deps: upgrade npm to 9.3.1

PR-URL: https://github.com/nodejs/node/pull/46242
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

deps/npm/docs/content/commands/npm-ls.md

@@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages.  For
 example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@9.3.0 /path/to/npm
+npm@9.3.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 ```

deps/npm/docs/content/commands/npm.md

@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-9.3.0
+9.3.1
 
 ### Description
 

deps/npm/docs/output/commands/npm-ls.html

@@ -160,7 +160,7 @@ tree at all, use <a href="../commands/npm-explain.html"><code>npm explain</code>
 the results to only the paths to the packages named.  Note that nested
 packages will <em>also</em> show the paths to the specified packages.  For
 example, running <code>npm ls promzard</code> in npm's source tree will show:</p>
-<pre><code class="language-bash">npm@9.3.0 /path/to/npm
+<pre><code class="language-bash">npm@9.3.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 </code></pre>

deps/npm/docs/output/commands/npm.html

@@ -150,7 +150,7 @@ npm command-line interface
 </code></pre>
 <p>Note: This command is unaware of workspaces.</p>
 <h3 id="version">Version</h3>
-<p>9.3.0</p>
+<p>9.3.1</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency

deps/npm/lib/commands/ci.js

@@ -67,7 +67,7 @@ class CI extends ArboristWorkspaceCmd {
       const path = `${where}/node_modules`
       // get the list of entries so we can skip the glob for performance
       const entries = await fs.readdir(path, null).catch(er => [])
-      return Promise.all(entries.map(f => fs.rm(`${path}/${f}`, { force: true })))
+      return Promise.all(entries.map(f => fs.rm(`${path}/${f}`, { force: true, recursive: true })))
     })
 
     await arb.reify(opts)

deps/npm/lib/commands/deprecate.js

@@ -52,19 +52,21 @@ class Deprecate extends BaseCommand {
       query: { write: true },
     })
 
-    Object.keys(packument.versions)
+    const versions = Object.keys(packument.versions)
       .filter(v => semver.satisfies(v, spec, { includePrerelease: true }))
-      .forEach(v => {
-        packument.versions[v].deprecated = msg
-      })
 
-    return otplease(this.npm, this.npm.flatOptions, opts => fetch(uri, {
-      ...opts,
-      spec: p,
-      method: 'PUT',
-      body: packument,
-      ignoreBody: true,
-    }))
+    if (versions.length) {
+      for (const v of versions) {
+        packument.versions[v].deprecated = msg
+      }
+      return otplease(this.npm, this.npm.flatOptions, opts => fetch(uri, {
+        ...opts,
+        spec: p,
+        method: 'PUT',
+        body: packument,
+        ignoreBody: true,
+      }))
+    }
   }
 }
 

deps/npm/man/man1/npm-ls.1

@@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit
 .P
 .RS 2
 .nf
-npm@9.3.0 /path/to/npm
+npm@9.3.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 .fi

deps/npm/man/man1/npm.1

@@ -12,7 +12,7 @@ npm
 Note: This command is unaware of workspaces.
 .SS "Version"
 .P
-9.3.0
+9.3.1
 .SS "Description"
 .P
 npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently.

deps/npm/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "9.3.0",
+  "version": "9.3.1",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [

deps/npm/test/lib/commands/ci.js

@@ -79,6 +79,30 @@ t.test('reifies, audits, removes node_modules', async t => {
   t.equal(fs.existsSync(nmAbbrev), true, 'installs abbrev')
 })
 
+t.test('reifies, audits, removes node_modules on repeat run', async t => {
+  const { npm, joinedOutput, registry } = await loadMockNpm(t, {
+    prefixDir: {
+      abbrev: abbrev,
+      'package.json': JSON.stringify(packageJson),
+      'package-lock.json': JSON.stringify(packageLock),
+      node_modules: { test: 'test file that will be removed' },
+    },
+  })
+  const manifest = registry.manifest({ name: 'abbrev' })
+  await registry.tarball({
+    manifest: manifest.versions['1.0.0'],
+    tarball: path.join(npm.prefix, 'abbrev'),
+  })
+  registry.nock.post('/-/npm/v1/security/advisories/bulk').reply(200, {})
+  await npm.exec('ci', [])
+  await npm.exec('ci', [])
+  t.match(joinedOutput(), 'added 1 package, and audited 2 packages in')
+  const nmTest = path.join(npm.prefix, 'node_modules', 'test')
+  t.equal(fs.existsSync(nmTest), false, 'existing node_modules is removed')
+  const nmAbbrev = path.join(npm.prefix, 'node_modules', 'abbrev')
+  t.equal(fs.existsSync(nmAbbrev), true, 'installs abbrev')
+})
+
 t.test('--no-audit and --ignore-scripts', async t => {
   const { npm, joinedOutput, registry } = await loadMockNpm(t, {
     config: {

deps/npm/test/lib/commands/deprecate.js

@@ -153,3 +153,19 @@ t.test('deprecates all versions when no range is specified', async t => {
   await npm.exec('deprecate', ['foo', message])
   t.match(joinedOutput(), '')
 })
+
+t.test('does nothing if version does not actually exist', async t => {
+  const { npm, joinedOutput } = await loadMockNpm(t, { config: { ...auth } })
+  const registry = new MockRegistry({
+    tap: t,
+    registry: npm.config.get('registry'),
+    authorization: token,
+  })
+  const manifest = registry.manifest({
+    name: 'foo',
+    versions,
+  })
+  await registry.package({ manifest, query: { write: true } })
+  await npm.exec('deprecate', ['foo@1.0.99', 'this should be ignored'])
+  t.match(joinedOutput(), '')
+})