Limit automatic caching to npm, update workflows and documentation (#1374)

* default to auto-caching only for npm package manager and documentation update

* refactor: enhance package manager detection for auto-caching

* add devEngines.packageManager detection logic for npm auto-caching

* chore: bump version to 6.0.0 and update documentation

* docs: update README and action.yml for npm caching logic clarification

* chore: update Node.js version in workflows

* chore: update Node.js versions in versions.yml

* chore: update rc Node.js version in versions.yml

* chore: switch macos-13 runner to macos-latest-large in workflow

* docs: update README and advanced usage documentation

.github/eslint-compact.json

@@ -4,7 +4,7 @@
             "owner": "eslint-compact",
             "pattern": [
                 {
-                    "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\\s(Error|Warning|Info)\\s-\\s(.+)\\s\\((.+)\\)$",
+                    "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\\s([Ee]rror|[Ww]arning|[Ii]nfo)\\s-\\s(.+)\\s\\((.+)\\)$",
                     "file": 1,
                     "line": 2,
                     "column": 3,

.github/eslint-stylish.json

@@ -4,7 +4,7 @@
             "owner": "eslint-stylish",
             "pattern": [
                 {
-                    "regexp": "^([^\\s].*)$",
+                    "regexp": "^\\s*([^\\s].*)$",
                     "file": 1
                 },
                 {

.github/workflows/basic-validation.yml

@@ -16,4 +16,4 @@ jobs:
     name: Basic validation
     uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
     with:
-      node-version: '20.x'
+      node-version: '24.x'

.github/workflows/check-dist.yml

@@ -16,4 +16,4 @@ jobs:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
     with:
-      node-version: '20.x'
+      node-version: '24.x'

.github/workflows/e2e-cache.yml

@@ -18,10 +18,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20, 22]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Clean global cache
         run: npm cache clean --force
       - name: Setup Node
@@ -41,10 +41,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20, 22]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Install pnpm
         uses: pnpm/action-setup@v4
         with:
@@ -74,14 +74,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Yarn version
         run: yarn --version
       - name: Generate yarn file
-        run: yarn install
+        run: yarn install --ignore-engines
       - name: Remove dependencies
         shell: pwsh
         run: Remove-Item node_modules -Force -Recurse
@@ -106,10 +106,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20, 22]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Update yarn
         run: yarn set version 3.6.4
       - name: Yarn version
@@ -139,11 +139,11 @@ jobs:
     name: Test yarn subprojects
     strategy:
       matrix:
-        node-version: [18, 20, 22]
+        node-version: [20, 22, 24]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh yarn1
@@ -166,11 +166,11 @@ jobs:
     name: Test yarn subprojects all locally managed
     strategy:
       matrix:
-        node-version: [18, 20, 22]
+        node-version: [20, 22, 24]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh keepcache keepcache
@@ -193,11 +193,11 @@ jobs:
     name: Test yarn subprojects some locally managed
     strategy:
       matrix:
-        node-version: [18, 20, 22]
+        node-version: [20, 22, 24]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh global
@@ -220,11 +220,11 @@ jobs:
     name: Test yarn subprojects managed by git
     strategy:
       matrix:
-        node-version: [18, 20, 22]
+        node-version: [20, 22, 24]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: prepare sub-projects
         run: /bin/bash __tests__/prepare-yarn-subprojects.sh keepcache
@@ -243,3 +243,62 @@ jobs:
           cache-dependency-path: |
             sub2/*.lock
             sub3/*.lock
+
+  node-npm-packageManager-auto-cache:
+    name: Test auto cache with top-level packageManager
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
+    steps:
+      - uses: actions/checkout@v5
+      - name: Create package.json with packageManager field
+        run: |
+          echo '{ "name": "test-project", "version": "1.0.0", "packageManager": "npm@8.0.0" }' > package.json
+      - name: Clean global cache
+        run: npm cache clean --force
+      - name: Setup Node with caching enabled
+        uses: ./
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Install dependencies
+        run: npm install
+      - name: Verify node and npm
+        run: __tests__/verify-node.sh "${{ matrix.node-version }}"
+        shell: bash
+
+  node-npm-devEngines-auto-cache:
+    name: Test auto cache with devEngines.packageManager
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
+    steps:
+      - uses: actions/checkout@v5
+      - name: Create package.json with devEngines field
+        run: |
+          echo '{
+            "name": "test-project",
+            "version": "1.0.0",
+            "devEngines": {
+              "packageManager": {
+                "name": "npm",
+                "onFail": "error"
+              }
+            }
+          }' > package.json
+      - name: Clean global cache
+        run: npm cache clean --force
+      - name: Setup Node with caching enabled
+        uses: ./
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Install dependencies
+        run: npm install
+      - name: Verify node and npm
+        run: __tests__/verify-node.sh "${{ matrix.node-version }}"
+        shell: bash

.github/workflows/proxy.yml

@@ -25,15 +25,15 @@ jobs:
     env:
       https_proxy: http://squid-proxy:3128
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Clear tool cache
         run: rm -rf $RUNNER_TOOL_CACHE/*
-      - name: Setup node 14
+      - name: Setup node 24
         uses: ./
         with:
-          node-version: 14.x
+          node-version: 24.x
       - name: Verify node and npm
-        run: __tests__/verify-node.sh 14
+        run: __tests__/verify-node.sh 24
 
   test-bypass-proxy:
     runs-on: ubuntu-latest
@@ -41,12 +41,12 @@ jobs:
       https_proxy: http://no-such-proxy:3128
       no_proxy: api.github.com,github.com,nodejs.org,registry.npmjs.org,*.s3.amazonaws.com,s3.amazonaws.com
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Clear tool cache
         run: rm -rf $RUNNER_TOOL_CACHE/*
-      - name: Setup node 11
+      - name: Setup node 24
         uses: ./
         with:
-          node-version: 11
+          node-version: 24
       - name: Verify node and npm
-        run: __tests__/verify-node.sh 11
+        run: __tests__/verify-node.sh 24

.github/workflows/publish-immutable-actions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Publish
         id: publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release-new-action-version.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
-        uses: actions/publish-action@v0.3.0
+        uses: actions/publish-action@v0.4.0
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/versions.yml

@@ -17,10 +17,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20, 22]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -34,10 +34,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest-large]
         node-version: [lts/dubnium, lts/erbium, lts/fermium, lts/*, lts/-1]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -56,7 +56,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
         node-version:
           [
             '20-v8-canary',
@@ -64,7 +64,7 @@ jobs:
             '20.0.0-v8-canary20221101e50e45c9f8'
           ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -81,10 +81,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [20-nightly, 21-nightly, 18.0.0-nightly]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20-nightly, 25-nightly, 24.0.0-nightly]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -101,10 +101,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [20.0.0-rc.1, 18.0.0-rc.2, 19.0.0-rc.0]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20.0.0-rc.1, 22.14.0-rc.1, 24.0.0-rc.4]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -121,10 +121,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18.20.0, 20.10.0, 22.0.0]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20.10.0, 22.0.0, 24.9.0]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:
@@ -138,10 +138,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
-        node-version: [18, 20, 22]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        node-version: [20, 22, 24]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node and check latest
         uses: ./
         with:
@@ -156,57 +156,57 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
         node-version-file:
           [.nvmrc, .tool-versions, .tool-versions-node, package.json]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node from node version file
         uses: ./
         with:
           node-version-file: '__tests__/data/${{ matrix.node-version-file }}'
       - name: Verify node
-        run: __tests__/verify-node.sh 20
+        run: __tests__/verify-node.sh 24
 
   version-file-volta:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node from node version file
         uses: ./
         with:
           node-version-file: '__tests__/data/package-volta.json'
       - name: Verify node
-        run: __tests__/verify-node.sh 20
+        run: __tests__/verify-node.sh 24
 
   version-file-volta-extends:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node from node version file
         uses: ./
         with:
           node-version-file: '__tests__/data/package-volta-extends.json'
       - name: Verify node
-        run: __tests__/verify-node.sh 20
+        run: __tests__/verify-node.sh 24
 
   node-dist:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
         node-version: [17, 19]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node from dist
         uses: ./
         with:
@@ -220,9 +220,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest-large]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       # test old versions which didn't have npm and layout different
       - name: Setup node 0.12.18 from dist
         uses: ./
@@ -235,7 +235,7 @@ jobs:
   arch:
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node 20 x86 from dist
         uses: ./
         with:
@@ -250,7 +250,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
+        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
         node-version: [current, latest, node]
     steps:
       - name: Get node version
@@ -259,7 +259,7 @@ jobs:
           echo "LATEST_NODE_VERSION=$latestNodeVersion" >> $GITHUB_OUTPUT
         id: version
         shell: bash
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node
         uses: ./
         with:

.licenses/npm/@actions/cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/cache"
-version: 4.0.2
+version: 4.0.3
 type: npm
 summary: Actions cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/cache

.licenses/npm/@actions/github.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/github"
-version: 5.1.1
+version: 6.0.1
 type: npm
 summary: Actions github lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/github

.licenses/npm/@octokit/auth-token.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/auth-token"
-version: 2.5.0
+version: 4.0.0
 type: npm
 summary: GitHub API token authentication for browsers and Node.js
 homepage:

.licenses/npm/@octokit/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/core"
-version: 3.6.0
+version: 5.2.1
 type: npm
 summary: Extendable client for GitHub's REST & GraphQL APIs
 homepage:

.licenses/npm/@octokit/endpoint.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/endpoint"
-version: 6.0.12
+version: 9.0.6
 type: npm
 summary: Turns REST API endpoints into generic request options
 homepage:

.licenses/npm/@octokit/graphql.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/graphql"
-version: 4.8.0
+version: 7.1.1
 type: npm
 summary: GitHub GraphQL API client for browsers and Node
 homepage:

.licenses/npm/@octokit/openapi-types-20.0.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/openapi-types"
-version: 12.11.0
+version: 20.0.0
 type: npm
 summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
 homepage:

.licenses/npm/@octokit/openapi-types-24.2.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/openapi-types"
+version: 24.2.0
+type: npm
+summary: Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright 2020 Gregor Martynus
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@octokit/plugin-paginate-rest.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/plugin-paginate-rest"
-version: 2.21.3
+version: 9.2.2
 type: npm
 summary: Octokit plugin to paginate REST API endpoint responses
 homepage:

.licenses/npm/@octokit/plugin-rest-endpoint-methods.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/plugin-rest-endpoint-methods"
-version: 5.16.2
+version: 10.4.1
 type: npm
 summary: Octokit plugin adding one method for all of api.github.com REST API endpoints
 homepage:

.licenses/npm/@octokit/request-error.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/request-error"
-version: 2.1.0
+version: 5.1.1
 type: npm
 summary: Error class for Octokit request errors
 homepage:

.licenses/npm/@octokit/request.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/request"
-version: 5.6.3
+version: 8.4.1
 type: npm
 summary: Send parameterized requests to GitHub's APIs with sensible defaults in browsers
   and Node

.licenses/npm/@octokit/types-12.6.0.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@octokit/types"
-version: 6.41.0
+version: 12.6.0
 type: npm
 summary: Shared TypeScript definitions for Octokit projects
 homepage:

.licenses/npm/@octokit/types-13.10.0.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@octokit/types"
+version: 13.10.0
+type: npm
+summary: Shared TypeScript definitions for Octokit projects
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License Copyright (c) 2019 Octokit contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+- sources: README.md
+  text: "[MIT](LICENSE)"
+notices: []

.licenses/npm/@types/node.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@types/node"
-version: 20.11.25
+version: 24.1.0
 type: npm
 summary: TypeScript definitions for node
 homepage: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node

.licenses/npm/brace-expansion.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: brace-expansion
-version: 1.1.11
+version: 1.1.12
 type: npm
 summary: Brace expansion as known from sh/bash
 homepage: https://github.com/juliangruber/brace-expansion

.licenses/npm/call-bind-apply-helpers.dep.yml

@@ -0,0 +1,32 @@
+---
+name: call-bind-apply-helpers
+version: 1.0.2
+type: npm
+summary: Helper functions around Function call/apply/bind, for use in `call-bind`
+homepage: https://github.com/ljharb/call-bind-apply-helpers#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/dunder-proto.dep.yml

@@ -0,0 +1,32 @@
+---
+name: dunder-proto
+version: 1.0.1
+type: npm
+summary: If available, the `Object.prototype.__proto__` accessor and mutator, call-bound
+homepage: https://github.com/es-shims/dunder-proto#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-define-property.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-define-property
+version: 1.0.1
+type: npm
+summary: "`Object.defineProperty`, but not IE 8's broken one."
+homepage: https://github.com/ljharb/es-define-property#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-errors.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-errors
+version: 1.3.0
+type: npm
+summary: A simple cache for a few of the JS Error constructors.
+homepage: https://github.com/ljharb/es-errors#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-object-atoms.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-object-atoms
+version: 1.1.1
+type: npm
+summary: 'ES Object-related atoms: Object, ToObject, RequireObjectCoercible'
+homepage: https://github.com/ljharb/es-object-atoms#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/es-set-tostringtag.dep.yml

@@ -0,0 +1,32 @@
+---
+name: es-set-tostringtag
+version: 2.1.0
+type: npm
+summary: A helper to optimistically set Symbol.toStringTag, when possible.
+homepage: https://github.com/es-shims/es-set-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/form-data-2.5.5.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 2.5.1
+version: 2.5.5
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage:
 license: mit
 licenses:
 - sources: License

.licenses/npm/form-data-4.0.4.dep.yml

@@ -1,10 +1,10 @@
 ---
 name: form-data
-version: 4.0.0
+version: 4.0.4
 type: npm
 summary: A library to create readable "multipart/form-data" streams. Can be used to
   submit forms and file uploads to other web applications.
-homepage: https://github.com/form-data/form-data#readme
+homepage:
 license: mit
 licenses:
 - sources: License
@@ -28,6 +28,6 @@ licenses:
      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
      THE SOFTWARE.
-- sources: Readme.md
+- sources: README.md
   text: Form-Data is released under the [MIT](License) license.
 notices: []

.licenses/npm/function-bind.dep.yml

@@ -0,0 +1,32 @@
+---
+name: function-bind
+version: 1.1.2
+type: npm
+summary: Implementation of Function.prototype.bind
+homepage: https://github.com/Raynos/function-bind
+license: mit
+licenses:
+- sources: LICENSE
+  text: |+
+    Copyright (c) 2013 Raynos.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.
+
+notices: []
+...

.licenses/npm/get-intrinsic.dep.yml

@@ -0,0 +1,33 @@
+---
+name: get-intrinsic
+version: 1.3.0
+type: npm
+summary: Get and robustly cache all JS language-level intrinsics at first require
+  time
+homepage: https://github.com/ljharb/get-intrinsic#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2020 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/get-proto.dep.yml

@@ -0,0 +1,32 @@
+---
+name: get-proto
+version: 1.0.1
+type: npm
+summary: Robustly get the [[Prototype]] of an object
+homepage: https://github.com/ljharb/get-proto#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2025 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/gopd.dep.yml

@@ -0,0 +1,32 @@
+---
+name: gopd
+version: 1.2.0
+type: npm
+summary: "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation."
+homepage: https://github.com/ljharb/gopd#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2022 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-symbols.dep.yml

@@ -0,0 +1,32 @@
+---
+name: has-symbols
+version: 1.1.0
+type: npm
+summary: Determine if the JS environment has Symbol support. Supports spec, or shams.
+homepage: https://github.com/ljharb/has-symbols#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2016 Jordan Harband
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/has-tostringtag.dep.yml

@@ -0,0 +1,33 @@
+---
+name: has-tostringtag
+version: 1.0.2
+type: npm
+summary: Determine if the JS environment has `Symbol.toStringTag` support. Supports
+  spec, or shams.
+homepage: https://github.com/inspect-js/has-tostringtag#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2021 Inspect JS
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/hasown.dep.yml

@@ -0,0 +1,32 @@
+---
+name: hasown
+version: 2.0.2
+type: npm
+summary: A robust, ES3 compatible, "has own property" predicate.
+homepage: https://github.com/inspect-js/hasOwn#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) Jordan Harband and contributors
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/math-intrinsics.dep.yml

@@ -0,0 +1,32 @@
+---
+name: math-intrinsics
+version: 1.1.0
+type: npm
+summary: ES Math-related intrinsics and helpers, robustly cached.
+homepage: https://github.com/es-shims/math-intrinsics#readme
+license: mit
+licenses:
+- sources: LICENSE
+  text: |
+    MIT License
+
+    Copyright (c) 2024 ECMAScript Shims
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.
+notices: []

.licenses/npm/safe-buffer.dep.yml

@@ -1,16 +1,16 @@
 ---
-name: is-plain-object
-version: 5.0.0
+name: safe-buffer
+version: 5.2.1
 type: npm
-summary: Returns true if an object was created by the `Object` constructor, or Object.create(null).
-homepage: https://github.com/jonschlinkert/is-plain-object
+summary: Safer Node.js Buffer API
+homepage: https://github.com/feross/safe-buffer
 license: mit
 licenses:
 - sources: LICENSE
   text: |
     The MIT License (MIT)
 
-    Copyright (c) 2014-2017, Jon Schlinkert.
+    Copyright (c) Feross Aboukhadijeh
 
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
@@ -30,11 +30,5 @@ licenses:
     OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     THE SOFTWARE.
 - sources: README.md
-  text: |-
-    Copyright © 2019, [Jon Schlinkert](https://github.com/jonschlinkert).
-    Released under the [MIT License](LICENSE).
-
-    ***
-
-    _This file was generated by [verb-generate-readme](https://github.com/verbose/verb-generate-readme), v0.8.0, on April 28, 2019._
+  text: MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
 notices: []

.licenses/npm/semver-7.7.2.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.6.3
+version: 7.7.2
 type: npm
 summary: The semantic version parser used by npm.
 homepage:

.licenses/npm/undici-types.dep.yml

@@ -1,15 +1,17 @@
 ---
 name: undici-types
-version: 5.26.5
+version: 7.8.0
 type: npm
 summary: A stand-alone types package for Undici
 homepage: https://undici.nodejs.org
 license: mit
 licenses:
-- sources: Auto-generated MIT license text
+- sources: LICENSE
   text: |
     MIT License
 
+    Copyright (c) Matteo Collina and Undici contributors
+
     Permission is hereby granted, free of charge, to any person obtaining a copy
     of this software and associated documentation files (the "Software"), to deal
     in the Software without restriction, including without limitation the rights

.licenses/npm/undici.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: undici
-version: 5.28.5
+version: 5.29.0
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org

.licenses/npm/universal-user-agent.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: universal-user-agent
-version: 6.0.0
+version: 6.0.1
 type: npm
 summary: Get a user agent string in both browser and node
 homepage:

.licenses/npm/uuid-11.1.0.dep.yml

@@ -1,8 +1,8 @@
 ---
 name: uuid
-version: 9.0.1
+version: 11.1.0
 type: npm
-summary: RFC4122 (v1, v4, and v5) UUIDs
+summary: RFC9562 UUIDs
 homepage:
 license: mit
 licenses:

README.md

@@ -12,13 +12,27 @@ This action provides the following functionality for GitHub Actions users:
 - Registering problem matchers for error output
 - Configuring authentication for GPR or npm
 
+## Breaking changes in V6
+
+- Caching is now automatically enabled for npm projects when either the `devEngines.packageManager` field or the top-level `packageManager` field in `package.json` is set to `npm`. For other package managers, such as Yarn and pnpm, caching is disabled by default and must be configured manually using the `cache` input.
+
+## Breaking changes in V5 
+
+- Enabled caching by default with package manager detection if no cache input is provided.
+  > For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching by setting `package-manager-cache: false` when caching is not needed for secure operation.
+
+- Upgraded action from node20 to node24.
+  > Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)
+
+For more details, see the full release notes on the [releases page](https://github.com/actions/setup-node/releases/v5.0.0)
+
 ## Usage
 
 See [action.yml](action.yml)
 
 <!-- start usage -->
 ```yaml
-- uses: actions/setup-node@v4
+- uses: actions/setup-node@v6
   with:
     # Version Spec of the version to use in SemVer notation.
     # It also admits such aliases as lts/*, latest, nightly and canary builds
@@ -57,6 +71,11 @@ See [action.yml](action.yml)
     # Default: ''
     cache: ''
 
+    # Controls automatic caching for npm. By default, caching for npm is enabled if either the devEngines.packageManager field or the top-level packageManager field in package.json specifies npm and no explicit cache input is provided.
+    # To disable automatic caching for npm, set package-manager-cache to false.
+    # default: true
+    package-manager-cache: true
+
     # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. 
     # It will generate hash from the target file for primary key. It works only If cache is specified.  
     # Supports wildcards or a list of file names for caching multiple dependencies.
@@ -76,6 +95,21 @@ See [action.yml](action.yml)
     # Set always-auth option in npmrc file.
     # Default: ''
     always-auth: ''
+
+    # Optional mirror to download binaries from.
+    # Artifacts need to match the official Node.js
+    # Example:
+    # V8 Canaray Build: <mirror_url>/download/v8-canary
+    # RC Build: <mirror_url>/download/rc
+    # Official: Build <mirror_url>/dist
+    # Nightly build: <mirror_url>/download/nightly
+    # Default: ''
+    mirror: ''
+
+    # Optional mirror token.
+    # The token will be used as a bearer token in the Authorization header
+    # Default: ''
+    mirror-token: ''
 ```
 <!-- end usage -->
 
@@ -83,10 +117,10 @@ See [action.yml](action.yml)
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: 18
+    node-version: 24
 - run: npm ci
 - run: npm test
 ```
@@ -103,9 +137,9 @@ The `node-version` input supports the Semantic Versioning Specification, for mor
 
 Examples:
 
- - Major versions: `18`, `20`
- - More specific versions: `10.15`, `16.15.1` , `18.4.0`
- - NVM LTS syntax: `lts/erbium`, `lts/fermium`, `lts/*`, `lts/-n`
+ - Major versions: `22`, `24`
+ - More specific versions: `20.19`, `22.17.1` , `24.8.0`
+ - NVM LTS syntax: `lts/iron`, `lts/jod`, `lts/*`, `lts/-n`
  - Latest release: `*` or `latest`/`current`/`node`
 
 **Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.
@@ -120,7 +154,7 @@ It's **always** recommended to commit the lockfile of your package manager for s
 
 ## Caching global packages data
 
-The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional, and caching is turned off by default.
+The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional.
 
 The action defaults to search for the dependency file (`package-lock.json`, `npm-shrinkwrap.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.
 
@@ -132,10 +166,10 @@ See the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` in
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: 20
+    node-version: 24
     cache: 'npm'
 - run: npm ci
 - run: npm test
@@ -145,16 +179,30 @@ steps:
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: 20
+    node-version: 24
     cache: 'npm'
     cache-dependency-path: subdir/package-lock.json
 - run: npm ci
 - run: npm test
 ```
 
+Caching for npm dependencies is automatically enabled when your `package.json` contains either `devEngines.packageManager` field or top-level `packageManager` field set to `npm`, and no explicit cache input is provided.
+
+This behavior is controlled by the `package-manager-cache` input, which defaults to `true`. To turn off automatic caching, set `package-manager-cache` to `false`.
+
+```yaml
+steps:
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
+  with:
+    package-manager-cache: false
+- run: npm ci
+```
+> If your `package.json` file does not include a `packageManager` field set to `npm`, caching will be disabled unless you explicitly enable it. For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching for npm by setting `package-manager-cache: false` when caching is not required for secure operation.
+
 ## Matrix Testing
 
 ```yaml
@@ -163,12 +211,12 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node: [ 14, 16, 18 ]
+        node: [ 20, 22, 24 ]
     name: Node ${{ matrix.node }} sample
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node }}
       - run: npm ci
@@ -182,10 +230,10 @@ jobs:
 To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
 
 ```yaml
-uses: actions/setup-node@v4
+uses: actions/setup-node@v6
 with:
   token: ${{ secrets.GH_DOTCOM_TOKEN }}
-  node-version: 20
+  node-version: 24
 ```
 
 If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.

__tests__/canary-installer.test.ts

@@ -498,6 +498,70 @@ describe('setup-node', () => {
         );
       }
     );
+
+    it.each([
+      [
+        '20.0.0-v8-canary',
+        '20.0.0-v8-canary20221103f7e2421e91',
+        '20.0.0-v8-canary20221030fefe1c0879',
+        'https://my_mirror.org/download/v8-canary/v20.0.0-v8-canary20221103f7e2421e91/node-v20.0.0-v8-canary20221103f7e2421e91-linux-x64.tar.gz'
+      ],
+      [
+        '20-v8-canary',
+        '20.0.0-v8-canary20221103f7e2421e91',
+        '20.0.0-v8-canary20221030fefe1c0879',
+        'https://my_mirror.org/download/v8-canary/v20.0.0-v8-canary20221103f7e2421e91/node-v20.0.0-v8-canary20221103f7e2421e91-linux-x64.tar.gz'
+      ],
+      [
+        '19.0.0-v8-canary',
+        '19.0.0-v8-canary202210187d6960f23f',
+        '19.0.0-v8-canary202210172ec229fc56',
+        'https://my_mirror.org/download/v8-canary/v19.0.0-v8-canary202210187d6960f23f/node-v19.0.0-v8-canary202210187d6960f23f-linux-x64.tar.gz'
+      ],
+      [
+        '19-v8-canary',
+        '19.0.0-v8-canary202210187d6960f23f',
+        '19.0.0-v8-canary202210172ec229fc56',
+        'https://my_mirror.org/download/v8-canary/v19.0.0-v8-canary202210187d6960f23f/node-v19.0.0-v8-canary202210187d6960f23f-linux-x64.tar.gz'
+      ]
+    ])(
+      'get %s version from dist if check-latest is true',
+      async (input, expectedVersion, foundVersion, expectedUrl) => {
+        const foundToolPath = path.normalize(`/cache/node/${foundVersion}/x64`);
+        const toolPath = path.normalize(`/cache/node/${expectedVersion}/x64`);
+
+        inputs['node-version'] = input;
+        inputs['check-latest'] = 'true';
+        os['arch'] = 'x64';
+        os['platform'] = 'linux';
+        inputs['mirror'] = 'https://my_mirror.org';
+        inputs['mirror-token'] = 'faketoken';
+
+        findSpy.mockReturnValue(foundToolPath);
+        findAllVersionsSpy.mockReturnValue([
+          '20.0.0-v8-canary20221030fefe1c0879',
+          '19.0.0-v8-canary202210172ec229fc56',
+          '20.0.0-v8-canary2022102310ff1e5a8d'
+        ]);
+        dlSpy.mockImplementation(async () => '/some/temp/path');
+        exSpy.mockImplementation(async () => '/some/other/temp/path');
+        cacheSpy.mockImplementation(async () => toolPath);
+
+        // act
+        await main.run();
+
+        // assert
+        expect(findAllVersionsSpy).toHaveBeenCalled();
+        expect(logSpy).toHaveBeenCalledWith(
+          `Acquiring ${expectedVersion} - ${os.arch} from ${expectedUrl}`
+        );
+        expect(logSpy).toHaveBeenCalledWith('Extracting ...');
+        expect(logSpy).toHaveBeenCalledWith('Adding to the cache ...');
+        expect(cnSpy).toHaveBeenCalledWith(
+          `::add-path::${path.join(toolPath, 'bin')}${osm.EOL}`
+        );
+      }
+    );
   });
 
   describe('setup-node v8 canary tests', () => {

__tests__/data/.nvmrc

@@ -1 +1 @@
-v20
+v24

__tests__/data/.tool-versions

@@ -1 +1 @@
-nodejs 20.0.0
+nodejs 24.0.0

__tests__/data/.tool-versions-node

@@ -1 +1 @@
-node 20.0.0
+node 24.0.0

__tests__/data/package-volta.json

@@ -3,6 +3,6 @@
     "node": "^14.0.0"
   },
   "volta": {
-    "node": "20.0.0"
+    "node": "24.0.0"
   }
 }

__tests__/data/package.json

@@ -1,5 +1,5 @@
 {
   "engines": {
-    "node": "^20.0.0"
+    "node": "^24.0.0"
   }
 }

__tests__/main.test.ts

@@ -20,6 +20,7 @@ describe('main tests', () => {
 
   let infoSpy: jest.SpyInstance;
   let warningSpy: jest.SpyInstance;
+  let saveStateSpy: jest.SpyInstance;
   let inSpy: jest.SpyInstance;
   let setOutputSpy: jest.SpyInstance;
   let startGroupSpy: jest.SpyInstance;
@@ -53,6 +54,8 @@ describe('main tests', () => {
     setOutputSpy.mockImplementation(() => {});
     warningSpy = jest.spyOn(core, 'warning');
     warningSpy.mockImplementation(() => {});
+    saveStateSpy = jest.spyOn(core, 'saveState');
+    saveStateSpy.mockImplementation(() => {});
     startGroupSpy = jest.spyOn(core, 'startGroup');
     startGroupSpy.mockImplementation(() => {});
     endGroupSpy = jest.spyOn(core, 'endGroup');
@@ -280,4 +283,149 @@ describe('main tests', () => {
       );
     });
   });
+
+  describe('cache feature tests', () => {
+    it('Should enable caching when packageManager is npm and cache input is not provided', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      isCacheActionAvailable.mockImplementation(() => true);
+
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          packageManager: 'npm@10.8.2'
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).toHaveBeenCalledWith(expect.anything(), 'npm');
+    });
+
+    it('Should enable caching when devEngines.packageManager.name is "npm" and cache input is not provided', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      isCacheActionAvailable.mockImplementation(() => true);
+
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          devEngines: {
+            packageManager: {name: 'npm'}
+          }
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).toHaveBeenCalledWith(expect.anything(), 'npm');
+    });
+
+    it('Should enable caching when devEngines.packageManager is array and one entry has name "npm"', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      isCacheActionAvailable.mockImplementation(() => true);
+
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          devEngines: {
+            packageManager: [{name: 'pnpm'}, {name: 'npm'}]
+          }
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).toHaveBeenCalledWith(expect.anything(), 'npm');
+    });
+
+    it('Should not enable caching if packageManager is "pnpm@8.0.0" and cache input is not provided', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          packageManager: 'pnpm@8.0.0'
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).not.toHaveBeenCalled();
+    });
+
+    it('Should not enable caching if devEngines.packageManager.name is "pnpm"', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          devEngines: {
+            packageManager: {name: 'pnpm'}
+          }
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).not.toHaveBeenCalled();
+    });
+
+    it('Should not enable caching if devEngines.packageManager is array without "npm"', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          devEngines: {
+            packageManager: [{name: 'pnpm'}, {name: 'yarn'}]
+          }
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).not.toHaveBeenCalled();
+    });
+
+    it('Should not enable caching if packageManager field is missing in package.json and cache input is not provided', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = '';
+      inSpy.mockImplementation(name => inputs[name]);
+      const readFileSpy = jest.spyOn(fs, 'readFileSync');
+      readFileSpy.mockImplementation(() =>
+        JSON.stringify({
+          // packageManager field is not present
+        })
+      );
+
+      await main.run();
+
+      expect(saveStateSpy).not.toHaveBeenCalled();
+    });
+
+    it('Should skip caching when package-manager-cache is false', async () => {
+      inputs['package-manager-cache'] = 'false';
+      inputs['cache'] = '';
+      inSpy.mockImplementation(name => inputs[name]);
+      await main.run();
+      expect(saveStateSpy).not.toHaveBeenCalled();
+    });
+
+    it('Should enable caching with cache input explicitly provided', async () => {
+      inputs['package-manager-cache'] = 'true';
+      inputs['cache'] = 'npm';
+      inSpy.mockImplementation(name => inputs[name]);
+      isCacheActionAvailable.mockImplementation(() => true);
+      await main.run();
+      expect(saveStateSpy).toHaveBeenCalledWith(expect.anything(), 'npm');
+    });
+  });
 });

__tests__/nightly-installer.test.ts

@@ -315,7 +315,7 @@ describe('setup-node', () => {
     await main.run();
 
     workingUrls.forEach(url => {
-      expect(dlSpy).toHaveBeenCalledWith(url);
+      expect(dlSpy).toHaveBeenCalledWith(url, undefined, undefined);
     });
     expect(cnSpy).toHaveBeenCalledWith(`::add-path::${toolPath}${osm.EOL}`);
   });
@@ -449,6 +449,54 @@ describe('setup-node', () => {
     }
   }, 100000);
 
+  it('acquires specified architecture of node from mirror', async () => {
+    for (const {arch, version, osSpec} of [
+      {
+        arch: 'x86',
+        version: '18.0.0-nightly202110204cb3e06ed8',
+        osSpec: 'win32'
+      },
+      {
+        arch: 'x86',
+        version: '20.0.0-nightly2022101987cdf7d412',
+        osSpec: 'win32'
+      }
+    ]) {
+      os.platform = osSpec;
+      os.arch = arch;
+      const fileExtension = os.platform === 'win32' ? '7z' : 'tar.gz';
+      const platform = {
+        linux: 'linux',
+        darwin: 'darwin',
+        win32: 'win'
+      }[os.platform];
+
+      inputs['node-version'] = version;
+      inputs['architecture'] = arch;
+      inputs['always-auth'] = false;
+      inputs['token'] = 'faketoken';
+      inputs['mirror'] = 'https://my-mirror.org';
+      inputs['mirror-token'] = 'my-mirror-token';
+
+      const expectedUrl = `https://my-mirror.org/download/nightly/v${version}/node-v${version}-${platform}-${arch}.${fileExtension}`;
+
+      // ... but not in the local cache
+      findSpy.mockImplementation(() => '');
+      findAllVersionsSpy.mockImplementation(() => []);
+
+      dlSpy.mockImplementation(async () => '/some/temp/path');
+      const toolPath = path.normalize(`/cache/node/${version}/${arch}`);
+      exSpy.mockImplementation(async () => '/some/other/temp/path');
+      cacheSpy.mockImplementation(async () => toolPath);
+
+      await main.run();
+      expect(dlSpy).toHaveBeenCalled();
+      expect(logSpy).toHaveBeenCalledWith(
+        `Acquiring ${version} - ${arch} from ${expectedUrl}`
+      );
+    }
+  }, 100000);
+
   describe('nightly versions', () => {
     it.each([
       [

__tests__/official-installer.test.ts

@@ -282,6 +282,43 @@ describe('setup-node', () => {
     expect(cnSpy).toHaveBeenCalledWith(`::add-path::${expPath}${osm.EOL}`);
   });
 
+  it('falls back to a version from node dist from mirror', async () => {
+    os.platform = 'linux';
+    os.arch = 'x64';
+
+    // a version which is not in the manifest but is in node dist
+    const versionSpec = '11.15.0';
+    const mirror = 'https://my_mirror_url';
+    inputs['node-version'] = versionSpec;
+    inputs['always-auth'] = false;
+    inputs['token'] = 'faketoken';
+    inputs['mirror'] = mirror;
+    inputs['mirror-token'] = 'faketoken';
+
+    // ... but not in the local cache
+    findSpy.mockImplementation(() => '');
+
+    dlSpy.mockImplementation(async () => '/some/temp/path');
+    const toolPath = path.normalize('/cache/node/11.15.0/x64');
+    exSpy.mockImplementation(async () => '/some/other/temp/path');
+    cacheSpy.mockImplementation(async () => toolPath);
+
+    await main.run();
+
+    const expPath = path.join(toolPath, 'bin');
+
+    expect(getManifestSpy).toHaveBeenCalled();
+    expect(logSpy).toHaveBeenCalledWith(
+      `Attempting to download ${versionSpec}...`
+    );
+    expect(logSpy).toHaveBeenCalledWith(
+      `Not found in manifest. Falling back to download directly from ${mirror}`
+    );
+    expect(dlSpy).toHaveBeenCalled();
+    expect(exSpy).toHaveBeenCalled();
+    expect(cnSpy).toHaveBeenCalledWith(`::add-path::${expPath}${osm.EOL}`);
+  });
+
   it('falls back to a version from node dist', async () => {
     os.platform = 'linux';
     os.arch = 'x64';
@@ -828,4 +865,46 @@ describe('setup-node', () => {
       }
     );
   });
+
+  it('acquires specified architecture of node from mirror', async () => {
+    for (const {arch, version, osSpec} of [
+      {arch: 'x86', version: '12.16.2', osSpec: 'win32'},
+      {arch: 'x86', version: '14.0.0', osSpec: 'win32'}
+    ]) {
+      os.platform = osSpec;
+      os.arch = arch;
+      const fileExtension = os.platform === 'win32' ? '7z' : 'tar.gz';
+      const platform = {
+        linux: 'linux',
+        darwin: 'darwin',
+        win32: 'win'
+      }[os.platform];
+
+      inputs['node-version'] = version;
+      inputs['architecture'] = arch;
+      inputs['always-auth'] = false;
+      inputs['token'] = 'faketoken';
+      inputs['mirror'] = 'https://my_mirror_url';
+      inputs['mirror-token'] = 'faketoken';
+
+      const expectedUrl =
+        arch === 'x64'
+          ? `https://github.com/actions/node-versions/releases/download/${version}/node-${version}-${platform}-${arch}.zip`
+          : `https://my_mirror_url/dist/v${version}/node-v${version}-${platform}-${arch}.${fileExtension}`;
+
+      // ... but not in the local cache
+      findSpy.mockImplementation(() => '');
+
+      dlSpy.mockImplementation(async () => '/some/temp/path');
+      const toolPath = path.normalize(`/cache/node/${version}/${arch}`);
+      exSpy.mockImplementation(async () => '/some/other/temp/path');
+      cacheSpy.mockImplementation(async () => toolPath);
+
+      await main.run();
+      expect(dlSpy).toHaveBeenCalled();
+      expect(logSpy).toHaveBeenCalledWith(
+        `Acquiring ${version} - ${arch} from ${expectedUrl}`
+      );
+    }
+  }, 100000);
 });

__tests__/verify-node.sh

@@ -7,8 +7,13 @@ fi
 
 node_version="$(node --version)"
 echo "Found node version '$node_version'"
-if [ -z "$(echo $node_version | grep --fixed-strings v$1)" ]; then
-  echo "Unexpected version"
+
+# Extract the major version from the node version (remove the 'v' prefix)
+actual_major_version=$(echo $node_version | sed -E 's/^v([0-9]+)\..*/\1/')
+expected_major_version=$(echo $1 | sed -E 's/^([0-9]+)\..*/\1/') # Extract major version from argument
+
+if [ "$actual_major_version" != "$expected_major_version" ]; then
+  echo "Expected Node.js $expected_major_version.x.x but found $node_version"
   exit 1
 fi
 

action.yml

@@ -23,8 +23,15 @@ inputs:
     default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
   cache:
     description: 'Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.'
+  package-manager-cache:
+    description: 'Set to false to disable automatic caching. By default, caching is enabled when either devEngines.packageManager or the top-level packageManager field in package.json specifies npm as the package manager.'
+    default: true
   cache-dependency-path:
     description: 'Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies.'
+  mirror:
+    description: 'Used to specify an alternative mirror to downlooad Node.js binaries from'
+  mirror-token:
+    description: 'The token used as Authorization header when fetching from the mirror'
 # TODO: add input to control forcing to pull from cloud or dist.
 #       escape valve for someone having issues or needing the absolute latest which isn't cached yet
 outputs:
@@ -33,7 +40,7 @@ outputs:
   node-version:
     description: 'The installed node version.'
 runs:
-  using: 'node20'
+  using: 'node24'
   main: 'dist/setup/index.js'
   post: 'dist/cache-save/index.js'
   post-if: success()

docs/advanced-usage.md

@@ -45,10 +45,10 @@ If `check-latest` is set to `true`, the action first checks if the cached versio
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '16'
+    node-version: '24'
     check-latest: true
 - run: npm ci
 - run: npm test
@@ -63,8 +63,8 @@ See [supported version syntax](https://github.com/actions/setup-node#supported-v
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
     node-version-file: '.nvmrc'
 - run: npm ci
@@ -97,10 +97,10 @@ jobs:
     runs-on: windows-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '14'
+          node-version: '24'
           architecture: 'x64' # optional, x64 or x86. If not specified, x64 will be used by default
       - run: npm ci
       - run: npm test
@@ -118,10 +118,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '20.0.0-v8-canary' # it will install the latest v8 canary release for node 20.0.0
+          node-version: '24.0.0-v8-canary' # it will install the latest v8 canary release for node 24.0.0
       - run: npm ci
       - run: npm test
 ```
@@ -133,10 +133,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '20-v8-canary' # it will install the latest v8 canary release for node 20
+          node-version: '24-v8-canary' # it will install the latest v8 canary release for node 24
       - run: npm ci
       - run: npm test
 ```
@@ -149,10 +149,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: 'v20.1.1-v8-canary20221103f7e2421e91'
+          node-version: 'v24.0.0-v8-canary2025030537242e55ac'
       - run: npm ci
       - run: npm test
 ```
@@ -169,10 +169,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '16-nightly' # it will install the latest nightly release for node 16
+          node-version: '24-nightly' # it will install the latest nightly release for node 24
       - run: npm ci
       - run: npm test
 ```
@@ -185,10 +185,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '16.0.0-nightly' # it will install the latest nightly release for node 16.0.0
+          node-version: '24.0.0-nightly' # it will install the latest nightly release for node 24.0.0
       - run: npm ci
       - run: npm test
 ```
@@ -201,10 +201,10 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '16.0.0-nightly20210420a0261d231c'
+          node-version: '24.0.0-nightly202505066102159fa1'
       - run: npm ci
       - run: npm test
 ```
@@ -219,27 +219,28 @@ jobs:
     runs-on: ubuntu-latest
     name: Node sample
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
-          node-version: '16.0.0-rc.1'
+          node-version: '24.0.0-rc.4'
       - run: npm ci
       - run: npm test
 ```
 
-**Note:** Unlike nightly versions, which support version range specifiers, you must specify the exact version for a release candidate: `16.0.0-rc.1`.
+**Note:** Unlike nightly versions, which support version range specifiers, you must specify the exact version for a release candidate: `24.0.0-rc.4`.
 
 ## Caching packages data
 The action follows [actions/cache](https://github.com/actions/cache/blob/main/examples.md#node---npm) guidelines, and caches global cache on the machine instead of `node_modules`, so cache can be reused between different Node.js versions.
 
 **Caching yarn dependencies:**
-Yarn caching handles both yarn versions: 1 or 2.
+Yarn caching handles both Yarn Classic (v1) and Yarn Berry (v2, v3, v4+).
+
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14'
+    node-version: '24'
     cache: 'yarn'
 - run: yarn install --frozen-lockfile # optional, --immutable
 - run: yarn test
@@ -255,13 +256,13 @@ steps:
 # NOTE: pnpm caching support requires pnpm version >= 6.10.0
 
 steps:
-- uses: actions/checkout@v4
-- uses: pnpm/action-setup@v2
+- uses: actions/checkout@v5
+- uses: pnpm/action-setup@v4
   with:
-    version: 6.32.9
-- uses: actions/setup-node@v4
+    version: 10
+- uses: actions/setup-node@v6
   with:
-    node-version: '14'
+    node-version: '24'
     cache: 'pnpm'
 - run: pnpm install
 - run: pnpm test
@@ -274,10 +275,10 @@ steps:
 **Using wildcard patterns to cache dependencies**
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14'
+    node-version: '24'
     cache: 'npm'
     cache-dependency-path: '**/package-lock.json'
 - run: npm ci
@@ -287,10 +288,10 @@ steps:
 **Using a list of file paths to cache dependencies**
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14'
+    node-version: '24'
     cache: 'npm'
     cache-dependency-path: |
       server/app/package-lock.json
@@ -312,21 +313,21 @@ jobs:
           - macos-latest
           - windows-latest
         node_version:
-          - 12
-          - 14
-          - 16
+          - 20
+          - 22
+          - 24
         architecture:
           - x64
         # an extra windows-x86 run:
         include:
-          - os: windows-2016
-            node_version: 12
+          - os: windows-latest
+            node_version: 24
             architecture: x86
     name: Node ${{ matrix.node_version }} - ${{ matrix.architecture }} on ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node_version }}
           architecture: ${{ matrix.architecture }}
@@ -337,16 +338,16 @@ jobs:
 ## Publish to npmjs and GPR with npm
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14.x'
+    node-version: '24.x'
     registry-url: 'https://registry.npmjs.org'
 - run: npm ci
 - run: npm publish
   env:
     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-- uses: actions/setup-node@v4
+- uses: actions/setup-node@v6
   with:
     registry-url: 'https://npm.pkg.github.com'
 - run: npm publish
@@ -357,16 +358,16 @@ steps:
 ## Publish to npmjs and GPR with yarn
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14.x'
+    node-version: '24.x'
     registry-url: <registry url>
 - run: yarn install --frozen-lockfile
 - run: yarn publish
   env:
     NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
-- uses: actions/setup-node@v4
+- uses: actions/setup-node@v6
   with:
     registry-url: 'https://npm.pkg.github.com'
 - run: yarn publish
@@ -377,10 +378,10 @@ steps:
 ## Use private packages
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14.x'
+    node-version: '24.x'
     registry-url: 'https://registry.npmjs.org'
 # Skip post-install scripts here, as a malicious
 # script could steal NODE_AUTH_TOKEN.
@@ -397,10 +398,10 @@ Below you can find a sample "Setup .yarnrc.yml" step, that is going to allow you
 
 ```yaml
 steps:
-- uses: actions/checkout@v4
-- uses: actions/setup-node@v4
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
   with:
-    node-version: '14.x'
+    node-version: '24.x'
 - name: Setup .yarnrc.yml
   run: |
     yarn config set npmScopes.my-org.npmRegistryServer "https://npm.pkg.github.com"
@@ -418,3 +419,18 @@ Please refer to the [Ensuring workflow access to your package - Configuring a pa
 
 ### always-auth input
 The always-auth input sets `always-auth=true` in .npmrc file. With this option set [npm](https://docs.npmjs.com/cli/v6/using-npm/config#always-auth)/yarn sends the authentication credentials when making a request to the registries.
+
+## Use private mirror
+
+It is possible to use a private mirror hosting Node.js binaries. This mirror must be a full mirror of the official Node.js distribution.
+The mirror URL can be set using the `mirror` input.
+It is possible to specify a token to authenticate with the mirror using the `mirror-token` input.
+The token will be passed as a bearer token in the `Authorization` header.
+
+```yaml
+- uses: actions/setup-node@v6
+  with:
+    node-version: '24.x'
+    mirror: 'https://nodejs.org/dist'
+    mirror-token: 'your-mirror-token'
+```

package.json

@@ -1,9 +1,12 @@
 {
   "name": "setup-node",
-  "version": "4.0.0",
+  "version": "6.0.0",
   "private": true,
   "description": "setup node action",
   "main": "lib/setup-node.js",
+  "engines": {
+    "node": ">=24.0.0"
+  },
   "scripts": {
     "build": "ncc build -o dist/setup src/setup-node.ts && ncc build -o dist/cache-save src/cache-save.ts",
     "format": "prettier --no-error-on-unmatched-pattern --config ./.prettierrc.js --write \"**/*.{ts,yml,yaml}\"",
@@ -25,20 +28,20 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^4.0.2",
+    "@actions/cache": "^4.0.3",
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^5.1.1",
+    "@actions/github": "^6.0.1",
     "@actions/glob": "^0.5.0",
     "@actions/http-client": "^2.2.1",
     "@actions/io": "^1.0.2",
     "@actions/tool-cache": "^2.0.2",
     "semver": "^7.6.3",
-    "uuid": "^9.0.1"
+    "uuid": "^11.1.0"
   },
   "devDependencies": {
     "@types/jest": "^29.5.14",
-    "@types/node": "^20.11.25",
+    "@types/node": "^24.1.0",
     "@types/semver": "^7.5.8",
     "@typescript-eslint/eslint-plugin": "^5.54.0",
     "@typescript-eslint/parser": "^5.54.0",
@@ -50,8 +53,8 @@
     "jest": "^29.7.0",
     "jest-circus": "^29.7.0",
     "jest-each": "^29.7.0",
-    "prettier": "^2.8.4",
-    "ts-jest": "^29.1.2",
+    "prettier": "^3.6.2",
+    "ts-jest": "^29.4.1",
     "typescript": "^5.4.2"
   }
 }

src/cache-save.ts

@@ -7,6 +7,7 @@ import {getPackageManagerInfo} from './cache-utils';
 // Catch and log any unhandled exceptions.  These exceptions can leak out of the uploadChunk method in
 // @actions/toolkit when a failed upload closes the file descriptor causing any in-process reads to
 // throw an uncaught exception.  Instead of failing this action, just warn.
+
 process.on('uncaughtException', e => {
   const warningPrefix = '[warning]';
   core.info(`${warningPrefix}${e.message}`);

src/cache-utils.ts

@@ -167,14 +167,12 @@ const getCacheDirectoriesFromCacheDependencyPath = async (
   packageManagerInfo: PackageManagerInfo,
   cacheDependencyPath: string
 ): Promise<string[]> => {
-  const projectDirectories = await getProjectDirectoriesFromCacheDependencyPath(
-    cacheDependencyPath
-  );
+  const projectDirectories =
+    await getProjectDirectoriesFromCacheDependencyPath(cacheDependencyPath);
   const cacheFoldersPaths = await Promise.all(
     projectDirectories.map(async projectDirectory => {
-      const cacheFolderPath = await packageManagerInfo.getCacheFolderPath(
-        projectDirectory
-      );
+      const cacheFolderPath =
+        await packageManagerInfo.getCacheFolderPath(projectDirectory);
       core.debug(
         `${packageManagerInfo.name}'s cache folder "${cacheFolderPath}" configured for the directory "${projectDirectory}"`
       );

src/distributions/base-distribution.ts

@@ -24,7 +24,7 @@ export default abstract class BaseDistribution {
     });
   }
 
-  protected abstract getDistributionUrl(): string;
+  protected abstract getDistributionUrl(mirror: string): string;
 
   public async setupNodeJs() {
     let nodeJsVersions: INodeVersion[] | undefined;
@@ -97,10 +97,19 @@ export default abstract class BaseDistribution {
   }
 
   protected async getNodeJsVersions(): Promise<INodeVersion[]> {
-    const initialUrl = this.getDistributionUrl();
+    const initialUrl = this.getDistributionUrl(this.nodeInfo.mirror);
     const dataUrl = `${initialUrl}/index.json`;
 
-    const response = await this.httpClient.getJson<INodeVersion[]>(dataUrl);
+    const headers = {};
+
+    if (this.nodeInfo.mirrorToken) {
+      headers['Authorization'] = `Bearer ${this.nodeInfo.mirrorToken}`;
+    }
+
+    const response = await this.httpClient.getJson<INodeVersion[]>(
+      dataUrl,
+      headers
+    );
     return response.result || [];
   }
 
@@ -117,7 +126,7 @@ export default abstract class BaseDistribution {
           ? `${fileName}.zip`
           : `${fileName}.7z`
         : `${fileName}.tar.gz`;
-    const initialUrl = this.getDistributionUrl();
+    const initialUrl = this.getDistributionUrl(this.nodeInfo.mirror);
     const url = `${initialUrl}/v${version}/${urlFileName}`;
 
     return <INodeVersionInfo>{
@@ -134,7 +143,11 @@ export default abstract class BaseDistribution {
       `Acquiring ${info.resolvedVersion} - ${info.arch} from ${info.downloadUrl}`
     );
     try {
-      downloadPath = await tc.downloadTool(info.downloadUrl);
+      downloadPath = await tc.downloadTool(
+        info.downloadUrl,
+        undefined,
+        this.nodeInfo.mirrorToken
+      );
     } catch (err) {
       if (
         err instanceof tc.HTTPError &&
@@ -168,7 +181,7 @@ export default abstract class BaseDistribution {
     version: string,
     arch: string = os.arch()
   ): Promise<string> {
-    const initialUrl = this.getDistributionUrl();
+    const initialUrl = this.getDistributionUrl(this.nodeInfo.mirror);
     const osArch: string = this.translateArchToDistUrl(arch);
 
     // Create temporary folder to download to
@@ -185,18 +198,34 @@ export default abstract class BaseDistribution {
 
       core.info(`Downloading only node binary from ${exeUrl}`);
 
-      const exePath = await tc.downloadTool(exeUrl);
+      const exePath = await tc.downloadTool(
+        exeUrl,
+        undefined,
+        this.nodeInfo.mirrorToken
+      );
       await io.cp(exePath, path.join(tempDir, 'node.exe'));
-      const libPath = await tc.downloadTool(libUrl);
+      const libPath = await tc.downloadTool(
+        libUrl,
+        undefined,
+        this.nodeInfo.mirrorToken
+      );
       await io.cp(libPath, path.join(tempDir, 'node.lib'));
     } catch (err) {
       if (err instanceof tc.HTTPError && err.httpStatusCode == 404) {
         exeUrl = `${initialUrl}/v${version}/node.exe`;
         libUrl = `${initialUrl}/v${version}/node.lib`;
 
-        const exePath = await tc.downloadTool(exeUrl);
+        const exePath = await tc.downloadTool(
+          exeUrl,
+          undefined,
+          this.nodeInfo.mirrorToken
+        );
         await io.cp(exePath, path.join(tempDir, 'node.exe'));
-        const libPath = await tc.downloadTool(libUrl);
+        const libPath = await tc.downloadTool(
+          libUrl,
+          undefined,
+          this.nodeInfo.mirrorToken
+        );
         await io.cp(libPath, path.join(tempDir, 'node.lib'));
       } else {
         throw err;

src/distributions/base-models.ts

@@ -4,6 +4,8 @@ export interface NodeInputs {
   auth?: string;
   checkLatest: boolean;
   stable: boolean;
+  mirror: string;
+  mirrorToken: string;
 }
 
 export interface INodeVersionInfo {

src/distributions/nightly/nightly_builds.ts

@@ -7,7 +7,8 @@ export default class NightlyNodejs extends BasePrereleaseNodejs {
     super(nodeInfo);
   }
 
-  protected getDistributionUrl(): string {
-    return 'https://nodejs.org/download/nightly';
+  protected getDistributionUrl(mirror: string): string {
+    const url = mirror || 'https://nodejs.org';
+    return `${url}/download/nightly`;
   }
 }

src/distributions/official_builds/official_builds.ts

@@ -84,7 +84,7 @@ export default class OfficialBuilds extends BaseDistribution {
         downloadPath = await tc.downloadTool(
           versionInfo.downloadUrl,
           undefined,
-          this.nodeInfo.auth
+          this.nodeInfo.mirror ? this.nodeInfo.mirrorToken : this.nodeInfo.auth
         );
 
         if (downloadPath) {
@@ -96,7 +96,9 @@ export default class OfficialBuilds extends BaseDistribution {
         }
       } else {
         core.info(
-          'Not found in manifest. Falling back to download directly from Node'
+          `Not found in manifest. Falling back to download directly from ${
+            this.nodeInfo.mirror || 'Node'
+          }`
         );
       }
     } catch (err) {
@@ -176,8 +178,9 @@ export default class OfficialBuilds extends BaseDistribution {
     return version;
   }
 
-  protected getDistributionUrl(): string {
-    return `https://nodejs.org/dist`;
+  protected getDistributionUrl(mirror: string): string {
+    const url = mirror || 'https://nodejs.org';
+    return `${url}/dist`;
   }
 
   private getManifest(): Promise<tc.IToolRelease[]> {
@@ -185,7 +188,7 @@ export default class OfficialBuilds extends BaseDistribution {
     return tc.getManifestFromRepo(
       'actions',
       'node-versions',
-      this.nodeInfo.auth,
+      this.nodeInfo.mirror ? this.nodeInfo.mirrorToken : this.nodeInfo.auth,
       'main'
     );
   }

src/distributions/rc/rc_builds.ts

@@ -6,7 +6,8 @@ export default class RcBuild extends BaseDistribution {
     super(nodeInfo);
   }
 
-  getDistributionUrl(): string {
-    return 'https://nodejs.org/download/rc';
+  getDistributionUrl(mirror: string): string {
+    const url = mirror || 'https://nodejs.org';
+    return `${url}/download/rc`;
   }
 }

src/distributions/v8-canary/canary_builds.ts

@@ -7,7 +7,8 @@ export default class CanaryBuild extends BasePrereleaseNodejs {
     super(nodeInfo);
   }
 
-  protected getDistributionUrl(): string {
-    return 'https://nodejs.org/download/v8-canary';
+  protected getDistributionUrl(mirror: string): string {
+    const url = mirror || 'https://nodejs.org';
+    return `${url}/download/v8-canary`;
   }
 }

src/main.ts

@@ -1,6 +1,7 @@
 import * as core from '@actions/core';
 
 import os from 'os';
+import fs from 'fs';
 
 import * as auth from './authutil';
 import * as path from 'path';
@@ -20,6 +21,9 @@ export async function run() {
 
     let arch = core.getInput('architecture');
     const cache = core.getInput('cache');
+    const packagemanagercache =
+      (core.getInput('package-manager-cache') || 'true').toUpperCase() ===
+      'TRUE';
 
     // if architecture supplied but node-version is not
     // if we don't throw a warning, the already installed x64 node will be used which is not probably what user meant.
@@ -36,6 +40,8 @@ export async function run() {
     if (version) {
       const token = core.getInput('token');
       const auth = !token ? undefined : `token ${token}`;
+      const mirror = core.getInput('mirror');
+      const mirrorToken = core.getInput('mirror-token');
       const stable =
         (core.getInput('stable') || 'true').toUpperCase() === 'TRUE';
       const checkLatest =
@@ -45,7 +51,9 @@ export async function run() {
         checkLatest,
         auth,
         stable,
-        arch
+        arch,
+        mirror,
+        mirrorToken
       };
       const nodeDistribution = getNodejsDistribution(nodejsInfo);
       await nodeDistribution.setupNodeJs();
@@ -59,10 +67,25 @@ export async function run() {
       auth.configAuthentication(registryUrl, alwaysAuth);
     }
 
-    if (cache && isCacheFeatureAvailable()) {
-      core.saveState(State.CachePackageManager, cache);
     const cacheDependencyPath = core.getInput('cache-dependency-path');
+
+    if (isCacheFeatureAvailable()) {
+      // if the cache input is provided, use it for caching.
+      if (cache) {
+        core.saveState(State.CachePackageManager, cache);
         await restoreCache(cache, cacheDependencyPath);
+        // package manager npm is detected from package.json, enable auto-caching for npm.
+      } else if (packagemanagercache) {
+        const resolvedPackageManager = getNameFromPackageManagerField();
+        if (resolvedPackageManager) {
+          core.info(
+            "Detected npm as the package manager from package.json's packageManager field. " +
+              'Auto caching has been enabled for npm. If you want to disable it, set package-manager-cache input to false'
+          );
+          core.saveState(State.CachePackageManager, resolvedPackageManager);
+          await restoreCache(resolvedPackageManager, cacheDependencyPath);
+        }
+      }
     }
 
     const matchersPath = path.join(__dirname, '../..', '.github');
@@ -113,3 +136,34 @@ function resolveVersionInput(): string {
 
   return version;
 }
+
+export function getNameFromPackageManagerField(): string | undefined {
+  const npmRegex = /^(\^)?npm(@.*)?$/; // matches "npm", "npm@...", "^npm@..."
+  try {
+    const packageJson = JSON.parse(
+      fs.readFileSync(
+        path.join(process.env.GITHUB_WORKSPACE!, 'package.json'),
+        'utf-8'
+      )
+    );
+
+    // Check devEngines.packageManager first (object or array)
+    const devPM = packageJson?.devEngines?.packageManager;
+    const devPMArray = devPM ? (Array.isArray(devPM) ? devPM : [devPM]) : [];
+    for (const obj of devPMArray) {
+      if (typeof obj?.name === 'string' && npmRegex.test(obj.name)) {
+        return 'npm';
+      }
+    }
+
+    // Check top-level packageManager
+    const topLevelPM = packageJson?.packageManager;
+    if (typeof topLevelPM === 'string' && npmRegex.test(topLevelPM)) {
+      return 'npm';
+    }
+
+    return undefined;
+  } catch {
+    return undefined;
+  }
+}