New pull requests should be opened when a "next" version of npm has been released. Once the "next" version has been promoted to "latest" the PR should be updated as necessary.
Two weeks after the "latest" release has been promoted it can land on master assuming no major regressions are found. There are no additional constraints for Semver-Major releases.
The specific Node.js release streams the new version will be able to land into are at the discretion of the release and LTS teams.
This process only covers full updates to new versions of npm. Cherry-picked changes can be reviewed and landed via the normal consensus seeking process.
$ git clone https://github.com/npm/cli.git npm
$ cd npmor if you already have npm cloned make sure the repo is up to date
$ git remote update -p
$ git reset --hard origin/latest$ git checkout vX.Y.Z
$ make
$ make releaseNote: please run npm dist-tag ls npm and make sure this is the latest
dist-tag. latest on git is usually released as next when it's time to
downstream
$ cd /path/to/node
$ git remote update -p
$ git checkout -b npm-x.y.z origin/master
$ cd deps
$ rm -rf npm$ tar zxf /path/to/npm/release/npm-x.y.z.tgz
$ git add -A npm
$ git commit -m "deps: upgrade npm to x.y.z"
$ cd ..$ ./configure
$ make -j4
$ ./tools/license-builder.sh
# The following commands are only necessary if there are changes
$ git add .
$ git commit -m "doc: update npm LICENSE using license-builder.sh"Note: please ensure you are only making the updates that are changed by npm.
$ git rebase --whitespace=fix master$ make test-npm