Bump npm from 11.3.0 to 11.4.0

[dependabot]

Bumps npm from 11.3.0 to 11.4.0.

Release notes

Sourced from npm's releases.

v11.4.0

11.4.0 (2025-05-15)

Features

• a0e60fb #8246 added init-private option (@​owlstronaut)
• 57aa89f #8265 use run by default and run-script as the alias (#8265) (@​owlstronaut)
• 0d4c023 #8234 install: add package info to json output (#8234) (@​wraithgar)

Bug Fixes

• 8794fd9 #8297 powershell: support pipeline input with Invoke-Expression (#8297) (@​alexsch01)
• b5173d1 #8293 docs: corrected github_path (#8293) (@​xaos7991)
• 2210d7a #8278 powershell: use Invoke-Expression to pass args (#8278) (@​alexsch01, @​mbtools)
• 8669d09 #8228 add otplease for enable-2fa, disable-2fa, access (#8228) (@​reggi, @​wraithgar)
• 78b5a6f #8269 correctly handle scenario where prefix is the cwd (#8269) (@​owlstronaut, @​ficocelliguy)
• fdc3413 #8221 exec: Fails to Execute Binaries Named After Shell Keywords (#8221) (@​13sfaith)
• 4b08e2e #8245 docs: prepare script runs for local package links (@​milaninfy)
• 1622ac4 #8241 handle missing time in packument to prevent crash on npm view (@​owlstronaut)
• db8f5da #8110 outdated: add dependent location in long output (#8110) (@​milaninfy, @​wraithgar)

Documentation

• d2498df #8295 Remove CHANGELOG from never-ignored list (#8295) (@​mrazauskas)
• 4d5c3c1 #8283 fix overrides example in package-json.md (#8283) (@​glasser)
• 96cc4f9 #8226 format publish as code to highlight it (@​LiangYingC)
• 4990ea0 #8226 clarify legacy token creation in npm login and adduser commands (@​LiangYingC)

Dependencies

• c97ef8a #8246 init-package-json@8.2.1
• f48613d #8292 @sigstore/verify@2.1.1
• a4c5e74 #8292 tinyglobby@0.2.13
• b9156d2 #8292 http-cache-semantics@4.2.0
• 472a685 #8292 binary-extensions@3.1.0
• 988696e #8292 @sigstore/tuf@3.1.1
• 569ac84 #8292 semver@7.7.2
• 2521c9b #8233 @sigstore/protobuf-specs@0.4.1
• 3274d68 #8233 @npmcli/query@4.0.1
• c263626 #8233 abbrev@3.0.1
• 78df711 #8233 hosted-git-info@8.1.0

Chores

• e80e38e #8292 dev dependency updates (@​wraithgar)
• 3231ee9 #8244 update snapshots (@​owlstronaut)
• c561a33 #8233 dev dependency updates (@​owlstronaut)
• 7eca19c #8215 update workflow permissions for updating Node PR (@​owlstronaut)
• workspace: @npmcli/arborist@9.1.0
• workspace: @npmcli/config@10.3.0
• workspace: libnpmaccess@10.0.1
• workspace: libnpmdiff@8.0.3
• workspace: libnpmexec@10.1.2
• workspace: libnpmfund@7.0.3
• workspace: libnpmpack@9.0.3
• workspace: libnpmteam@8.0.1
• workspace: libnpmversion@8.0.1

Changelog

Sourced from npm's changelog.

11.4.0 (2025-05-15)

Features

• a0e60fb #8246 added init-private option (@​owlstronaut)
• 57aa89f #8265 use run by default and run-script as the alias (#8265) (@​owlstronaut)
• 0d4c023 #8234 install: add package info to json output (#8234) (@​wraithgar)

Bug Fixes

• 8794fd9 #8297 powershell: support pipeline input with Invoke-Expression (#8297) (@​alexsch01)
• b5173d1 #8293 docs: corrected github_path (#8293) (@​xaos7991)
• 2210d7a #8278 powershell: use Invoke-Expression to pass args (#8278) (@​alexsch01)
• 8669d09 #8228 add otplease for enable-2fa, disable-2fa, access (#8228) (@​reggi, @​wraithgar)
• 78b5a6f #8269 correctly handle scenario where prefix is the cwd (#8269) (@​owlstronaut, @​ficocelliguy)
• fdc3413 #8221 exec: Fails to Execute Binaries Named After Shell Keywords (#8221) (@​13sfaith)
• 4b08e2e #8245 docs: prepare script runs for local package links (@​milaninfy)
• 1622ac4 #8241 handle missing time in packument to prevent crash on npm view (@​owlstronaut)
• db8f5da #8110 outdated: add dependent location in long output (#8110) (@​milaninfy, @​wraithgar)

Documentation

• d2498df #8295 Remove CHANGELOG from never-ignored list (#8295) (@​mrazauskas)
• 4d5c3c1 #8283 fix overrides example in package-json.md (#8283) (@​glasser)
• 96cc4f9 #8226 format publish as code to highlight it (@​LiangYingC)
• 4990ea0 #8226 clarify legacy token creation in npm login and adduser commands (@​LiangYingC)

Dependencies

• c97ef8a #8246 init-package-json@8.2.1
• f48613d #8292 @sigstore/verify@2.1.1
• a4c5e74 #8292 tinyglobby@0.2.13
• b9156d2 #8292 http-cache-semantics@4.2.0
• 472a685 #8292 binary-extensions@3.1.0
• 988696e #8292 @sigstore/tuf@3.1.1
• 569ac84 #8292 semver@7.7.2
• 2521c9b #8233 @sigstore/protobuf-specs@0.4.1
• 3274d68 #8233 @npmcli/query@4.0.1
• c263626 #8233 abbrev@3.0.1
• 78df711 #8233 hosted-git-info@8.1.0

Chores

• e80e38e #8292 dev dependency updates (@​wraithgar)
• 3231ee9 #8244 update snapshots (@​owlstronaut)
• c561a33 #8233 dev dependency updates (@​owlstronaut)
• 7eca19c #8215 update workflow permissions for updating Node PR (@​owlstronaut)
• workspace: @npmcli/arborist@9.1.0
• workspace: @npmcli/config@10.3.0
• workspace: libnpmaccess@10.0.1
• workspace: libnpmdiff@8.0.3
• workspace: libnpmexec@10.1.2
• workspace: libnpmfund@7.0.3
• workspace: libnpmpack@9.0.3
• workspace: libnpmteam@8.0.1
• workspace: libnpmversion@8.0.1

Commits

• 3d90a49 chore: release 11.4.0
• 8794fd9 fix(powershell): support pipeline input with Invoke-Expression (#8297)
• c97ef8a deps: init-package-json@8.2.1
• a0e60fb feat: added init-private option
• d2498df docs: Remove CHANGELOG from never-ignored list (#8295)
• b5173d1 fix(docs): corrected github_path (#8293)
• d5bcf38 fix(arborist): Add better error message when lockfile is malformed (#8268)
• f48613d deps: @​sigstore/verify@​2.1.1
• a4c5e74 deps: tinyglobby@0.2.13
• b9156d2 deps: http-cache-semantics@4.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #254.