    }
+Utf16Decoder.prototype.write = function (buf) {
+  if (!this.decoder) {
+    // Codec is not chosen yet. Accumulate initial bytes.
+    this.initialBufs.push(buf)
+    this.initialBufsLen += buf.length
+
+    if (this.initialBufsLen < 16) // We need more bytes to use space heuristic (see below)
+    { return "" }
 
-    return this.decoder.write(buf);
+    // We have enough bytes -> detect endianness.
+    var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding)
+    this.decoder = this.iconv.getDecoder(encoding, this.options)
+
+    var resStr = ""
+    for (var i = 0; i < this.initialBufs.length; i++) { resStr += this.decoder.write(this.initialBufs[i]) }
+
+    this.initialBufs.length = this.initialBufsLen = 0
+    return resStr
+  }
+
+  return this.decoder.write(buf)
 }
 
-Utf16Decoder.prototype.end = function() {
-    if (!this.decoder) {
-        var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
+Utf16Decoder.prototype.end = function () {
+  if (!this.decoder) {
+    var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding)
+    this.decoder = this.iconv.getDecoder(encoding, this.options)
 
-        var resStr = '';
-        for (var i = 0; i < this.initialBufs.length; i++)
-            resStr += this.decoder.write(this.initialBufs[i]);
+    var resStr = ""
+    for (var i = 0; i < this.initialBufs.length; i++) { resStr += this.decoder.write(this.initialBufs[i]) }
 
-        var trail = this.decoder.end();
-        if (trail)
-            resStr += trail;
+    var trail = this.decoder.end()
+    if (trail) { resStr += trail }
 
-        this.initialBufs.length = this.initialBufsLen = 0;
-        return resStr;
-    }
-    return this.decoder.end();
+    this.initialBufs.length = this.initialBufsLen = 0
+    return resStr
+  }
+  return this.decoder.end()
 }
 
-function detectEncoding(bufs, defaultEncoding) {
-    var b = [];
-    var charsProcessed = 0;
-    var asciiCharsLE = 0, asciiCharsBE = 0; // Number of ASCII chars when decoded as LE or BE.
-
-    outer_loop:
-    for (var i = 0; i < bufs.length; i++) {
-        var buf = bufs[i];
-        for (var j = 0; j < buf.length; j++) {
-            b.push(buf[j]);
-            if (b.length === 2) {
-                if (charsProcessed === 0) {
-                    // Check BOM first.
-                    if (b[0] === 0xFF && b[1] === 0xFE) return 'utf-16le';
-                    if (b[0] === 0xFE && b[1] === 0xFF) return 'utf-16be';
-                }
-
-                if (b[0] === 0 && b[1] !== 0) asciiCharsBE++;
-                if (b[0] !== 0 && b[1] === 0) asciiCharsLE++;
-
-                b.length = 0;
-                charsProcessed++;
-
-                if (charsProcessed >= 100) {
-                    break outer_loop;
-                }
-            }
+function detectEncoding (bufs, defaultEncoding) {
+  var b = []
+  var charsProcessed = 0
+  // Number of ASCII chars when decoded as LE or BE.
+  var asciiCharsLE = 0
+  var asciiCharsBE = 0
+
+  outerLoop:
+  for (var i = 0; i < bufs.length; i++) {
+    var buf = bufs[i]
+    for (var j = 0; j < buf.length; j++) {
+      b.push(buf[j])
+      if (b.length === 2) {
+        if (charsProcessed === 0) {
+          // Check BOM first.
+          if (b[0] === 0xFF && b[1] === 0xFE) return "utf-16le"
+          if (b[0] === 0xFE && b[1] === 0xFF) return "utf-16be"
         }
-    }
 
-    // Make decisions.
-    // Most of the time, the content has ASCII chars (U+00**), but the opposite (U+**00) is uncommon.
-    // So, we count ASCII as if it was LE or BE, and decide from that.
-    if (asciiCharsBE > asciiCharsLE) return 'utf-16be';
-    if (asciiCharsBE < asciiCharsLE) return 'utf-16le';
+        if (b[0] === 0 && b[1] !== 0) asciiCharsBE++
+        if (b[0] !== 0 && b[1] === 0) asciiCharsLE++
 
-    // Couldn't decide (likely all zeros or not enough data).
-    return defaultEncoding || 'utf-16le';
-}
+        b.length = 0
+        charsProcessed++
 
+        if (charsProcessed >= 100) {
+          break outerLoop
+        }
+      }
+    }
+  }
 
+  // Make decisions.
+  // Most of the time, the content has ASCII chars (U+00**), but the opposite (U+**00) is uncommon.
+  // So, we count ASCII as if it was LE or BE, and decide from that.
+  if (asciiCharsBE > asciiCharsLE) return "utf-16be"
+  if (asciiCharsBE < asciiCharsLE) return "utf-16le"
+
+  // Couldn't decide (likely all zeros or not enough data).
+  return defaultEncoding || "utf-16le"
+}
diff --git a/deps/npm/node_modules/iconv-lite/encodings/utf32.js b/deps/npm/node_modules/iconv-lite/encodings/utf32.js
index 2fa900a12eb356..723178937a3a72 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/utf32.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/utf32.js
@@ -1,186 +1,176 @@
-'use strict';
+"use strict"
 
-var Buffer = require('safer-buffer').Buffer;
+var Buffer = require("safer-buffer").Buffer
 
 // == UTF32-LE/BE codec. ==========================================================
 
-exports._utf32 = Utf32Codec;
+exports._utf32 = Utf32Codec
 
-function Utf32Codec(codecOptions, iconv) {
-    this.iconv = iconv;
-    this.bomAware = true;
-    this.isLE = codecOptions.isLE;
+function Utf32Codec (codecOptions, iconv) {
+  this.iconv = iconv
+  this.bomAware = true
+  this.isLE = codecOptions.isLE
 }
 
-exports.utf32le = { type: '_utf32', isLE: true };
-exports.utf32be = { type: '_utf32', isLE: false };
+exports.utf32le = { type: "_utf32", isLE: true }
+exports.utf32be = { type: "_utf32", isLE: false }
 
 // Aliases
-exports.ucs4le = 'utf32le';
-exports.ucs4be = 'utf32be';
+exports.ucs4le = "utf32le"
+exports.ucs4be = "utf32be"
 
-Utf32Codec.prototype.encoder = Utf32Encoder;
-Utf32Codec.prototype.decoder = Utf32Decoder;
+Utf32Codec.prototype.encoder = Utf32Encoder
+Utf32Codec.prototype.decoder = Utf32Decoder
 
 // -- Encoding
 
-function Utf32Encoder(options, codec) {
-    this.isLE = codec.isLE;
-    this.highSurrogate = 0;
+function Utf32Encoder (options, codec) {
+  this.isLE = codec.isLE
+  this.highSurrogate = 0
 }
 
-Utf32Encoder.prototype.write = function(str) {
-    var src = Buffer.from(str, 'ucs2');
-    var dst = Buffer.alloc(src.length * 2);
-    var write32 = this.isLE ? dst.writeUInt32LE : dst.writeUInt32BE;
-    var offset = 0;
-
-    for (var i = 0; i < src.length; i += 2) {
-        var code = src.readUInt16LE(i);
-        var isHighSurrogate = (0xD800 <= code && code < 0xDC00);
-        var isLowSurrogate = (0xDC00 <= code && code < 0xE000);
-
-        if (this.highSurrogate) {
-            if (isHighSurrogate || !isLowSurrogate) {
-                // There shouldn't be two high surrogates in a row, nor a high surrogate which isn't followed by a low
-                // surrogate. If this happens, keep the pending high surrogate as a stand-alone semi-invalid character
-                // (technically wrong, but expected by some applications, like Windows file names).
-                write32.call(dst, this.highSurrogate, offset);
-                offset += 4;
-            }
-            else {
-                // Create 32-bit value from high and low surrogates;
-                var codepoint = (((this.highSurrogate - 0xD800) << 10) | (code - 0xDC00)) + 0x10000;
-
-                write32.call(dst, codepoint, offset);
-                offset += 4;
-                this.highSurrogate = 0;
-
-                continue;
-            }
-        }
+Utf32Encoder.prototype.write = function (str) {
+  var src = Buffer.from(str, "ucs2")
+  var dst = Buffer.alloc(src.length * 2)
+  var write32 = this.isLE ? dst.writeUInt32LE : dst.writeUInt32BE
+  var offset = 0
+
+  for (var i = 0; i < src.length; i += 2) {
+    var code = src.readUInt16LE(i)
+    var isHighSurrogate = (code >= 0xD800 && code < 0xDC00)
+    var isLowSurrogate = (code >= 0xDC00 && code < 0xE000)
+
+    if (this.highSurrogate) {
+      if (isHighSurrogate || !isLowSurrogate) {
+        // There shouldn't be two high surrogates in a row, nor a high surrogate which isn't followed by a low
+        // surrogate. If this happens, keep the pending high surrogate as a stand-alone semi-invalid character
+        // (technically wrong, but expected by some applications, like Windows file names).
+        write32.call(dst, this.highSurrogate, offset)
+        offset += 4
+      } else {
+        // Create 32-bit value from high and low surrogates;
+        var codepoint = (((this.highSurrogate - 0xD800) << 10) | (code - 0xDC00)) + 0x10000
+
+        write32.call(dst, codepoint, offset)
+        offset += 4
+        this.highSurrogate = 0
+
+        continue
+      }
+    }
 
-        if (isHighSurrogate)
-            this.highSurrogate = code;
-        else {
-            // Even if the current character is a low surrogate, with no previous high surrogate, we'll
-            // encode it as a semi-invalid stand-alone character for the same reasons expressed above for
-            // unpaired high surrogates.
-            write32.call(dst, code, offset);
-            offset += 4;
-            this.highSurrogate = 0;
-        }
+    if (isHighSurrogate) { this.highSurrogate = code } else {
+      // Even if the current character is a low surrogate, with no previous high surrogate, we'll
+      // encode it as a semi-invalid stand-alone character for the same reasons expressed above for
+      // unpaired high surrogates.
+      write32.call(dst, code, offset)
+      offset += 4
+      this.highSurrogate = 0
     }
+  }
 
-    if (offset < dst.length)
-        dst = dst.slice(0, offset);
+  if (offset < dst.length) { dst = dst.slice(0, offset) }
 
-    return dst;
-};
+  return dst
+}
 
-Utf32Encoder.prototype.end = function() {
-    // Treat any leftover high surrogate as a semi-valid independent character.
-    if (!this.highSurrogate)
-        return;
+Utf32Encoder.prototype.end = function () {
+  // Treat any leftover high surrogate as a semi-valid independent character.
+  if (!this.highSurrogate) { return }
 
-    var buf = Buffer.alloc(4);
+  var buf = Buffer.alloc(4)
 
-    if (this.isLE)
-        buf.writeUInt32LE(this.highSurrogate, 0);
-    else
-        buf.writeUInt32BE(this.highSurrogate, 0);
+  if (this.isLE) { buf.writeUInt32LE(this.highSurrogate, 0) } else { buf.writeUInt32BE(this.highSurrogate, 0) }
 
-    this.highSurrogate = 0;
+  this.highSurrogate = 0
 
-    return buf;
-};
+  return buf
+}
 
 // -- Decoding
 
-function Utf32Decoder(options, codec) {
-    this.isLE = codec.isLE;
-    this.badChar = codec.iconv.defaultCharUnicode.charCodeAt(0);
-    this.overflow = [];
+function Utf32Decoder (options, codec) {
+  this.isLE = codec.isLE
+  this.badChar = codec.iconv.defaultCharUnicode.charCodeAt(0)
+  this.overflow = []
 }
 
-Utf32Decoder.prototype.write = function(src) {
-    if (src.length === 0)
-        return '';
-
-    var i = 0;
-    var codepoint = 0;
-    var dst = Buffer.alloc(src.length + 4);
-    var offset = 0;
-    var isLE = this.isLE;
-    var overflow = this.overflow;
-    var badChar = this.badChar;
-
-    if (overflow.length > 0) {
-        for (; i < src.length && overflow.length < 4; i++)
-            overflow.push(src[i]);
-        
-        if (overflow.length === 4) {
-            // NOTE: codepoint is a signed int32 and can be negative.
-            // NOTE: We copied this block from below to help V8 optimize it (it works with array, not buffer).
-            if (isLE) {
-                codepoint = overflow[i] | (overflow[i+1] << 8) | (overflow[i+2] << 16) | (overflow[i+3] << 24);
-            } else {
-                codepoint = overflow[i+3] | (overflow[i+2] << 8) | (overflow[i+1] << 16) | (overflow[i] << 24);
-            }
-            overflow.length = 0;
-
-            offset = _writeCodepoint(dst, offset, codepoint, badChar);
-        }
+Utf32Decoder.prototype.write = function (src) {
+  if (src.length === 0) { return "" }
+
+  var i = 0
+  var codepoint = 0
+  var dst = Buffer.alloc(src.length + 4)
+  var offset = 0
+  var isLE = this.isLE
+  var overflow = this.overflow
+  var badChar = this.badChar
+
+  if (overflow.length > 0) {
+    for (; i < src.length && overflow.length < 4; i++) { overflow.push(src[i]) }
+
+    if (overflow.length === 4) {
+      // NOTE: codepoint is a signed int32 and can be negative.
+      // NOTE: We copied this block from below to help V8 optimize it (it works with array, not buffer).
+      if (isLE) {
+        codepoint = overflow[i] | (overflow[i + 1] << 8) | (overflow[i + 2] << 16) | (overflow[i + 3] << 24)
+      } else {
+        codepoint = overflow[i + 3] | (overflow[i + 2] << 8) | (overflow[i + 1] << 16) | (overflow[i] << 24)
+      }
+      overflow.length = 0
+
+      offset = _writeCodepoint(dst, offset, codepoint, badChar)
     }
-
-    // Main loop. Should be as optimized as possible.
-    for (; i < src.length - 3; i += 4) {
-        // NOTE: codepoint is a signed int32 and can be negative.
-        if (isLE) {
-            codepoint = src[i] | (src[i+1] << 8) | (src[i+2] << 16) | (src[i+3] << 24);
-        } else {
-            codepoint = src[i+3] | (src[i+2] << 8) | (src[i+1] << 16) | (src[i] << 24);
-        }
-        offset = _writeCodepoint(dst, offset, codepoint, badChar);
+  }
+
+  // Main loop. Should be as optimized as possible.
+  for (; i < src.length - 3; i += 4) {
+    // NOTE: codepoint is a signed int32 and can be negative.
+    if (isLE) {
+      codepoint = src[i] | (src[i + 1] << 8) | (src[i + 2] << 16) | (src[i + 3] << 24)
+    } else {
+      codepoint = src[i + 3] | (src[i + 2] << 8) | (src[i + 1] << 16) | (src[i] << 24)
     }
+    offset = _writeCodepoint(dst, offset, codepoint, badChar)
+  }
 
-    // Keep overflowing bytes.
-    for (; i < src.length; i++) {
-        overflow.push(src[i]);
-    }
+  // Keep overflowing bytes.
+  for (; i < src.length; i++) {
+    overflow.push(src[i])
+  }
 
-    return dst.slice(0, offset).toString('ucs2');
-};
+  return dst.slice(0, offset).toString("ucs2")
+}
 
-function _writeCodepoint(dst, offset, codepoint, badChar) {
-    // NOTE: codepoint is signed int32 and can be negative. We keep it that way to help V8 with optimizations.
-    if (codepoint < 0 || codepoint > 0x10FFFF) {
-        // Not a valid Unicode codepoint
-        codepoint = badChar;
-    } 
+function _writeCodepoint (dst, offset, codepoint, badChar) {
+  // NOTE: codepoint is signed int32 and can be negative. We keep it that way to help V8 with optimizations.
+  if (codepoint < 0 || codepoint > 0x10FFFF) {
+    // Not a valid Unicode codepoint
+    codepoint = badChar
+  }
 
-    // Ephemeral Planes: Write high surrogate.
-    if (codepoint >= 0x10000) {
-        codepoint -= 0x10000;
+  // Ephemeral Planes: Write high surrogate.
+  if (codepoint >= 0x10000) {
+    codepoint -= 0x10000
 
-        var high = 0xD800 | (codepoint >> 10);
-        dst[offset++] = high & 0xff;
-        dst[offset++] = high >> 8;
+    var high = 0xD800 | (codepoint >> 10)
+    dst[offset++] = high & 0xff
+    dst[offset++] = high >> 8
 
-        // Low surrogate is written below.
-        var codepoint = 0xDC00 | (codepoint & 0x3FF);
-    }
+    // Low surrogate is written below.
+    var codepoint = 0xDC00 | (codepoint & 0x3FF)
+  }
 
-    // Write BMP char or low surrogate.
-    dst[offset++] = codepoint & 0xff;
-    dst[offset++] = codepoint >> 8;
+  // Write BMP char or low surrogate.
+  dst[offset++] = codepoint & 0xff
+  dst[offset++] = codepoint >> 8
 
-    return offset;
+  return offset
 };
 
-Utf32Decoder.prototype.end = function() {
-    this.overflow.length = 0;
-};
+Utf32Decoder.prototype.end = function () {
+  this.overflow.length = 0
+}
 
 // == UTF-32 Auto codec =============================================================
 // Decoder chooses automatically from UTF-32LE and UTF-32BE using BOM and space-based heuristic.
@@ -189,131 +179,129 @@ Utf32Decoder.prototype.end = function() {
 
 // Encoder prepends BOM (which can be overridden with (addBOM: false}).
 
-exports.utf32 = Utf32AutoCodec;
-exports.ucs4 = 'utf32';
+exports.utf32 = Utf32AutoCodec
+exports.ucs4 = "utf32"
 
-function Utf32AutoCodec(options, iconv) {
-    this.iconv = iconv;
+function Utf32AutoCodec (options, iconv) {
+  this.iconv = iconv
 }
 
-Utf32AutoCodec.prototype.encoder = Utf32AutoEncoder;
-Utf32AutoCodec.prototype.decoder = Utf32AutoDecoder;
+Utf32AutoCodec.prototype.encoder = Utf32AutoEncoder
+Utf32AutoCodec.prototype.decoder = Utf32AutoDecoder
 
 // -- Encoding
 
-function Utf32AutoEncoder(options, codec) {
-    options = options || {};
+function Utf32AutoEncoder (options, codec) {
+  options = options || {}
 
-    if (options.addBOM === undefined)
-        options.addBOM = true;
+  if (options.addBOM === undefined) {
+    options.addBOM = true
+  }
 
-    this.encoder = codec.iconv.getEncoder(options.defaultEncoding || 'utf-32le', options);
+  this.encoder = codec.iconv.getEncoder(options.defaultEncoding || "utf-32le", options)
 }
 
-Utf32AutoEncoder.prototype.write = function(str) {
-    return this.encoder.write(str);
-};
+Utf32AutoEncoder.prototype.write = function (str) {
+  return this.encoder.write(str)
+}
 
-Utf32AutoEncoder.prototype.end = function() {
-    return this.encoder.end();
-};
+Utf32AutoEncoder.prototype.end = function () {
+  return this.encoder.end()
+}
 
 // -- Decoding
 
-function Utf32AutoDecoder(options, codec) {
-    this.decoder = null;
-    this.initialBufs = [];
-    this.initialBufsLen = 0;
-    this.options = options || {};
-    this.iconv = codec.iconv;
+function Utf32AutoDecoder (options, codec) {
+  this.decoder = null
+  this.initialBufs = []
+  this.initialBufsLen = 0
+  this.options = options || {}
+  this.iconv = codec.iconv
 }
 
-Utf32AutoDecoder.prototype.write = function(buf) {
-    if (!this.decoder) { 
-        // Codec is not chosen yet. Accumulate initial bytes.
-        this.initialBufs.push(buf);
-        this.initialBufsLen += buf.length;
+Utf32AutoDecoder.prototype.write = function (buf) {
+  if (!this.decoder) {
+    // Codec is not chosen yet. Accumulate initial bytes.
+    this.initialBufs.push(buf)
+    this.initialBufsLen += buf.length
 
-        if (this.initialBufsLen < 32) // We need more bytes to use space heuristic (see below)
-            return '';
+    if (this.initialBufsLen < 32) // We need more bytes to use space heuristic (see below)
+    { return "" }
 
-        // We have enough bytes -> detect endianness.
-        var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
+    // We have enough bytes -> detect endianness.
+    var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding)
+    this.decoder = this.iconv.getDecoder(encoding, this.options)
 
-        var resStr = '';
-        for (var i = 0; i < this.initialBufs.length; i++)
-            resStr += this.decoder.write(this.initialBufs[i]);
+    var resStr = ""
+    for (var i = 0; i < this.initialBufs.length; i++) { resStr += this.decoder.write(this.initialBufs[i]) }
 
-        this.initialBufs.length = this.initialBufsLen = 0;
-        return resStr;
-    }
+    this.initialBufs.length = this.initialBufsLen = 0
+    return resStr
+  }
 
-    return this.decoder.write(buf);
-};
+  return this.decoder.write(buf)
+}
 
-Utf32AutoDecoder.prototype.end = function() {
-    if (!this.decoder) {
-        var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
+Utf32AutoDecoder.prototype.end = function () {
+  if (!this.decoder) {
+    var encoding = detectEncoding(this.initialBufs, this.options.defaultEncoding)
+    this.decoder = this.iconv.getDecoder(encoding, this.options)
 
-        var resStr = '';
-        for (var i = 0; i < this.initialBufs.length; i++)
-            resStr += this.decoder.write(this.initialBufs[i]);
+    var resStr = ""
+    for (var i = 0; i < this.initialBufs.length; i++) { resStr += this.decoder.write(this.initialBufs[i]) }
 
-        var trail = this.decoder.end();
-        if (trail)
-            resStr += trail;
+    var trail = this.decoder.end()
+    if (trail) { resStr += trail }
 
-        this.initialBufs.length = this.initialBufsLen = 0;
-        return resStr;
-    }
+    this.initialBufs.length = this.initialBufsLen = 0
+    return resStr
+  }
 
-    return this.decoder.end();
-};
+  return this.decoder.end()
+}
+
+function detectEncoding (bufs, defaultEncoding) {
+  var b = []
+  var charsProcessed = 0
+  var invalidLE = 0; var invalidBE = 0   // Number of invalid chars when decoded as LE or BE.
+  var bmpCharsLE = 0; var bmpCharsBE = 0 // Number of BMP chars when decoded as LE or BE.
+
+  outerLoop:
+  for (var i = 0; i < bufs.length; i++) {
+    var buf = bufs[i]
+    for (var j = 0; j < buf.length; j++) {
+      b.push(buf[j])
+      if (b.length === 4) {
+        if (charsProcessed === 0) {
+          // Check BOM first.
+          if (b[0] === 0xFF && b[1] === 0xFE && b[2] === 0 && b[3] === 0) {
+            return "utf-32le"
+          }
+          if (b[0] === 0 && b[1] === 0 && b[2] === 0xFE && b[3] === 0xFF) {
+            return "utf-32be"
+          }
+        }
+
+        if (b[0] !== 0 || b[1] > 0x10) invalidBE++
+        if (b[3] !== 0 || b[2] > 0x10) invalidLE++
+
+        if (b[0] === 0 && b[1] === 0 && (b[2] !== 0 || b[3] !== 0)) bmpCharsBE++
+        if ((b[0] !== 0 || b[1] !== 0) && b[2] === 0 && b[3] === 0) bmpCharsLE++
+
+        b.length = 0
+        charsProcessed++
 
-function detectEncoding(bufs, defaultEncoding) {
-    var b = [];
-    var charsProcessed = 0;
-    var invalidLE = 0, invalidBE = 0;   // Number of invalid chars when decoded as LE or BE.
-    var bmpCharsLE = 0, bmpCharsBE = 0; // Number of BMP chars when decoded as LE or BE.
-
-    outer_loop:
-    for (var i = 0; i < bufs.length; i++) {
-        var buf = bufs[i];
-        for (var j = 0; j < buf.length; j++) {
-            b.push(buf[j]);
-            if (b.length === 4) {
-                if (charsProcessed === 0) {
-                    // Check BOM first.
-                    if (b[0] === 0xFF && b[1] === 0xFE && b[2] === 0 && b[3] === 0) {
-                        return 'utf-32le';
-                    }
-                    if (b[0] === 0 && b[1] === 0 && b[2] === 0xFE && b[3] === 0xFF) {
-                        return 'utf-32be';
-                    }
-                }
-
-                if (b[0] !== 0 || b[1] > 0x10) invalidBE++;
-                if (b[3] !== 0 || b[2] > 0x10) invalidLE++;
-
-                if (b[0] === 0 && b[1] === 0 && (b[2] !== 0 || b[3] !== 0)) bmpCharsBE++;
-                if ((b[0] !== 0 || b[1] !== 0) && b[2] === 0 && b[3] === 0) bmpCharsLE++;
-
-                b.length = 0;
-                charsProcessed++;
-
-                if (charsProcessed >= 100) {
-                    break outer_loop;
-                }
-            }
+        if (charsProcessed >= 100) {
+          break outerLoop
         }
+      }
     }
+  }
 
-    // Make decisions.
-    if (bmpCharsBE - invalidBE > bmpCharsLE - invalidLE)  return 'utf-32be';
-    if (bmpCharsBE - invalidBE < bmpCharsLE - invalidLE)  return 'utf-32le';
+  // Make decisions.
+  if (bmpCharsBE - invalidBE > bmpCharsLE - invalidLE) return "utf-32be"
+  if (bmpCharsBE - invalidBE < bmpCharsLE - invalidLE) return "utf-32le"
 
-    // Couldn't decide (likely all zeros or not enough data).
-    return defaultEncoding || 'utf-32le';
+  // Couldn't decide (likely all zeros or not enough data).
+  return defaultEncoding || "utf-32le"
 }
diff --git a/deps/npm/node_modules/iconv-lite/encodings/utf7.js b/deps/npm/node_modules/iconv-lite/encodings/utf7.js
index eacae34d5f80d0..fe72a9d9b52b1b 100644
--- a/deps/npm/node_modules/iconv-lite/encodings/utf7.js
+++ b/deps/npm/node_modules/iconv-lite/encodings/utf7.js
@@ -1,122 +1,122 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
+"use strict"
+var Buffer = require("safer-buffer").Buffer
 
 // UTF-7 codec, according to https://tools.ietf.org/html/rfc2152
 // See also below a UTF-7-IMAP codec, according to http://tools.ietf.org/html/rfc3501#section-5.1.3
 
-exports.utf7 = Utf7Codec;
-exports.unicode11utf7 = 'utf7'; // Alias UNICODE-1-1-UTF-7
-function Utf7Codec(codecOptions, iconv) {
-    this.iconv = iconv;
+exports.utf7 = Utf7Codec
+exports.unicode11utf7 = "utf7" // Alias UNICODE-1-1-UTF-7
+function Utf7Codec (codecOptions, iconv) {
+  this.iconv = iconv
 };
 
-Utf7Codec.prototype.encoder = Utf7Encoder;
-Utf7Codec.prototype.decoder = Utf7Decoder;
-Utf7Codec.prototype.bomAware = true;
-
+Utf7Codec.prototype.encoder = Utf7Encoder
+Utf7Codec.prototype.decoder = Utf7Decoder
+Utf7Codec.prototype.bomAware = true
 
 // -- Encoding
 
-var nonDirectChars = /[^A-Za-z0-9'\(\),-\.\/:\? \n\r\t]+/g;
+// Why scape ()?./?
+// eslint-disable-next-line no-useless-escape
+var nonDirectChars = /[^A-Za-z0-9'\(\),-\.\/:\? \n\r\t]+/g
 
-function Utf7Encoder(options, codec) {
-    this.iconv = codec.iconv;
+function Utf7Encoder (options, codec) {
+  this.iconv = codec.iconv
 }
 
-Utf7Encoder.prototype.write = function(str) {
-    // Naive implementation.
-    // Non-direct chars are encoded as "+-"; single "+" char is encoded as "+-".
-    return Buffer.from(str.replace(nonDirectChars, function(chunk) {
-        return "+" + (chunk === '+' ? '' : 
-            this.iconv.encode(chunk, 'utf16-be').toString('base64').replace(/=+$/, '')) 
-            + "-";
-    }.bind(this)));
+Utf7Encoder.prototype.write = function (str) {
+  // Naive implementation.
+  // Non-direct chars are encoded as "+-"; single "+" char is encoded as "+-".
+  return Buffer.from(str.replace(nonDirectChars, function (chunk) {
+    return "+" + (chunk === "+"
+      ? ""
+      : this.iconv.encode(chunk, "utf16-be").toString("base64").replace(/=+$/, "")) +
+            "-"
+  }.bind(this)))
 }
 
-Utf7Encoder.prototype.end = function() {
+Utf7Encoder.prototype.end = function () {
 }
 
-
 // -- Decoding
 
-function Utf7Decoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = '';
+function Utf7Decoder (options, codec) {
+  this.iconv = codec.iconv
+  this.inBase64 = false
+  this.base64Accum = ""
 }
 
-var base64Regex = /[A-Za-z0-9\/+]/;
-var base64Chars = [];
-for (var i = 0; i < 256; i++)
-    base64Chars[i] = base64Regex.test(String.fromCharCode(i));
-
-var plusChar = '+'.charCodeAt(0), 
-    minusChar = '-'.charCodeAt(0),
-    andChar = '&'.charCodeAt(0);
-
-Utf7Decoder.prototype.write = function(buf) {
-    var res = "", lastI = 0,
-        inBase64 = this.inBase64,
-        base64Accum = this.base64Accum;
-
-    // The decoder is more involved as we must handle chunks in stream.
-
-    for (var i = 0; i < buf.length; i++) {
-        if (!inBase64) { // We're in direct mode.
-            // Write direct chars until '+'
-            if (buf[i] == plusChar) {
-                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
-                lastI = i+1;
-                inBase64 = true;
-            }
-        } else { // We decode base64.
-            if (!base64Chars[buf[i]]) { // Base64 ended.
-                if (i == lastI && buf[i] == minusChar) {// "+-" -> "+"
-                    res += "+";
-                } else {
-                    var b64str = base64Accum + this.iconv.decode(buf.slice(lastI, i), "ascii");
-                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-                }
-
-                if (buf[i] != minusChar) // Minus is absorbed after base64.
-                    i--;
-
-                lastI = i+1;
-                inBase64 = false;
-                base64Accum = '';
-            }
+// Why scape /?
+// eslint-disable-next-line no-useless-escape
+var base64Regex = /[A-Za-z0-9\/+]/
+var base64Chars = []
+for (var i = 0; i < 256; i++) { base64Chars[i] = base64Regex.test(String.fromCharCode(i)) }
+
+var plusChar = "+".charCodeAt(0)
+var minusChar = "-".charCodeAt(0)
+var andChar = "&".charCodeAt(0)
+
+Utf7Decoder.prototype.write = function (buf) {
+  var res = ""; var lastI = 0
+  var inBase64 = this.inBase64
+  var base64Accum = this.base64Accum
+
+  // The decoder is more involved as we must handle chunks in stream.
+
+  for (var i = 0; i < buf.length; i++) {
+    if (!inBase64) { // We're in direct mode.
+      // Write direct chars until '+'
+      if (buf[i] == plusChar) {
+        res += this.iconv.decode(buf.slice(lastI, i), "ascii") // Write direct chars.
+        lastI = i + 1
+        inBase64 = true
+      }
+    } else { // We decode base64.
+      if (!base64Chars[buf[i]]) { // Base64 ended.
+        if (i == lastI && buf[i] == minusChar) { // "+-" -> "+"
+          res += "+"
+        } else {
+          var b64str = base64Accum + this.iconv.decode(buf.slice(lastI, i), "ascii")
+          res += this.iconv.decode(Buffer.from(b64str, "base64"), "utf16-be")
         }
+
+        if (buf[i] != minusChar) // Minus is absorbed after base64.
+        { i-- }
+
+        lastI = i + 1
+        inBase64 = false
+        base64Accum = ""
+      }
     }
+  }
 
-    if (!inBase64) {
-        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
-    } else {
-        var b64str = base64Accum + this.iconv.decode(buf.slice(lastI), "ascii");
+  if (!inBase64) {
+    res += this.iconv.decode(buf.slice(lastI), "ascii") // Write direct chars.
+  } else {
+    var b64str = base64Accum + this.iconv.decode(buf.slice(lastI), "ascii")
 
-        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
-        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
-        b64str = b64str.slice(0, canBeDecoded);
+    var canBeDecoded = b64str.length - (b64str.length % 8) // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
+    base64Accum = b64str.slice(canBeDecoded) // The rest will be decoded in future.
+    b64str = b64str.slice(0, canBeDecoded)
 
-        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-    }
+    res += this.iconv.decode(Buffer.from(b64str, "base64"), "utf16-be")
+  }
 
-    this.inBase64 = inBase64;
-    this.base64Accum = base64Accum;
+  this.inBase64 = inBase64
+  this.base64Accum = base64Accum
 
-    return res;
+  return res
 }
 
-Utf7Decoder.prototype.end = function() {
-    var res = "";
-    if (this.inBase64 && this.base64Accum.length > 0)
-        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
+Utf7Decoder.prototype.end = function () {
+  var res = ""
+  if (this.inBase64 && this.base64Accum.length > 0) { res = this.iconv.decode(Buffer.from(this.base64Accum, "base64"), "utf16-be") }
 
-    this.inBase64 = false;
-    this.base64Accum = '';
-    return res;
+  this.inBase64 = false
+  this.base64Accum = ""
+  return res
 }
 
-
 // UTF-7-IMAP codec.
 // RFC3501 Sec. 5.1.3 Modified UTF-7 (http://tools.ietf.org/html/rfc3501#section-5.1.3)
 // Differences:
@@ -128,163 +128,156 @@ Utf7Decoder.prototype.end = function() {
 //  * String must end in non-shifted position.
 //  * "-&" while in base64 is not allowed.
 
-
-exports.utf7imap = Utf7IMAPCodec;
-function Utf7IMAPCodec(codecOptions, iconv) {
-    this.iconv = iconv;
+exports.utf7imap = Utf7IMAPCodec
+function Utf7IMAPCodec (codecOptions, iconv) {
+  this.iconv = iconv
 };
 
-Utf7IMAPCodec.prototype.encoder = Utf7IMAPEncoder;
-Utf7IMAPCodec.prototype.decoder = Utf7IMAPDecoder;
-Utf7IMAPCodec.prototype.bomAware = true;
-
+Utf7IMAPCodec.prototype.encoder = Utf7IMAPEncoder
+Utf7IMAPCodec.prototype.decoder = Utf7IMAPDecoder
+Utf7IMAPCodec.prototype.bomAware = true
 
 // -- Encoding
 
-function Utf7IMAPEncoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = Buffer.alloc(6);
-    this.base64AccumIdx = 0;
+function Utf7IMAPEncoder (options, codec) {
+  this.iconv = codec.iconv
+  this.inBase64 = false
+  this.base64Accum = Buffer.alloc(6)
+  this.base64AccumIdx = 0
 }
 
-Utf7IMAPEncoder.prototype.write = function(str) {
-    var inBase64 = this.inBase64,
-        base64Accum = this.base64Accum,
-        base64AccumIdx = this.base64AccumIdx,
-        buf = Buffer.alloc(str.length*5 + 10), bufIdx = 0;
-
-    for (var i = 0; i < str.length; i++) {
-        var uChar = str.charCodeAt(i);
-        if (0x20 <= uChar && uChar <= 0x7E) { // Direct character or '&'.
-            if (inBase64) {
-                if (base64AccumIdx > 0) {
-                    bufIdx += buf.write(base64Accum.slice(0, base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
-                    base64AccumIdx = 0;
-                }
-
-                buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
-                inBase64 = false;
-            }
-
-            if (!inBase64) {
-                buf[bufIdx++] = uChar; // Write direct character
-
-                if (uChar === andChar)  // Ampersand -> '&-'
-                    buf[bufIdx++] = minusChar;
-            }
-
-        } else { // Non-direct character
-            if (!inBase64) {
-                buf[bufIdx++] = andChar; // Write '&', then go to base64 mode.
-                inBase64 = true;
-            }
-            if (inBase64) {
-                base64Accum[base64AccumIdx++] = uChar >> 8;
-                base64Accum[base64AccumIdx++] = uChar & 0xFF;
-
-                if (base64AccumIdx == base64Accum.length) {
-                    bufIdx += buf.write(base64Accum.toString('base64').replace(/\//g, ','), bufIdx);
-                    base64AccumIdx = 0;
-                }
-            }
+Utf7IMAPEncoder.prototype.write = function (str) {
+  var inBase64 = this.inBase64
+  var base64Accum = this.base64Accum
+  var base64AccumIdx = this.base64AccumIdx
+  var buf = Buffer.alloc(str.length * 5 + 10); var bufIdx = 0
+
+  for (var i = 0; i < str.length; i++) {
+    var uChar = str.charCodeAt(i)
+    if (uChar >= 0x20 && uChar <= 0x7E) { // Direct character or '&'.
+      if (inBase64) {
+        if (base64AccumIdx > 0) {
+          bufIdx += buf.write(base64Accum.slice(0, base64AccumIdx).toString("base64").replace(/\//g, ",").replace(/=+$/, ""), bufIdx)
+          base64AccumIdx = 0
+        }
+
+        buf[bufIdx++] = minusChar // Write '-', then go to direct mode.
+        inBase64 = false
+      }
+
+      if (!inBase64) {
+        buf[bufIdx++] = uChar // Write direct character
+
+        if (uChar === andChar)  // Ampersand -> '&-'
+        { buf[bufIdx++] = minusChar }
+      }
+    } else { // Non-direct character
+      if (!inBase64) {
+        buf[bufIdx++] = andChar // Write '&', then go to base64 mode.
+        inBase64 = true
+      }
+      if (inBase64) {
+        base64Accum[base64AccumIdx++] = uChar >> 8
+        base64Accum[base64AccumIdx++] = uChar & 0xFF
+
+        if (base64AccumIdx == base64Accum.length) {
+          bufIdx += buf.write(base64Accum.toString("base64").replace(/\//g, ","), bufIdx)
+          base64AccumIdx = 0
         }
+      }
     }
+  }
 
-    this.inBase64 = inBase64;
-    this.base64AccumIdx = base64AccumIdx;
+  this.inBase64 = inBase64
+  this.base64AccumIdx = base64AccumIdx
 
-    return buf.slice(0, bufIdx);
+  return buf.slice(0, bufIdx)
 }
 
-Utf7IMAPEncoder.prototype.end = function() {
-    var buf = Buffer.alloc(10), bufIdx = 0;
-    if (this.inBase64) {
-        if (this.base64AccumIdx > 0) {
-            bufIdx += buf.write(this.base64Accum.slice(0, this.base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
-            this.base64AccumIdx = 0;
-        }
-
-        buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
-        this.inBase64 = false;
+Utf7IMAPEncoder.prototype.end = function () {
+  var buf = Buffer.alloc(10); var bufIdx = 0
+  if (this.inBase64) {
+    if (this.base64AccumIdx > 0) {
+      bufIdx += buf.write(this.base64Accum.slice(0, this.base64AccumIdx).toString("base64").replace(/\//g, ",").replace(/=+$/, ""), bufIdx)
+      this.base64AccumIdx = 0
     }
 
-    return buf.slice(0, bufIdx);
-}
+    buf[bufIdx++] = minusChar // Write '-', then go to direct mode.
+    this.inBase64 = false
+  }
 
+  return buf.slice(0, bufIdx)
+}
 
 // -- Decoding
 
-function Utf7IMAPDecoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = '';
+function Utf7IMAPDecoder (options, codec) {
+  this.iconv = codec.iconv
+  this.inBase64 = false
+  this.base64Accum = ""
 }
 
-var base64IMAPChars = base64Chars.slice();
-base64IMAPChars[','.charCodeAt(0)] = true;
-
-Utf7IMAPDecoder.prototype.write = function(buf) {
-    var res = "", lastI = 0,
-        inBase64 = this.inBase64,
-        base64Accum = this.base64Accum;
-
-    // The decoder is more involved as we must handle chunks in stream.
-    // It is forgiving, closer to standard UTF-7 (for example, '-' is optional at the end).
-
-    for (var i = 0; i < buf.length; i++) {
-        if (!inBase64) { // We're in direct mode.
-            // Write direct chars until '&'
-            if (buf[i] == andChar) {
-                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
-                lastI = i+1;
-                inBase64 = true;
-            }
-        } else { // We decode base64.
-            if (!base64IMAPChars[buf[i]]) { // Base64 ended.
-                if (i == lastI && buf[i] == minusChar) { // "&-" -> "&"
-                    res += "&";
-                } else {
-                    var b64str = base64Accum + this.iconv.decode(buf.slice(lastI, i), "ascii").replace(/,/g, '/');
-                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-                }
-
-                if (buf[i] != minusChar) // Minus may be absorbed after base64.
-                    i--;
-
-                lastI = i+1;
-                inBase64 = false;
-                base64Accum = '';
-            }
+var base64IMAPChars = base64Chars.slice()
+base64IMAPChars[",".charCodeAt(0)] = true
+
+Utf7IMAPDecoder.prototype.write = function (buf) {
+  var res = ""; var lastI = 0
+  var inBase64 = this.inBase64
+  var base64Accum = this.base64Accum
+
+  // The decoder is more involved as we must handle chunks in stream.
+  // It is forgiving, closer to standard UTF-7 (for example, '-' is optional at the end).
+
+  for (var i = 0; i < buf.length; i++) {
+    if (!inBase64) { // We're in direct mode.
+      // Write direct chars until '&'
+      if (buf[i] == andChar) {
+        res += this.iconv.decode(buf.slice(lastI, i), "ascii") // Write direct chars.
+        lastI = i + 1
+        inBase64 = true
+      }
+    } else { // We decode base64.
+      if (!base64IMAPChars[buf[i]]) { // Base64 ended.
+        if (i == lastI && buf[i] == minusChar) { // "&-" -> "&"
+          res += "&"
+        } else {
+          var b64str = base64Accum + this.iconv.decode(buf.slice(lastI, i), "ascii").replace(/,/g, "/")
+          res += this.iconv.decode(Buffer.from(b64str, "base64"), "utf16-be")
         }
-    }
 
-    if (!inBase64) {
-        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
-    } else {
-        var b64str = base64Accum + this.iconv.decode(buf.slice(lastI), "ascii").replace(/,/g, '/');
+        if (buf[i] != minusChar) // Minus may be absorbed after base64.
+        { i-- }
 
-        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
-        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
-        b64str = b64str.slice(0, canBeDecoded);
-
-        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
+        lastI = i + 1
+        inBase64 = false
+        base64Accum = ""
+      }
     }
+  }
 
-    this.inBase64 = inBase64;
-    this.base64Accum = base64Accum;
+  if (!inBase64) {
+    res += this.iconv.decode(buf.slice(lastI), "ascii") // Write direct chars.
+  } else {
+    var b64str = base64Accum + this.iconv.decode(buf.slice(lastI), "ascii").replace(/,/g, "/")
 
-    return res;
-}
+    var canBeDecoded = b64str.length - (b64str.length % 8) // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
+    base64Accum = b64str.slice(canBeDecoded) // The rest will be decoded in future.
+    b64str = b64str.slice(0, canBeDecoded)
 
-Utf7IMAPDecoder.prototype.end = function() {
-    var res = "";
-    if (this.inBase64 && this.base64Accum.length > 0)
-        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
+    res += this.iconv.decode(Buffer.from(b64str, "base64"), "utf16-be")
+  }
 
-    this.inBase64 = false;
-    this.base64Accum = '';
-    return res;
+  this.inBase64 = inBase64
+  this.base64Accum = base64Accum
+
+  return res
 }
 
+Utf7IMAPDecoder.prototype.end = function () {
+  var res = ""
+  if (this.inBase64 && this.base64Accum.length > 0) { res = this.iconv.decode(Buffer.from(this.base64Accum, "base64"), "utf16-be") }
 
+  this.inBase64 = false
+  this.base64Accum = ""
+  return res
+}
diff --git a/deps/npm/node_modules/iconv-lite/lib/bom-handling.js b/deps/npm/node_modules/iconv-lite/lib/bom-handling.js
index 1050872385c7f9..a86a6b55ce1982 100644
--- a/deps/npm/node_modules/iconv-lite/lib/bom-handling.js
+++ b/deps/npm/node_modules/iconv-lite/lib/bom-handling.js
@@ -1,52 +1,48 @@
-"use strict";
+"use strict"
 
-var BOMChar = '\uFEFF';
+var BOMChar = "\uFEFF"
 
 exports.PrependBOM = PrependBOMWrapper
-function PrependBOMWrapper(encoder, options) {
-    this.encoder = encoder;
-    this.addBOM = true;
+function PrependBOMWrapper (encoder, options) {
+  this.encoder = encoder
+  this.addBOM = true
 }
 
-PrependBOMWrapper.prototype.write = function(str) {
-    if (this.addBOM) {
-        str = BOMChar + str;
-        this.addBOM = false;
-    }
+PrependBOMWrapper.prototype.write = function (str) {
+  if (this.addBOM) {
+    str = BOMChar + str
+    this.addBOM = false
+  }
 
-    return this.encoder.write(str);
+  return this.encoder.write(str)
 }
 
-PrependBOMWrapper.prototype.end = function() {
-    return this.encoder.end();
+PrependBOMWrapper.prototype.end = function () {
+  return this.encoder.end()
 }
 
+// ------------------------------------------------------------------------------
 
-//------------------------------------------------------------------------------
-
-exports.StripBOM = StripBOMWrapper;
-function StripBOMWrapper(decoder, options) {
-    this.decoder = decoder;
-    this.pass = false;
-    this.options = options || {};
+exports.StripBOM = StripBOMWrapper
+function StripBOMWrapper (decoder, options) {
+  this.decoder = decoder
+  this.pass = false
+  this.options = options || {}
 }
 
-StripBOMWrapper.prototype.write = function(buf) {
-    var res = this.decoder.write(buf);
-    if (this.pass || !res)
-        return res;
+StripBOMWrapper.prototype.write = function (buf) {
+  var res = this.decoder.write(buf)
+  if (this.pass || !res) { return res }
 
-    if (res[0] === BOMChar) {
-        res = res.slice(1);
-        if (typeof this.options.stripBOM === 'function')
-            this.options.stripBOM();
-    }
+  if (res[0] === BOMChar) {
+    res = res.slice(1)
+    if (typeof this.options.stripBOM === "function") { this.options.stripBOM() }
+  }
 
-    this.pass = true;
-    return res;
+  this.pass = true
+  return res
 }
 
-StripBOMWrapper.prototype.end = function() {
-    return this.decoder.end();
+StripBOMWrapper.prototype.end = function () {
+  return this.decoder.end()
 }
-
diff --git a/deps/npm/node_modules/iconv-lite/lib/helpers/merge-exports.js b/deps/npm/node_modules/iconv-lite/lib/helpers/merge-exports.js
new file mode 100644
index 00000000000000..e79e041d9529bf
--- /dev/null
+++ b/deps/npm/node_modules/iconv-lite/lib/helpers/merge-exports.js
@@ -0,0 +1,13 @@
+"use strict"
+
+var hasOwn = typeof Object.hasOwn === "undefined" ? Function.call.bind(Object.prototype.hasOwnProperty) : Object.hasOwn
+
+function mergeModules (target, module) {
+  for (var key in module) {
+    if (hasOwn(module, key)) {
+      target[key] = module[key]
+    }
+  }
+}
+
+module.exports = mergeModules
diff --git a/deps/npm/node_modules/iconv-lite/lib/index.js b/deps/npm/node_modules/iconv-lite/lib/index.js
index 657701c38d243b..bd5d6bc0d90ac1 100644
--- a/deps/npm/node_modules/iconv-lite/lib/index.js
+++ b/deps/npm/node_modules/iconv-lite/lib/index.js
@@ -1,134 +1,136 @@
-"use strict";
+"use strict"
 
-var Buffer = require("safer-buffer").Buffer;
+var Buffer = require("safer-buffer").Buffer
 
-var bomHandling = require("./bom-handling"),
-    iconv = module.exports;
+var bomHandling = require("./bom-handling")
+var mergeModules = require("./helpers/merge-exports")
 
 // All codecs and aliases are kept here, keyed by encoding name/alias.
 // They are lazy loaded in `iconv.getCodec` from `encodings/index.js`.
-iconv.encodings = null;
+// Cannot initialize with { __proto__: null } because Boolean({ __proto__: null }) === true
+module.exports.encodings = null
 
 // Characters emitted in case of error.
-iconv.defaultCharUnicode = '�';
-iconv.defaultCharSingleByte = '?';
+module.exports.defaultCharUnicode = "�"
+module.exports.defaultCharSingleByte = "?"
 
 // Public API.
-iconv.encode = function encode(str, encoding, options) {
-    str = "" + (str || ""); // Ensure string.
+module.exports.encode = function encode (str, encoding, options) {
+  str = "" + (str || "") // Ensure string.
 
-    var encoder = iconv.getEncoder(encoding, options);
+  var encoder = module.exports.getEncoder(encoding, options)
 
-    var res = encoder.write(str);
-    var trail = encoder.end();
-    
-    return (trail && trail.length > 0) ? Buffer.concat([res, trail]) : res;
-}
+  var res = encoder.write(str)
+  var trail = encoder.end()
 
-iconv.decode = function decode(buf, encoding, options) {
-    if (typeof buf === 'string') {
-        if (!iconv.skipDecodeWarning) {
-            console.error('Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding');
-            iconv.skipDecodeWarning = true;
-        }
+  return (trail && trail.length > 0) ? Buffer.concat([res, trail]) : res
+}
 
-        buf = Buffer.from("" + (buf || ""), "binary"); // Ensure buffer.
+module.exports.decode = function decode (buf, encoding, options) {
+  if (typeof buf === "string") {
+    if (!module.exports.skipDecodeWarning) {
+      console.error("Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding")
+      module.exports.skipDecodeWarning = true
     }
 
-    var decoder = iconv.getDecoder(encoding, options);
+    buf = Buffer.from("" + (buf || ""), "binary") // Ensure buffer.
+  }
+
+  var decoder = module.exports.getDecoder(encoding, options)
 
-    var res = decoder.write(buf);
-    var trail = decoder.end();
+  var res = decoder.write(buf)
+  var trail = decoder.end()
 
-    return trail ? (res + trail) : res;
+  return trail ? (res + trail) : res
 }
 
-iconv.encodingExists = function encodingExists(enc) {
-    try {
-        iconv.getCodec(enc);
-        return true;
-    } catch (e) {
-        return false;
-    }
+module.exports.encodingExists = function encodingExists (enc) {
+  try {
+    module.exports.getCodec(enc)
+    return true
+  } catch (e) {
+    return false
+  }
 }
 
 // Legacy aliases to convert functions
-iconv.toEncoding = iconv.encode;
-iconv.fromEncoding = iconv.decode;
+module.exports.toEncoding = module.exports.encode
+module.exports.fromEncoding = module.exports.decode
 
 // Search for a codec in iconv.encodings. Cache codec data in iconv._codecDataCache.
-iconv._codecDataCache = {};
-iconv.getCodec = function getCodec(encoding) {
-    if (!iconv.encodings)
-        iconv.encodings = require("../encodings"); // Lazy load all encoding definitions.
-    
-    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
-    var enc = iconv._canonicalizeEncoding(encoding);
-
-    // Traverse iconv.encodings to find actual codec.
-    var codecOptions = {};
-    while (true) {
-        var codec = iconv._codecDataCache[enc];
-        if (codec)
-            return codec;
-
-        var codecDef = iconv.encodings[enc];
-
-        switch (typeof codecDef) {
-            case "string": // Direct alias to other encoding.
-                enc = codecDef;
-                break;
-
-            case "object": // Alias with options. Can be layered.
-                for (var key in codecDef)
-                    codecOptions[key] = codecDef[key];
-
-                if (!codecOptions.encodingName)
-                    codecOptions.encodingName = enc;
-                
-                enc = codecDef.type;
-                break;
-
-            case "function": // Codec itself.
-                if (!codecOptions.encodingName)
-                    codecOptions.encodingName = enc;
-
-                // The codec function must load all tables and return object with .encoder and .decoder methods.
-                // It'll be called only once (for each different options object).
-                codec = new codecDef(codecOptions, iconv);
-
-                iconv._codecDataCache[codecOptions.encodingName] = codec; // Save it to be reused later.
-                return codec;
-
-            default:
-                throw new Error("Encoding not recognized: '" + encoding + "' (searched as: '"+enc+"')");
-        }
+module.exports._codecDataCache = { __proto__: null }
+
+module.exports.getCodec = function getCodec (encoding) {
+  if (!module.exports.encodings) {
+    var raw = require("../encodings")
+    // TODO: In future versions when old nodejs support is removed can use object.assign
+    module.exports.encodings = { __proto__: null } // Initialize as empty object.
+    mergeModules(module.exports.encodings, raw)
+  }
+
+  // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
+  var enc = module.exports._canonicalizeEncoding(encoding)
+
+  // Traverse iconv.encodings to find actual codec.
+  var codecOptions = {}
+  while (true) {
+    var codec = module.exports._codecDataCache[enc]
+
+    if (codec) { return codec }
+
+    var codecDef = module.exports.encodings[enc]
+
+    switch (typeof codecDef) {
+      case "string": // Direct alias to other encoding.
+        enc = codecDef
+        break
+
+      case "object": // Alias with options. Can be layered.
+        for (var key in codecDef) { codecOptions[key] = codecDef[key] }
+
+        if (!codecOptions.encodingName) { codecOptions.encodingName = enc }
+
+        enc = codecDef.type
+        break
+
+      case "function": // Codec itself.
+        if (!codecOptions.encodingName) { codecOptions.encodingName = enc }
+
+        // The codec function must load all tables and return object with .encoder and .decoder methods.
+        // It'll be called only once (for each different options object).
+        //
+        codec = new codecDef(codecOptions, module.exports)
+
+        module.exports._codecDataCache[codecOptions.encodingName] = codec // Save it to be reused later.
+        return codec
+
+      default:
+        throw new Error("Encoding not recognized: '" + encoding + "' (searched as: '" + enc + "')")
     }
+  }
 }
 
-iconv._canonicalizeEncoding = function(encoding) {
-    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
-    return (''+encoding).toLowerCase().replace(/:\d{4}$|[^0-9a-z]/g, "");
+module.exports._canonicalizeEncoding = function (encoding) {
+  // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
+  return ("" + encoding).toLowerCase().replace(/:\d{4}$|[^0-9a-z]/g, "")
 }
 
-iconv.getEncoder = function getEncoder(encoding, options) {
-    var codec = iconv.getCodec(encoding),
-        encoder = new codec.encoder(options, codec);
+module.exports.getEncoder = function getEncoder (encoding, options) {
+  var codec = module.exports.getCodec(encoding)
+  var encoder = new codec.encoder(options, codec)
 
-    if (codec.bomAware && options && options.addBOM)
-        encoder = new bomHandling.PrependBOM(encoder, options);
+  if (codec.bomAware && options && options.addBOM) { encoder = new bomHandling.PrependBOM(encoder, options) }
 
-    return encoder;
+  return encoder
 }
 
-iconv.getDecoder = function getDecoder(encoding, options) {
-    var codec = iconv.getCodec(encoding),
-        decoder = new codec.decoder(options, codec);
+module.exports.getDecoder = function getDecoder (encoding, options) {
+  var codec = module.exports.getCodec(encoding)
+  var decoder = new codec.decoder(options, codec)
 
-    if (codec.bomAware && !(options && options.stripBOM === false))
-        decoder = new bomHandling.StripBOM(decoder, options);
+  if (codec.bomAware && !(options && options.stripBOM === false)) { decoder = new bomHandling.StripBOM(decoder, options) }
 
-    return decoder;
+  return decoder
 }
 
 // Streaming API
@@ -136,45 +138,45 @@ iconv.getDecoder = function getDecoder(encoding, options) {
 // up to 100Kb to the output bundle. To avoid unnecessary code bloat, we don't enable Streaming API in browser by default.
 // If you would like to enable it explicitly, please add the following code to your app:
 // > iconv.enableStreamingAPI(require('stream'));
-iconv.enableStreamingAPI = function enableStreamingAPI(stream_module) {
-    if (iconv.supportsStreams)
-        return;
+module.exports.enableStreamingAPI = function enableStreamingAPI (streamModule) {
+  if (module.exports.supportsStreams) { return }
 
-    // Dependency-inject stream module to create IconvLite stream classes.
-    var streams = require("./streams")(stream_module);
+  // Dependency-inject stream module to create IconvLite stream classes.
+  var streams = require("./streams")(streamModule)
 
-    // Not public API yet, but expose the stream classes.
-    iconv.IconvLiteEncoderStream = streams.IconvLiteEncoderStream;
-    iconv.IconvLiteDecoderStream = streams.IconvLiteDecoderStream;
+  // Not public API yet, but expose the stream classes.
+  module.exports.IconvLiteEncoderStream = streams.IconvLiteEncoderStream
+  module.exports.IconvLiteDecoderStream = streams.IconvLiteDecoderStream
 
-    // Streaming API.
-    iconv.encodeStream = function encodeStream(encoding, options) {
-        return new iconv.IconvLiteEncoderStream(iconv.getEncoder(encoding, options), options);
-    }
+  // Streaming API.
+  module.exports.encodeStream = function encodeStream (encoding, options) {
+    return new module.exports.IconvLiteEncoderStream(module.exports.getEncoder(encoding, options), options)
+  }
 
-    iconv.decodeStream = function decodeStream(encoding, options) {
-        return new iconv.IconvLiteDecoderStream(iconv.getDecoder(encoding, options), options);
-    }
+  module.exports.decodeStream = function decodeStream (encoding, options) {
+    return new module.exports.IconvLiteDecoderStream(module.exports.getDecoder(encoding, options), options)
+  }
 
-    iconv.supportsStreams = true;
+  module.exports.supportsStreams = true
 }
 
 // Enable Streaming API automatically if 'stream' module is available and non-empty (the majority of environments).
-var stream_module;
+var streamModule
 try {
-    stream_module = require("stream");
+  streamModule = require("stream")
 } catch (e) {}
 
-if (stream_module && stream_module.Transform) {
-    iconv.enableStreamingAPI(stream_module);
-
+if (streamModule && streamModule.Transform) {
+  module.exports.enableStreamingAPI(streamModule)
 } else {
-    // In rare cases where 'stream' module is not available by default, throw a helpful exception.
-    iconv.encodeStream = iconv.decodeStream = function() {
-        throw new Error("iconv-lite Streaming API is not enabled. Use iconv.enableStreamingAPI(require('stream')); to enable it.");
-    };
+  // In rare cases where 'stream' module is not available by default, throw a helpful exception.
+  module.exports.encodeStream = module.exports.decodeStream = function () {
+    throw new Error("iconv-lite Streaming API is not enabled. Use iconv.enableStreamingAPI(require('stream')); to enable it.")
+  }
 }
 
-if ("Ā" != "\u0100") {
-    console.error("iconv-lite warning: js files use non-utf8 encoding. See https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings for more info.");
+// Some environments, such as browsers, may not load JavaScript files as UTF-8
+// eslint-disable-next-line no-constant-condition
+if ("Ā" !== "\u0100") {
+  console.error("iconv-lite warning: js files use non-utf8 encoding. See https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings for more info.")
 }
diff --git a/deps/npm/node_modules/iconv-lite/lib/streams.js b/deps/npm/node_modules/iconv-lite/lib/streams.js
index a1506482f58016..ebfed8e0dc39ca 100644
--- a/deps/npm/node_modules/iconv-lite/lib/streams.js
+++ b/deps/npm/node_modules/iconv-lite/lib/streams.js
@@ -1,109 +1,105 @@
-"use strict";
+"use strict"
 
-var Buffer = require("safer-buffer").Buffer;
+var Buffer = require("safer-buffer").Buffer
 
-// NOTE: Due to 'stream' module being pretty large (~100Kb, significant in browser environments), 
+// NOTE: Due to 'stream' module being pretty large (~100Kb, significant in browser environments),
 // we opt to dependency-inject it instead of creating a hard dependency.
-module.exports = function(stream_module) {
-    var Transform = stream_module.Transform;
+module.exports = function (streamModule) {
+  var Transform = streamModule.Transform
 
-    // == Encoder stream =======================================================
+  // == Encoder stream =======================================================
 
-    function IconvLiteEncoderStream(conv, options) {
-        this.conv = conv;
-        options = options || {};
-        options.decodeStrings = false; // We accept only strings, so we don't need to decode them.
-        Transform.call(this, options);
-    }
+  function IconvLiteEncoderStream (conv, options) {
+    this.conv = conv
+    options = options || {}
+    options.decodeStrings = false // We accept only strings, so we don't need to decode them.
+    Transform.call(this, options)
+  }
 
-    IconvLiteEncoderStream.prototype = Object.create(Transform.prototype, {
-        constructor: { value: IconvLiteEncoderStream }
-    });
-
-    IconvLiteEncoderStream.prototype._transform = function(chunk, encoding, done) {
-        if (typeof chunk != 'string')
-            return done(new Error("Iconv encoding stream needs strings as its input."));
-        try {
-            var res = this.conv.write(chunk);
-            if (res && res.length) this.push(res);
-            done();
-        }
-        catch (e) {
-            done(e);
-        }
-    }
+  IconvLiteEncoderStream.prototype = Object.create(Transform.prototype, {
+    constructor: { value: IconvLiteEncoderStream }
+  })
 
-    IconvLiteEncoderStream.prototype._flush = function(done) {
-        try {
-            var res = this.conv.end();
-            if (res && res.length) this.push(res);
-            done();
-        }
-        catch (e) {
-            done(e);
-        }
+  IconvLiteEncoderStream.prototype._transform = function (chunk, encoding, done) {
+    if (typeof chunk !== "string") {
+      return done(new Error("Iconv encoding stream needs strings as its input."))
     }
 
-    IconvLiteEncoderStream.prototype.collect = function(cb) {
-        var chunks = [];
-        this.on('error', cb);
-        this.on('data', function(chunk) { chunks.push(chunk); });
-        this.on('end', function() {
-            cb(null, Buffer.concat(chunks));
-        });
-        return this;
-    }
-
-
-    // == Decoder stream =======================================================
-
-    function IconvLiteDecoderStream(conv, options) {
-        this.conv = conv;
-        options = options || {};
-        options.encoding = this.encoding = 'utf8'; // We output strings.
-        Transform.call(this, options);
+    try {
+      var res = this.conv.write(chunk)
+      if (res && res.length) this.push(res)
+      done()
+    } catch (e) {
+      done(e)
     }
-
-    IconvLiteDecoderStream.prototype = Object.create(Transform.prototype, {
-        constructor: { value: IconvLiteDecoderStream }
-    });
-
-    IconvLiteDecoderStream.prototype._transform = function(chunk, encoding, done) {
-        if (!Buffer.isBuffer(chunk) && !(chunk instanceof Uint8Array))
-            return done(new Error("Iconv decoding stream needs buffers as its input."));
-        try {
-            var res = this.conv.write(chunk);
-            if (res && res.length) this.push(res, this.encoding);
-            done();
-        }
-        catch (e) {
-            done(e);
-        }
+  }
+
+  IconvLiteEncoderStream.prototype._flush = function (done) {
+    try {
+      var res = this.conv.end()
+      if (res && res.length) this.push(res)
+      done()
+    } catch (e) {
+      done(e)
     }
-
-    IconvLiteDecoderStream.prototype._flush = function(done) {
-        try {
-            var res = this.conv.end();
-            if (res && res.length) this.push(res, this.encoding);                
-            done();
-        }
-        catch (e) {
-            done(e);
-        }
+  }
+
+  IconvLiteEncoderStream.prototype.collect = function (cb) {
+    var chunks = []
+    this.on("error", cb)
+    this.on("data", function (chunk) { chunks.push(chunk) })
+    this.on("end", function () {
+      cb(null, Buffer.concat(chunks))
+    })
+    return this
+  }
+
+  // == Decoder stream =======================================================
+
+  function IconvLiteDecoderStream (conv, options) {
+    this.conv = conv
+    options = options || {}
+    options.encoding = this.encoding = "utf8" // We output strings.
+    Transform.call(this, options)
+  }
+
+  IconvLiteDecoderStream.prototype = Object.create(Transform.prototype, {
+    constructor: { value: IconvLiteDecoderStream }
+  })
+
+  IconvLiteDecoderStream.prototype._transform = function (chunk, encoding, done) {
+    if (!Buffer.isBuffer(chunk) && !(chunk instanceof Uint8Array)) { return done(new Error("Iconv decoding stream needs buffers as its input.")) }
+    try {
+      var res = this.conv.write(chunk)
+      if (res && res.length) this.push(res, this.encoding)
+      done()
+    } catch (e) {
+      done(e)
     }
-
-    IconvLiteDecoderStream.prototype.collect = function(cb) {
-        var res = '';
-        this.on('error', cb);
-        this.on('data', function(chunk) { res += chunk; });
-        this.on('end', function() {
-            cb(null, res);
-        });
-        return this;
+  }
+
+  IconvLiteDecoderStream.prototype._flush = function (done) {
+    try {
+      var res = this.conv.end()
+      if (res && res.length) this.push(res, this.encoding)
+      done()
+    } catch (e) {
+      done(e)
     }
-
-    return {
-        IconvLiteEncoderStream: IconvLiteEncoderStream,
-        IconvLiteDecoderStream: IconvLiteDecoderStream,
-    };
-};
+  }
+
+  IconvLiteDecoderStream.prototype.collect = function (cb) {
+    var res = ""
+    this.on("error", cb)
+    this.on("data", function (chunk) { res += chunk })
+    this.on("end", function () {
+      cb(null, res)
+    })
+    return this
+  }
+
+  return {
+    IconvLiteEncoderStream: IconvLiteEncoderStream,
+    IconvLiteDecoderStream: IconvLiteDecoderStream
+  }
+}
diff --git a/deps/npm/node_modules/iconv-lite/package.json b/deps/npm/node_modules/iconv-lite/package.json
index d351115a839fa0..867c98a684eb4c 100644
--- a/deps/npm/node_modules/iconv-lite/package.json
+++ b/deps/npm/node_modules/iconv-lite/package.json
@@ -1,7 +1,7 @@
 {
     "name": "iconv-lite",
     "description": "Convert character encodings in pure javascript.",
-    "version": "0.6.3",
+    "version": "0.7.2",
     "license": "MIT",
     "keywords": [
         "iconv",
@@ -12,30 +12,56 @@
     "author": "Alexander Shtuchkin ",
     "main": "./lib/index.js",
     "typings": "./lib/index.d.ts",
-    "homepage": "https://github.com/ashtuchkin/iconv-lite",
-    "bugs": "https://github.com/ashtuchkin/iconv-lite/issues",
+    "homepage": "https://github.com/pillarjs/iconv-lite",
+    "bugs": "https://github.com/pillarjs/iconv-lite/issues",
+    "files": [
+        "lib/",
+        "encodings/",
+        "types/"
+    ],
+    "funding": {
+      "type": "opencollective",
+      "url": "https://opencollective.com/express"
+    },
     "repository": {
         "type": "git",
-        "url": "git://github.com/ashtuchkin/iconv-lite.git"
+        "url": "https://github.com/pillarjs/iconv-lite.git"
     },
     "engines": {
         "node": ">=0.10.0"
     },
     "scripts": {
-        "coverage": "c8 _mocha --grep .",
-        "test": "mocha --reporter spec --grep ."
+        "lint": "eslint",
+        "lint:fix": "eslint --fix",
+        "test": "mocha --reporter spec --check-leaks --grep .",
+        "test:ci": "nyc --exclude test --reporter=lcovonly --reporter=text npm test",
+        "test:cov": "nyc --exclude test --reporter=html --reporter=text npm test",
+        "test:performance": "node --allow-natives-syntax performance/index.js",
+        "test:tap": "mocha --reporter tap --check-leaks --grep .",
+        "test:typescript": "tsc && attw --pack",
+        "test:webpack": "npm pack && mv iconv-lite-*.tgz test/webpack/iconv-lite.tgz && cd test/webpack && npm install && npm run test && rm iconv-lite.tgz",
+        "typegen": "node generation/gen-typings.js"
     },
     "browser": {
         "stream": false
     },
     "devDependencies": {
+        "@arethetypeswrong/cli": "^0.17.4",
+        "@stylistic/eslint-plugin": "^5.1.0",
+        "@stylistic/eslint-plugin-js": "^4.1.0",
+        "@types/node": "^24.0.12",
         "async": "^3.2.0",
-        "c8": "^7.2.0",
+        "bench-node": "^0.10.0",
+        "eslint": "^9.0.0",
         "errto": "^0.2.1",
+        "expect-type": "^1.2.0",
         "iconv": "^2.3.5",
-        "mocha": "^3.5.3",
+        "mocha": "^6.2.2",
+        "neostandard": "^0.12.0",
+        "nyc": "^14.1.1",
         "request": "^2.88.2",
         "semver": "^6.3.0",
+        "typescript": "~5.9.2",
         "unorm": "^1.6.0"
     },
     "dependencies": {
diff --git a/deps/npm/node_modules/libnpmdiff/package.json b/deps/npm/node_modules/libnpmdiff/package.json
index f36856d41fccae..c2a14dedcbef4c 100644
--- a/deps/npm/node_modules/libnpmdiff/package.json
+++ b/deps/npm/node_modules/libnpmdiff/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmdiff",
-  "version": "8.1.2",
+  "version": "8.1.3",
   "description": "The registry diff",
   "repository": {
     "type": "git",
@@ -47,7 +47,7 @@
     "tap": "^16.3.8"
   },
   "dependencies": {
-    "@npmcli/arborist": "^9.3.1",
+    "@npmcli/arborist": "^9.4.0",
     "@npmcli/installed-package-contents": "^4.0.0",
     "binary-extensions": "^3.0.0",
     "diff": "^8.0.2",
diff --git a/deps/npm/node_modules/libnpmexec/lib/with-lock.js b/deps/npm/node_modules/libnpmexec/lib/with-lock.js
index c7ba531ca5484d..f6cc381c146026 100644
--- a/deps/npm/node_modules/libnpmexec/lib/with-lock.js
+++ b/deps/npm/node_modules/libnpmexec/lib/with-lock.js
@@ -1,6 +1,6 @@
 const fs = require('node:fs/promises')
 const { rmdirSync } = require('node:fs')
-const promiseRetry = require('promise-retry')
+const { promiseRetry } = require('@gar/promise-retry')
 const { onExit } = require('signal-exit')
 
 // a lockfile implementation inspired by the unmaintained proper-lockfile library
@@ -67,12 +67,7 @@ async function withLock (lockPath, cb) {
 }
 
 function acquireLock (lockPath) {
-  return promiseRetry({
-    minTimeout: 100,
-    maxTimeout: 5_000,
-    // if another process legitimately holds the lock, wait for it to release; if it dies abnormally and the lock becomes stale, we'll acquire it automatically
-    forever: true,
-  }, async (retry) => {
+  return promiseRetry(async (retry) => {
     try {
       await fs.mkdir(lockPath)
     } catch (err) {
@@ -107,6 +102,11 @@ function acquireLock (lockPath) {
     } catch (err) {
       throw Object.assign(new Error('Lock compromised'), { code: 'ECOMPROMISED' })
     }
+  }, {
+    minTimeout: 100,
+    maxTimeout: 5_000,
+    // if another process legitimately holds the lock, wait for it to release; if it dies abnormally and the lock becomes stale, we'll acquire it automatically
+    forever: true,
   })
 }
 
diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json
index 08c47ec67cc269..99c11b81bc2d84 100644
--- a/deps/npm/node_modules/libnpmexec/package.json
+++ b/deps/npm/node_modules/libnpmexec/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmexec",
-  "version": "10.2.2",
+  "version": "10.2.3",
   "files": [
     "bin/",
     "lib/"
@@ -60,14 +60,14 @@
     "tap": "^16.3.8"
   },
   "dependencies": {
-    "@npmcli/arborist": "^9.3.1",
+    "@gar/promise-retry": "^1.0.0",
+    "@npmcli/arborist": "^9.4.0",
     "@npmcli/package-json": "^7.0.0",
     "@npmcli/run-script": "^10.0.0",
     "ci-info": "^4.0.0",
     "npm-package-arg": "^13.0.0",
     "pacote": "^21.0.2",
     "proc-log": "^6.0.0",
-    "promise-retry": "^2.0.1",
     "read": "^5.0.1",
     "semver": "^7.3.7",
     "signal-exit": "^4.1.0",
diff --git a/deps/npm/node_modules/libnpmfund/package.json b/deps/npm/node_modules/libnpmfund/package.json
index 1a66e330c2eaef..2e8a755b8d0b50 100644
--- a/deps/npm/node_modules/libnpmfund/package.json
+++ b/deps/npm/node_modules/libnpmfund/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmfund",
-  "version": "7.0.16",
+  "version": "7.0.17",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -46,7 +46,7 @@
     "tap": "^16.3.8"
   },
   "dependencies": {
-    "@npmcli/arborist": "^9.3.1"
+    "@npmcli/arborist": "^9.4.0"
   },
   "engines": {
     "node": "^20.17.0 || >=22.9.0"
diff --git a/deps/npm/node_modules/libnpmpack/package.json b/deps/npm/node_modules/libnpmpack/package.json
index d0f257cea2b6f1..cf0822a7775fc9 100644
--- a/deps/npm/node_modules/libnpmpack/package.json
+++ b/deps/npm/node_modules/libnpmpack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmpack",
-  "version": "9.1.2",
+  "version": "9.1.3",
   "description": "Programmatic API for the bits behind npm pack",
   "author": "GitHub Inc.",
   "main": "lib/index.js",
@@ -37,7 +37,7 @@
   "bugs": "https://github.com/npm/libnpmpack/issues",
   "homepage": "https://npmjs.com/package/libnpmpack",
   "dependencies": {
-    "@npmcli/arborist": "^9.3.1",
+    "@npmcli/arborist": "^9.4.0",
     "@npmcli/run-script": "^10.0.0",
     "npm-package-arg": "^13.0.0",
     "pacote": "^21.0.2"
diff --git a/deps/npm/node_modules/make-fetch-happen/lib/remote.js b/deps/npm/node_modules/make-fetch-happen/lib/remote.js
index 1d640e5380baaf..5dd17c58b28a22 100644
--- a/deps/npm/node_modules/make-fetch-happen/lib/remote.js
+++ b/deps/npm/node_modules/make-fetch-happen/lib/remote.js
@@ -1,6 +1,6 @@
 const { Minipass } = require('minipass')
 const fetch = require('minipass-fetch')
-const promiseRetry = require('promise-retry')
+const { promiseRetry } = require('@gar/promise-retry')
 const ssri = require('ssri')
 const { log } = require('proc-log')
 
diff --git a/deps/npm/node_modules/make-fetch-happen/package.json b/deps/npm/node_modules/make-fetch-happen/package.json
index 203b32304c461c..5090b5042756fe 100644
--- a/deps/npm/node_modules/make-fetch-happen/package.json
+++ b/deps/npm/node_modules/make-fetch-happen/package.json
@@ -1,6 +1,6 @@
 {
   "name": "make-fetch-happen",
-  "version": "15.0.3",
+  "version": "15.0.4",
   "description": "Opinionated, caching, retrying fetch client",
   "main": "lib/index.js",
   "files": [
@@ -33,6 +33,7 @@
   "author": "GitHub Inc.",
   "license": "ISC",
   "dependencies": {
+    "@gar/promise-retry": "^1.0.0",
     "@npmcli/agent": "^4.0.0",
     "cacache": "^20.0.1",
     "http-cache-semantics": "^4.1.1",
@@ -42,7 +43,6 @@
     "minipass-pipeline": "^1.2.4",
     "negotiator": "^1.0.0",
     "proc-log": "^6.0.0",
-    "promise-retry": "^2.0.1",
     "ssri": "^13.0.0"
   },
   "devDependencies": {
diff --git a/deps/npm/node_modules/minipass-fetch/lib/body.js b/deps/npm/node_modules/minipass-fetch/lib/body.js
index f7895d7f5c20d7..f38ee807ca287f 100644
--- a/deps/npm/node_modules/minipass-fetch/lib/body.js
+++ b/deps/npm/node_modules/minipass-fetch/lib/body.js
@@ -6,10 +6,10 @@ const Blob = require('./blob.js')
 const { BUFFER } = Blob
 const FetchError = require('./fetch-error.js')
 
-// optional dependency on 'encoding'
-let convert
+// optional dependency on 'iconv-lite'
+let decode
 try {
-  convert = require('encoding').convert
+  decode = require('iconv-lite').decode
 } catch (e) {
   // defer error until textConverted is called
 }
@@ -92,6 +92,10 @@ class Body {
   }
 
   textConverted () {
+    /* istanbul ignore if */
+    if (typeof decode !== 'function') {
+      throw new Error('The package `iconv-lite` must be installed to use the textConverted() function')
+    }
     return this[CONSUME_BODY]().then(buf => convertBody(buf, this.headers))
   }
 
@@ -285,11 +289,6 @@ const isBlob = obj =>
   /^(Blob|File)$/.test(obj[Symbol.toStringTag])
 
 const convertBody = (buffer, headers) => {
-  /* istanbul ignore if */
-  if (typeof convert !== 'function') {
-    throw new Error('The package `encoding` must be installed to use the textConverted() function')
-  }
-
   const ct = headers && headers.get('content-type')
   let charset = 'utf-8'
   let res
@@ -339,12 +338,23 @@ const convertBody = (buffer, headers) => {
     }
   }
 
-  // turn raw buffers into a single utf-8 buffer
-  return convert(
-    buffer,
-    'UTF-8',
-    charset
-  ).toString()
+  if (charset === 'UTF-8') {
+    return buffer.toString('UTF-8')
+  }
+
+  charset = charset.toString().trim()
+    .replace(/^latin[-_]?(\d+)$/i, 'ISO-8859-$1')
+    .replace(/^win(?:dows)?[-_]?(\d+)$/i, 'WINDOWS-$1')
+    .replace(/^utf[-_]?(\d+)$/i, 'UTF-$1')
+    .replace(/^ks_c_5601-1987$/i, 'CP949')
+    .replace(/^us[-_]?ascii$/i, 'ASCII')
+    .toUpperCase()
+  try {
+    return decode(buffer, charset).toString()
+  } catch {
+    /* istanbul ignore next */
+    return buffer.toString('UTF-8')
+  }
 }
 
 module.exports = Body
diff --git a/deps/npm/node_modules/minipass-fetch/package.json b/deps/npm/node_modules/minipass-fetch/package.json
index c2aaebcc90bfac..a180d8d234ecb8 100644
--- a/deps/npm/node_modules/minipass-fetch/package.json
+++ b/deps/npm/node_modules/minipass-fetch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "minipass-fetch",
-  "version": "5.0.1",
+  "version": "5.0.2",
   "description": "An implementation of window.fetch in Node.js using Minipass streams",
   "license": "MIT",
   "main": "lib/index.js",
@@ -29,8 +29,8 @@
     "@ungap/url-search-params": "^0.2.2",
     "abort-controller": "^3.0.0",
     "abortcontroller-polyfill": "~1.7.3",
-    "encoding": "^0.1.13",
     "form-data": "^4.0.0",
+    "iconv-lite": "^0.7.2",
     "nock": "^13.2.4",
     "parted": "^0.1.1",
     "string-to-arraybuffer": "^1.0.2",
@@ -42,7 +42,7 @@
     "minizlib": "^3.0.1"
   },
   "optionalDependencies": {
-    "encoding": "^0.1.13"
+    "iconv-lite": "^0.7.2"
   },
   "repository": {
     "type": "git",
diff --git a/deps/npm/node_modules/npm-packlist/lib/index.js b/deps/npm/node_modules/npm-packlist/lib/index.js
index ada704de4575da..422adcfcd13eec 100644
--- a/deps/npm/node_modules/npm-packlist/lib/index.js
+++ b/deps/npm/node_modules/npm-packlist/lib/index.js
@@ -170,7 +170,7 @@ class PackWalker extends IgnoreWalker {
     } else if (this.ignoreRules['.npmignore']) {
       // .npmignore means no .gitignore
       this.ignoreRules['.gitignore'] = null
-    } else if (this.ignoreRules['.gitignore'] && !this.ignoreRules['.npmignore']) {
+    } else if (this.ignoreRules['.gitignore'] && !this.ignoreRules['.npmignore'] && !this.parent) {
       log.warn(
         'gitignore-fallback',
         'No .npmignore file found, using .gitignore for file exclusion. Consider creating a .npmignore file to explicitly control published files.'
diff --git a/deps/npm/node_modules/npm-packlist/package.json b/deps/npm/node_modules/npm-packlist/package.json
index 30cddb4df2e37a..88e55b79c64399 100644
--- a/deps/npm/node_modules/npm-packlist/package.json
+++ b/deps/npm/node_modules/npm-packlist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "npm-packlist",
-  "version": "10.0.3",
+  "version": "10.0.4",
   "description": "Get a list of the files to add from a folder into an npm package",
   "directories": {
     "test": "test"
@@ -18,8 +18,8 @@
   ],
   "devDependencies": {
     "@npmcli/arborist": "^9.0.0",
-    "@npmcli/eslint-config": "^5.0.1",
-    "@npmcli/template-oss": "4.27.1",
+    "@npmcli/eslint-config": "^6.0.0",
+    "@npmcli/template-oss": "4.29.0",
     "mutate-fs": "^2.1.1",
     "tap": "^16.0.1"
   },
@@ -56,7 +56,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.27.1",
+    "version": "4.29.0",
     "publish": true
   }
 }
diff --git a/deps/npm/node_modules/pacote/README.md b/deps/npm/node_modules/pacote/README.md
index 8d1d95d82ac99d..cf85dfda5ddbb5 100644
--- a/deps/npm/node_modules/pacote/README.md
+++ b/deps/npm/node_modules/pacote/README.md
@@ -160,6 +160,7 @@ Options object is cloned, and mutated along the way to add integrity, resolved,
   Possible values and defaults are the same as `allowGit`
 * `allowDirectory` Whether or not to allow data to be fetched from directory specs.
   Possible values and defaults are the same as `allowGit`
+* `allowRegistry` Whether or not to allow data to be fetched from registry specs.  This includes `version`, `range`, `tag`, and `alias`.
 * `_isRoot` Whether or not the package being fetched is in a root context.
   Defaults to `false`,
   For `npm` itself this means a package that is defined in the local project or workspace package.json, or a package that is being fetched for another command like `npm view`.  This informs the `allowX` options to let them know the context of the current request.
diff --git a/deps/npm/node_modules/pacote/lib/fetcher.js b/deps/npm/node_modules/pacote/lib/fetcher.js
index 0ce7aedb13eda9..8324f46f1f3078 100644
--- a/deps/npm/node_modules/pacote/lib/fetcher.js
+++ b/deps/npm/node_modules/pacote/lib/fetcher.js
@@ -10,7 +10,7 @@ const cacache = require('cacache')
 const fsm = require('fs-minipass')
 const getContents = require('@npmcli/installed-package-contents')
 const npa = require('npm-package-arg')
-const retry = require('promise-retry')
+const { promiseRetry } = require('@gar/promise-retry')
 const ssri = require('ssri')
 const tar = require('tar')
 const { Minipass } = require('minipass')
@@ -319,7 +319,7 @@ class FetcherBase {
           this.spec
         }. Extracting by manifest.`)
       }
-      return this.resolve().then(() => retry(tryAgain =>
+      return this.resolve().then(() => promiseRetry(tryAgain =>
         streamHandler(this.#istream(this[_.tarballFromResolved]()))
           .catch(streamErr => {
           // Most likely data integrity.  A cache ENOENT error is unlikely
@@ -502,6 +502,7 @@ FetcherBase.get = (rawSpec, opts = {}) => {
     case 'range':
     case 'tag':
     case 'alias':
+      canUse({ allow: opts.allowRegistry, isRoot: opts._isRoot, allowType: 'registry', spec })
       return new RegistryFetcher(spec.subSpec || spec, opts)
 
     case 'file':
diff --git a/deps/npm/node_modules/pacote/lib/registry.js b/deps/npm/node_modules/pacote/lib/registry.js
index 1ecf4ee1773499..1bfee0dd5e2990 100644
--- a/deps/npm/node_modules/pacote/lib/registry.js
+++ b/deps/npm/node_modules/pacote/lib/registry.js
@@ -229,7 +229,7 @@ class RegistryFetcher extends Fetcher {
         if (this.opts.verifyAttestations) {
           // Always fetch attestations from the current registry host
           const attestationsPath = new URL(dist.attestations.url).pathname
-          const attestationsUrl = removeTrailingSlashes(this.registry) + attestationsPath
+          const attestationsUrl = new URL(attestationsPath, this.registry).href
           const res = await fetch(attestationsUrl, {
             ...this.opts,
             // disable integrity check for attestations json payload, we check the
@@ -256,7 +256,10 @@ class RegistryFetcher extends Fetcher {
           const attestationKeyIds = bundles.map((b) => b.keyid).filter((k) => !!k)
           const attestationRegistryKeys = (this.registryKeys || [])
             .filter(key => attestationKeyIds.includes(key.keyid))
-          if (!attestationRegistryKeys.length) {
+          // Only require registry keys when there are keyed attestations.
+          // Keyless (Sigstore/Fulcio) attestations embed their signing
+          // certificate in the bundle and don't need registry keys.
+          if (attestationKeyIds.length > 0 && !attestationRegistryKeys.length) {
             throw Object.assign(new Error(
               `${mani._id} has attestations but no corresponding public key(s) can be found`
             ), { code: 'EMISSINGSIGNATUREKEY' })
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 3a1eafd46272a6..566ad698cf89ec 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "21.3.1",
+  "version": "21.4.0",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
@@ -46,6 +46,7 @@
     "git"
   ],
   "dependencies": {
+    "@gar/promise-retry": "^1.0.0",
     "@npmcli/git": "^7.0.0",
     "@npmcli/installed-package-contents": "^4.0.0",
     "@npmcli/package-json": "^7.0.0",
@@ -59,7 +60,6 @@
     "npm-pick-manifest": "^11.0.1",
     "npm-registry-fetch": "^19.0.0",
     "proc-log": "^6.0.0",
-    "promise-retry": "^2.0.1",
     "sigstore": "^4.0.0",
     "ssri": "^13.0.0",
     "tar": "^7.4.3"
diff --git a/deps/npm/node_modules/spdx-license-ids/index.json b/deps/npm/node_modules/spdx-license-ids/index.json
index b09dc98435c9eb..f51552687007bd 100644
--- a/deps/npm/node_modules/spdx-license-ids/index.json
+++ b/deps/npm/node_modules/spdx-license-ids/index.json
@@ -12,6 +12,7 @@
 	"AGPL-1.0-or-later",
 	"AGPL-3.0-only",
 	"AGPL-3.0-or-later",
+	"ALGLIB-Documentation",
 	"AMD-newlib",
 	"AMDPLPA",
 	"AML",
@@ -33,6 +34,7 @@
 	"Adobe-Display-PostScript",
 	"Adobe-Glyph",
 	"Adobe-Utopia",
+	"Advanced-Cryptics-Dictionary",
 	"Afmparse",
 	"Aladdin",
 	"Apache-1.0",
@@ -46,6 +48,7 @@
 	"Artistic-2.0",
 	"Artistic-dist",
 	"Aspell-RU",
+	"BOLA-1.1",
 	"BSD-1-Clause",
 	"BSD-2-Clause",
 	"BSD-2-Clause-Darwin",
@@ -65,6 +68,7 @@
 	"BSD-3-Clause-No-Nuclear-Warranty",
 	"BSD-3-Clause-Open-MPI",
 	"BSD-3-Clause-Sun",
+	"BSD-3-Clause-Tso",
 	"BSD-3-Clause-acpica",
 	"BSD-3-Clause-flex",
 	"BSD-4-Clause",
@@ -75,6 +79,7 @@
 	"BSD-Advertising-Acknowledgement",
 	"BSD-Attribution-HPND-disclaimer",
 	"BSD-Inferno-Nettverk",
+	"BSD-Mark-Modifications",
 	"BSD-Protection",
 	"BSD-Source-Code",
 	"BSD-Source-beginning-file",
@@ -96,9 +101,11 @@
 	"Borceux",
 	"Brian-Gladman-2-Clause",
 	"Brian-Gladman-3-Clause",
+	"Buddy",
 	"C-UDA-1.0",
 	"CAL-1.0",
 	"CAL-1.0-Combined-Work-Exception",
+	"CAPEC-tou",
 	"CATOSL-1.1",
 	"CC-BY-1.0",
 	"CC-BY-2.0",
@@ -216,6 +223,9 @@
 	"EPICS",
 	"EPL-1.0",
 	"EPL-2.0",
+	"ESA-PL-permissive-2.4",
+	"ESA-PL-strong-copyleft-2.4",
+	"ESA-PL-weak-copyleft-2.4",
 	"EUDatagrid",
 	"EUPL-1.0",
 	"EUPL-1.1",
@@ -289,6 +299,7 @@
 	"HPND-Markus-Kuhn",
 	"HPND-Netrek",
 	"HPND-Pbmplus",
+	"HPND-SMC",
 	"HPND-UC",
 	"HPND-UC-export-US",
 	"HPND-doc",
@@ -303,6 +314,7 @@
 	"HPND-sell-variant",
 	"HPND-sell-variant-MIT-disclaimer",
 	"HPND-sell-variant-MIT-disclaimer-rev",
+	"HPND-sell-variant-critical-systems",
 	"HTMLTIDY",
 	"HaskellReport",
 	"Hippocratic-2.1",
@@ -315,6 +327,7 @@
 	"IPL-1.0",
 	"ISC",
 	"ISC-Veillard",
+	"ISO-permission",
 	"ImageMagick",
 	"Imlib2",
 	"Info-ZIP",
@@ -372,6 +385,7 @@
 	"MIT-Festival",
 	"MIT-Khronos-old",
 	"MIT-Modern-Variant",
+	"MIT-STK",
 	"MIT-Wu",
 	"MIT-advertising",
 	"MIT-enna",
@@ -380,6 +394,7 @@
 	"MIT-testregex",
 	"MITNFA",
 	"MMIXware",
+	"MMPL-1.0.1",
 	"MPEG-SSG",
 	"MPL-1.0",
 	"MPL-1.1",
@@ -411,6 +426,7 @@
 	"NGPL",
 	"NICTA-1.0",
 	"NIST-PD",
+	"NIST-PD-TNT",
 	"NIST-PD-fallback",
 	"NIST-Software",
 	"NLOD-1.0",
@@ -470,12 +486,15 @@
 	"OPL-1.0",
 	"OPL-UK-3.0",
 	"OPUBL-1.0",
+	"OSC-1.0",
 	"OSET-PL-2.1",
 	"OSL-1.0",
 	"OSL-1.1",
 	"OSL-2.0",
 	"OSL-2.1",
 	"OSL-3.0",
+	"OSSP",
+	"OpenMDW-1.0",
 	"OpenPBS-2.3",
 	"OpenSSL",
 	"OpenSSL-standalone",
@@ -486,6 +505,7 @@
 	"PHP-3.01",
 	"PPL",
 	"PSF-2.0",
+	"ParaType-Free-Font-1.3",
 	"Parity-6.0.0",
 	"Parity-7.0.0",
 	"Pixar",
@@ -514,6 +534,7 @@
 	"SGI-B-1.1",
 	"SGI-B-2.0",
 	"SGI-OpenGL",
+	"SGMLUG-PM",
 	"SGP4",
 	"SHL-0.5",
 	"SHL-0.51",
@@ -561,6 +582,7 @@
 	"TTYP0",
 	"TU-Berlin-1.0",
 	"TU-Berlin-2.0",
+	"TekHVC",
 	"TermReadKey",
 	"ThirdEye",
 	"TrustedQSL",
@@ -570,6 +592,7 @@
 	"UPL-1.0",
 	"URT-RLE",
 	"Ubuntu-font-1.0",
+	"UnRAR",
 	"Unicode-3.0",
 	"Unicode-DFS-2015",
 	"Unicode-DFS-2016",
@@ -581,15 +604,19 @@
 	"VOSTROM",
 	"VSL-1.0",
 	"Vim",
+	"Vixie-Cron",
 	"W3C",
 	"W3C-19980720",
 	"W3C-20150513",
+	"WTFNMFPL",
 	"WTFPL",
 	"Watcom-1.0",
 	"Widget-Workshop",
+	"WordNet",
 	"Wsuipa",
 	"X11",
 	"X11-distribute-modifications-variant",
+	"X11-no-permit-persons",
 	"X11-swapped",
 	"XFree86-1.1",
 	"XSkat",
@@ -630,6 +657,7 @@
 	"gnuplot",
 	"gtkbook",
 	"hdparm",
+	"hyphen-bulgarian",
 	"iMatix",
 	"jove",
 	"libpng-1.6.35",
diff --git a/deps/npm/node_modules/spdx-license-ids/package.json b/deps/npm/node_modules/spdx-license-ids/package.json
index 201e888cecfaa8..9c9ba083889a7e 100644
--- a/deps/npm/node_modules/spdx-license-ids/package.json
+++ b/deps/npm/node_modules/spdx-license-ids/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "spdx-license-ids",
-	"version": "3.0.22",
+	"version": "3.0.23",
 	"description": "A list of SPDX license identifiers",
 	"repository": "jslicense/spdx-license-ids",
 	"author": "Shinnosuke Watanabe (https://github.com/shinnn)",
diff --git a/deps/npm/package.json b/deps/npm/package.json
index c5c5292b9251a4..46ebacd5ade907 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "11.10.1",
+  "version": "11.11.0",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
@@ -52,7 +52,7 @@
   },
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
-    "@npmcli/arborist": "^9.3.1",
+    "@npmcli/arborist": "^9.4.0",
     "@npmcli/config": "^10.7.1",
     "@npmcli/fs": "^5.0.0",
     "@npmcli/map-workspaces": "^5.0.3",
@@ -77,16 +77,16 @@
     "is-cidr": "^6.0.3",
     "json-parse-even-better-errors": "^5.0.0",
     "libnpmaccess": "^10.0.3",
-    "libnpmdiff": "^8.1.2",
-    "libnpmexec": "^10.2.2",
-    "libnpmfund": "^7.0.16",
+    "libnpmdiff": "^8.1.3",
+    "libnpmexec": "^10.2.3",
+    "libnpmfund": "^7.0.17",
     "libnpmorg": "^8.0.1",
-    "libnpmpack": "^9.1.2",
+    "libnpmpack": "^9.1.3",
     "libnpmpublish": "^11.1.3",
     "libnpmsearch": "^9.0.1",
     "libnpmteam": "^8.0.2",
     "libnpmversion": "^8.0.3",
-    "make-fetch-happen": "^15.0.3",
+    "make-fetch-happen": "^15.0.4",
     "minimatch": "^10.2.2",
     "minipass": "^7.1.3",
     "minipass-pipeline": "^1.2.4",
@@ -101,7 +101,7 @@
     "npm-registry-fetch": "^19.1.1",
     "npm-user-validate": "^4.0.0",
     "p-map": "^7.0.4",
-    "pacote": "^21.3.1",
+    "pacote": "^21.4.0",
     "parse-conflict-json": "^5.0.1",
     "proc-log": "^6.1.0",
     "qrcode-terminal": "^0.12.0",
@@ -187,7 +187,7 @@
   "devDependencies": {
     "@npmcli/docs": "^1.0.0",
     "@npmcli/eslint-config": "^5.1.0",
-    "@npmcli/git": "^7.0.1",
+    "@npmcli/git": "^7.0.2",
     "@npmcli/mock-globals": "^1.0.0",
     "@npmcli/mock-registry": "^1.0.0",
     "@npmcli/template-oss": "4.29.0",
@@ -198,7 +198,7 @@
     "cli-table3": "^0.6.4",
     "diff": "^8.0.3",
     "nock": "^13.4.0",
-    "npm-packlist": "^10.0.3",
+    "npm-packlist": "^10.0.4",
     "remark": "^15.0.1",
     "remark-gfm": "^4.0.1",
     "remark-github": "^12.0.0",
diff --git a/deps/npm/tap-snapshots/test/lib/commands/completion.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/completion.js.test.cjs
index 0b0ee324ce05dd..43a99252d4200a 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/completion.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/completion.js.test.cjs
@@ -139,6 +139,7 @@ Array [
   String(
     github
     gitlab
+    circleci
     list
     revoke
   ),
diff --git a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
index d1b790cfe94539..c0f7bf8fb278ca 100644
--- a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
@@ -5791,6 +5791,9 @@ Subcommands:
   gitlab
     Create a trusted relationship between a package and GitLab CI/CD
 
+  circleci
+    Create a trusted relationship between a package and CircleCI
+
   list
     List trusted relationships for a package
 
@@ -5815,6 +5818,8 @@ Note: This command is unaware of workspaces.
 #### Flags
 #### Synopsis
 #### Flags
+#### Synopsis
+#### Flags
 `
 
 exports[`test/lib/docs.js TAP usage undeprecate > must match snapshot 1`] = `
diff --git a/deps/npm/tap-snapshots/test/lib/utils/sbom-cyclonedx.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/sbom-cyclonedx.js.test.cjs
index 2f0af32f7f501d..8bc81cc4f69c15 100644
--- a/deps/npm/tap-snapshots/test/lib/utils/sbom-cyclonedx.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/utils/sbom-cyclonedx.js.test.cjs
@@ -833,6 +833,154 @@ exports[`test/lib/utils/sbom-cyclonedx.js TAP single node - with issue tracker >
 }
 `
 
+exports[`test/lib/utils/sbom-cyclonedx.js TAP single node - with legacy licenses array (multiple) > must match snapshot 1`] = `
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:00000000-0000-0000-0000-000000000000",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2020-01-01T00:00:00.000Z",
+    "lifecycles": [
+      {
+        "phase": "build"
+      }
+    ],
+    "tools": [
+      {
+        "vendor": "npm",
+        "name": "cli",
+        "version": "10.0.0 "
+      }
+    ],
+    "component": {
+      "bom-ref": "root@1.0.0",
+      "type": "library",
+      "name": "root",
+      "version": "1.0.0",
+      "scope": "required",
+      "author": "Author",
+      "purl": "pkg:npm/root@1.0.0",
+      "properties": [],
+      "externalReferences": [],
+      "licenses": [
+        {
+          "expression": "MIT OR Apache-2.0"
+        }
+      ]
+    }
+  },
+  "components": [],
+  "dependencies": [
+    {
+      "ref": "root@1.0.0",
+      "dependsOn": []
+    }
+  ]
+}
+`
+
+exports[`test/lib/utils/sbom-cyclonedx.js TAP single node - with legacy licenses array (single) > must match snapshot 1`] = `
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:00000000-0000-0000-0000-000000000000",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2020-01-01T00:00:00.000Z",
+    "lifecycles": [
+      {
+        "phase": "build"
+      }
+    ],
+    "tools": [
+      {
+        "vendor": "npm",
+        "name": "cli",
+        "version": "10.0.0 "
+      }
+    ],
+    "component": {
+      "bom-ref": "root@1.0.0",
+      "type": "library",
+      "name": "root",
+      "version": "1.0.0",
+      "scope": "required",
+      "author": "Author",
+      "purl": "pkg:npm/root@1.0.0",
+      "properties": [],
+      "externalReferences": [],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    }
+  },
+  "components": [],
+  "dependencies": [
+    {
+      "ref": "root@1.0.0",
+      "dependsOn": []
+    }
+  ]
+}
+`
+
+exports[`test/lib/utils/sbom-cyclonedx.js TAP single node - with legacy licenses array (string entries) > must match snapshot 1`] = `
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:00000000-0000-0000-0000-000000000000",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2020-01-01T00:00:00.000Z",
+    "lifecycles": [
+      {
+        "phase": "build"
+      }
+    ],
+    "tools": [
+      {
+        "vendor": "npm",
+        "name": "cli",
+        "version": "10.0.0 "
+      }
+    ],
+    "component": {
+      "bom-ref": "root@1.0.0",
+      "type": "library",
+      "name": "root",
+      "version": "1.0.0",
+      "scope": "required",
+      "author": "Author",
+      "purl": "pkg:npm/root@1.0.0",
+      "properties": [],
+      "externalReferences": [],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    }
+  },
+  "components": [],
+  "dependencies": [
+    {
+      "ref": "root@1.0.0",
+      "dependsOn": []
+    }
+  ]
+}
+`
+
 exports[`test/lib/utils/sbom-cyclonedx.js TAP single node - with license expression > must match snapshot 1`] = `
 {
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
diff --git a/deps/npm/tap-snapshots/test/lib/utils/sbom-spdx.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/sbom-spdx.js.test.cjs
index 3583c0bc835771..26931d78124a70 100644
--- a/deps/npm/tap-snapshots/test/lib/utils/sbom-spdx.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/utils/sbom-spdx.js.test.cjs
@@ -594,6 +594,141 @@ exports[`test/lib/utils/sbom-spdx.js TAP single node - with integrity > must mat
 }
 `
 
+exports[`test/lib/utils/sbom-spdx.js TAP single node - with legacy licenses array (multiple) > must match snapshot 1`] = `
+{
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "root@1.0.0",
+  "documentNamespace": "docns",
+  "creationInfo": {
+    "created": "2020-01-01T00:00:00.000Z",
+    "creators": [
+      "Tool: npm/cli-10.0.0 "
+    ]
+  },
+  "documentDescribes": [
+    "SPDXRef-Package-root-1.0.0"
+  ],
+  "packages": [
+    {
+      "name": "root",
+      "SPDXID": "SPDXRef-Package-root-1.0.0",
+      "versionInfo": "1.0.0",
+      "packageFileName": "",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "homepage": "NOASSERTION",
+      "licenseDeclared": "MIT OR Apache-2.0",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:npm/root@1.0.0"
+        }
+      ]
+    }
+  ],
+  "relationships": [
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-Package-root-1.0.0",
+      "relationshipType": "DESCRIBES"
+    }
+  ]
+}
+`
+
+exports[`test/lib/utils/sbom-spdx.js TAP single node - with legacy licenses array (single) > must match snapshot 1`] = `
+{
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "root@1.0.0",
+  "documentNamespace": "docns",
+  "creationInfo": {
+    "created": "2020-01-01T00:00:00.000Z",
+    "creators": [
+      "Tool: npm/cli-10.0.0 "
+    ]
+  },
+  "documentDescribes": [
+    "SPDXRef-Package-root-1.0.0"
+  ],
+  "packages": [
+    {
+      "name": "root",
+      "SPDXID": "SPDXRef-Package-root-1.0.0",
+      "versionInfo": "1.0.0",
+      "packageFileName": "",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "homepage": "NOASSERTION",
+      "licenseDeclared": "MIT",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:npm/root@1.0.0"
+        }
+      ]
+    }
+  ],
+  "relationships": [
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-Package-root-1.0.0",
+      "relationshipType": "DESCRIBES"
+    }
+  ]
+}
+`
+
+exports[`test/lib/utils/sbom-spdx.js TAP single node - with legacy licenses array (string entries) > must match snapshot 1`] = `
+{
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "root@1.0.0",
+  "documentNamespace": "docns",
+  "creationInfo": {
+    "created": "2020-01-01T00:00:00.000Z",
+    "creators": [
+      "Tool: npm/cli-10.0.0 "
+    ]
+  },
+  "documentDescribes": [
+    "SPDXRef-Package-root-1.0.0"
+  ],
+  "packages": [
+    {
+      "name": "root",
+      "SPDXID": "SPDXRef-Package-root-1.0.0",
+      "versionInfo": "1.0.0",
+      "packageFileName": "",
+      "downloadLocation": "NOASSERTION",
+      "filesAnalyzed": false,
+      "homepage": "NOASSERTION",
+      "licenseDeclared": "MIT",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:npm/root@1.0.0"
+        }
+      ]
+    }
+  ],
+  "relationships": [
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-Package-root-1.0.0",
+      "relationshipType": "DESCRIBES"
+    }
+  ]
+}
+`
+
 exports[`test/lib/utils/sbom-spdx.js TAP single node - with license expression > must match snapshot 1`] = `
 {
   "spdxVersion": "SPDX-2.3",
diff --git a/deps/npm/test/fixtures/mock-oidc.js b/deps/npm/test/fixtures/mock-oidc.js
index 3af720670b9470..d15d52c1b819fc 100644
--- a/deps/npm/test/fixtures/mock-oidc.js
+++ b/deps/npm/test/fixtures/mock-oidc.js
@@ -33,6 +33,18 @@ function githubIdToken ({ visibility = 'public' } = { visibility: 'public' }) {
   return makeJwt(payload)
 }
 
+function circleciIdToken () {
+  const now = Math.floor(Date.now() / 1000)
+  const payload = {
+    'oidc.circleci.com/org-id': 'c9035eb6-6eb2-4c85-8a81-d9ee6a1fa8c2',
+    'oidc.circleci.com/project-id': 'ecc458d2-fbdc-4d9a-93c4-ac065ed3c3ca',
+    'oidc.circleci.com/vcs-origin': 'github.com/npm/trust-publish-test',
+    iat: now,
+    exp: now + 3600, // 1 hour expiration
+  }
+  return makeJwt(payload)
+}
+
 const mockOidc = async (t, {
   oidcOptions = {},
   packageName = '@npmcli/test-package',
@@ -47,6 +59,7 @@ const mockOidc = async (t, {
 }) => {
   const github = oidcOptions.github ?? false
   const gitlab = oidcOptions.gitlab ?? false
+  const circleci = oidcOptions.circleci ?? false
 
   const ACTIONS_ID_TOKEN_REQUEST_URL = oidcOptions.ACTIONS_ID_TOKEN_REQUEST_URL ?? 'https://github.com/actions/id-token'
   const ACTIONS_ID_TOKEN_REQUEST_TOKEN = oidcOptions.ACTIONS_ID_TOKEN_REQUEST_TOKEN ?? 'ACTIONS_ID_TOKEN_REQUEST_TOKEN'
@@ -56,9 +69,10 @@ const mockOidc = async (t, {
       env: {
         ACTIONS_ID_TOKEN_REQUEST_TOKEN: ACTIONS_ID_TOKEN_REQUEST_TOKEN,
         ACTIONS_ID_TOKEN_REQUEST_URL: ACTIONS_ID_TOKEN_REQUEST_URL,
-        CI: github || gitlab ? 'true' : undefined,
+        CI: github || gitlab || circleci ? 'true' : undefined,
         ...(github ? { GITHUB_ACTIONS: 'true' } : {}),
         ...(gitlab ? { GITLAB_CI: 'true' } : {}),
+        ...(circleci ? { CIRCLECI: 'true' } : {}),
         ...(oidcOptions.NPM_ID_TOKEN ? { NPM_ID_TOKEN: oidcOptions.NPM_ID_TOKEN } : {}),
         /* eslint-disable-next-line max-len */
         ...(oidcOptions.SIGSTORE_ID_TOKEN ? { SIGSTORE_ID_TOKEN: oidcOptions.SIGSTORE_ID_TOKEN } : {}),
@@ -68,17 +82,23 @@ const mockOidc = async (t, {
 
   const GITHUB_ACTIONS = ciInfo.GITHUB_ACTIONS
   const GITLAB = ciInfo.GITLAB
+  const CIRCLE = ciInfo.CIRCLE
   delete ciInfo.GITHUB_ACTIONS
   delete ciInfo.GITLAB
+  delete ciInfo.CIRCLE
   if (github) {
     ciInfo.GITHUB_ACTIONS = 'true'
   }
   if (gitlab) {
     ciInfo.GITLAB = 'true'
   }
+  if (circleci) {
+    ciInfo.CIRCLE = 'true'
+  }
   t.teardown(() => {
     ciInfo.GITHUB_ACTIONS = GITHUB_ACTIONS
     ciInfo.GITLAB = GITLAB
+    ciInfo.CIRCLE = CIRCLE
   })
 
   const { npm, registry, joinedOutput, logs } = await loadNpmWithRegistry(t, {
@@ -156,6 +176,7 @@ const oidcPublishTest = (opts) => {
 }
 
 module.exports = {
+  circleciIdToken,
   gitlabIdToken,
   githubIdToken,
   mockOidc,
diff --git a/deps/npm/test/fixtures/sigstore/keyless-sigstore-attestations.json b/deps/npm/test/fixtures/sigstore/keyless-sigstore-attestations.json
new file mode 100644
index 00000000000000..f2fcb660554b92
--- /dev/null
+++ b/deps/npm/test/fixtures/sigstore/keyless-sigstore-attestations.json
@@ -0,0 +1,54 @@
+{
+  "attestations": [
+    {
+      "predicateType": "https://slsa.dev/provenance/v0.2",
+      "bundle": {
+        "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
+        "verificationMaterial": {
+          "x509CertificateChain": {
+            "certificates": [
+              {
+                "rawBytes": "MIIDmzCCAyGgAwIBAgIUce0wM1Ev1pqBXH9W1BbvEg9RopYwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMjA5MTc1NjAwWhcNMjMwMjA5MTgwNjAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0SgHPgKy+HgMtXdqkkgY6Ji1v7wc+lxnnatY73cbKFwQzw+/x8288IwIz6y54dtznSXnjbzNMdNS0Q2rfMsMcaOCAkAwggI8MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUVVMaFO5X4Xzc/tiJCfm0WXa75QIwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wZAYDVR0RAQH/BFowWIZWaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWpzLy5naXRodWIvd29ya2Zsb3dzL3B1Ymxpc2gueW1sQHJlZnMvdGFncy92MS4wLjAwOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAVBgorBgEEAYO/MAECBAdyZWxlYXNlMDYGCisGAQQBg78wAQMEKDA2NTI4OTk3YzNjOGFiOWY4NjRmYWQ5YTM2NTg0NDZhY2E3ZmQ4NmQwFQYKKwYBBAGDvzABBAQHcHVibGlzaDAiBgorBgEEAYO/MAEFBBRzaWdzdG9yZS9zaWdzdG9yZS1qczAeBgorBgEEAYO/MAEGBBByZWZzL3RhZ3MvdjEuMC4wMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGGN1HpGQAABAMARjBEAiB/E0+AFpKimPxI/TQDXeCa06+wtpwvLhyPrbHOQYu74gIgB/9fdZD+uHvUBHyptxaGoBxdJfUKEYx9nhaZw2LeZuwwCgYIKoZIzj0EAwMDaAAwZQIxAPW070C7IM0RrAU5rMpP25TFH/rfKvbvqRNnUoPfvIlA9q7Abe8BHIl97pTmf/5vJgIwbZ4myRXGWjB0LUyzplC2GX0kklVGYeqRM5xxsxAK0zwd/U7KjoFIlp/gkyLyiMHH"
+              },
+              {
+                "rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
+              },
+              {
+                "rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
+              }
+            ]
+          },
+          "tlogEntries": [
+            {
+              "logIndex": "12988397",
+              "logId": {
+                "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
+              },
+              "kindVersion": {
+                "kind": "intoto",
+                "version": "0.0.2"
+              },
+              "integratedTime": "1675965360",
+              "inclusionPromise": {
+                "signedEntryTimestamp": "MEUCID8bfktgHysxMJAIXz6CqqKHGAYPp/X6FZrS9SDtKdbcAiEAg+0zUFNPJKEVX6m33aCU+CRBgWkDNOC8oE4jHoco4kw="
+              },
+              "inclusionProof": null,
+              "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVJ0ZWtORFFYbEhaMEYzU1VKQlowbFZZMlV3ZDAweFJYWXhjSEZDV0VnNVZ6RkNZblpGWnpsU2IzQlpkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDAxcVFUVk5WR014VG1wQmQxZG9ZMDVOYWsxM1RXcEJOVTFVWjNkT2FrRjNWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVVd1UyZElVR2RMZVN0SVowMTBXR1J4YTJ0bldUWkthVEYyTjNkaksyeDRibTVoZEZrS056TmpZa3RHZDFGNmR5c3ZlRGd5T0RoSmQwbDZObmsxTkdSMGVtNVRXRzVxWW5wT1RXUk9VekJSTW5KbVRYTk5ZMkZQUTBGclFYZG5aMGs0VFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWV1ZrMWhDa1pQTlZnMFdIcGpMM1JwU2tObWJUQlhXR0UzTlZGSmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQxcEJXVVJXVWpCU1FWRklMMEpHYjNkWFNWcFhZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRETk9jRm96VGpCaU0wcHNURE5PY0FwYU0wNHdZak5LYkV4WGNIcE1lVFZ1WVZoU2IyUlhTWFprTWpsNVlUSmFjMkl6WkhwTU0wSXhXVzE0Y0dNeVozVmxWekZ6VVVoS2JGcHVUWFprUjBadUNtTjVPVEpOVXpSM1RHcEJkMDlSV1V0TGQxbENRa0ZIUkhaNlFVSkJVVkZ5WVVoU01HTklUVFpNZVRrd1lqSjBiR0pwTldoWk0xSndZakkxZWt4dFpIQUtaRWRvTVZsdVZucGFXRXBxWWpJMU1GcFhOVEJNYlU1MllsUkJWa0puYjNKQ1owVkZRVmxQTDAxQlJVTkNRV1I1V2xkNGJGbFlUbXhOUkZsSFEybHpSd3BCVVZGQ1p6YzRkMEZSVFVWTFJFRXlUbFJKTkU5VWF6TlplazVxVDBkR2FVOVhXVFJPYWxKdFdWZFJOVmxVVFRKT1ZHY3dUa1JhYUZreVJUTmFiVkUwQ2s1dFVYZEdVVmxMUzNkWlFrSkJSMFIyZWtGQ1FrRlJTR05JVm1saVIyeDZZVVJCYVVKbmIzSkNaMFZGUVZsUEwwMUJSVVpDUWxKNllWZGtlbVJIT1hrS1dsTTVlbUZYWkhwa1J6bDVXbE14Y1dONlFXVkNaMjl5UW1kRlJVRlpUeTlOUVVWSFFrSkNlVnBYV25wTU0xSm9Xak5OZG1ScVJYVk5RelIzVFVsSFNncENaMjl5UW1kRlJVRmtXalZCWjFGRFFraHpSV1ZSUWpOQlNGVkJNMVF3ZDJGellraEZWRXBxUjFJMFkyMVhZek5CY1VwTFdISnFaVkJMTXk5b05IQjVDbWRET0hBM2J6UkJRVUZIUjA0eFNIQkhVVUZCUWtGTlFWSnFRa1ZCYVVJdlJUQXJRVVp3UzJsdFVIaEpMMVJSUkZobFEyRXdOaXQzZEhCM2RreG9lVkFLY21KSVQxRlpkVGMwWjBsblFpODVabVJhUkN0MVNIWlZRa2g1Y0hSNFlVZHZRbmhrU21aVlMwVlplRGx1YUdGYWR6Sk1aVnAxZDNkRFoxbEpTMjlhU1FwNmFqQkZRWGROUkdGQlFYZGFVVWw0UVZCWE1EY3dRemRKVFRCU2NrRlZOWEpOY0ZBeU5WUkdTQzl5Wmt0MlluWnhVazV1Vlc5UVpuWkpiRUU1Y1RkQkNtSmxPRUpJU1d3NU4zQlViV1l2TlhaS1owbDNZbG8wYlhsU1dFZFhha0l3VEZWNWVuQnNRekpIV0RCcmEyeFdSMWxsY1ZKTk5YaDRjM2hCU3pCNmQyUUtMMVUzUzJwdlJrbHNjQzluYTNsTWVXbE5TRWdLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89Iiwic2lnIjoiVFVWWlEwbFJSREV3YTBGdU0yeERMekZ5U25aWVFuUlRSR05yWW5GclMwVnRlak0yT1dkUVJFdGlOR3hITkhwTlMxRkphRUZRTVN0U2FHSk5ZMEZUYzJaWWFIaHdXRXRPUTBGcVNtSXJNMEYyTTBKeU9UVmxTMFEzVmt3dlFrVkMifV19LCJoYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNjI2OWQzNzQ2MzI0MjM5YzEzOGJkZTMzMDEzMTVlY2FkNmI4ZGM5YzcwY2RlYTBhODEyYjYzYTUzOGJmYzdlYyJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6Ijg0NWU5MTRlYmJhZTBkNmZmY2FlMmFmYjc3YzdkZWY0NzkzMDVjOWVlMzExMDE0MDJmZTQ3NWU2ZDIzZjExYzkifX19fQ=="
+            }
+          ],
+          "timestampVerificationData": null
+        },
+        "dsseEnvelope": {
+          "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJwa2c6bnBtL3NpZ3N0b3JlQDEuMC4wIiwiZGlnZXN0Ijp7InNoYTUxMiI6IjdiZWE5ZjZlN2ZmMzdmNWZhYjBiMzZiZjA2MTIwMGZmZjAzMDk5ZmQyZmQ2OTZiOTFkMDRiYzVlNGYyMjVlYjlmZDZlMGNhZGNhZDU0YmE5ODBmNDNmYjM1MmE5OWU4ODEwYjRlMGFiZWI1YzBlZjJjZjkxMDhjZDFmMjU4YjM2In19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4yIiwicHJlZGljYXRlIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9ucG0vY2xpL2doYUB2MCIsImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbnBtL2NsaUA5LjQuMiJ9LCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWpzQHJlZnMvdGFncy92MS4wLjAiLCJkaWdlc3QiOnsic2hhMSI6IjA2NTI4OTk3YzNjOGFiOWY4NjRmYWQ5YTM2NTg0NDZhY2E3ZmQ4NmQifSwiZW50cnlQb2ludCI6InNpZ3N0b3JlL3NpZ3N0b3JlLWpzLy5naXRodWIvd29ya2Zsb3dzL3B1Ymxpc2gueW1sQHJlZnMvdGFncy92MS4wLjAifSwicGFyYW1ldGVycyI6e30sImVudmlyb25tZW50Ijp7IkdJVEhVQl9BQ1RPUl9JRCI6IjM5ODAyNyIsIkdJVEhVQl9FVkVOVF9OQU1FIjoicmVsZWFzZSIsIkdJVEhVQl9SRUYiOiJyZWZzL3RhZ3MvdjEuMC4wIiwiR0lUSFVCX1JFRl9UWVBFIjoidGFnIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJzaWdzdG9yZS9zaWdzdG9yZS1qcyIsIkdJVEhVQl9SRVBPU0lUT1JZX0lEIjoiNDk1NTc0NTU1IiwiR0lUSFVCX1JFUE9TSVRPUllfT1dORVJfSUQiOiI3MTA5NjM1MyIsIkdJVEhVQl9SVU5fQVRURU1QVCI6IjEiLCJHSVRIVUJfUlVOX0lEIjoiNDEzNzAyODgxNiIsIkdJVEhVQl9SVU5fTlVNQkVSIjoiOSIsIkdJVEhVQl9TSEEiOiIwNjUyODk5N2MzYzhhYjlmODY0ZmFkOWEzNjU4NDQ2YWNhN2ZkODZkIiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6InNpZ3N0b3JlL3NpZ3N0b3JlLWpzLy5naXRodWIvd29ya2Zsb3dzL3B1Ymxpc2gueW1sQHJlZnMvdGFncy92MS4wLjAiLCJHSVRIVUJfV09SS0ZMT1dfU0hBIjoiMDY1Mjg5OTdjM2M4YWI5Zjg2NGZhZDlhMzY1ODQ0NmFjYTdmZDg2ZCJ9fSwibWV0YWRhdGEiOnsiYnVpbGRJbnZvY2F0aW9uSWQiOiI0MTM3MDI4ODE2LTEiLCJjb21wbGV0ZW5lc3MiOnsicGFyYW1ldGVycyI6ZmFsc2UsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtanMiLCJkaWdlc3QiOnsic2hhMSI6IjA2NTI4OTk3YzNjOGFiOWY4NjRmYWQ5YTM2NTg0NDZhY2E3ZmQ4NmQifX1dfX0=",
+          "payloadType": "application/vnd.in-toto+json",
+          "signatures": [
+            {
+              "sig": "MEYCIQD10kAn3lC/1rJvXBtSDckbqkKEmz369gPDKb4lG4zMKQIhAP1+RhbMcASsfXhxpXKNCAjJb+3Av3Br95eKD7VL/BEB",
+              "keyid": ""
+            }
+          ]
+        }
+      }
+    }
+  ]
+}
diff --git a/deps/npm/test/lib/commands/audit.js b/deps/npm/test/lib/commands/audit.js
index 26853823a72b0b..4103ff8dec8c16 100644
--- a/deps/npm/test/lib/commands/audit.js
+++ b/deps/npm/test/lib/commands/audit.js
@@ -1853,6 +1853,47 @@ t.test('audit signatures', async t => {
     t.matchSnapshot(joinedOutput())
   })
 
+  t.test('with keyless attestations and no registry keys', async t => {
+    const { npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir: installWithValidAttestations,
+      mocks: {
+        pacote: t.mock('pacote', {
+          sigstore: { verify: async () => true },
+        }),
+      },
+    })
+    const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') })
+    const manifest = registry.manifest({
+      name: 'sigstore',
+      packuments: [{
+        version: '1.0.0',
+        dist: {
+          integrity: 'sha512-e+qfbn/zf1+rCza/BhIA//Awmf0v1pa5HQS8Xk8iXrn9bgytytVLqYD' +
+                     '0P7NSqZ6IELTgq+tcDvLPkQjNHyWLNg==',
+          tarball: 'https://registry.npmjs.org/sigstore/-/sigstore-1.0.0.tgz',
+          attestations: {
+            url: 'https://registry.npmjs.org/-/npm/v1/attestations/sigstore@1.0.0',
+            provenance: { predicateType: 'https://slsa.dev/provenance/v0.2' },
+          },
+        },
+      }],
+    })
+    await registry.package({ manifest })
+    const fixture = fs.readFileSync(
+      path.resolve(__dirname, '../../fixtures/sigstore/keyless-sigstore-attestations.json'),
+      'utf8'
+    )
+    registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, JSON.parse(fixture))
+    // TUF returns no keys and the keys endpoint returns 404
+    mockTUF({ npm, target: TUF_TARGET_NOT_FOUND })
+    registry.nock.get('/-/npm/v1/keys').reply(404)
+
+    await npm.exec('audit', ['signatures'])
+
+    t.notOk(process.exitCode, 'should exit successfully')
+    t.match(joinedOutput(), /1 package has a verified attestation/)
+  })
+
   t.test('with multiple valid attestations', async t => {
     const { npm, joinedOutput } = await loadMockNpm(t, {
       prefixDir: installWithMultipleValidAttestations,
diff --git a/deps/npm/test/lib/commands/publish.js b/deps/npm/test/lib/commands/publish.js
index 4bba640b6d8a3b..ad528c2c8dd3ef 100644
--- a/deps/npm/test/lib/commands/publish.js
+++ b/deps/npm/test/lib/commands/publish.js
@@ -5,7 +5,7 @@ const pacote = require('pacote')
 const Arborist = require('@npmcli/arborist')
 const path = require('node:path')
 const fs = require('node:fs')
-const { githubIdToken, gitlabIdToken, oidcPublishTest, mockOidc } = require('../../fixtures/mock-oidc')
+const { circleciIdToken, githubIdToken, gitlabIdToken, oidcPublishTest, mockOidc } = require('../../fixtures/mock-oidc')
 const { sigstoreIdToken } = require('@npmcli/mock-registry/lib/provenance')
 const mockGlobals = require('@npmcli/mock-globals')
 
@@ -1222,6 +1222,35 @@ t.test('oidc token exchange - no provenance', t => {
     },
   }))
 
+  t.test('circleci missing NPM_ID_TOKEN', oidcPublishTest({
+    oidcOptions: { circleci: true, NPM_ID_TOKEN: '' },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'existing-fallback-token',
+    },
+    publishOptions: {
+      token: 'existing-fallback-token',
+    },
+    logsContain: [
+      'silly oidc Skipped because no id_token available',
+    ],
+  }))
+
+  t.test('default registry success circleci', oidcPublishTest({
+    oidcOptions: { circleci: true, NPM_ID_TOKEN: circleciIdToken() },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'existing-fallback-token',
+    },
+    mockOidcTokenExchangeOptions: {
+      idToken: circleciIdToken(),
+      body: {
+        token: 'exchange-token',
+      },
+    },
+    publishOptions: {
+      token: 'exchange-token',
+    },
+  }))
+
   // custom registry success
 
   t.test('custom registry config success github', oidcPublishTest({
diff --git a/deps/npm/test/lib/commands/trust/circleci.js b/deps/npm/test/lib/commands/trust/circleci.js
new file mode 100644
index 00000000000000..1ceec9a6e5845f
--- /dev/null
+++ b/deps/npm/test/lib/commands/trust/circleci.js
@@ -0,0 +1,476 @@
+const t = require('tap')
+const { load: loadMockNpm } = require('../../../fixtures/mock-npm.js')
+const MockRegistry = require('@npmcli/mock-registry')
+const realProcLog = require('proc-log')
+
+const packageName = '@npmcli/test-package'
+
+t.test('circleci with all options provided', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+    mocks: {
+      'proc-log': {
+        ...realProcLog,
+        input: {
+          ...realProcLog.input,
+          read: async () => 'y',
+        },
+      },
+    },
+  })
+
+  const registry = new MockRegistry({
+    tap: t,
+    registry: npm.config.get('registry'),
+    authorization: 'test-auth-token',
+  })
+
+  registry.trustCreate({ packageName })
+
+  await npm.exec('trust', [
+    'circleci',
+    packageName,
+    '--yes',
+    '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+    '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    '--vcs-origin', 'github.com/owner/repo',
+    '--context-id', '123e4567-e89b-12d3-a456-426614174000',
+  ])
+})
+
+t.test('circleci without optional context-id', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+    mocks: {
+      'proc-log': {
+        ...realProcLog,
+        input: {
+          ...realProcLog.input,
+          read: async () => 'y',
+        },
+      },
+    },
+  })
+
+  const registry = new MockRegistry({
+    tap: t,
+    registry: npm.config.get('registry'),
+    authorization: 'test-auth-token',
+  })
+
+  registry.trustCreate({ packageName })
+
+  await npm.exec('trust', [
+    'circleci',
+    packageName,
+    '--yes',
+    '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+    '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    '--vcs-origin', 'github.com/owner/repo',
+  ])
+})
+
+t.test('circleci with multiple context-ids', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+    mocks: {
+      'proc-log': {
+        ...realProcLog,
+        input: {
+          ...realProcLog.input,
+          read: async () => 'y',
+        },
+      },
+    },
+  })
+
+  const registry = new MockRegistry({
+    tap: t,
+    registry: npm.config.get('registry'),
+    authorization: 'test-auth-token',
+  })
+
+  registry.trustCreate({ packageName })
+
+  await npm.exec('trust', [
+    'circleci',
+    packageName,
+    '--yes',
+    '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+    '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    '--vcs-origin', 'github.com/owner/repo',
+    '--context-id', '123e4567-e89b-12d3-a456-426614174000',
+    '--context-id', 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
+  ])
+})
+
+t.test('circleci missing required org-id', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'github.com/owner/repo',
+    ]),
+    { message: /org-id is required/ }
+  )
+})
+
+t.test('circleci missing required project-id', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'github.com/owner/repo',
+    ]),
+    { message: /project-id is required/ }
+  )
+})
+
+t.test('circleci missing required pipeline-definition-id', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--vcs-origin', 'github.com/owner/repo',
+    ]),
+    { message: /pipeline-definition-id is required/ }
+  )
+})
+
+t.test('circleci missing required vcs-origin', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    ]),
+    { message: /vcs-origin is required/ }
+  )
+})
+
+t.test('circleci with invalid org-id uuid format', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', 'not-a-uuid',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'github.com/owner/repo',
+    ]),
+    { message: /org-id must be a valid UUID/ }
+  )
+})
+
+t.test('circleci with invalid vcs-origin format', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'invalid-format',
+    ]),
+    { message: /vcs-origin must be in format 'provider\/owner\/repo'/ }
+  )
+})
+
+t.test('circleci with vcs-origin containing scheme prefix', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      packageName,
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'https://github.com/owner/repo',
+    ]),
+    { message: /vcs-origin must not include a scheme/ }
+  )
+})
+
+t.test('circleci missing package name', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  await t.rejects(
+    npm.exec('trust', [
+      'circleci',
+      '--yes',
+      '--org-id', '550e8400-e29b-41d4-a716-446655440000',
+      '--project-id', '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      '--pipeline-definition-id', '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      '--vcs-origin', 'github.com/owner/repo',
+    ]),
+    { message: /Package name must be specified either as an argument or in package.json file/ }
+  )
+})
+
+t.test('bodyToOptions with all fields', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  const body = {
+    id: 'test-id',
+    type: 'circleci',
+    claims: {
+      'oidc.circleci.com/org-id': '550e8400-e29b-41d4-a716-446655440000',
+      'oidc.circleci.com/project-id': '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      'oidc.circleci.com/pipeline-definition-id': '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      'oidc.circleci.com/vcs-origin': 'github.com/owner/repo',
+      'oidc.circleci.com/context-ids': ['123e4567-e89b-12d3-a456-426614174000'],
+    },
+  }
+
+  const options = TrustCircleCI.bodyToOptions(body)
+
+  t.equal(options.id, 'test-id', 'id should be set')
+  t.equal(options.type, 'circleci', 'type should be set')
+  t.equal(options.orgId, '550e8400-e29b-41d4-a716-446655440000', 'orgId should be set')
+  t.equal(options.projectId, '7c9e6679-7425-40de-944b-e07fc1f90ae7', 'projectId should be set')
+  t.equal(options.pipelineDefinitionId, '6ba7b810-9dad-11d1-80b4-00c04fd430c8', 'pipelineDefinitionId should be set')
+  t.equal(options.vcsOrigin, 'github.com/owner/repo', 'vcsOrigin should be set')
+  t.same(options.contextIds, ['123e4567-e89b-12d3-a456-426614174000'], 'contextIds should be set')
+  t.end()
+})
+
+t.test('bodyToOptions without optional context_ids', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  const body = {
+    id: 'test-id',
+    type: 'circleci',
+    claims: {
+      'oidc.circleci.com/org-id': '550e8400-e29b-41d4-a716-446655440000',
+      'oidc.circleci.com/project-id': '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+      'oidc.circleci.com/pipeline-definition-id': '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+      'oidc.circleci.com/vcs-origin': 'github.com/owner/repo',
+    },
+  }
+
+  const options = TrustCircleCI.bodyToOptions(body)
+
+  t.equal(options.contextIds, undefined, 'contextIds should be undefined')
+  t.end()
+})
+
+t.test('optionsToBody with all fields', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  const options = {
+    orgId: '550e8400-e29b-41d4-a716-446655440000',
+    projectId: '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    pipelineDefinitionId: '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    vcsOrigin: 'github.com/owner/repo',
+    contextIds: ['123e4567-e89b-12d3-a456-426614174000'],
+  }
+
+  const body = TrustCircleCI.optionsToBody(options)
+
+  t.equal(body.type, 'circleci', 'type should be circleci')
+  t.equal(body.claims['oidc.circleci.com/org-id'], '550e8400-e29b-41d4-a716-446655440000', 'org-id should be set')
+  t.equal(body.claims['oidc.circleci.com/project-id'], '7c9e6679-7425-40de-944b-e07fc1f90ae7', 'project-id should be set')
+  t.equal(body.claims['oidc.circleci.com/pipeline-definition-id'], '6ba7b810-9dad-11d1-80b4-00c04fd430c8', 'pipeline-definition-id should be set')
+  t.equal(body.claims['oidc.circleci.com/vcs-origin'], 'github.com/owner/repo', 'vcs-origin should be set')
+  t.same(body.claims['oidc.circleci.com/context-ids'], ['123e4567-e89b-12d3-a456-426614174000'], 'context-ids should be set')
+  t.end()
+})
+
+t.test('optionsToBody without optional contextIds', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  const options = {
+    orgId: '550e8400-e29b-41d4-a716-446655440000',
+    projectId: '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    pipelineDefinitionId: '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    vcsOrigin: 'github.com/owner/repo',
+  }
+
+  const body = TrustCircleCI.optionsToBody(options)
+
+  t.equal(body.claims['oidc.circleci.com/context-ids'], undefined, 'context-ids should be undefined')
+  t.end()
+})
+
+t.test('optionsToBody with multiple contextIds', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  const options = {
+    orgId: '550e8400-e29b-41d4-a716-446655440000',
+    projectId: '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+    pipelineDefinitionId: '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+    vcsOrigin: 'github.com/owner/repo',
+    contextIds: [
+      '123e4567-e89b-12d3-a456-426614174000',
+      'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
+    ],
+  }
+
+  const body = TrustCircleCI.optionsToBody(options)
+
+  t.same(body.claims['oidc.circleci.com/context-ids'], [
+    '123e4567-e89b-12d3-a456-426614174000',
+    'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
+  ], 'context-ids should contain both UUIDs')
+  t.end()
+})
+
+t.test('getVcsOriginUrl generates correct URL', t => {
+  const TrustCircleCI = require('../../../../lib/commands/trust/circleci.js')
+
+  t.equal(
+    TrustCircleCI.prototype.getVcsOriginUrl('github.com/npm/cli'),
+    'https://github.com/npm/cli',
+    'should generate https URL from vcs-origin'
+  )
+  t.equal(
+    TrustCircleCI.prototype.getVcsOriginUrl('bitbucket.org/owner/repo'),
+    'https://bitbucket.org/owner/repo',
+    'should work with bitbucket'
+  )
+  t.equal(
+    TrustCircleCI.prototype.getVcsOriginUrl(null),
+    null,
+    'should return null for null input'
+  )
+  t.equal(
+    TrustCircleCI.prototype.getVcsOriginUrl(undefined),
+    null,
+    'should return null for undefined input'
+  )
+  t.end()
+})
diff --git a/deps/npm/test/lib/commands/trust/list.js b/deps/npm/test/lib/commands/trust/list.js
index 99d25b66bc90c8..8a66f390aaa310 100644
--- a/deps/npm/test/lib/commands/trust/list.js
+++ b/deps/npm/test/lib/commands/trust/list.js
@@ -221,6 +221,44 @@ t.test('list with scoped package', async t => {
   await npm.exec('trust', ['list', scopedPackage])
 })
 
+t.test('list with circleci trust type', async t => {
+  const { npm } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: packageName,
+        version: '1.0.0',
+      }),
+    },
+    config: {
+      '//registry.npmjs.org/:_authToken': 'test-auth-token',
+    },
+  })
+
+  const registry = new MockRegistry({
+    tap: t,
+    registry: npm.config.get('registry'),
+    authorization: 'test-auth-token',
+  })
+
+  const trustConfigs = [
+    {
+      id: 'test-id-1',
+      type: 'circleci',
+      claims: {
+        'oidc.circleci.com/org-id': '550e8400-e29b-41d4-a716-446655440000',
+        'oidc.circleci.com/project-id': '7c9e6679-7425-40de-944b-e07fc1f90ae7',
+        'oidc.circleci.com/pipeline-definition-id': '6ba7b810-9dad-11d1-80b4-00c04fd430c8',
+        'oidc.circleci.com/vcs-origin': 'github.com/owner/repo',
+        'oidc.circleci.com/context-ids': ['123e4567-e89b-12d3-a456-426614174000'],
+      },
+    },
+  ]
+
+  registry.trustList({ packageName, body: trustConfigs })
+
+  await npm.exec('trust', ['list', packageName])
+})
+
 t.test('list with unknown trust type', async t => {
   const { npm } = await loadMockNpm(t, {
     prefixDir: {
diff --git a/deps/npm/test/lib/utils/sbom-cyclonedx.js b/deps/npm/test/lib/utils/sbom-cyclonedx.js
index a40831c9fa05a9..fc30130f1fae72 100644
--- a/deps/npm/test/lib/utils/sbom-cyclonedx.js
+++ b/deps/npm/test/lib/utils/sbom-cyclonedx.js
@@ -181,6 +181,53 @@ t.test('single node - with single license', t => {
   t.end()
 })
 
+t.test('single node - with legacy licenses array (single)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: [
+      {
+        type: 'MIT',
+        url: 'http://opensource.org/licenses/mit-license.php',
+      },
+    ],
+  }
+  const node = { ...root, package: pkg }
+  const res = cyclonedxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
+t.test('single node - with legacy licenses array (multiple)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: [
+      {
+        type: 'MIT',
+        url: 'http://opensource.org/licenses/mit-license.php',
+      },
+      {
+        type: 'Apache-2.0',
+        url: 'http://opensource.org/licenses/apache2.0.php',
+      },
+    ],
+  }
+  const node = { ...root, package: pkg }
+  const res = cyclonedxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
+t.test('single node - with legacy licenses array (string entries)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: ['MIT'],
+  }
+  const node = { ...root, package: pkg }
+  const res = cyclonedxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
 t.test('single node - with license expression', t => {
   const pkg = { ...rootPkg, license: '(MIT OR Apache-2.0)' }
   const node = { ...root, package: pkg }
diff --git a/deps/npm/test/lib/utils/sbom-spdx.js b/deps/npm/test/lib/utils/sbom-spdx.js
index 68b102854315ec..cdeb68218ee332 100644
--- a/deps/npm/test/lib/utils/sbom-spdx.js
+++ b/deps/npm/test/lib/utils/sbom-spdx.js
@@ -131,6 +131,53 @@ t.test('single node - with license object', t => {
   t.end()
 })
 
+t.test('single node - with legacy licenses array (single)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: [
+      {
+        type: 'MIT',
+        url: 'http://opensource.org/licenses/mit-license.php',
+      },
+    ],
+  }
+  const node = { ...root, package: pkg }
+  const res = spdxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
+t.test('single node - with legacy licenses array (multiple)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: [
+      {
+        type: 'MIT',
+        url: 'http://opensource.org/licenses/mit-license.php',
+      },
+      {
+        type: 'Apache-2.0',
+        url: 'http://opensource.org/licenses/apache2.0.php',
+      },
+    ],
+  }
+  const node = { ...root, package: pkg }
+  const res = spdxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
+t.test('single node - with legacy licenses array (string entries)', t => {
+  const pkg = {
+    ...rootPkg,
+    licenses: ['MIT'],
+  }
+  const node = { ...root, package: pkg }
+  const res = spdxOutput({ npm, nodes: [node] })
+  t.matchSnapshot(JSON.stringify(res))
+  t.end()
+})
+
 t.test('single node - with license expression', t => {
   const pkg = { ...rootPkg, license: '(MIT OR Apache-2.0)' }
   const node = { ...root, package: pkg }