Update dependency @npmcli/package-json to v8

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@npmcli/package-json	^5.1.0 → ^8.0.0

---

Release Notes

npm/package-json (@​npmcli/package-json)

v8.0.0

Compare Source

⚠️ BREAKING CHANGES

• @npmcli/package-json now supports node ^22.22.2 || ^24.15.0 || >=26.0.0
• template-oss-apply
• The "server.js" handling was removed, so "scripts.start" will not be set to "node server.js" if a "server.js" file exists.

Features

• b0ebae1 #​185 bump to new node engine range (@​owlstronaut)
• 5898ac5 #​185 template-oss-apply (@​owlstronaut)
• 2ac3b34 #​177 normalize the top-level overrides field (@​owlstronaut)

Bug Fixes

• 057fd25 #​174 remove magic "server.js" handling (@​owlstronaut)

Dependencies

• 126f578 #​185 proc-log@7.0.0
• fe58bf6 #​185 json-parse-even-better-errors@6.0.0
• 59d01ac #​185 hosted-git-info@10.1.1
• 1f2ff5f #​185 @npmcli/git@8.0.0

Chores

• 3188f3d #​185 snapshot update for hosted-git-info change (@​owlstronaut)
• c433eb8 #​185 @npmcli/eslint-config@7.0.0 (@​owlstronaut)
• 6212bdf #​185 template-oss-apply (@​owlstronaut)
• c23823f #​185 bumping @​npmcli/template-oss from 4.29.0 to 5.1.0 (@​owlstronaut)
• 1affdf1 #​174 template-oss-apply (@​owlstronaut)
• ece3cb6 #​170 bump @​npmcli/template-oss from 4.28.1 to 4.29.0 (#​170) (@​dependabot[bot], @​npm-cli-bot)

v7.0.5

Compare Source

Bug Fixes

• 09b981d #​172 inline license validation code (@​wraithgar)

Dependencies

• cb3e677 #​172 spdx-expression-parse@4.0.0
• 61738b2 #​172 remove validate-npm-package-license

Chores

• bd3b7ea #​169 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#​169) (@​dependabot[bot], @​npm-cli-bot)

v7.0.4

Compare Source

Dependencies

• e33b13e #​167 bump glob from 12.0.0 to 13.0.0 (#​167) (@​dependabot[bot])

v7.0.3

Compare Source

Bug Fixes

• 57952b8 #​164 prevent crash when expanding directories.bin without filesystem path (#​164) (@​MaxBlack-dev, Max Black)

Dependencies

• ba5c736 #​165 bump glob from 11.1.0 to 12.0.0 (#​165) (@​dependabot[bot])

v7.0.2

Compare Source

Bug Fixes

• 7f3afb6 #​156 comment typo (#​156) (@​Clozent)

Dependencies

• 0393243 #​160 bump proc-log from 5.0.0 to 6.0.0 (#​160) (@​dependabot[bot])
• f3c7926 #​161 bump json-parse-even-better-errors from 4.0.0 to 5.0.0 (#​161) (@​dependabot[bot])

Chores

• 4a80b15 #​162 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#​162) (@​dependabot[bot])
• e093242 #​163 bump @​npmcli/template-oss from 4.27.1 to 4.28.0 (#​163) (@​dependabot[bot], @​npm-cli-bot)

v7.0.1

Compare Source

Dependencies

• 1364087 #​153 @npmcli/git@7.0.0 (#​153)

v7.0.0

Compare Source

⚠️ BREAKING CHANGES

• package-json now supports node ^20.17.0 || >=22.9.0

Features

• 9dd0eb5 #​144 add syncNormalize (@​wraithgar)
• 08eae47 #​144 add binDir step to normalize function (@​wraithgar)

Bug Fixes

• a5e4ac3 #​152 align to npm 11 node engine range (@​owlstronaut)
• 4695e87 #​150 use URL.canParse instead of runtime deprecated url.parse api (#​150) (@​SuperchupuDev)
• dbc9ef1 #​144 require an object in fromContent() (@​wraithgar)
• f06eb18 #​144 remove unused bundleDependenciesFalse (@​wraithgar)
• a8b1cc9 #​144 secure and unixify paths discovered via directories.bin (@​wraithgar)
• 23c29a9 #​144 remove erroneous bundledDependencies log (@​wraithgar)

Documentation

• 14f8141 #​147 adding sort option docs to README (#​147) (@​idhard)

Dependencies

• a0dcfde #​152 hosted-git-info@9.0.0
• 41128c1 #​152 glob@11.0.3

Chores

• a179a87 #​144 fix tests to await async normalize (@​wraithgar)
• 203fec8 #​144 remove read-package-json (@​wraithgar)
• 7bde184 #​144 remove read-package-json-fast (@​wraithgar)
• 394192d #​144 remove backward compatiblity tests (@​wraithgar)
• 6e89e39 #​148 bump @​npmcli/template-oss from 4.23.6 to 4.25.0 (#​148) (@​dependabot[bot], @​owlstronaut)

v6.2.0

Compare Source

Features

• 228539f #​145 adds fixName step for publishing (#​145) (@​owlstronaut)

v6.1.1

Compare Source

Bug Fixes

• 526473b #​139 remove max-len linting bypasses (@​wraithgar)
• 2a7bbe5 #​139 inline normalize-package-data logic (@​wraithgar)
• 2d320bc #​140 save when reverting content (@​wraithgar)

Dependencies

• 6ea3a9d #​139 add validate-npm-package-license@3.0.4
• 35152b6 #​139 remove normalize-package-data

Chores

• 0930f4e #​139 @npmcli/eslint-config@5.1.0 (@​wraithgar)
• 1464adc #​140 scope test fixture package names (@​wraithgar)
• d722a1f #​137 bump @​npmcli/template-oss from 4.23.5 to 4.23.6 (#​137) (@​dependabot[bot], @​npm-cli-bot)

v6.1.0

Compare Source

Features

• 4c22738 #​133 adds ability to sort package.json on save (#​133) (@​reggi, @​wraithgar)

Chores

• 6fef3a2 #​135 bump @​npmcli/template-oss from 4.23.3 to 4.23.5 (#​135) (@​dependabot[bot], @​npm-cli-bot)

v6.0.1

Compare Source

Dependencies

• 25e2a76 #​129 bump @npmcli/git@6.0.0

v6.0.0

Compare Source

⚠️ BREAKING CHANGES

• @npmcli/package-json now supports node ^18.17.0 || >=20.5.0

Bug Fixes

• 8196f27 #​126 align to npm 10 node engine range (@​reggi)

Dependencies

• 5bdf533 #​126 proc-log@5.0.0
• 136ba6e #​126 normalize-package-data@7.0.0
• 12318c0 #​126 json-parse-even-better-errors@4.0.0
• 324d7ba #​126 hosted-git-info@8.0.0

Chores

• 855676d #​117 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (#​117) (@​dependabot[bot])
• c421ce9 #​125 bump read-package-json-fast from 3.0.2 to 4.0.0 (#​125) (@​dependabot[bot])
• 1f182e6 #​126 run template-oss-apply (@​reggi)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm error code EBADENGINE
npm error engine Unsupported engine
npm error engine Not compatible with your version of node/npm: @npmcli/package-json@8.0.0
npm error notsup Not compatible with your version of node/npm: @npmcli/package-json@8.0.0
npm error notsup Required: {"node":"^22.22.2 || ^24.15.0 || >=26.0.0"}
npm error notsup Actual:   {"npm":"10.8.2","node":"v20.20.2"}
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-06-11T11_47_53_789Z-debug-0.log