From 8da79b97d81bf5cc062cb67cb8c525a099420bab Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 8 Apr 2026 07:29:49 +0000
Subject: [PATCH 1/2] Initial plan


From be98b1c73202bc712e51f88e75a5c9d6beaa20f8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 8 Apr 2026 07:40:59 +0000
Subject: [PATCH 2/2] Update transaction ID documentation and fix deprecated
 GitHub Actions syntax

Agent-Logs-Url: https://github.com/Darliewithrow/documentation/sessions/a501b961-357f-4317-95b2-172d5b5a785f

Co-authored-by: Darliewithrow <216807437+Darliewithrow@users.noreply.github.com>
---
 .github/workflows/update-cli.yml | 2 +-
 content/policies/privacy.mdx     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml
index 154e97702b6..319827a04b2 100644
--- a/.github/workflows/update-cli.yml
+++ b/.github/workflows/update-cli.yml
@@ -47,7 +47,7 @@ jobs:
         id: status
         run: |
           if [ -n "$(git status --porcelain)" ]; then
-            echo "::set-output name=has_changes::1"
+            echo "has_changes=1" >> $GITHUB_OUTPUT
           fi
       - name: Check in source updates
         if: steps.status.outputs.has_changes == '1'
diff --git a/content/policies/privacy.mdx b/content/policies/privacy.mdx
index 0d2f6132915..745139f1eff 100644
--- a/content/policies/privacy.mdx
+++ b/content/policies/privacy.mdx
@@ -43,7 +43,7 @@ npm may inadvertently collect data about you if it is included in software packa
 
 When you use the `npm` command, the `npx` command, or other software to work with the npm public registry, an Enterprise registry that npm hosts, or private packages, npm logs data that might be identified to you:
 
-- a random, unique identifier, called `npm-session`, for each time you run commands like `npm install`
+- a random, unique transaction identifier, called `npm-session`, for each time you run commands like `npm install`
 
 - the names and versions of your project's dependencies, their dependencies, and so on, that come from the npm public registry, [but not of other dependencies, like Git dependencies](https://docs.npmjs.com/cli/audit)
 
@@ -53,6 +53,8 @@ When you use the `npm` command, the `npx` command, or other software to work wit
 
 - the scope of the package for which you ran `npm install`, as an `npm-scope` header
 
+- an `npm-command` header, showing which npm command was run
+
 - a `referrer` header that shows the command you ran, with any file or directory paths redacted
 
 - data about the software you're using to access the registry, such as the `User-Agent` string