[actions] fix workflow permissions; add codeQL

The script assumes that the name of the remote is `origin`, but this
is not the case if the user has set `clone.defaultRemoteName` to
another value in the ~/.gitconfig (or elsewhere in the configuration).
Adding `-o origin` ensures that the remote will be called `origin`
regardless of the `clone.defaultRemoteName` setting.

Per PR #3341:
- The minimum Git version this should work with is v1.7.10. (This is not
  documented in the repo itself; it's just an implicit requirement.)
- The `--origin` option was added to `git clone` in commit 98a4fef3f2 which
  was released in v1.2.5. From the diff of that commit, the `-o` option was
  already available at that time. So this easily satisfies the above.
- A comment in #3341 indicates that `-o` was added in v1.1.0. I've not
  verified this, but we probably don't need to track that down since by the
  above we're already well within requirements.

.dockerignore

@@ -0,0 +1,17 @@
+HEAD
+.cache
+v*
+alias
+
+# For testing
+test/bak
+.urchin.log
+.urchin_stdout
+test/**/test_output
+test/**/.nvmrc
+
+node_modules/
+npm-debug.log
+
+.DS_Store
+current

.editorconfig

@@ -0,0 +1,35 @@
+root = true
+
+[*]
+tab_width = 2
+indent_size = 2
+charset = utf-8
+end_of_line = lf
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.txt]
+indent_size = false
+
+[test/fast/Listing versions/Running 'nvm ls' calls into nvm_alias]
+indent_size = false
+
+[test/fast/Listing versions/Running 'nvm ls --no-alias' does not call into nvm_alias]
+indent_size = false
+
+[test/fast/Unit tests/mocks/**]
+insert_final_newline = off
+
+[test/**/.urchin*]
+insert_final_newline = off
+
+[Makefile]
+indent_style = tab
+
+[test/fixtures/nvmrc/**]
+indent_style = off
+insert_final_newline = off
+
+[test/fixtures/actual/alias/empty]
+insert_final_newline = off

.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/nvm
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/INCIDENT_RESPONSE_PLAN.md

@@ -0,0 +1,117 @@
+# Incident Response Process for **nvm**
+
+## Reporting a Vulnerability
+
+We take the security of **nvm** very seriously. If you believe you’ve found a security vulnerability, please inform us responsibly through coordinated disclosure.
+
+### How to Report
+
+> **Do not** report security vulnerabilities through public GitHub issues, discussions, or social media.
+
+Instead, please use one of these secure channels:
+
+1. **GitHub Security Advisories**
+    Use the **Report a vulnerability** button in the Security tab of the [nvm-sh/nvm repository](https://github.com/nvm-sh/nvm).
+
+2. **Email**
+    Follow the posted [Security Policy](https://github.com/nvm-sh/nvm/security/policy).
+
+### What to Include
+
+**Required Information:**
+- Brief description of the vulnerability type
+- Affected version(s) and components
+- Steps to reproduce the issue
+- Impact assessment (what an attacker could achieve)
+
+**Helpful Additional Details:**
+- Full paths of affected scripts or files
+- Specific commit or branch where the issue exists
+- Required configuration to reproduce
+- Proof-of-concept code (if available)
+- Suggested mitigation or fix
+
+## Our Response Process
+
+**Timeline Commitments:**
+- **Initial acknowledgment**: Within 24 hours
+- **Detailed response**: Within 3 business days
+- **Status updates**: Every 7 days until resolved
+- **Resolution target**: 90 days for most issues
+
+**What We’ll Do:**
+1. Acknowledge your report and assign a tracking ID
+2. Assess the vulnerability and determine severity
+3. Develop and test a fix
+4. Coordinate disclosure timeline with you
+5. Release a security update and publish an advisory and CVE
+6. Credit you in our security advisory (if desired)
+
+## Disclosure Policy
+
+- **Coordinated disclosure**: We’ll work with you on timing
+- **Typical timeline**: 90 days from report to public disclosure
+- **Early disclosure**: If actively exploited
+- **Delayed disclosure**: For complex issues
+
+## Scope
+
+**In Scope:**
+- **nvm** project (all supported versions)
+- Installation and update scripts (`install.sh`, `nvm.sh`)
+- Official documentation and CI/CD integrations
+- Dependencies with direct security implications
+
+**Out of Scope:**
+- Third-party forks or mirrors
+- Platform-specific installs outside core scripts
+- Social engineering or physical attacks
+- Theoretical vulnerabilities without practical exploitation
+
+## Security Measures
+
+**Our Commitments:**
+- Regular vulnerability scanning via GitHub Actions
+- Automated security checks in CI/CD pipelines
+- Secure scripting practices and mandatory code review
+- Prompt patch releases for critical issues
+
+**User Responsibilities:**
+- Keep **nvm** updated
+- Verify script downloads via PGP signatures
+- Follow secure configuration guidelines for shell environments
+
+## Legal Safe Harbor
+
+**We will NOT:**
+- Initiate legal action
+- Contact law enforcement
+- Suspend or terminate your access
+
+**You must:**
+- Only test against your own installations
+- Not access, modify, or delete user data
+- Not degrade service availability
+- Not publicly disclose before coordinated disclosure
+- Act in good faith
+
+## Recognition
+
+- **Advisory Credits**: Credit in GitHub Security Advisories (unless anonymous)
+
+## Security Updates
+
+**Stay Informed:**
+- Subscribe to GitHub releases for **nvm**
+- Enable GitHub Security Advisory notifications
+
+**Update Process:**
+- Patch releases (e.g., v0.40.3 → v0.40.4)
+- Out-of-band releases for critical issues
+- Advisories via GitHub Security Advisories
+
+## Contact Information
+
+- **Security reports**: Security tab of [nvm-sh/nvm](https://github.com/nvm-sh/nvm/security)
+- **General inquiries**: GitHub Discussions or Issues
+

.github/SECURITY.md

@@ -0,0 +1,28 @@
+# Security
+
+Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+## OpenSSF CII Best Practices
+
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/684/badge)](https://bestpractices.coreinfrastructure.org/projects/684)
+
+There are three “tiers”: passing, silver, and gold.
+
+### Passing
+We meet 100% of the “passing” criteria.
+
+### Silver
+We meet 100% of the “silver” criteria.
+
+### Gold
+We meet 78% of the “gold” criteria. The gaps are as follows:
+  - because we only have one maintainer, the project has no way to continue if that maintainer stops being active.
+  - We do not include a copyright or license statement in each source file. Efforts are underway to change this archaic practice into a suggestion instead of a hard requirement.
+
+## Threat Model
+
+See [THREAT_MODEL.md](.github/THREAT_MODEL.md).
+
+## Incident Response Plan
+
+Please see our [Incident Response Plan](.github/INCIDENT_RESPONSE_PLAN.md).

.github/THREAT_MODEL.md

@@ -0,0 +1,109 @@
+# `nvm` Threat Model
+
+## Introduction
+
+Threat model analysis assists organizations to proactively identify potential security threats and vulnerabilities, enabling them to develop effective strategies to mitigate these risks before they are exploited by attackers.
+Furthermore, this often helps to improve the overall security and resilience of a system or application.
+
+The aim of this section is to facilitate the identification of potential security threats and vulnerabilities that may be exploited by adversaries, along with possible outcomes and appropriate mitigations.
+
+## Relevant assets and threat actors
+
+The following assets are considered important for the `nvm` project:
+  - `nvm` source code and project documentation
+  - Underlying `nvm` dependencies
+  - `nvm` development infrastructure
+  - `nvm` installed devices including servers
+
+The following threat actors are considered relevant to the `nvm` application:
+  - External malicious attackers
+  - Internal malicious attackers
+  - Services
+  - Malicious insider actors
+  - Third-party libraries
+
+## Attack surface for external/internal attackers and services
+
+In threat modeling, an attack surface refers to any possible point of entry that an attacker might use to exploit a system or application.
+This includes all the paths and interfaces that an attacker may use to access, manipulate or extract sensitive data from a system.
+By understanding the attack surface, organizations are typically able to identify potential attack vectors and implement appropriate countermeasures to mitigate risks.
+
+In the following diagrams, _External Malicious Attacker_ applies to threat actors who do not yet have direct access to the `nvm` application and the underlying operating system, while the _Internal Malicious Attacker_ applies to an attacker with access to the device (computer, server), potentially after successfully exploiting a threat from the _External Malicious Attacker_ scenario.
+**Please note that some of the external threats may be also exploitable from internal threats and vice versa.**
+
+<img src="./external-threat-actor.png" alt="Fig.: Possible attacks from internal and external threat actors and services" />
+Fig.: Possible attacks from internal and external threat actors and services
+
+## Identified threats
+
+The identified threats against the `nvm` application are as follows:
+
+### Threat ID 1: `nvm` commands
+
+Overview: The `nvm` commands and subcommands take user input for handling and executing appropriate functions from the project directory (or any parent directory).
+When user-controlled inputs are not adequately validated and later passed to the `nvm` functions as a part of a command, an attacker might be able to execute operating system commands triggered by any parsing functionality.
+
+Possible Outcome: Attacks against `nvm` commands could lead to unauthorized access to user data or unauthorized access to the device (i.e. laptop or server, depending on where `nvm` is installed), resulting in loss of user private data stored on the device, among other possibilities.
+
+Recommendation: Input validation should be implemented to prevent attackers from requesting operating system commands.
+Similarly, secure coding practices ought to be in place to minimize the risk of buffer overflow vulnerabilities.
+
+### Threat ID 2: URI scheme
+
+Overview: `nvm` commands heavily use the [Secure HyperText Transfer](https://datatracker.ietf.org/doc/html/rfc2660) protocol for `nvm` related actions.
+Missing [scheme](https://datatracker.ietf.org/doc/html/rfc3986#section-3.1) validation for any `nvm` command might result in file retrieval, enumeration, file overwrite, or [path traversal](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include) attacks.
+An example of this could be path validation for [`nvm_download`](https://github.com/nvm-sh/nvm/blob/ef7fc2f2c06ad75fe7fbabf28d427561ae7b007d/nvm.sh#L118), among many other possibilities.
+
+Possible Outcome: Security misconfiguration flaws for URI scheme may lead to unauthorized access to user data, as well as data integrity compromises.
+
+Recommendation: Adequate input validation should be implemented to prevent attackers from enumerating, retrieving and writing to application files and paths.
+
+### Threat ID 3: Communication channel
+
+Overview: The `nvm` commands and its subcommands use network protocol to communicate with external services.
+Insecure communication may allow malicious attackers to perform [_Man-in-the-Middle_](https://owasp.org/www-community/attacks/Manipulator-in-the-middle_attack) attacks in order to manipulate the data sent during the users’ active connection.
+
+Possible Outcome: Usage of plaintext communication protocols, like HTTP could lead to data sniffing and modification through insecure communications channels.
+
+Recommendation: Mitigation countermeasures such as data encryption should be in place to prevent data manipulation via insecure communication channels.
+
+### Threat ID 4: Environment variables
+
+Overview: Each `nvm` installation defines its environment variables, which should be secured from internal malicious attackers, preventing access control attack vectors.
+Missing stringent restrictions on setting variables, might allow attackers to prepare various targeted attacks against other local users, who use `nvm` in their user space.
+For example, [_Privilege Escalation_](https://owasp.org/Top10/A01_2021-Broken_Access_Control/), [_Command Injection_](https://cwe.mitre.org/data/definitions/77.html), as well as many other parser-related attacks.
+
+Possible Outcome: Attacks against environment variables could lead to unauthorized access to the user space, resulting in the loss of user private data and disruptions in service availability.
+
+Recommendation: Adequate hardening of configuration file permissions should be in place for all relevant configuration files, as this provides protection against attackers able to manipulate variables and inject malicious code.
+
+## Attack surface for malicious insider actors and third-party libraries
+
+The following diagram summarizes the main possible threats against the `nvm` project from malicious insider actors and third-party libraries:
+
+<img src="./insider-threat-actor-and-libs.png" alt="Fig.: Possible attacks from insider threat actors and third-party libraries" />
+Fig.: Possible attacks from insider threat actors and third-party libraries
+
+The identified threats against the `nvm` project are as follows:
+
+### Threat ID 1: Insider threat actor
+
+**Overview**: An insider threat actor, such as an `nvm` project contributor or employee with access to the code base, might abuse their role in the organization to modify the `nvm` application source code.
+For example, intentionally adding malicious code snippets, clearing logs after being written and/or modifying specific sections of the documentation.
+
+**Possible Outcome**: Reputation damage, financial losses.
+
+**Recommendation**: Secure coding practices, code reviews, automated code scanning and separation of duties (i.e. requiring at least two developers to approve any code change) are potentially useful security controls to identify and mitigate vulnerabilities that may be introduced by an insider threat actor.
+
+### Threat ID 2: Third-party libraries
+
+**Overview**: Please note that while `nvm` does not currently make use of any third-party libraries, this might become an attack vector if that changes in the future.
+Third-party libraries may introduce potential risks related to maintaining security requirements by third-party vendors.
+As a result, third-party libraries used by the `nvm` project, might contain vulnerabilities, such as [_Buffer Overflows_](https://owasp.org/www-community/vulnerabilities/Buffer_Overflow), [_Format String Vulnerabilities_](https://owasp.org/www-community/attacks/Format_string_attack), as well as many other types of weaknesses that, in a worst-case scenario may lead to _Remote Code Execution_ (_RCE_).
+Additionally, the maintainer of a third-party dependency might introduce a vulnerability on purpose, or be compromised by an attacker that subsequently introduces vulnerable code.
+
+**Possible Outcome**: Code vulnerabilities may lead to unauthorized access to user data, loss of user private data, service disruptions and reputation damage.
+
+**Recommendation**: Third-party libraries should be kept up-to-date, applying patches to address publicly known vulnerabilities in a timely fashion.
+Monitoring and logging capabilities should also be in place to detect and respond to potential attacks.
+SLSA compliance may also be considered for further supply chain security hardening.

.github/copilot-instructions.md

@@ -0,0 +1,427 @@
+# nvm Copilot Instructions
+
+This document provides guidance for GitHub Copilot when working with the Node Version Manager (nvm) codebase.
+
+## Overview
+
+nvm is a version manager for Node.js, implemented as a POSIX-compliant function that works across multiple shells (sh, dash, bash, ksh, zsh). The codebase is primarily written in shell script and emphasizes portability and compatibility.
+
+### Core Architecture
+
+- **Main script**: `nvm.sh` - Contains all core functionality and the main `nvm()` function
+- **Installation script**: `install.sh` - Handles downloading and installing nvm itself
+- **Execution wrapper**: `nvm-exec` - Allows running commands with specific Node.js versions
+- **Bash completion**: `bash_completion` - Provides tab completion for bash users
+- **Tests**: Comprehensive test suite in `test/` directory using the [urchin](https://www.npmjs.com/package/urchin) test framework
+
+## Key Files and Their Purposes
+
+### `nvm.sh`
+The core functionality file containing:
+- Main `nvm()` function (starts around line 3000)
+- All internal helper functions (prefixed with `nvm_`)
+- Command implementations for install, use, ls, etc.
+- Shell compatibility logic
+- POSIX compliance utilities
+
+### `install.sh`
+Handles nvm installation via curl/wget/git:
+- Downloads nvm from GitHub
+- Sets up directory structure
+- Configures shell integration
+- Supports both git clone and script download methods
+
+### `nvm-exec`
+Simple wrapper script that:
+- Sources nvm.sh with `--no-use` flag
+- Switches to specified Node version via `NODE_VERSION` env var or `.nvmrc`
+- Executes the provided command with that Node version
+
+## Top-Level nvm Commands and Internal Functions
+
+### Core Commands
+
+#### `nvm install [version]`
+- **Internal functions**: `nvm_install_binary()`, `nvm_install_source()`, `nvm_download_artifact()`
+- Downloads and installs specified Node.js version
+- Automatically `nvm use`s that version after installation
+- Supports LTS versions, version ranges, and built-in aliases (like `node`, `stable`) and user-defined aliases
+- Can install from binary or compile from source
+- When compiling from source, accepts additional arguments that are passed to the compilation task
+
+#### `nvm use [version]`
+- **Internal functions**: `nvm_resolve_alias()`, `nvm_version_path()`, `nvm_change_path()`
+- Switches current shell to use specified Node.js version
+- Updates PATH environment variable
+- Supports `.nvmrc` file integration
+
+#### `nvm ls [pattern]`
+- **Internal functions**: `nvm_ls()`, `nvm_tree_contains_path()`
+- Lists installed Node.js versions
+- Supports pattern matching and filtering
+- Shows current version and aliases
+
+#### `nvm ls-remote [pattern]`
+- **Internal functions**: `nvm_ls_remote()`, `nvm_download()`, `nvm_ls_remote_index_tab()`
+- Lists available Node.js versions from nodejs.org and iojs.org, or the env-var-configured mirrors
+- Supports LTS filtering and pattern matching
+- Downloads version index on-demand
+
+#### `nvm alias [name] [version]`
+- **Internal functions**: `nvm_alias()`, `nvm_alias_path()`
+- Creates text files containing the mapped version, named as the alias name
+- Special aliases: `default`, `node`, `iojs`, `stable`, `unstable` (note: `stable` and `unstable` are deprecated, from node's pre-v1 release plan)
+- Stored in `$NVM_DIR/alias/` directory
+
+#### `nvm current`
+- **Internal functions**: `nvm_ls_current()`
+- Shows currently active Node.js version
+- Returns "system" if using system Node.js
+
+#### `nvm which [version]`
+- **Internal functions**: `nvm_version_path()`, `nvm_resolve_alias()`
+- Shows path to specified Node.js version
+- Resolves aliases and version strings
+
+### Utility Commands
+
+#### `nvm cache clear|dir`
+- Cache management for downloaded binaries and source code
+- Clears or shows cache directory path
+
+#### `nvm debug`
+- Diagnostic information for troubleshooting
+- Shows environment, tool versions, and paths
+
+#### `nvm deactivate`
+- Removes nvm modifications from current shell
+- Restores original PATH
+
+#### `nvm unload`
+- Completely removes nvm from shell environment
+- Unsets all nvm functions and variables
+
+### Internal Function Categories
+
+#### Version Resolution
+- `nvm_resolve_alias()` - Resolves aliases to version numbers
+- `nvm_version()` - Finds best matching local version
+- `nvm_remote_version()` - Finds best matching remote version
+- `nvm_normalize_version()` - Standardizes version strings
+- `nvm_version_greater()` - Compares version numbers
+- `nvm_version_greater_than_or_equal_to()` - Version comparison with equality
+- `nvm_get_latest()` - Gets latest version from a list
+
+#### Installation Helpers
+- `nvm_install_binary()` - Downloads and installs precompiled binaries
+- `nvm_install_source()` - Compiles Node.js from source
+- `nvm_download_artifact()` - Downloads tarballs or binaries
+- `nvm_compute_checksum()` - Verifies download integrity
+- `nvm_checksum()` - Checksum verification wrapper
+- `nvm_get_mirror()` - Gets appropriate download mirror
+- `nvm_get_arch()` - Determines system architecture
+
+#### Path Management
+- `nvm_change_path()` - Updates PATH for version switching
+- `nvm_strip_path()` - Removes nvm paths from PATH
+- `nvm_version_path()` - Gets installation path for version
+- `nvm_version_dir()` - Gets version directory name
+- `nvm_prepend_path()` - Safely prepends to PATH
+
+#### Shell Detection and Compatibility
+- `nvm_is_zsh()` - Shell detection for zsh
+- `nvm_is_iojs_version()` - Checks if version is io.js
+- `nvm_get_os()` - Operating system detection
+- `nvm_supports_source_options()` - Checks if shell supports source options
+
+#### Network and Remote Operations
+- `nvm_download()` - Generic download function
+- `nvm_ls_remote()` - Lists remote versions
+- `nvm_ls_remote_iojs()` - Lists remote io.js versions
+- `nvm_ls_remote_index_tab()` - Parses remote version index
+
+#### Utility Functions
+- `nvm_echo()`, `nvm_err()` - Output functions
+- `nvm_has()` - Checks if command exists
+- `nvm_sanitize_path()` - Cleans sensitive data from paths
+- `nvm_die_on_prefix()` - Validates npm prefix settings
+- `nvm_ensure_default_set()` - Ensures default alias is set
+- `nvm_auto()` - Automatic version switching from .nvmrc
+
+#### Alias Management
+- `nvm_alias()` - Creates or lists aliases
+- `nvm_alias_path()` - Gets path to alias file
+- `nvm_unalias()` - Removes aliases
+- `nvm_resolve_local_alias()` - Resolves local aliases
+
+#### Listing and Display
+- `nvm_ls()` - Lists local versions
+- `nvm_ls_current()` - Shows current version
+- `nvm_tree_contains_path()` - Checks if path is in nvm tree
+- `nvm_format_version()` - Formats version display
+
+## Running Tests
+
+### Test Framework
+nvm uses the [urchin](https://www.npmjs.com/package/urchin) test framework for shell script testing.
+
+### Test Structure
+```
+test/
+├── fast/           # Quick unit tests
+├── slow/           # Integration tests
+├── sourcing/       # Shell sourcing tests
+├── install_script/ # Installation script tests
+├── installation_node/ # Node installation tests
+├── installation_iojs/ # io.js installation tests
+└── common.sh       # Shared test utilities
+```
+
+### Running Tests
+
+#### Install Dependencies
+```bash
+npm install  # Installs urchin, semver, and replace tools
+```
+
+#### Run All Tests
+```bash
+npm test               # Runs tests in current shell (sh, bash, dash, zsh, ksh)
+make test              # Runs tests in all supported shells (sh, bash, dash, zsh, ksh)
+make test-sh           # Runs tests only in sh
+make test-bash         # Runs tests only in bash
+make test-dash         # Runs tests only in dash
+make test-zsh          # Runs tests only in zsh
+make test-ksh          # Runs tests only in ksh
+```
+
+#### Run Specific Test Suites
+```bash
+make TEST_SUITE=fast test        # Only fast tests
+make TEST_SUITE=slow test        # Only slow tests
+make SHELLS=bash test            # Only bash shell
+```
+
+#### Individual Test Execution
+```bash
+./test/fast/Unit\ tests/nvm_get_arch     # Run single test (WARNING: This will exit/terminate your current shell session)
+./node_modules/.bin/urchin test/fast/                        # Run fast test suite
+./node_modules/.bin/urchin 'test/fast/Unit tests/nvm_get_arch'  # Run single test safely without shell termination
+./node_modules/.bin/urchin test/slow/                        # Run slow test suite
+./node_modules/.bin/urchin test/sourcing/                    # Run sourcing test suite
+```
+
+### Test Writing Guidelines
+- Tests should work across all supported shells (sh, bash, dash, zsh, ksh)
+- Define and use a `die()` function for test failures
+- Clean up after tests in cleanup functions
+- Mock external dependencies when needed
+- Place mocks in `test/mocks/` directory
+- Mock files should only be updated by the existing `update_test_mocks.sh` script, and any new mocks must be added to this script
+
+## Shell Environment Setup
+
+### Supported Shells
+- **bash** - Full feature support
+- **zsh** - Full feature support
+- **dash** - Basic POSIX support
+- **sh** - Basic POSIX support
+- **ksh** - Limited support (experimental)
+
+### Installing Shell Environments
+
+#### Ubuntu/Debian
+```bash
+sudo apt-get update
+sudo apt-get install bash zsh dash ksh
+# sh is typically provided by dash or bash and is available by default
+```
+
+#### macOS
+```bash
+# bash and zsh are available by default, bash is not the default shell for new user accounts
+# Install other shells via Homebrew
+brew install dash ksh
+# For actual POSIX sh (not bash), install mksh which provides a true POSIX sh
+brew install mksh
+```
+
+#### Manual Shell Testing
+```bash
+# Test in specific shell
+bash -c "source nvm.sh && nvm --version"
+zsh -c "source nvm.sh && nvm --version"
+dash -c ". nvm.sh && nvm --version"
+sh -c ". nvm.sh && nvm --version"          # On macOS: mksh -c ". nvm.sh && nvm --version"
+ksh -c ". nvm.sh && nvm --version"
+```
+
+### Shell-Specific Considerations
+- **zsh**: Requires basically any non-default zsh option to be temporarily unset to restore POSIX compliance
+- **dash**: Limited feature set, avoid bash-specific syntax
+- **ksh**: Some features may not work, primarily for compatibility testing
+
+## CI Environment Details
+
+### GitHub Actions Workflows
+
+#### `.github/workflows/tests.yml`
+- Runs test suite across multiple shells and test suites
+- Uses `script` command for proper TTY simulation
+- Matrix strategy covers shell × test suite combinations
+- Excludes install_script tests from non-bash shells
+
+#### `.github/workflows/shellcheck.yml`
+- Lints all shell scripts using shellcheck
+- Tests against multiple shell targets (bash, sh, dash, ksh)
+  - Note: zsh is not included due to [shellcheck limitations](https://github.com/koalaman/shellcheck/issues/809)
+- Uses Homebrew to install latest shellcheck version
+
+#### `.github/workflows/lint.yml`
+- Runs additional linting and formatting checks
+- Validates documentation and code style
+
+### Travis CI (Legacy)
+- Configured in `.travis.yml`
+- Tests on multiple Ubuntu versions
+- Installs shell environments via apt packages
+
+### CI Test Execution
+```bash
+# Simulate CI environment locally
+unset TRAVIS_BUILD_DIR  # Disable Travis-specific logic
+unset GITHUB_ACTIONS    # Disable GitHub Actions logic
+make test
+```
+
+## Setting Up shellcheck Locally
+
+### Installation
+
+#### macOS (Homebrew)
+```bash
+brew install shellcheck
+```
+
+#### Ubuntu/Debian
+```bash
+sudo apt-get install shellcheck
+```
+
+#### From Source
+```bash
+# Download from https://github.com/koalaman/shellcheck/releases
+wget https://github.com/koalaman/shellcheck/releases/download/latest/shellcheck-latest.linux.x86_64.tar.xz
+tar -xf shellcheck-latest.linux.x86_64.tar.xz
+sudo cp shellcheck-latest/shellcheck /usr/local/bin/
+```
+
+### Usage
+
+#### Lint Main Files
+```bash
+shellcheck -s bash nvm.sh
+shellcheck -s bash install.sh
+shellcheck -s bash nvm-exec
+shellcheck -s bash bash_completion
+```
+
+#### Lint Across Shell Types
+```bash
+shellcheck -s sh nvm.sh      # POSIX sh
+shellcheck -s bash nvm.sh    # Bash extensions
+shellcheck -s dash nvm.sh    # Dash compatibility
+shellcheck -s ksh nvm.sh     # Ksh compatibility
+```
+
+#### Common shellcheck Directives in nvm
+- `# shellcheck disable=SC2039` - Allow bash extensions in POSIX mode
+- `# shellcheck disable=SC2016` - Allow literal `$` in single quotes
+- `# shellcheck disable=SC2001` - Allow sed usage instead of parameter expansion
+- `# shellcheck disable=SC3043` - Allow `local` keyword (bash extension)
+
+### Fixing shellcheck Issues
+1. **Quoting**: Always quote variables: `"${VAR}"` instead of `$VAR`
+2. **POSIX compliance**: Avoid bash-specific features in portable sections
+3. **Array usage**: Use `set --` for positional parameters instead of arrays, which are not supported in POSIX
+4. **Local variables**: Declared with `local FOO` and then initialized on the next line (the latter is for ksh support)
+
+## Development Best Practices
+
+### Code Style
+- Use 2-space indentation
+- Follow POSIX shell guidelines for portability
+- Prefix internal functions with `nvm_`
+- Use `nvm_echo` instead of `echo` for output
+- Use `nvm_err` for error messages
+
+### Compatibility
+- Test changes across all supported shells
+- Avoid bash-specific features in core functionality
+- Use `nvm_is_zsh` to check when zsh-specific behavior is needed
+- Mock external dependencies in tests
+
+### Performance
+- Cache expensive operations (like remote version lists)
+- Use local variables to avoid scope pollution
+- Minimize subprocess calls where possible
+- Implement lazy loading for optional features
+
+### Debugging
+- Use `nvm debug` command for environment information
+- Enable verbose output with `set -x` during development
+- Test with `NVM_DEBUG=1` environment variable
+- Check `$NVM_DIR/.cache` for cached data issues
+
+## Common Gotchas
+
+1. **PATH modification**: nvm modifies PATH extensively; be careful with restoration
+2. **Shell sourcing**: nvm must be sourced, not executed as a script
+3. **Version resolution**: Aliases, partial versions, and special keywords interact complexly
+4. **Platform differences**: Handle differences between Linux, macOS, and other Unix systems
+5. **Network dependencies**: Many operations require internet access for version lists
+6. **Concurrent access**: Multiple shells can conflict when installing versions simultaneously
+
+## Windows Support
+
+nvm works on Windows via several compatibility layers:
+
+### WSL2 (Windows Subsystem for Linux)
+- Full nvm functionality available
+- **Important**: Ensure you're using WSL2, not WSL1 - see [Microsoft's WSL2 installation guide](https://docs.microsoft.com/en-us/windows/wsl/install) for up-to-date instructions
+- Install Ubuntu or other Linux distribution from Microsoft Store
+- Follow Linux installation instructions within WSL2
+
+### Cygwin
+- POSIX-compatible environment for Windows
+- Download Cygwin from [cygwin.com](https://www.cygwin.com/install.html) and run the installer
+- During installation, include these packages: bash, curl, git, tar, and wget
+- May require additional PATH configuration
+
+### Git Bash (MSYS2)
+- Comes with Git for Windows
+- Limited functionality compared to full Linux environment
+- Some features may not work due to path translation issues, including:
+  - Binary extraction paths may be incorrectly translated
+  - Symlink creation may fail
+  - Some shell-specific features may behave differently
+  - File permissions handling differs from Unix systems
+
+### Setup Instructions for Windows
+
+#### WSL2 (recommended)
+1. Install WSL2 using the official Microsoft guide: https://docs.microsoft.com/en-us/windows/wsl/install
+2. Install Ubuntu or preferred Linux distribution from Microsoft Store
+3. Follow standard Linux installation within WSL2
+
+#### Git Bash
+1. Install Git for Windows (includes Git Bash) from https://git-scm.com/download/win
+2. Open Git Bash terminal
+3. Run nvm installation script
+
+#### Cygwin
+1. Download and install Cygwin from https://www.cygwin.com/install.html
+2. Include bash, curl, git, tar, and wget packages during installation
+3. Run nvm installation in Cygwin terminal
+
+This guide should help GitHub Copilot understand the nvm codebase structure, testing procedures, and development environment setup requirements.

.github/workflows/5codeql.yml

@@ -1,100 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL Advanced"
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
-  schedule:
-    - cron: '44 18 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    # Runner size impacts CodeQL analysis time. To learn more, please see:
-    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
-    #   - https://gh.io/supported-runners-and-hardware-resources
-    #   - https://gh.io/using-larger-runners (GitHub.com only)
-    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: actions
-          build-mode: none
-        - language: javascript-typescript
-          build-mode: none
-        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
-        # Use `c-cpp` to analyze code written in C, C++ or both
-        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
-        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
-        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
-        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
-        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
-        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Add any setup steps before running the `github/codeql-action/init` action.
-    # This includes steps like installing compilers or runtimes (`actions/setup-node`
-    # or others). This is typically only required for manual builds.
-    # - name: Setup runtime (example)
-    #   uses: actions/setup-example@v1
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      shell: bash
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 17 * * 4'
+
+permissions:
+  contents: read
+
+jobs:
+  CodeQL-Build:
+
+    # CodeQL runs on ubuntu-latest and windows-latest
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v6
+      with:
+        persist-credentials: false
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v4
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v4
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v4

.github/workflows/codeql.yml

@@ -1,100 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL Advanced"
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
-  schedule:
-    - cron: '44 1 * * 4'
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    # Runner size impacts CodeQL analysis time. To learn more, please see:
-    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
-    #   - https://gh.io/supported-runners-and-hardware-resources
-    #   - https://gh.io/using-larger-runners (GitHub.com only)
-    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: actions
-          build-mode: none
-        - language: javascript-typescript
-          build-mode: none
-        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
-        # Use `c-cpp` to analyze code written in C, C++ or both
-        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
-        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
-        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
-        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
-        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
-        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Add any setup steps before running the `github/codeql-action/init` action.
-    # This includes steps like installing compilers or runtimes (`actions/setup-node`
-    # or others). This is typically only required for manual builds.
-    # - name: Setup runtime (example)
-    #   uses: actions/setup-example@v1
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-    # If the analyze step fails for one of the languages you are analyzing with
-    # "We were unable to automatically build your code", modify the matrix above
-    # to set the build mode to "manual" for that language. Then modify this step
-    # to build your code.
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-    - if: matrix.build-mode == 'manual'
-      shell: bash
-      run: |
-        echo 'If you are using a "manual" build mode for one or more of the' \
-          'languages you are analyzing, replace this with the commands to build' \
-          'your code, for example:'
-        echo '  make bootstrap'
-        echo '  make release'
-        exit 1
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"

.github/workflows/docker-publish.yml

@@ -1,98 +0,0 @@
-name: Docker
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-on:
-  schedule:
-    - cron: '35 2 * * *'
-  push:
-    branches: [ "master" ]
-    # Publish semver tags as releases.
-    tags: [ 'v*.*.*' ]
-  pull_request:
-    branches: [ "master" ]
-
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
-
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
-        with:
-          cosign-release: 'v2.2.4'
-
-      # Set up BuildKit Docker container builder to be able to build
-      # multi-platform images and export cache
-      # https://github.com/docker/setup-buildx-action
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/workflows/latest-npm.yml

@@ -0,0 +1,86 @@
+name: 'Tests: `nvm install-latest-npm`'
+
+on: [pull_request, push]
+
+permissions:
+  contents: read
+
+jobs:
+  matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      latest: ${{ steps.set-matrix.outputs.requireds }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            iojs.org:443
+            nodejs.org:443
+            raw.githubusercontent.com:443
+      - uses: ljharb/actions/node/matrix@main
+        id: set-matrix
+        with:
+          versionsAsRoot: true
+          type: majors
+          preset: '>=1'
+
+  nodes:
+    needs: [matrix]
+    permissions:
+      contents: read
+    name: 'nvm install-latest-npm'
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: ${{ fromJson(needs.matrix.outputs.latest) }}
+        include:
+          - node-version: "21"
+          - node-version: "20.5"
+          - node-version: "20.4"
+          - node-version: "14.17"
+          - node-version: "14.16"
+          - node-version: "9.2"
+          - node-version: "9.1"
+          - node-version: "9.0"
+          - node-version: "6.1"
+          - node-version: "5.9"
+          - node-version: "4.6"
+          - node-version: "4.5"
+          - node-version: "4.4"
+          - node-version: "0.12"
+          - node-version: "0.10"
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            github.com:443
+            raw.githubusercontent.com:443
+            iojs.org:443
+            nodejs.org:443
+            registry.npmjs.org:443
+      - uses: actions/checkout@v4
+      - uses: ljharb/actions/node/install@main
+        name: 'install node'
+        with:
+          node-version: ${{ matrix.node-version }}
+          skip-ls-check: true
+          skip-install: true
+          skip-latest-npm: true
+      - run: npm --version
+      - run: '. ./nvm.sh ; nvm install-latest-npm'
+        name: 'nvm install-latest-npm'
+      - run: npm --version
+
+  node:
+    permissions:
+      contents: none
+    name: 'nvm install-latest-npm'
+    needs: [nodes]
+    runs-on: ubuntu-latest
+    steps:
+      - run: true

.github/workflows/lint.yml

@@ -0,0 +1,72 @@
+name: 'Tests: linting'
+
+on: [pull_request, push]
+
+permissions:
+  contents: read
+
+jobs:
+  eclint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            github.com:443
+            raw.githubusercontent.com:443
+            nodejs.org:443
+            registry.npmjs.org:443
+      - uses: actions/checkout@v4
+      - uses: ljharb/actions/node/install@main
+        name: 'nvm install ${{ matrix.node-version }} && npm install'
+        with:
+          node-version: 'lts/*'
+      - run: npm run eclint
+
+  dockerfile_lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            ghcr.io:443
+            github.com:443
+            raw.githubusercontent.com:443
+            pkg-containers.githubusercontent.com:443
+            nodejs.org:443
+            registry.npmjs.org:443
+      - uses: actions/checkout@v4
+      - uses: ljharb/actions/node/install@main
+        name: 'nvm install ${{ matrix.node-version }} && npm install'
+        with:
+          node-version: 'lts/*'
+      - run: npm run dockerfile_lint
+
+  doctoc:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            github.com:443
+            raw.githubusercontent.com:443
+            nodejs.org:443
+            registry.npmjs.org:443
+      - uses: actions/checkout@v4
+      - uses: ljharb/actions/node/install@main
+        name: 'nvm install ${{ matrix.node-version }} && npm install'
+        with:
+          node-version: 'lts/*'
+      - run: npm run doctoc:check
+
+  test_naming:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            github.com:443
+            raw.githubusercontent.com:443
+      - uses: actions/checkout@v4
+      - name: check tests filenames
+        run: ./rename_test.sh --check

.github/workflows/npm-publish.yml

@@ -1,33 +0,0 @@
-# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
-
-name: Node.js Package
-
-on:
-  release:
-    types: [created]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - run: npm ci
-      - run: npm test
-
-  publish-npm:
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          registry-url: https://registry.npmjs.org/
-      - run: npm ci
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

.github/workflows/rebase.yml

@@ -0,0 +1,17 @@
+name: Automatic Rebase
+
+on: [pull_request_target]
+
+permissions: read-all
+
+jobs:
+  _:
+    name: "Automatic Rebase"
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ljharb/rebase@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,39 @@
+name: 'Tests: release process'
+
+on: [pull_request, push]
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          allowed-endpoints:
+            github.com:443
+            api.github.com:443
+            objects.githubusercontent.com:443
+            raw.githubusercontent.com:443
+            release-assets.githubusercontent.com:443
+            registry.npmjs.org:443
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "14"
+      - run: npm install
+      - name: Configure git
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          git fetch --unshallow --tags -f || git fetch --tags -f
+      - name: Attempt `make release` process
+        run: echo proceed | make TAG=99.99.99 release
+        env:
+          GIT_EDITOR: "sed -i '1 s/^/99.99.99 make release test/'"
+      - name: Ensure tag is created
+        run: git tag | grep v99.99.99

.github/workflows/require-allow-edits.yml

@@ -0,0 +1,14 @@
+name: Require “Allow Edits”
+
+on: [pull_request_target]
+
+permissions: read-all
+
+jobs:
+  _:
+    name: "Require “Allow Edits”"
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: ljharb/require-allow-edits@main

.github/workflows/windows-npm.yml

@@ -0,0 +1,216 @@
+name: 'Tests on Windows: `nvm install`'
+
+on: [pull_request, push]
+
+permissions:
+  contents: read
+
+env:
+  NVM_INSTALL_GITHUB_REPO: ${{ github.repository }}
+  NVM_INSTALL_VERSION: ${{ github.sha }}
+
+jobs:
+  msys_fail_install:
+    # Default installation does not work due to npm_config_prefix set to C:\npm\prefix
+    permissions:
+      contents: none
+    name: 'MSYS fail prefix nvm install'
+    runs-on: windows-latest
+    steps:
+      - name: Retrieve nvm
+        shell: bash
+        run: |
+          curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | METHOD=script bash
+          . "$HOME/.nvm/nvm.sh"
+          ! nvm install --lts
+
+  msys_matrix:
+    permissions:
+      contents: none
+    name: 'MSYS nvm install'
+    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        npm-node-version:
+          - '--lts'
+          - '--default 12'
+          - '--no-progress 10'
+    steps:
+      - name: Retrieve nvm
+        shell: bash
+        run: |
+          unset npm_config_prefix
+          if [ "${{ matrix.npm-node-version }}" = "--lts" ]; then
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | bash
+          else
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | METHOD=script bash
+          fi
+          . "$HOME/.nvm/nvm.sh"
+          nvm install ${{ matrix.npm-node-version }}
+
+  cygwin_matrix:
+    continue-on-error: true
+    permissions:
+      contents: none
+    name: 'Cygwin nvm install'
+    runs-on: windows-latest
+    steps:
+      - name: Install Cygwin
+        shell: bash
+        run: |
+          export SITE='https://mirror.clarkson.edu/cygwin/' # see https://archlinux.org/mirrors/clarkson.edu/1603/ for uptime status
+          export SITE='https://mirrors.kernel.org/sourceware/cygwin/'
+          export LOCALDIR="$(pwd)"
+          export ROOTDIR="$USERPROFILE\\cygwin"
+          export PACKAGES='bash,git,curl'
+
+          curl -fsSLo setup-x86_64.exe 'https://cygwin.com/setup-x86_64.exe'
+          ./setup-x86_64.exe --disable-buggy-antivirus -q -s "$SITE" -l "$LOCALDIR" -R "$ROOTDIR" -P "$PACKAGES"
+
+          cat >~/setup.sh <<EOM
+            unset npm_config_prefix
+            export NVM_INSTALL_GITHUB_REPO="$NVM_INSTALL_GITHUB_REPO"
+            export NVM_INSTALL_VERSION="$NVM_INSTALL_VERSION"
+            export HOME="$(cygpath -u "$USERPROFILE")"
+
+            echo "HOME is $HOME"
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | bash
+            ls -l $HOME/.nvm
+            . "$HOME/.nvm/nvm.sh"
+            nvm install --lts
+
+            nvm deactivate
+            rm -rf "$HOME/.nvm/nvm.sh"
+
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | METHOD=script bash
+            . "$HOME/.nvm/nvm.sh"
+            nvm install 9
+          EOM
+      - name: Retrieve nvm
+        shell: cmd
+        run: |
+          cd %USERPROFILE%\cygwin\bin
+          bash.exe "%USERPROFILE%\setup.sh"
+
+  wsl_matrix:
+    continue-on-error: true
+    name: 'WSL nvm install'
+    defaults:
+      run:
+          shell: wsl-bash {0}
+    runs-on: windows-latest
+    env:
+      WSLENV: NVM_INSTALL_GITHUB_REPO:NVM_INSTALL_VERSION:/p
+    strategy:
+      fail-fast: false
+      matrix:
+        wsl-distrib:
+          - Debian
+        # - Alpine # fails
+          - Ubuntu-20.04
+          - Ubuntu-18.04
+        npm-node-version:
+          - '--lts'
+          - '21'
+          - '18'
+          - '16'
+          - '14'
+          - '12'
+          - '10'
+        exclude:
+          - wsl-distrib: Ubuntu-18.04
+            npm-node-version: '--lts'
+          - wsl-distrib: Ubuntu-18.04
+            npm-node-version: '21'
+          - wsl-distrib: Ubuntu-18.04
+            npm-node-version: '18'
+        method:
+          - ''
+          - 'script'
+    steps:
+      - uses: Vampire/setup-wsl@v3
+        with:
+          distribution: ${{ matrix.wsl-distrib }}
+          additional-packages: bash git curl ca-certificates wget
+
+      # see https://github.com/Vampire/setup-wsl/issues/76#issuecomment-3258201135
+      - shell: 'wsl-bash {0}'
+        run: 'sed -i s/ftp.debian.org/archive.debian.org/ /etc/apt/sources.list'
+      - uses: Vampire/setup-wsl@v3
+        with:
+          distribution: ${{ matrix.wsl-distrib }}
+          additional-packages: bash git curl ca-certificates wget
+          update: 'true'
+
+      - name: Retrieve nvm on WSL
+        run: |
+          if [ -z "${{ matrix.method }}" ]; then
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | bash
+          else
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | METHOD="${{matrix.method}}" bash
+          fi
+          . "$HOME/.nvm/nvm.sh"
+          nvm install ${{ matrix.npm-node-version }}
+          node -v
+
+  wsl_matrix_unofficial:
+    continue-on-error: true
+    name: 'WSL nvm install'
+    defaults:
+      run:
+          shell: wsl-bash {0}
+    runs-on: windows-latest
+    env:
+      WSLENV: NVM_INSTALL_GITHUB_REPO:NVM_INSTALL_VERSION:/p
+      NVM_NODEJS_ORG_MIRROR: https://unofficial-builds.nodejs.org/download/release
+    strategy:
+      fail-fast: false
+      matrix:
+        wsl-distrib:
+          - Alpine
+        npm-node-version:
+          - '--lts'
+          - '21'
+          - '18'
+          - '16'
+          - '14'
+          - '12'
+          - '11'
+          - '10'
+        method:
+          - ''
+          - 'script'
+    steps:
+      - uses: Vampire/setup-wsl@v3
+        with:
+          distribution: ${{ matrix.wsl-distrib }}
+          additional-packages: bash git curl ca-certificates wget
+
+      # see https://github.com/Vampire/setup-wsl/issues/76#issuecomment-3258201135
+      - shell: 'wsl-bash {0}'
+        run: 'sed -i s/ftp.debian.org/archive.debian.org/ /etc/apt/sources.list'
+      - uses: Vampire/setup-wsl@v3
+        with:
+          distribution: ${{ matrix.wsl-distrib }}
+          additional-packages: bash git curl ca-certificates wget
+          update: 'true'
+
+      - name: Retrieve nvm on WSL
+        run: |
+          if [ -z "${{ matrix.method }}" ]; then
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | bash
+          else
+            curl -fsSLo- "https://raw.githubusercontent.com/${NVM_INSTALL_GITHUB_REPO}/${NVM_INSTALL_VERSION}/install.sh" | METHOD="${{matrix.method}}" bash
+          fi
+          . "$HOME/.nvm/nvm.sh"
+          NVM_NODEJS_ORG_MIRROR=${{ env.NVM_NODEJS_ORG_MIRROR }} nvm install ${{ matrix.npm-node-version }}
+
+  nvm_windows:
+    name: 'tests, on windows'
+    permissions:
+      contents: none
+    needs: [wsl_matrix, wsl_matrix_unofficial, cygwin_matrix, msys_matrix, msys_fail_install]
+    runs-on: ubuntu-latest
+    steps:
+      - run: true

.travis.yml

@@ -0,0 +1,94 @@
+language: generic
+dist: focal
+addons:
+  apt:
+    packages:
+      - zsh
+    #  - ksh
+    #  - gcc-4.8
+    #  - g++-4.8
+
+# https://gist.github.com/iedemam/9830045
+git:
+  submodules: false
+
+cache:
+  ccache: true
+  directories:
+    - $TRAVIS_BUILD_DIR/.cache
+    - $TRAVIS_BUILD_DIR/node_modules
+before_install:
+  - sudo sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
+  - sudo update-ca-certificates -f
+
+  # https://gist.github.com/iedemam/9830045
+  - sed -i 's/git@github.com:/https:\/\/github.com\//' .gitmodules
+  - git submodule update --init --recursive
+
+  - $SHELL --version 2> /dev/null || dpkg -s $SHELL 2> /dev/null || which $SHELL
+  - curl --version
+  - wget --version
+  - bash --version | head
+  - zsh  --version
+  - dpkg -s dash | grep ^Version | awk '{print $2}'
+  # install python
+  - pyenv local 2.7.18 || pyenv install 2.7.18
+  - pyenv local 2.7.18 || echo 'pyenv failed'
+  - python -V
+install:
+  - if [ -z "${SHELLCHECK-}" ]; then nvm install 16 && nvm unalias default && npm install && npm prune && npm ls urchin doctoc eclint dockerfile_lint; fi
+  - '[ -z "$WITHOUT_CURL" ] || sudo apt-get remove curl -y'
+script:
+  - if [ -n "${SHELL-}" ] && [ -n "${TEST_SUITE}" ]; then if [ "${TEST_SUITE}" = 'installation_iojs' ] || [ "${TEST_SUITE}" = 'xenial' ]; then travis_retry make TEST_SUITE=$TEST_SUITE URCHIN="$(npm bin)/urchin" test-$SHELL ; else make TEST_SUITE=$TEST_SUITE URCHIN="$(npm bin)/urchin" test-$SHELL; fi; fi
+before_cache:
+  - if [ -n "$WITHOUT_CURL" ]; then sudo apt-get install curl -y ; fi
+jobs:
+  include:
+    - env: SHELL=bash TEST_SUITE=installation_node
+      dist: xenial
+    - env: SHELL=bash TEST_SUITE=installation_node WITHOUT_CURL=1
+      dist: xenial
+    - env: SHELL=sh TEST_SUITE=installation_node
+      dist: xenial
+    - env: SHELL=sh TEST_SUITE=installation_node WITHOUT_CURL=1
+      dist: xenial
+    - env: SHELL=dash TEST_SUITE=installation_node
+      dist: xenial
+    - env: SHELL=dash TEST_SUITE=installation_node WITHOUT_CURL=1
+      dist: xenial
+    - env: SHELL=zsh TEST_SUITE=installation_node
+      dist: xenial
+    - env: SHELL=zsh TEST_SUITE=installation_node WITHOUT_CURL=1
+      dist: xenial
+    #- env: SHELL=ksh TEST_SUITE=installation_node
+    #  dist: xenial
+    #- env: SHELL=ksh TEST_SUITE=installation_node WITHOUT_CURL=1
+    #  dist: xenial
+    - env: SHELL=bash TEST_SUITE=xenial
+      dist: xenial
+    - env: SHELL=sh TEST_SUITE=xenial
+      dist: xenial
+    - env: SHELL=dash TEST_SUITE=xenial
+      dist: xenial
+    - env: SHELL=zsh TEST_SUITE=xenial
+      dist: xenial
+    #- env: SHELL=ksh TEST_SUITE=xenial
+    #  dist: xenial
+env:
+  global:
+    - CXX=g++
+    - CC=gcc
+    - PATH="$(echo $PATH | sed 's/::/:/')"
+    - PATH="/usr/lib/ccache/:$PATH"
+    - NVM_DIR="${TRAVIS_BUILD_DIR}"
+  matrix:
+    - SHELL=sh TEST_SUITE=fast
+    - SHELL=dash TEST_SUITE=fast
+    - SHELL=bash TEST_SUITE=fast
+    - SHELL=zsh TEST_SUITE=fast
+    #  - SHELL=ksh TEST_SUITE=fast
+    - SHELL=sh TEST_SUITE=installation_iojs WITHOUT_CURL=1
+    - SHELL=dash TEST_SUITE=installation_iojs WITHOUT_CURL=1
+    - SHELL=bash TEST_SUITE=installation_iojs WITHOUT_CURL=1
+    - SHELL=zsh TEST_SUITE=installation_iojs WITHOUT_CURL=1
+    #  - SHELL=ksh TEST_SUITE=installation_iojs WITHOUT_CURL=1

CNAME

@@ -1 +0,0 @@
-gtm-kqqwvx2-zgi2z.uc.r.appspot.com

CONTRIBUTING.md

@@ -0,0 +1,123 @@
+# Contributing
+
+:+1::tada: First off, thanks for taking the time to contribute to `nvm`! :tada::+1:
+
+We love pull requests and issues, they're our favorite.
+
+The following is a set of guidelines for contributing to `nvm` managed by [@LJHarb](https://github.com/ljharb), which is hosted on GitHub. These are mostly guidelines, not rules. Use your best judgment, and feel free to propose changes to this document in a pull request.
+
+However, before submitting, please review the following:
+
+# How Can I Contribute?
+
+There are lots of ways to get involved. Here are some suggestions of things we'd love some help with.
+
+## Resolving existing issues
+
+You can consider helping out with issues already requiring attention - look for a "help wanted" label.
+
+### How Do I Submit a (Good) Bug Report? :bug:
+
+Explain the problem and include additional details to help maintainers reproduce the problem:
+
+* **Use a clear and descriptive title** for the issue to identify the problem.
+
+* **Describe the exact steps which reproduce the problem** in as many details as possible. For example, start by explaining which command exactly you used in the terminal. When listing steps, **don't just say what you did, but explain how you did it**. For example, if you moved the cursor to the end of a line, explain if you used the mouse, or a keyboard shortcut or a command, and if so which one?
+* **Provide specific examples to demonstrate the steps**. Include links to files or Github projects, or copy/pasteable snippets, which you use in those examples. If you're providing snippets in the issue, use [Markdown code blocks](https://help.github.com/articles/markdown-basics/#multiple-lines).
+* **Describe the behavior you observed after following the steps** and point out what exactly is the problem with that behavior.
+* **Explain which behavior you expected to see instead and why.**
+* **Provide as much context as possible** in order to help others verify and ultimately fix the issue. This includes giving us as much details as possible about your environment, so we can more easily confirm the problem.
+
+## Documentation
+
+We are happy to welcome contributions from anyone willing to improve documentation by adding missing information or making it more consistent and coherent.
+
+# Dev Environment
+
+Please refer to the [README](README.md) for complete instructions how to install, update, as well as troubleshoot `nvm` in your environment depending on your Operating System.
+
+# Style Guide / Coding conventions
+
+### Pull requests
+
+#### Before creating a pull request
+
+  - Please include tests. Changes with tests will be merged very quickly.
+  - Please manually confirm that your changes work in `bash`, `sh`/`dash`, `ksh`, and `zsh`. Fast tests do run in these shells, but it's nice to manually verify also.
+  - Please maintain consistent whitespace - 2-space indentation, trailing newlines in all files, etc.
+  - Any time you make a change to your PR, please rebase freshly on top of the default branch. Nobody likes merge commits.
+
+Even if you don't have all of these items covered, please still feel free to submit a PR/issue! Someone else may be inspired and volunteer to complete it for you.
+
+#### How to create a pull request
+
+Create a new branch
+
+```
+git checkout -b issue1234
+```
+
+Commit the changes to your branch, including a coherent commit message that follows our [standards](#commit-messages)
+
+```
+git commit -a
+```
+
+Before sending the pull request, make sure your code is running on the latest available code by rebasing onto the upstream source
+
+```
+git fetch upstream
+git rebase upstream/main
+```
+
+Verify your changes
+
+```
+npm test
+```
+
+Push your changes
+
+```
+git push origin issue1234
+```
+
+Send the [pull request](https://docs.github.com/en/pull-requests), make requested changes, and get merged.
+
+### Commit Messages
+
+* Limit the first line of the commit message (message summary) to 72 characters or less.
+* Use the present tense ("Add feature" not "Added feature") and imperative mood ("Move cursor to..." not "Moves cursor to...") when providing a description of what you did.
+* If your PR addresses an issue, reference it in the body of the commit message.
+* See the rest of the conventions [here](https://gist.github.com/ljharb/772b0334387a4bee89af24183114b3c7)
+
+#### Commit message example
+
+```
+[Tag]: Short description of what you did
+
+Longer description here if necessary
+
+Fixes #1234
+```
+
+> **Note:**  Add co-authors to your commit message for commits with multiple authors
+
+```
+Co-authored-by: Name Here <email@here>
+```
+
+
+# Code of Conduct
+[Code of Conduct](https://github.com/nvm-sh/nvm/blob/HEAD/CODE_OF_CONDUCT.md)
+
+# Where can I ask for help?
+If you have any questions, please contact [@LJHarb](mailto:ljharb@gmail.com).
+
+# Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+  - The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
+  - The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
+  - The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
+  - I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

LICENSE

@@ -1,28 +0,0 @@
-BSD 3-Clause License
-
-Copyright (c) 2025, DIMVY clothing brand 
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSE.md

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2010 Tim Caswell
+
+Copyright (c) 2014 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

PROJECT_CHARTER.md

@@ -0,0 +1,49 @@
+# `nvm` Charter
+
+nvm is a version manager for Node.js, designed to be installed per-user, and invoked per-shell. nvm works on any POSIX-compliant shell (sh, dash, ksh, zsh, bash), in particular on these platforms: unix, macOS, and Windows WSL.
+
+## Section 0: Guiding Principles
+
+The `nvm` project is part of the [OpenJS Foundation][openjs foundation], which operates transparently, openly, collaboratively, and ethically. Project proposals, timelines, and status must not merely be open, but also easily visible to outsiders.
+
+## Section 1: Scope
+
+`nvm` is a node version manager, focused on making it easy to install and manage multiple Node.js versions. Any features related to managing the installation and removal of Node.js on any node-supported platform are potentially in scope.
+
+## Section 2: Relationship with OpenJS Foundation CPC.
+
+Technical leadership for the projects within the [OpenJS Foundation][openjs foundation] is delegated to the projects through their project charters by the [OpenJS Foundation Cross-Project Council](https://openjsf.org/about/governance/) (CPC). In the case of the `nvm` project, it is delegated to the [`nvm` Maintainers](README.md#maintainers) (the “Maintainers”). The OpenJS Foundation's business leadership is the Board of Directors (the “Board”).
+
+This `nvm` Charter reflects a carefully constructed balanced role for the Maintainers and the CPC in the governance of the OpenJS Foundation. The charter amendment process is for the Maintainers to propose changes using simple majority of the full Maintainers, the proposed changes being subject to review and approval by the CPC. The CPC may additionally make amendments to the project charter at any time, though the CPC will not interfere with day-to-day discussions, votes or meetings of the Maintainers.
+
+### 2.1 Other Formal Project Relationships
+
+Section Intentionally Left Blank
+
+## Section 3: `nvm`'s Maintainers Governing Body
+
+`nvm` is governed by its [maintainers](README.md#maintainers).
+
+## Section 4: Roles & Responsibilities
+
+The roles and responsibilities of `nvm`'s Maintainers are described in [GOVERNANCE.md](./GOVERNANCE.md).
+
+### Section 4.1 Project Operations & Management
+
+Section Intentionally Left Blank
+
+### Section 4.2: Decision-making, Voting, and/or Elections
+
+Section Intentionally Left Blank
+
+### Section 4.3: Other Project Roles
+
+Section Intentionally Left Blank
+
+## Section 5: Definitions
+
+  - *Contributors*: contribute code or other artifacts, but do not have the right to commit to the codebase. Contributors work with the project’s maintainers to have code committed to the code base. A Contributor may be promoted to a Maintainer by the Maintainers. Contributors should rarely be encumbered by the Maintainers and never by the CPC or OpenJS Foundation Board.
+
+  - *Maintainers*: Contributors with any kind of decision-making authority in the project.
+
+[openjs foundation]: https://openjsf.org

install.sh

@@ -33,7 +33,7 @@ nvm_install_dir() {
 }
 
 nvm_latest_version() {
-  nvm_echo "v0.40.2"
+  nvm_echo "v0.40.3"
 }
 
 nvm_profile_is_bash_or_zsh() {
@@ -163,7 +163,7 @@ install_nvm_from_git() {
       }
     else
       # Cloning repo
-      command git clone "$(nvm_source)" --depth=1 "${INSTALL_DIR}" || {
+      command git clone -o origin "$(nvm_source)" --depth=1 "${INSTALL_DIR}" || {
         nvm_echo >&2 'Failed to clone nvm repo. Please report this!'
         exit 2
       }

nvm.sh

@@ -356,19 +356,19 @@ nvm_install_latest_npm() {
     if [ $NVM_IS_19_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 20.5.0; then
       NVM_IS_20_5_OR_ABOVE=1
     fi
-    local NVM_IS_20_17_or_ABOVE
-    NVM_IS_20_17_or_ABOVE=0
-    if [ $NVM_IS_20_5_OR_ABOVE -eq 1 ] && nvm_version_greater 20.17.0 "${NODE_VERSION}"; then
-      NVM_IS_20_17_or_ABOVE=1
+    local NVM_IS_20_17_OR_ABOVE
+    NVM_IS_20_17_OR_ABOVE=0
+    if [ $NVM_IS_20_5_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 20.17.0; then
+      NVM_IS_20_17_OR_ABOVE=1
     fi
     local NVM_IS_21_OR_ABOVE
     NVM_IS_21_OR_ABOVE=0
-    if [ $NVM_IS_20_17_or_ABOVE -eq 1 ] && nvm_version_greater 21.0.0 "${NODE_VERSION}"; then
+    if [ $NVM_IS_20_17_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 21.0.0; then
       NVM_IS_21_OR_ABOVE=1
     fi
     local NVM_IS_22_9_OR_ABOVE
     NVM_IS_22_9_OR_ABOVE=0
-    if [ $NVM_IS_21_OR_ABOVE -eq 1 ] && nvm_version_greater 22.9.0 "${NODE_VERSION}"; then
+    if [ $NVM_IS_21_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 22.9.0; then
       NVM_IS_22_9_OR_ABOVE=1
     fi
 
@@ -420,7 +420,7 @@ nvm_install_latest_npm() {
       nvm_echo '* `npm` `v9.x` is the last version that works on `node` `< v18.17`, `v19`, or `v20.0` - `v20.4`'
       $NVM_NPM_CMD install -g npm@9
     elif \
-      [ $NVM_IS_20_17_or_ABOVE -eq 0 ] \
+      [ $NVM_IS_20_17_OR_ABOVE -eq 0 ] \
       || { [ $NVM_IS_21_OR_ABOVE -eq 1 ] && [ $NVM_IS_22_9_OR_ABOVE -eq 0 ]; } \
     ; then
       nvm_echo '* `npm` `v10.x` is the last version that works on `node` `< v20.17`, `v21`, or `v22.0` - `v22.8`'
@@ -2985,7 +2985,8 @@ nvm_check_file_permissions() {
       if [ ! -L "${FILE}" ] && ! nvm_check_file_permissions "${FILE}"; then
         return 2
       fi
-    elif [ -e "$FILE" ] && [ ! -w "$FILE" ] && [ ! -O "$FILE" ]; then
+    elif [ -e "$FILE" ] && [ ! -w "$FILE" ] && [ -z "$(command find "${FILE}" -prune -user "$(command id -u)")" ]; then
+      # ^ file ownership check from https://www.shellcheck.net/wiki/SC3067
       nvm_err "file is not writable or self-owned: $(nvm_sanitize_path "$FILE")"
       return 1
     fi
@@ -4438,7 +4439,7 @@ nvm() {
       NVM_VERSION_ONLY=true NVM_LTS="${NVM_LTS-}" nvm_remote_version "${PATTERN:-node}"
     ;;
     "--version" | "-v")
-      nvm_echo '0.40.2'
+      nvm_echo '0.40.3'
     ;;
     "unload")
       nvm deactivate >/dev/null 2>&1

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nvm",
-  "version": "0.40.2",
+  "version": "0.40.3",
   "description": "Node Version Manager - Simple bash script to manage multiple active node.js versions",
   "directories": {
     "test": "test"
@@ -45,9 +45,9 @@
     "dockerfile_lint": "^0.3.4",
     "doctoc": "^2.2.1",
     "eclint": "^2.8.1",
-    "markdown-link-check": "^3.13.7",
+    "markdown-link-check": "^3.14.2",
     "replace": "^1.2.2",
-    "semver": "^7.7.1",
+    "semver": "^7.7.3",
     "urchin": "^0.0.5"
   }
 }

rename_test.sh

@@ -0,0 +1,52 @@
+#! /usr/bin/env bash
+
+find_name(){
+  find test -name "*[\\/:\*\?\"<>\|]*" -o -name "*."
+}
+
+check_name() {
+  if [ "$(find_name | wc -l)" != "0" ]; then
+    printf '%s\n\n' "The following filenames contain unwanted characters:"
+    find_name
+    printf '\n%s\n%s\n' "Please run ./rename_test.sh" "If the problem persist, please open an issue."
+    exit 1
+  else
+    echo "Ok"
+  fi
+}
+
+rename_test() {
+  local filename
+  local new_filename
+  while read -r filename; do
+    # Even though it looks < and > are replaced by the same < and >, the latters are not ASCII code
+    # If you check with 'cat -v rename_test.sh' you would see 's/</M-KM-^B/g' and 's/>/M-KM-^C/g'
+    # M-KM-^B -> U+02C2
+    # M-KM-^C -> U+02C3
+    new_filename=$(echo "$filename" | sed -r \
+      -e "s/\"/'/g" \
+      -e 's/</˂/g' \
+      -e 's/>/˃/g' \
+      -e 's/^(.*)\.$/\1/'
+      )
+    printf '%s\n%s\n\n' "$filename" "$new_filename"
+    [ "$filename" != "$new_filename" ] && git mv "$filename" "$new_filename"
+  done < <(find_name)
+
+  if [ "$(find_name | wc -l)" != "0" ]; then
+    echo "Still some files to treat:"
+    find_name
+  else
+    echo "Done"
+  fi
+}
+
+main() {
+  if [ "$1" = "--check" ]; then
+    check_name
+  else
+    rename_test
+  fi
+}
+
+main "$@"

update_test_mocks.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+set -e
+
+echo 'Updating test mocks...'
+
+MOCKS_DIR="$PWD/test/fast/Unit tests/mocks"
+
+echo "creating $MOCKS_DIR"
+mkdir -p "$MOCKS_DIR"
+
+\. "$NVM_DIR/nvm.sh" --no-use
+nvm deactivate 2> /dev/null
+nvm_is_version_installed() {
+  return 1
+}
+
+nvm_make_alias() {
+  # prevent local alias creation
+  return 0
+}
+
+nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote.txt"
+nvm_ls_remote_iojs > "$MOCKS_DIR/nvm_ls_remote_iojs.txt"
+NVM_LTS=* nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote LTS.txt"
+NVM_LTS=argon nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote LTS argon.txt"
+nvm_download -L -s "https://nodejs.org/download/nightly/index.tab" -o - > "$MOCKS_DIR/nodejs.org-download-nightly-index.tab"
+nvm_download -L -s "$(nvm_get_mirror iojs std)/index.tab" -o - > "$MOCKS_DIR/iojs.org-dist-index.tab"
+NVM_COLORS=0ygre nvm ls-remote > "$MOCKS_DIR/nvm ls-remote.txt"
+NVM_COLORS=0ygre nvm ls-remote --lts > "$MOCKS_DIR/nvm ls-remote lts.txt"
+NVM_COLORS=0ygre nvm ls-remote node > "$MOCKS_DIR/nvm ls-remote node.txt"
+NVM_COLORS=0ygre nvm ls-remote iojs > "$MOCKS_DIR/nvm ls-remote iojs.txt"
+nvm_print_implicit_alias remote stable > "$MOCKS_DIR/nvm_print_implicit_alias remote stable.txt"
+nvm_ls_remote stable > "$MOCKS_DIR/nvm_ls_remote stable.txt"
+nvm alias "lts/*" > "$MOCKS_DIR/lts-star.txt"
+
+set +e
+NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/nightly/ nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote nightly.txt"
+nvm_download -L -s "$(nvm_get_mirror node std)/index.tab" -o - > "$MOCKS_DIR/nodejs.org-dist-index.tab"
+NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/nightly/ nvm_print_implicit_alias remote stable > "$MOCKS_DIR/nvm_print_implicit_alias remote stable nightly.txt"
+NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/nightly/ nvm_ls_remote stable > "$MOCKS_DIR/nvm_ls_remote stable nightly.txt"
+NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/nightly/ NVM_LTS=* nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote LTS nightly.txt"
+NVM_NODEJS_ORG_MIRROR=https://nodejs.org/download/nightly/ NVM_LTS=argon nvm_ls_remote > "$MOCKS_DIR/nvm_ls_remote LTS nightly argon.txt"
+set -e
+
+ALIAS_PATH="$MOCKS_DIR/nvm_make_alias LTS alias calls.txt"
+: > "$ALIAS_PATH"
+LTS_NAMES_PATH="$MOCKS_DIR/LTS_names.txt"
+: > "$LTS_NAMES_PATH"
+nvm_make_alias() {
+  # prevent local alias creation, and store arguments
+  echo "${1}|${2}" >> "$ALIAS_PATH"
+  if [ "${1}" != 'lts/*' ]; then
+    echo "${1#lts/}" >> "$LTS_NAMES_PATH"
+  fi
+}
+nvm ls-remote --lts > /dev/null
+
+echo "done! Don't forget to git commit them."