nodejs · Jul 21, 2022
diff --git a/‎deps/npm/docs/content/commands/npm-adduser.md
+4-5 b/‎deps/npm/docs/content/commands/npm-adduser.md
+4-5
diff --git a/‎deps/npm/docs/content/commands/npm-audit.md
+12-1 b/‎deps/npm/docs/content/commands/npm-audit.md
+12-1
@@ -93,13 +93,12 @@ npm init --scope=@foo --yes
 #### `auth-type`
 
 * Default: "legacy"
-* Type: "legacy", "webauthn", "sso", "saml", or "oauth"
-* DEPRECATED: The SSO/SAML/OAuth methods are deprecated and will be removed in
-  a future version of npm in favor of web-based login.
+* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
 
-What authentication strategy to use with `adduser`/`login`.
+NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
+removed in a future version.
 
-Pass `webauthn` to use a web-based login.
+What authentication strategy to use with `login`.
 
 <!-- automatically generated, do not edit manually -->
 <!-- see lib/utils/config/definitions.js -->
 
@@ -11,7 +11,7 @@ description: Run a security audit
 <!-- see lib/commands/audit.js -->
 
 ```bash
-npm audit [fix]
+npm audit [fix|signatures]
 ```
 
 <!-- automatically generated, do not edit manually -->
@@ -41,6 +41,17 @@ vulnerability is found. It may be useful in CI environments to include the
 will cause the command to fail. This option does not filter the report
 output, it simply changes the command's failure threshold.
 
+### Audit Signatures
+
+This command can also audit the integrity values of the packages in your
+tree against any signatures present in the registry they were downloaded
+from.  npm will attempt to download the keys from `/-/npm/v1/keys` on
+each the registry used to download any given package.  It will then
+check the `dist.signatures` object in the package itself, and verify the
+`sig` present there using the `keyid` there, matching it with a key
+returned from the registry.  The command for this is `npm audit
+signatures`
+
 ### Audit Endpoints
 
 There are two audit endpoints that npm may use to fetch vulnerability