Add cache clearing info to JS Build config docs (#3297)

[ ] Check if this is a typo or other quick fix and ignore the rest :)

## Type of change
Update to JS build config docs

### What should this PR do?
Adds info about clearing the caches, from Angela's draft:
https://docs.google.com/document/d/13kMq9F1mUooOoLsIXN_EuAs51J8TLshw4D0-uZTK7p0/edit?tab=t.0#heading=h.pqhjvgw1gl4l

### Why are we making this change?
Reduce friction in the user experience

### What are the acceptance criteria? 
Content should be clear and accurate and appear in expected location

### How should this PR be tested?
Review deploy preview

---------

Signed-off-by: s-stumbo <sally.stumbo@chainguard.dev>

Author: s-stumbo

content/chainguard/libraries/javascript/build-configuration.md

@@ -106,6 +106,8 @@ used for managing JavaScript dependencies and scripts. It allows developers to
 install, share, and manage packages for their projects. For more details, see
 the [npm documentation](https://docs.npmjs.com/).
 
+**Declare dependencies in package.json**
+
 With npm, you declare JavaScript package dependencies in a `package.json` file
 and separated into development and runtime dependencies. The following snippet
 shows a minimal example with a couple of dependencies each:
@@ -146,7 +148,18 @@ therefore an update to the lock file. The lock file also encodes the checksum
 values in the `integrity` field and the download URL in the `resolved` field for
 each module.
 
+**Direct access: Point registry to Chainguard**
+
+To change a project to use Chainguard Libraries for JavaScript, set the registry
+URL to point to Chainguard in your user `.npmrc` file: 
+
+```bash
+npm config set registry https://libraries.cgr.dev/javascript/
+```
+
+
 ### Using a repository manager
+
 To change a project to use Chainguard Libraries for JavaScript, set the registry
 URL to point to your repository manager in your user `.npmrc` file: 
 
@@ -167,13 +180,38 @@ configuring authentication.
 
 Example URLs:
 
-* JFrog Artifactory: https://example.jfrog.io/artifactory/javascript-all/
-* Sonatype Nexus: https://repo.example.com:8443/repository/javascript-all/
-* Direct access: https://libraries.cgr.dev/javascript/
+* JFrog Artifactory: `https://example.jfrog.io/artifactory/javascript-all/`
+* Sonatype Nexus: `https://repo.example.com:8443/repository/javascript-all/`
+* Direct access: `https://libraries.cgr.dev/javascript/`
+
+### Apply registry changes
 
 To apply the registry changes, remove the `node_modules` directory and the
 `package-lock.json` file and run the `npm install` command again. This re-fetches all
-packages from Chainguard and regenerates the lockfile with updated hashes.
+packages from Chainguard and regenerates the lockfile with updated hashes:
+
+```bash
+rm -rf node_modules package-lock.json
+npm install
+```
+
+As an alternative to deleting the lock file, you can [run `chainctl libraries update-hashes`](#update-lockfile-hashes) to update hashes in place.
+
+**Clear caches**
+
+If you encounter stale or corrupted package data, clear the cache with:
+
+```bash
+npm cache clean --force
+```
+
+To verify the cache is empty:
+
+```bash
+npm cache verify
+```
+
+### Update lockfile hashes
 
 If you are migrating an existing project and want to preserve your current
 lockfile, use [`chainctl libraries update-hashes`](#updating-lockfile-hashes-for-existing-projects)
@@ -323,6 +361,8 @@ other desired packages for further testing.
 JavaScript, designed as an alternative to npm and Yarn. For
 more information, see the [pnpm documentation](https://pnpm.io/motivation).
 
+**Declare dependencies in package.json**
+
 With pnpm, you declare JavaScript package dependencies in a `package.json` file
 and separated into development and runtime dependencies. The following snippet
 shows a minimal example with a couple of dependencies each:
@@ -362,6 +402,15 @@ Any dependency or dependency version changes require another install and
 therefore an update to the lock file. The lock file also encodes the checksum
 values in the `integrity` field and other information for each module.
 
+**Direct access: Point registry to Chainguard**
+
+To change a project to use Chainguard Libraries for JavaScript, set the registry
+URL to point to Chainguard in your user `.npmrc` file: 
+
+```bash
+pnpm config set registry https://libraries.cgr.dev/javascript/
+```
+
 ### Using a repository manager 
 
 To change a project to use Chainguard Libraries for JavaScript, set the registry
@@ -384,14 +433,72 @@ configuring authentication.
 
 Example URLs:
 
-* JFrog Artifactory: https://example.jfrog.io/artifactory/javascript-all/
-* Sonatype Nexus: https://repo.example.com:8443/repository/javascript-all/
-* Direct access: https://libraries.cgr.dev/javascript/
+* JFrog Artifactory: `https://example.jfrog.io/artifactory/javascript-all/`
+* Sonatype Nexus: `https://repo.example.com:8443/repository/javascript-all/`
+* Direct access: `https://libraries.cgr.dev/javascript/`
+
+### Apply registry changes
 
 To apply the registry change, remove the `node_modules` directory and the
 `pnpm-lock.yaml` file and run the `pnpm install` command again. This re-fetches all
 packages from Chainguard and regenerates the lockfile with updated hashes.
 
+```bash
+rm -rf node_modules pnpm-lock.yaml
+pnpm install
+```
+
+As an alternative to deleting the lock file, you can [run `chainctl libraries update-hashes`](#update-lockfile-hashes-1) to update hashes in place.
+
+
+**Clear pnpmn caches**
+
+pnpm has three separate layers of cached data. If you encounter stale or corrupted package data, you can clear all of these caches:
+
+{{< details "Clear pnpm caches" >}}
+
+**Metadata (packuments)**
+
+There is an [experimental command](https://pnpm.io/cli/cache-delete) to delete the metadata cache:
+
+```bash
+pnpm cache delete
+```
+
+**HTTP cache**
+
+pnpm maintains a separate HTTP cache at `~/.cache/pnpm` (or `$XDG_CACHE_HOME/pnpm` if that variable is set). Delete it with:
+
+```bash
+rm -rf "${XDG_CACHE_HOME:-$HOME/.cache}/pnpm"
+```
+
+**Content-addressable store (tarballs)**
+
+To find and manually remove the full store:
+
+```bash
+pnpm store path
+```
+
+Then delete the directory that command outputs: 
+
+On macOS/Linux - 
+
+```bash
+rm -rf "$(pnpm store path)"
+```
+
+On Windows - 
+
+Use the path returned by `pnpm store path` and delete it via File Explorer or `rmdir`.
+
+> Note: pnpm prune removes unused tarballs but does not remove packument metadata. If you are seeing 404 errors after switching to or updating the Chainguard registry endpoint, use the commands above rather than pnpm prune.
+
+{{< /details >}}
+
+### Update lockfile hashes
+
 If you are migrating an existing project and want to preserve your current
 lockfile, use [`chainctl libraries update-hashes`](#updating-lockfile-hashes-for-existing-projects)
 to update only the integrity hashes in place instead.
@@ -457,6 +564,8 @@ This section applies to modern versions of Yarn, also known as Yarn Berry, with
 versions 2.x and higher. If you are using Yarn 1.x refer to the [Yarn Classic
 section](#yarn-classic).
 
+**Declare dependencies in package.json**
+
 With Yarn, you declare JavaScript package dependencies in a `package.json` file
 and separated into different scoped dependencies such as development and runtime
 dependencies. The following block shows a minimal example with `react` and
@@ -490,6 +599,15 @@ Any dependency or dependency version changes require another install and
 therefore an update to the lock file. The lock file also encodes the checksum
 values in the `checksum` field.
 
+**Direct access: Point registry to Chainguard**
+
+To change a project to use Chainguard Libraries for JavaScript, set the registry
+URL to point to Chainguard in your user `.yarnrc` file: 
+
+```bash
+yarn config set npmRegistryServer https://libraries.cgr.dev/javascript/
+```
+
 ### Using a repository manager
 
 To change a project to use Chainguard Libraries for JavaScript, set the registry
@@ -510,18 +628,33 @@ more details such as authentication support.
 
 Example URLs:
 
-* JFrog Artifactory: https://example.jfrog.io/artifactory/javascript-all
-* Sonatype Nexus: https://repo.example.com:8443/repository/javascript-all
-* Direct access: https://libraries.cgr.dev/javascript
+* JFrog Artifactory: `https://example.jfrog.io/artifactory/javascript-all`
+* Sonatype Nexus: `https://repo.example.com:8443/repository/javascript-all`
+* Direct access: `https://libraries.cgr.dev/javascript`
+
+### Apply registry changes
 
 To apply the registry change, run the `yarn` command again. This forces an update of
 all packages from the new registry and regeneration of the lock file.
 
+If you encounter stale or corrupted package data, clear the cache with:
+
+```bash
+yarn cache clean --all
+```
+
+If you're seeing checksum mismatch errors rather than stale data, you can control Yarn's behavior via the [`checksumBehavior` setting](https://yarnpkg.com/configuration/yarnrc#checksumBehavior) in `.yarnrc.yml`. Setting it to `reset` causes Yarn to purge and re-fetch any cache entry whose checksum doesn't match, without clearing the entire cache:
+
+```yaml
+checksumBehavior: reset
+```
+
+### Update lockfile hashes
+
 If you are migrating an existing project and want to preserve your current
 lockfile, use [`chainctl libraries update-hashes`](#updating-lockfile-hashes-for-existing-projects)
 to update only the integrity hashes in place instead.
 
-
 Now you can proceed with your development and testing. 
 
 <a id="yarn-berry-minimal"></a>
@@ -623,6 +756,28 @@ therefore an update to the lock file. The lock file also encodes the checksum
 values in the `integrity` field and the download URL in the `resolved` field for
 each module.
 
+**Direct access: Point registry to Chainguard**
+
+To change a project to use Chainguard Libraries for JavaScript, first export your pull token as base64-encoded environment variables:
+
+```bash
+export token=$(echo -n "${CHAINGUARD_JAVASCRIPT_IDENTITY_ID}:${CHAINGUARD_JAVASCRIPT_TOKEN}" | base64 -w 0)
+```
+
+Then, set auth and set the registry URL to point to Chainguard in your user `.npmrc` file: 
+
+```bash
+cat > .npmrc << 'EOF'
+registry=https://libraries.cgr.dev/javascript/
+//libraries.cgr.dev/javascript/:_auth="$token"
+//libraries.cgr.dev/javascript/:always-auth=true
+//libraries.cgr.dev/javascript-upstream/:_auth="$token"
+//libraries.cgr.dev/javascript-upstream/:always-auth=true
+EOF
+```
+
+### Using a repo manager
+
 To change a project to use Chainguard Libraries for JavaScript, set the registry
 URL to point to your repository manager in your `.npmrc` file:
 
@@ -634,9 +789,12 @@ EOF
 
 Example URLs:
 
-* JFrog Artifactory: https://example.jfrog.io/artifactory/javascript-all
-* Sonatype Nexus: https://repo.example.com:8443/repository/javascript-all
-* Direct access: https://libraries.cgr.dev/javascript
+* JFrog Artifactory: `https://example.jfrog.io/artifactory/javascript-all`
+* Sonatype Nexus: `https://repo.example.com:8443/repository/javascript-all`
+* Direct access: `https://libraries.cgr.dev/javascript`
+
+
+### Apply registry changes
 
 Note that you can also use the `yarn config set registry` command to set the
 registry in the `.yarnrc` file, however this approach does not support
@@ -649,10 +807,25 @@ details.
 
 To apply the registry change, remove the `node_modules` directory and the `yarn.lock`
 file and run the `yarn` command again. This forces a new download of all
-packages from the new registry and regeneration of the lock file. Alternatively,
+packages from the new registry and regeneration of the lock file:
+
+```bash
+rm -rf node_modules yarn.lock
+yarn install
+```
+
+Alternatively,
 you can run `yarn upgrade` to update all dependencies to their latest allowed
 versions and regenerate the lock file.
 
+If you encounter stale or corrupted package data, clear the cache with:
+
+```bash
+yarn cache clean
+```
+
+### Update lockfile hashes
+
 If you are migrating an existing project and want to preserve your current
 lockfile, use [`chainctl libraries update-hashes`](#updating-lockfile-hashes-for-existing-projects)
 to update only the integrity hashes in place instead.
@@ -722,6 +895,8 @@ other desired packages for further testing.
 package manager designed as an alternative to Node.js tooling. It provides an
 integrated package manager that is compatible with the npm ecosystem.
 
+**Declare dependencies in package.json**
+
 With Bun you declare dependencies in a `package.json` file just like
 [npm](#npm). The following snippet shows a minimal example:
 
@@ -785,6 +960,8 @@ Example registry URLs:
 * Sonatype Nexus: https://repo.example.com:8443/repository/javascript-all/
 * Direct access: https://libraries.cgr.dev/javascript/
 
+### Apply registry changes
+
 To apply the registry change to an existing project, remove `node_modules` and
 the `bun.lock` file and run: