nodejs
diff --git a/‎deps/npm/docs/content/commands/npm-audit.md‎
Lines changed: 22 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-audit.md‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-install-test.md‎
Lines changed: 2 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-install-test.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-install.md‎
Lines changed: 2 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-install.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-ls.md‎
Lines changed: 1 addition & 1 deletion b/‎deps/npm/docs/content/commands/npm-ls.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deps/npm/docs/content/commands/npm-outdated.md‎
Lines changed: 2 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-outdated.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-publish.md‎
Lines changed: 2 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-publish.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-trust.md‎
Lines changed: 0 additions & 4 deletions b/‎deps/npm/docs/content/commands/npm-trust.md‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎deps/npm/docs/content/commands/npm-update.md‎
Lines changed: 2 additions & 0 deletions b/‎deps/npm/docs/content/commands/npm-update.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deps/npm/docs/content/commands/npm.md‎
Lines changed: 1 addition & 1 deletion b/‎deps/npm/docs/content/commands/npm.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deps/npm/docs/content/using-npm/config.md‎
Lines changed: 14 additions & 0 deletions b/‎deps/npm/docs/content/using-npm/config.md‎
Lines changed: 14 additions & 0 deletions
@@ -44,6 +44,16 @@ The `audit signatures` command will also verify the provenance attestations of d
 Because provenance attestations are such a new feature, security features may be added to (or changed in) the attestation format over time.
 To ensure that you're always able to verify attestation signatures check that you're running the latest version of the npm CLI. Please note this often means updating npm beyond the version that ships with Node.js.
 
+To include the full sigstore attestation bundles in JSON output, use:
+
+```bash
+$ npm audit signatures --json --include-attestations
+```
+
+This adds a `verified` array to the JSON output containing the attestation
+bundles (DSSE envelopes, verification material, and transparency log entries)
+for each verified package.
+
 The npm CLI supports registry signatures and signing keys provided by any registry if the following conventions are followed:
 
 1. Signatures are provided in the package's `packument` in each published version within the `dist` object:
@@ -357,6 +367,18 @@ run any pre- or post-scripts.
 
 
 
+#### `include-attestations`
+
+* Default: false
+* Type: Boolean
+
+When used with `npm audit signatures --json`, includes the full sigstore
+attestation bundles in the JSON output for each verified package. The
+bundles contain DSSE envelopes, verification material, and transparency log
+entries.
+
+
+
 #### `workspace`
 
 * Default:
 
@@ -281,6 +281,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true
 
@@ -623,6 +623,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true
 
@@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages.
 For example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@11.11.1 /path/to/npm
+npm@11.12.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 ```
 
@@ -182,6 +182,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 ### See Also
 
 * [package spec](/using-npm/package-spec)
 
@@ -54,6 +54,8 @@ A `package` is interpreted the same way as other commands (like `npm install`) a
 * f) a `<name>` that has a "latest" tag satisfying (e)
 * g) a `<git remote url>` that resolves to (a)
 
+If either (a) or (b) is specified as a relative path, it should begin with an explicit `./` prefix.
+
 The publish will fail if the package name and version combination already exists in the specified registry.
 
 Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with [`npm unpublish`](/commands/npm-unpublish).
 
@@ -6,10 +6,6 @@ description: Manage trusted publishing relationships between packages and CI/CD
 
 ### Synopsis
 
-```bash
-
-```
-
 Note: This command is unaware of workspaces.
 
 ### Prerequisites
 
@@ -347,6 +347,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `bin-links`
 
 * Default: true
 
@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-11.11.1
+11.12.1
 
 ### Description
 
 
@@ -770,6 +770,18 @@ the order in which omit/include are specified on the command-line.
 
 
 
+#### `include-attestations`
+
+* Default: false
+* Type: Boolean
+
+When used with `npm audit signatures --json`, includes the full sigstore
+attestation bundles in the JSON output for each verified package. The
+bundles contain DSSE envelopes, verification material, and transparency log
+entries.
+
+
+
 #### `include-staged`
 
 * Default: false
@@ -1086,6 +1098,8 @@ of a relative number of days.
 
 This config cannot be used with: `before`
 
+This value is not exported to the environment for child processes.
+
 #### `name`
 
 * Default: null