npm
diff --git a/.commitlintrc.js b/.commitlintrc.js
@@ -1,10 +1,9 @@
-// This file is automatically added by @npmcli/template-oss. Do not edit.
+/* This file is automatically added by @npmcli/template-oss. Do not edit. */
 
 module.exports = {
   extends: ['@commitlint/config-conventional'],
-  // If you change rules be sure to also update release-please.yml
   rules: {
-    'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'chore', 'deps']],
+    'type-enum': [2, 'always', ['feat', 'fix', 'docs', 'deps', 'chore']],
     'header-max-length': [2, 'always', 80],
     'subject-case': [0, 'always', ['lower-case', 'sentence-case', 'start-case']],
   },

diff --git a/.eslintrc.js b/.eslintrc.js
@@ -1,4 +1,6 @@
-// This file is automatically added by @npmcli/template-oss. Do not edit.
+/* This file is automatically added by @npmcli/template-oss. Do not edit. */
+
+'use strict'
 
 const { readdirSync: readdir } = require('fs')
 
@@ -7,6 +9,7 @@ const localConfigs = readdir(__dirname)
   .map((file) => `./${file}`)
 
 module.exports = {
+  root: true,
   extends: [
     '@npmcli',
     ...localConfigs,

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1,3 @@
-*	@npm/cli-team
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+* @npm/cli-team
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
@@ -3,52 +3,52 @@
 name: Bug
 description: File a bug/issue
 title: "[BUG] <title>"
-labels: [Bug, Needs Triage]
+labels: [ Bug, Needs Triage ]
+
 body:
-- type: checkboxes
-  attributes:
-    label: Is there an existing issue for this?
-    description: Please [search here](./issues) to see if an issue already exists for your problem.
-    options:
-    - label: I have searched the existing issues
-      required: true
-- type: textarea
-  attributes:
-    label: Current Behavior
-    description: A clear & concise description of what you're experiencing.
-  validations:
-    required: false
-- type: textarea
-  attributes:
-    label: Expected Behavior
-    description: A clear & concise description of what you expected to happen.
-  validations:
-    required: false
-- type: textarea
-  attributes:
-    label: Steps To Reproduce
-    description: Steps to reproduce the behavior.
-    value: |
-      1. In this environment...
-      2. With this config...
-      3. Run '...'
-      4. See error...
-  validations:
-    required: false
-- type: textarea
-  attributes:
-    label: Environment
-    description: |
-      examples:
-        - **npm**: 7.6.3
-        - **Node**: 13.14.0
-        - **OS**: Ubuntu 20.04
-        - **platform**: Macbook Pro
-    value: |
+  - type: checkboxes
+    attributes:
+      label: Is there an existing issue for this?
+      description: Please [search here](./issues) to see if an issue already exists for your problem.
+      options:
+        - label: I have searched the existing issues
+          required: true
+  - type: textarea
+    attributes:
+      label: Current Behavior
+      description: A clear & concise description of what you're experiencing.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Expected Behavior
+      description: A clear & concise description of what you expected to happen.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps To Reproduce
+      description: Steps to reproduce the behavior.
+      value: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Environment
+      description: |
+        examples:
+          - **npm**: 7.6.3
+          - **Node**: 13.14.0
+          - **OS**: Ubuntu 20.04
+          - **platform**: Macbook Pro
+      value: |
         - npm:
         - Node:
         - OS:
         - platform:
-  validations:
-    required: false
-
+    validations:
+      required: false
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,16 +1,18 @@
 # This file is automatically added by @npmcli/template-oss. Do not edit.
 
 version: 2
+
 updates:
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: daily
-  allow:
-    - dependency-type: direct
-  versioning-strategy: increase
-  commit-message:
-    prefix: deps
-    prefix-development: chore
-  labels:
-    - "Dependencies"
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    target-branch: "main"
+    allow:
+      - dependency-type: direct
+    versioning-strategy: increase-if-necessary
+    commit-message:
+      prefix: deps
+      prefix-development: chore
+    labels:
+      - "Dependencies"
diff --git a/.github/matchers/tap.json b/.github/matchers/tap.json
@@ -0,0 +1,32 @@
+{
+  "//@npmcli/template-oss": "This file is automatically added by @npmcli/template-oss. Do not edit.",
+  "problemMatcher": [
+    {
+      "owner": "tap",
+      "pattern": [
+        {
+          "regexp": "^\\s*not ok \\d+ - (.*)",
+          "message": 1
+        },
+        {
+          "regexp": "^\\s*---"
+        },
+        {
+          "regexp": "^\\s*at:"
+        },
+        {
+          "regexp": "^\\s*line:\\s*(\\d+)",
+          "line": 1
+        },
+        {
+          "regexp": "^\\s*column:\\s*(\\d+)",
+          "column": 1
+        },
+        {
+          "regexp": "^\\s*file:\\s*(.*)",
+          "file": 1
+        }
+      ]
+    }
+  ]
+}
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -1,2 +1,27 @@
----
-_extends: '.github:npm-cli/settings.yml'
+# This file is automatically added by @npmcli/template-oss. Do not edit.
+
+repository:
+  allow_merge_commit: false
+  allow_rebase_merge: true
+  allow_squash_merge: true
+  squash_merge_commit_title: PR_TITLE
+  squash_merge_commit_message: PR_BODY
+  delete_branch_on_merge: true
+  enable_automated_security_fixes: true
+  enable_vulnerability_alerts: true
+
+branches:
+  - name: main
+    protection:
+      required_status_checks: null
+      enforce_admins: true
+      block_creations: true
+      required_pull_request_reviews:
+        required_approving_review_count: 1
+        require_code_owner_reviews: true
+        require_last_push_approval: true
+        dismiss_stale_reviews: true
+      restrictions:
+        apps: []
+        users: []
+        teams: [ "cli-team" ]
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -3,21 +3,81 @@
 name: Audit
 
 on:
-  schedule:
-    # "At 01:00 on Monday" https://crontab.guru/#0_1_*_*_1
-    - cron: "0 1 * * 1"
   workflow_dispatch:
+  schedule:
+    # "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1
+    - cron: "0 8 * * 1"
 
 jobs:
   audit:
-    name: npm audit
+    name: Audit Dependencies
+    if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Git User
+        run: |
+          git config --global user.email "npm-cli+bot@github.com"
+          git config --global user.name "npm CLI robot"
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        id: node
         with:
-          node-version: '16'
-      - name: Install deps
-        run: npm i --package-lock
-      - name: Audit
-        run: npm audit
+          node-version: 20.x
+          check-latest: contains('20.x', '.x')
+
+      # node 10/12/14 ship with npm@6, which is known to fail when updating itself in windows
+      - name: Update Windows npm
+        if: |
+          matrix.platform.os == 'windows-latest' && (
+            startsWith(steps.node.outputs.node-version, 'v10.') || startsWith(steps.node.outputs.node-version, 'v12.') || startsWith(steps.node.outputs.node-version, 'v14.')
+          )
+        run: |
+          curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
+          tar xf npm-7.5.4.tgz
+          cd package
+          node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz
+          cd ..
+          rmdir /s /q package
+
+      # Start on Node 10 because we dont test on anything lower
+      - name: Install npm@7 on Node 10
+        shell: bash
+        if: startsWith(steps.node.outputs.node-version, 'v10.')
+        id: npm-7
+        run: |
+          npm i --prefer-online --no-fund --no-audit -g npm@7
+          echo "updated=true" >> "$GITHUB_OUTPUT"
+
+      - name: Install npm@8 on Node 12
+        shell: bash
+        if: startsWith(steps.node.outputs.node-version, 'v12.')
+        id: npm-8
+        run: |
+          npm i --prefer-online --no-fund --no-audit -g npm@8
+          echo "updated=true" >> "$GITHUB_OUTPUT"
+
+      - name: Install npm@9 on Node 14/16/18.0
+        shell: bash
+        if: startsWith(steps.node.outputs.node-version, 'v14.') || startsWith(steps.node.outputs.node-version, 'v16.') || startsWith(steps.node.outputs.node-version, 'v18.0.')
+        id: npm-9
+        run: |
+          npm i --prefer-online --no-fund --no-audit -g npm@9
+          echo "updated=true" >> "$GITHUB_OUTPUT"
+
+      - name: Install npm@latest on Node
+        if: ${{ !(steps.npm-7.outputs.updated || steps.npm-8.outputs.updated || steps.npm-9.outputs.updated) }}
+        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
+
+      - name: npm Version
+        run: npm -v
+      - name: Install Dependencies
+        run: npm i --ignore-scripts --no-audit --no-fund --package-lock
+      - name: Run Production Audit
+        run: npm audit --omit=dev
+      - name: Run Full Audit
+        run: npm audit --audit-level=none