From 09a2ae930c87222d1f4e95e9b732f3bb68a7a6c8 Mon Sep 17 00:00:00 2001
From: Ruy Adorno <ruyadorno@hotmail.com>
Date: Fri, 20 Nov 2020 15:29:49 -0500
Subject: [PATCH] deps: upgrade npm to 7.0.13

---
 deps/npm/AUTHORS                              |   1 +
 deps/npm/CHANGELOG.md                         |  32 ++++
 deps/npm/docs/content/commands/npm-explain.md |   2 +-
 .../npm/docs/output/commands/npm-explain.html |   2 +-
 deps/npm/docs/output/commands/npm-ls.html     |   2 +-
 deps/npm/docs/output/commands/npm.html        |   2 +-
 deps/npm/lib/init.js                          |   1 -
 deps/npm/lib/star.js                          | 120 ++++++-------
 deps/npm/lib/unstar.js                        |   9 +
 deps/npm/lib/utils/cmd-list.js                |   2 +-
 deps/npm/lib/version.js                       |   4 +-
 deps/npm/man/man1/npm-explain.1               |   2 +-
 deps/npm/man/man1/npm-ls.1                    |   2 +-
 deps/npm/man/man1/npm.1                       |   2 +-
 .../arborist/lib/arborist/load-actual.js      |   4 +-
 .../@npmcli/arborist/lib/dep-valid.js         |   2 +-
 .../node_modules/@npmcli/arborist/lib/node.js |   4 +-
 .../@npmcli/arborist/lib/yarn-lock.js         |   2 +-
 .../@npmcli/arborist/package.json             |   6 +-
 deps/npm/package.json                         |  10 +-
 .../test-lib-utils-cmd-list.js-TAP.test.js    |   3 +-
 deps/npm/test/lib/init.js                     |  33 +++-
 deps/npm/test/lib/star.js                     | 144 ++++++++++++++++
 deps/npm/test/lib/unstar.js                   |  28 +++
 deps/npm/test/lib/version.js                  | 160 ++++++++++++++++++
 25 files changed, 489 insertions(+), 90 deletions(-)
 create mode 100644 deps/npm/lib/unstar.js
 create mode 100644 deps/npm/test/lib/star.js
 create mode 100644 deps/npm/test/lib/unstar.js
 create mode 100644 deps/npm/test/lib/version.js

diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS
index 2405a171bc0c30..6dfd49d38bef4e 100644
--- a/deps/npm/AUTHORS
+++ b/deps/npm/AUTHORS
@@ -734,3 +734,4 @@ Jason Attwood <jason_attwood@hotmail.co.uk>
 Vlad GURDIGA <gurdiga@gmail.com>
 Sébastien Puech <s.puech@tricentis.com>
 Jannis Hell <Primajin@users.noreply.github.com>
+Hollow Man <hollowman@hollowman.ml>
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
index 9c40ec41678d75..99f0d02370483e 100644
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
@@ -1,3 +1,35 @@
+## 7.0.13 (2020-11-20)
+
+### BUG FIXES
+* [`5fc56b6db`](https://github.com/npm/cli/commit/5fc56b6dbcc7d7d1463a761abb67d2fc16ad3657)
+  [npm/statusboard#174](https://github.com/npm/statusboard/issues/174)
+  [#2204](https://github.com/npm/cli/issues/2204)
+  fix npm unstar command
+  ([@ruyadorno](https://github.com/ruyadorno))
+* [`7842b4d4d`](https://github.com/npm/cli/commit/7842b4d4dca1e076b0d26d554f9dce67484cd7be)
+  [npm/statusboard#182](https://github.com/npm/statusboard/issues/182)
+  [#2205](https://github.com/npm/cli/issues/2205)
+  fix npm version usage output
+  ([@ruyadorno](https://github.com/ruyadorno))
+* [`a0adbf9f8`](https://github.com/npm/cli/commit/a0adbf9f8f77531fcf81ae31bbc7102698765ee3)
+  [#2206](https://github.com/npm/cli/issues/2206)
+  [#2213](https://github.com/npm/cli/issues/2213)
+  fix: fix flatOptions usage in npm init
+  ([@ruyadorno](https://github.com/ruyadorno))
+
+### DEPENDENCIES
+
+* [`3daaf000a`](https://github.com/npm/cli/commit/3daaf000aee0ba81af855977d7011850e79099e6)
+  `@npmcli/arborist@1.0.12`
+    - fixes some windows specific bugs in how paths are handled and compared
+
+### DOCUMENTATION
+
+* [`084a7b6ad`](https://github.com/npm/cli/commit/084a7b6ad6eaf9f2d92eb05da93e745f5357cce2)
+  [#2210](https://github.com/npm/cli/issues/2210)
+  docs: Fix typo
+  ([@HollowMan6](https://github.com/HollowMan6))
+
 ## 7.0.12 (2020-11-17)
 
 ### BUG FIXES
diff --git a/deps/npm/docs/content/commands/npm-explain.md b/deps/npm/docs/content/commands/npm-explain.md
index a68bd7d1c252f9..fe7485d61acd8b 100644
--- a/deps/npm/docs/content/commands/npm-explain.md
+++ b/deps/npm/docs/content/commands/npm-explain.md
@@ -56,7 +56,7 @@ node_modules/nyc/node_modules/find-up
 #### json
 
 * Default: false
-* Type: Bolean
+* Type: Boolean
 
 Show information in JSON format.
 
diff --git a/deps/npm/docs/output/commands/npm-explain.html b/deps/npm/docs/output/commands/npm-explain.html
index 009332da9f2540..53007485746405 100644
--- a/deps/npm/docs/output/commands/npm-explain.html
+++ b/deps/npm/docs/output/commands/npm-explain.html
@@ -183,7 +183,7 @@ <h3 id="configuration">Configuration</h3>
 <h4 id="json">json</h4>
 <ul>
 <li>Default: false</li>
-<li>Type: Bolean</li>
+<li>Type: Boolean</li>
 </ul>
 <p>Show information in JSON format.</p>
 <h3 id="see-also">See Also</h3>
diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html
index fa7ec7e0b0fd9e..e6e0a8ab71dbb7 100644
--- a/deps/npm/docs/output/commands/npm-ls.html
+++ b/deps/npm/docs/output/commands/npm-ls.html
@@ -156,7 +156,7 @@ <h3 id="description">Description</h3>
 limit the results to only the paths to the packages named.  Note that
 nested packages will <em>also</em> show the paths to the specified packages.
 For example, running <code>npm ls promzard</code> in npm’s source tree will show:</p>
-<pre lang="bash"><code>    npm@7.0.12 /path/to/npm
+<pre lang="bash"><code>    npm@7.0.13 /path/to/npm
     └─┬ init-package-json@0.0.4
       └── promzard@0.1.5
 </code></pre>
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 42f76ca7c4574a..53c09067ef2010 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -148,7 +148,7 @@ <h2 id="table-of-contents">Table of contents</h2>
 <pre lang="bash"><code>npm &lt;command&gt; [args]
 </code></pre>
 <h3 id="version">Version</h3>
-<p>7.0.12</p>
+<p>7.0.13</p>
 <h3 id="description">Description</h3>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
diff --git a/deps/npm/lib/init.js b/deps/npm/lib/init.js
index ed476ef38cb284..ac49f54a7954d4 100644
--- a/deps/npm/lib/init.js
+++ b/deps/npm/lib/init.js
@@ -43,7 +43,6 @@ const init = async args => {
       }
     }
     npm.config.set('package', [])
-    npm.flatOptions = { ...npm.flatOptions, package: [] }
     return new Promise((res, rej) => {
       npm.commands.exec([packageName, ...args.slice(1)], er => er ? rej(er) : res())
     })
diff --git a/deps/npm/lib/star.js b/deps/npm/lib/star.js
index 15beef37352c28..85d14d0e427cda 100644
--- a/deps/npm/lib/star.js
+++ b/deps/npm/lib/star.js
@@ -3,73 +3,75 @@
 const fetch = require('npm-registry-fetch')
 const log = require('npmlog')
 const npa = require('npm-package-arg')
+
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
-const usage = require('./utils/usage.js')
-const getItentity = require('./utils/get-identity')
+const usageUtil = require('./utils/usage.js')
+const getIdentity = require('./utils/get-identity')
+const completion = require('./utils/completion/none.js')
 
-star.usage = usage(
+const usage = usageUtil(
   'star',
   'npm star [<pkg>...]\n' +
   'npm unstar [<pkg>...]'
 )
 
-star.completion = function (opts, cb) {
-  // FIXME: there used to be registry completion here, but it stopped making
-  // sense somewhere around 50,000 packages on the registry
-  cb()
-}
+const cmd = (args, cb) => star(args).then(() => cb()).catch(cb)
+
+const star = async args => {
+  if (!args.length)
+    throw new Error(usage)
+
+  // if we're unstarring, then show an empty star image
+  // otherwise, show the full star image
+  const { unicode } = npm.flatOptions
+  const unstar = npm.config.get('star.unstar')
+  const full = unicode ? '\u2605 ' : '(*)'
+  const empty = unicode ? '\u2606 ' : '( )'
+  const show = unstar ? empty : full
+
+  const pkgs = args.map(npa)
+  for (const pkg of pkgs) {
+    const [username, fullData] = await Promise.all([
+      getIdentity(npm.flatOptions),
+      fetch.json(pkg.escapedName, {
+        ...npm.flatOptions,
+        spec: pkg,
+        query: { write: true },
+        preferOnline: true,
+      }),
+    ])
 
-module.exports = star
-function star (args, cb) {
-  const opts = npm.flatOptions
-  return Promise.resolve().then(() => {
-    if (!args.length)
-      throw new Error(star.usage)
-    // if we're unstarring, then show an empty star image
-    // otherwise, show the full star image
-    const unstar = /^un/.test(npm.command)
-    const full = opts.unicode ? '\u2605 ' : '(*)'
-    const empty = opts.unicode ? '\u2606 ' : '( )'
-    const show = unstar ? empty : full
-    return Promise.all(args.map(npa).map(pkg => {
-      return Promise.all([
-        getItentity(opts),
-        fetch.json(pkg.escapedName, {
-          ...opts,
-          spec: pkg,
-          query: { write: true },
-          preferOnline: true,
-        }),
-      ]).then(([username, fullData]) => {
-        if (!username)
-          throw new Error('You need to be logged in!')
-        const body = {
-          _id: fullData._id,
-          _rev: fullData._rev,
-          users: fullData.users || {},
-        }
+    if (!username)
+      throw new Error('You need to be logged in!')
 
-        if (!unstar) {
-          log.info('star', 'starring', body._id)
-          body.users[username] = true
-          log.verbose('star', 'starring', body)
-        } else {
-          delete body.users[username]
-          log.info('star', 'unstarring', body._id)
-          log.verbose('star', 'unstarring', body)
-        }
-        return fetch.json(pkg.escapedName, {
-          ...opts,
-          spec: pkg,
-          method: 'PUT',
-          body,
-        })
-      }).then(data => {
-        output(show + ' ' + pkg.name)
-        log.verbose('star', data)
-        return data
-      })
-    }))
-  }).then(() => cb(), cb)
+    const body = {
+      _id: fullData._id,
+      _rev: fullData._rev,
+      users: fullData.users || {},
+    }
+
+    if (!unstar) {
+      log.info('star', 'starring', body._id)
+      body.users[username] = true
+      log.verbose('star', 'starring', body)
+    } else {
+      delete body.users[username]
+      log.info('unstar', 'unstarring', body._id)
+      log.verbose('unstar', 'unstarring', body)
+    }
+
+    const data = await fetch.json(pkg.escapedName, {
+      ...npm.flatOptions,
+      spec: pkg,
+      method: 'PUT',
+      body,
+    })
+
+    output(show + ' ' + pkg.name)
+    log.verbose('star', data)
+    return data
+  }
 }
+
+module.exports = Object.assign(cmd, { completion, usage })
diff --git a/deps/npm/lib/unstar.js b/deps/npm/lib/unstar.js
new file mode 100644
index 00000000000000..5dea5bcab0e9cb
--- /dev/null
+++ b/deps/npm/lib/unstar.js
@@ -0,0 +1,9 @@
+const { usage, completion } = require('./star.js')
+const npm = require('./npm.js')
+
+const unstar = (args, cb) => {
+  npm.config.set('star.unstar', true)
+  return npm.commands.star(args, cb)
+}
+
+module.exports = Object.assign(unstar, { usage, completion })
diff --git a/deps/npm/lib/utils/cmd-list.js b/deps/npm/lib/utils/cmd-list.js
index 5c188a8e92ad51..8d8c898d94ae36 100644
--- a/deps/npm/lib/utils/cmd-list.js
+++ b/deps/npm/lib/utils/cmd-list.js
@@ -12,7 +12,6 @@ const shorthands = {
   c: 'config',
   s: 'search',
   se: 'search',
-  unstar: 'star', // same function
   tst: 'test',
   t: 'test',
   ddp: 'dedupe',
@@ -88,6 +87,7 @@ const cmdList = [
   'publish',
   'star',
   'stars',
+  'unstar',
   'adduser',
   'login', // This is an alias for `adduser` but it can be confusing
   'logout',
diff --git a/deps/npm/lib/version.js b/deps/npm/lib/version.js
index 98068490d85b1a..abdd8d552b20ca 100644
--- a/deps/npm/lib/version.js
+++ b/deps/npm/lib/version.js
@@ -1,3 +1,5 @@
+'use strict'
+
 const libversion = require('libnpmversion')
 const npm = require('./npm.js')
 const output = require('./utils/output.js')
@@ -42,7 +44,7 @@ const version = async args => {
         path: npm.prefix,
       }))
     default:
-      throw version.usage
+      throw usage
   }
 }
 
diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1
index dfbe283f2bccbf..1c30b568c56173 100644
--- a/deps/npm/man/man1/npm-explain.1
+++ b/deps/npm/man/man1/npm-explain.1
@@ -58,7 +58,7 @@ node_modules/nyc/node_modules/find\-up
 .IP \(bu 2
 Default: false
 .IP \(bu 2
-Type: Bolean
+Type: Boolean
 
 .RE
 .P
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 87d6c7ae99da4f..7ee8f40a8ce149 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -22,7 +22,7 @@ For example, running \fBnpm ls promzard\fP in npm's source tree will show:
 .P
 .RS 2
 .nf
-    npm@7\.0\.12 /path/to/npm
+    npm@7\.0\.13 /path/to/npm
     └─┬ init\-package\-json@0\.0\.4
       └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 1464bc383b4116..22f4cbef0fa5e8 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm <command> [args]
 .RE
 .SS Version
 .P
-7\.0\.12
+7\.0\.13
 .SS Description
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
index 219b6378f13baa..22ce9cc8fc1b4e 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
@@ -1,6 +1,6 @@
 // mix-in implementing the loadActual method
 
-const {relative, dirname, resolve, join} = require('path')
+const {relative, dirname, resolve, join, normalize} = require('path')
 
 const rpj = require('read-package-json-fast')
 const {promisify} = require('util')
@@ -209,7 +209,7 @@ module.exports = cls => class ActualLoader extends cls {
       // soldier on if read-package-json raises an error
       .then(pkg => [pkg, null], error => [null, error])
       .then(([pkg, error]) => {
-        return this[path === real ? _newNode : _newLink]({
+        return this[normalize(path) === real ? _newNode : _newLink]({
           legacyPeerDeps: this.legacyPeerDeps,
           path,
           realpath: real,
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/dep-valid.js b/deps/npm/node_modules/@npmcli/arborist/lib/dep-valid.js
index 0e92ed4f058850..78661fea12b096 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/dep-valid.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/dep-valid.js
@@ -112,7 +112,7 @@ const tarballValid = (child, requested, requestor) => {
     return false
 
   if (child.resolved)
-    return child.resolved === `file:${requested.fetchSpec}`
+    return child.resolved.replace(/\\/g, '/') === `file:${requested.fetchSpec.replace(/\\/g, '/')}`
 
   // if we have a legacy mutated package.json file.  we can't be 100%
   // sure that it resolved to the same file, but if it was the same
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/node.js b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
index e4ba3ac42bfc5f..7381211ae37e8e 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/node.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/node.js
@@ -113,8 +113,8 @@ class Node {
       throw new TypeError('could not detect node name from path or package')
 
     // should be equal if not a link
-    this.path = path
-    this.realpath = !this.isLink ? this.path : realpath
+    this.path = path && resolve(path)
+    this.realpath = !this.isLink ? this.path : resolve(realpath)
 
     this.resolved = resolved || null
     if (!this.resolved) {
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/yarn-lock.js b/deps/npm/node_modules/@npmcli/arborist/lib/yarn-lock.js
index 17dbc235cda566..14c7691f1bd42c 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/yarn-lock.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/yarn-lock.js
@@ -79,7 +79,7 @@ class YarnLock {
     const METADATA = /^ {2}[^\s]+ .+$/
     this.entries = new Map()
     this.current = null
-    const linere = /([^\n]*)\n/gm
+    const linere = /([^\r\n]*)\r?\n/gm
     let match
     let lineNum = 0
     if (!/\n$/.test(data))
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index 6dca9abe50110b..e6e93fb67cec9a 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "1.0.11",
+  "version": "1.0.12",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.5",
@@ -9,7 +9,7 @@
     "@npmcli/move-file": "^1.0.1",
     "@npmcli/name-from-folder": "^1.0.1",
     "@npmcli/node-gyp": "^1.0.0",
-    "@npmcli/run-script": "^1.7.2",
+    "@npmcli/run-script": "^1.8.0",
     "bin-links": "^2.2.1",
     "cacache": "^15.0.3",
     "common-ancestor-path": "^1.0.1",
@@ -38,7 +38,7 @@
     "minify-registry-metadata": "^2.1.0",
     "mutate-fs": "^2.1.1",
     "require-inject": "^1.4.4",
-    "tap": "^14.10.7",
+    "tap": "^14.11.0",
     "tcompare": "^3.0.4"
   },
   "scripts": {
diff --git a/deps/npm/package.json b/deps/npm/package.json
index aa6e5a7d34bfd9..9b3c5c0beba9a1 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "7.0.12",
+  "version": "7.0.13",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "keywords": [
@@ -42,7 +42,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@npmcli/arborist": "^1.0.11",
+    "@npmcli/arborist": "^1.0.12",
     "@npmcli/ci-detect": "^1.2.0",
     "@npmcli/config": "^1.2.1",
     "@npmcli/run-script": "^1.8.0",
@@ -204,12 +204,10 @@
     "sudotest:nocleanup": "sudo NO_TEST_CLEANUP=1 npm run test --",
     "posttest": "npm run lint",
     "eslint": "eslint",
-    "lint": "npm run eslint -- \"lib/**/*.js\"",
-    "linttest": "npm run eslint -- test/lib test/bin --fix",
+    "lint": "npm run eslint -- test/lib test/bin \"lib/**/*.js\"",
     "lintfix": "npm run lint -- --fix",
     "prelint": "rimraf test/npm_cache*",
-    "resetdeps": "bash scripts/resetdeps.sh",
-    "prepublishOnly": "npm run lint && npm run linttest"
+    "resetdeps": "bash scripts/resetdeps.sh"
   },
   "//": [
     "XXX temporarily only run unit tests while v7 beta is in progress",
diff --git a/deps/npm/tap-snapshots/test-lib-utils-cmd-list.js-TAP.test.js b/deps/npm/tap-snapshots/test-lib-utils-cmd-list.js-TAP.test.js
index c77da6b18317dc..36066b57639d47 100644
--- a/deps/npm/tap-snapshots/test-lib-utils-cmd-list.js-TAP.test.js
+++ b/deps/npm/tap-snapshots/test-lib-utils-cmd-list.js-TAP.test.js
@@ -94,7 +94,6 @@ Object {
     "udpate": "update",
     "un": "uninstall",
     "unlink": "uninstall",
-    "unstar": "star",
     "up": "update",
     "upgrade": "update",
     "urn": "run-script",
@@ -125,6 +124,7 @@ Object {
     "publish",
     "star",
     "stars",
+    "unstar",
     "adduser",
     "login",
     "logout",
@@ -189,7 +189,6 @@ Object {
     "t": "test",
     "tst": "test",
     "un": "uninstall",
-    "unstar": "star",
     "up": "update",
     "v": "view",
     "why": "explain",
diff --git a/deps/npm/test/lib/init.js b/deps/npm/test/lib/init.js
index cb15eac8fc2eb8..e73cc4b30988cc 100644
--- a/deps/npm/test/lib/init.js
+++ b/deps/npm/test/lib/init.js
@@ -29,7 +29,7 @@ t.afterEach(cb => {
   result = ''
   npm.config = { get: () => '', set () {} }
   npm.commands = {}
-  npm.flatOptions = {}
+  Object.defineProperty(npm, 'flatOptions', { value: {} })
   npm.log = npmLog
   cb()
 })
@@ -52,9 +52,7 @@ t.test('classic npm init -y', t => {
   npm.config = {
     get: () => '~/.npm-init.js',
   }
-  npm.flatOptions = {
-    yes: true,
-  }
+  Object.defineProperty(npm, 'flatOptions', { value: { yes: true} })
   npm.log = { ...npm.log }
   npm.log.silly = (title, msg) => {
     t.equal(title, 'package data', 'should print title')
@@ -179,6 +177,33 @@ t.test('npm init exec error', t => {
   })
 })
 
+t.test('should not rewrite flatOptions', t => {
+  t.plan(4)
+  Object.defineProperty(npm, 'flatOptions', {
+    get: () => ({}),
+    set () {
+      throw new Error('Should not set flatOptions')
+    },
+  })
+  npm.config = {
+    set (key, val) {
+      t.equal(key, 'package', 'should set package key')
+      t.deepEqual(val, [], 'should set empty array value')
+    },
+  }
+  npm.commands.exec = (arr, cb) => {
+    t.deepEqual(
+      arr,
+      ['create-react-app', 'my-app'],
+      'should npx with extra args'
+    )
+    cb()
+  }
+  init(['react-app', 'my-app'], err => {
+    t.ifError(err, 'npm init react-app')
+  })
+})
+
 t.test('npm init cancel', t => {
   t.plan(3)
   const init = requireInject('../../lib/init.js', {
diff --git a/deps/npm/test/lib/star.js b/deps/npm/test/lib/star.js
new file mode 100644
index 00000000000000..ea5e07b94f9a8c
--- /dev/null
+++ b/deps/npm/test/lib/star.js
@@ -0,0 +1,144 @@
+const requireInject = require('require-inject')
+const t = require('tap')
+
+let result = ''
+
+const noop = () => null
+const npm = { config: { get () {} }, flatOptions: { unicode: false } }
+const npmFetch = { json: noop }
+const npmlog = { error: noop, info: noop, verbose: noop }
+const mocks = {
+  npmlog,
+  'npm-registry-fetch': npmFetch,
+  '../../lib/npm.js': npm,
+  '../../lib/utils/output.js': (...msg) => {
+    result += msg.join('\n')
+  },
+  '../../lib/utils/get-identity.js': async () => 'foo',
+  '../../lib/utils/usage.js': () => 'usage instructions',
+}
+
+const star = requireInject('../../lib/star.js', mocks)
+
+t.afterEach(cb => {
+  npm.config = { get () {} }
+  npm.flatOptions.unicode = false
+  npmlog.info = noop
+  result = ''
+  cb()
+})
+
+t.test('no args', t => {
+  star([], err => {
+    t.match(
+      err,
+      /usage instructions/,
+      'should throw usage instructions'
+    )
+    t.end()
+  })
+})
+
+t.test('star a package', t => {
+  t.plan(4)
+  const pkgName = '@npmcli/arborist'
+  npmFetch.json = async (uri, opts) => ({
+    _id: pkgName,
+    _rev: 'hash',
+    users: (
+      opts.method === 'PUT'
+        ? { foo: true }
+        : {}
+    ),
+  })
+  npmlog.info = (title, msg, id) => {
+    t.equal(title, 'star', 'should use expected title')
+    t.equal(msg, 'starring', 'should use expected msg')
+    t.equal(id, pkgName, 'should use expected id')
+  }
+  star([pkgName], err => {
+    if (err)
+      throw err
+    t.equal(
+      result,
+      '(*) @npmcli/arborist',
+      'should output starred package msg'
+    )
+  })
+})
+
+t.test('unstar a package', t => {
+  t.plan(4)
+  const pkgName = '@npmcli/arborist'
+  npm.config.get = key => key === 'star.unstar'
+  npmFetch.json = async (uri, opts) => ({
+    _id: pkgName,
+    _rev: 'hash',
+    ...(opts.method === 'PUT'
+      ? {}
+      : { foo: true }
+    ),
+  })
+  npmlog.info = (title, msg, id) => {
+    t.equal(title, 'unstar', 'should use expected title')
+    t.equal(msg, 'unstarring', 'should use expected msg')
+    t.equal(id, pkgName, 'should use expected id')
+  }
+  star([pkgName], err => {
+    if (err)
+      throw err
+    t.equal(
+      result,
+      '( ) @npmcli/arborist',
+      'should output unstarred package msg'
+    )
+  })
+})
+
+t.test('unicode', async t => {
+  t.test('star a package', t => {
+    npm.flatOptions.unicode = true
+    npmFetch.json = async (uri, opts) => ({})
+    star(['pkg'], err => {
+      if (err)
+        throw err
+      t.equal(
+        result,
+        '\u2605  pkg',
+        'should output unicode starred package msg'
+      )
+      t.end()
+    })
+  })
+
+  t.test('unstar a package', t => {
+    npm.flatOptions.unicode = true
+    npm.config.get = key => key === 'star.unstar'
+    npmFetch.json = async (uri, opts) => ({})
+    star(['pkg'], err => {
+      if (err)
+        throw err
+      t.equal(
+        result,
+        '\u2606  pkg',
+        'should output unstarred package msg'
+      )
+      t.end()
+    })
+  })
+})
+
+t.test('logged out user', t => {
+  const star = requireInject('../../lib/star.js', {
+    ...mocks,
+    '../../lib/utils/get-identity.js': async () => undefined,
+  })
+  star(['@npmcli/arborist'], err => {
+    t.match(
+      err,
+      /You need to be logged in/,
+      'should throw login required error'
+    )
+    t.end()
+  })
+})
diff --git a/deps/npm/test/lib/unstar.js b/deps/npm/test/lib/unstar.js
new file mode 100644
index 00000000000000..63b2028a18eeec
--- /dev/null
+++ b/deps/npm/test/lib/unstar.js
@@ -0,0 +1,28 @@
+const requireInject = require('require-inject')
+const t = require('tap')
+
+t.test('unstar', t => {
+  t.plan(3)
+
+  const unstar = requireInject('../../lib/unstar.js', {
+    '../../lib/npm.js': {
+      config: {
+        set: (key, value) => {
+          t.equal(key, 'star.unstar', 'should set unstar config value')
+          t.equal(value, true, 'should set a truthy value')
+        },
+      },
+      commands: {
+        star: (args, cb) => {
+          t.deepEqual(args, ['pkg'], 'should forward packages')
+          cb()
+        },
+      },
+    },
+  })
+
+  unstar(['pkg'], err => {
+    if (err)
+      throw err
+  })
+})
diff --git a/deps/npm/test/lib/version.js b/deps/npm/test/lib/version.js
new file mode 100644
index 00000000000000..f36132253fa321
--- /dev/null
+++ b/deps/npm/test/lib/version.js
@@ -0,0 +1,160 @@
+const t = require('tap')
+const requireInject = require('require-inject')
+
+let result = []
+
+const noop = () => null
+const npm = {
+  flatOptions: {
+    json: false,
+  },
+  prefix: '',
+  version: '1.0.0',
+}
+const mocks = {
+  libnpmversion: noop,
+  '../../lib/npm.js': npm,
+  '../../lib/utils/output.js': (...msg) => {
+    for (const m of msg)
+      result.push(m)
+  },
+  '../../lib/utils/usage.js': () => 'usage instructions',
+}
+
+const version = requireInject('../../lib/version.js', mocks)
+
+const _processVersions = process.versions
+t.afterEach(cb => {
+  npm.flatOptions.json = false
+  npm.prefix = ''
+  process.versions = _processVersions
+  result = []
+  cb()
+})
+
+t.test('no args', t => {
+  const prefix = t.testdir({
+    'package.json': JSON.stringify({
+      name: 'test-version-no-args',
+      version: '3.2.1',
+    }),
+  })
+  npm.prefix = prefix
+  Object.defineProperty(process, 'versions', { value: { node: '1.0.0' } })
+
+  version([], err => {
+    if (err)
+      throw err
+
+    t.deepEqual(
+      result,
+      [{
+        'test-version-no-args': '3.2.1',
+        node: '1.0.0',
+        npm: '1.0.0',
+      }],
+      'should output expected values for various versions in npm'
+    )
+
+    t.end()
+  })
+})
+
+t.test('too many args', t => {
+  version(['foo', 'bar'], err => {
+    t.match(
+      err,
+      'usage instructions',
+      'should throw usage instructions error'
+    )
+
+    t.end()
+  })
+})
+
+t.test('completion', t => {
+  const { completion } = version
+
+  const testComp = (argv, expect) => {
+    completion({ conf: { argv: { remain: argv } } }, (err, res) => {
+      t.ifError(err)
+      t.strictSame(res, expect, argv.join(' '))
+    })
+  }
+
+  testComp(['npm', 'version'], [
+    'major',
+    'minor',
+    'patch',
+    'premajor',
+    'preminor',
+    'prepatch',
+    'prerelease',
+    'from-git',
+  ])
+  testComp(['npm', 'version', 'major'], [])
+
+  t.end()
+})
+
+t.test('failure reading package.json', t => {
+  const prefix = t.testdir({})
+  npm.prefix = prefix
+
+  version([], err => {
+    if (err)
+      throw err
+
+    t.deepEqual(
+      result,
+      [{
+        npm: '1.0.0',
+        node: '1.0.0',
+      }],
+      'should not have package name on returning object'
+    )
+
+    t.end()
+  })
+})
+
+t.test('--json option', t => {
+  const prefix = t.testdir({})
+  npm.flatOptions.json = true
+  npm.prefix = prefix
+  Object.defineProperty(process, 'versions', { value: {} })
+
+  version([], err => {
+    if (err)
+      throw err
+    t.deepEqual(
+      result,
+      ['{\n  "npm": "1.0.0"\n}'],
+      'should return json stringified result'
+    )
+    t.end()
+  })
+})
+
+t.test('with one arg', t => {
+  const version = requireInject('../../lib/version.js', {
+    ...mocks,
+    libnpmversion: (arg, opts) => {
+      t.equal(arg, 'major', 'should forward expected value')
+      t.deepEqual(
+        opts,
+        {
+          json: false,
+          path: '',
+        },
+        'should forward expected options'
+      )
+      t.end()
+    },
+  })
+
+  version(['major'], err => {
+    if (err)
+      throw err
+  })
+})