deps: update npm to 5.7.1

deps/npm/.directory

@@ -0,0 +1,6 @@
+[Dolphin]
+Timestamp=2018,3,12,13,42,25
+Version=4
+
+[Settings]
+HiddenFilesShown=true

deps/npm/.gitignore

@@ -0,0 +1,36 @@
+*.swp
+npm-debug.log
+.nyc_output/
+/test/bin
+/test/output.log
+/test/*/*/node_modules
+/test/packages/npm-test-depends-on-spark/which-spark.log
+/test/packages/test-package/random-data.txt
+/test/root
+/node_modules/.bin
+/html/doc/
+/man/
+/doc/*/npm-index.md
+/npmrc
+/release/
+/npm-*.tgz
+/node_modules/npm-registry-client/test/fixtures
+/test/fixtures/config/userconfig-with-gc
+/node_modules/npm-registry-couchapp
+*.pyc
+.jshintrc
+.eslintrc
+.nyc_output
+
+# dev dependencies
+/node_modules/deep-equal/
+/node_modules/marked/
+/node_modules/marked-man/
+/node_modules/nock/
+/node_modules/npm-registry-couchapp/
+/node_modules/npm-registry-mock/
+/node_modules/require-inject/
+/node_modules/sprintf-js/
+/node_modules/standard/
+/node_modules/tap/
+/node_modules/tacks/

deps/npm/.npmrc

@@ -0,0 +1 @@
+legacy-bundling = true

deps/npm/AUTHORS

@@ -536,3 +536,4 @@ Jacob Wejendorp <jacob@wejendorp.dk>
 Alejandro López <a.lopez.sanchez@outlook.es>
 Victor Belozyorov <hi@vbelozyorov.com>
 Bradley Farias <bfarias@godaddy.com>
+Kyle E. Mitchell <kyle@kemitchell.com>

deps/npm/CHANGELOG.md

@@ -1,3 +1,206 @@
+## v5.7.1 (2018-02-22):
+
+This release reverts a patch that could cause some ownership changes on system
+files when running from some directories when also using `sudo`. 😲
+
+Thankfully, it only affected users running `npm@next`, which is part of our
+staggered release system, which we use to prevent issues like this from going
+out into the wider world before we can catch them. Users on `latest` would have
+never seen this!
+
+The original patch was added to increase consistency and reliability of methods
+npm uses to avoid writing files as `root` in places it shouldn't, but the change
+was applied in places that should have used regular `mkdirp`. This release
+reverts that patch.
+
+* [`74e149da6`](https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0)
+  [`#19883`](https://github.com/npm/npm/issue/19883)
+  Revert "*: Switch from mkdirp to correctMkdir to preserve perms and owners"
+  This reverts commit [`94227e15`](https://github.com/npm/npm/commit/94227e15eeced836b3d7b3d2b5e5cc41d4959cff).
+  ([@zkat](https://github.com/zkat))
+
+## v5.7.0 (2018-02-20):
+
+Hey y'all, it's been a while.  Expect our release rate to increase back to
+normal here, as we've got a lot in the pipeline.  Right now we've got a
+bunch of things from folks at npm.  In the next release we'll be focusing on
+user contributions and there are a lot of them queued up!
+
+This release brings a bunch of exciting new features and bug fixes.
+
+### PACKAGE-LOCK GIT MERGE CONFLICT RESOLUTION
+
+Allow `npm install` to fix `package-lock.json` and `npm-shrinkwrap.json`
+files that have merge conflicts in them without your having to edit them.
+It works in conjunction with
+[`npm-merge-driver`](https://www.npmjs.com/package/npm-merge-driver) to
+entirely eliminate package-lock merge conflicts.
+
+* [`e27674c22`](https://github.com/npm/npm/commit/e27674c221dc17473f23bffa50123e49a021ae34)
+  Automatically resolve merge conflicts in lock-files.
+  ([@zkat](https://github.com/zkat))
+
+### NPM CI
+
+The new `npm ci` command installs from your lock-file ONLY.  If your
+`package.json` and your lock-file are out of sync then it will report an error.
+
+It works by throwing away your `node_modules` and recreating it from scratch.
+
+Beyond guaranteeing you that you'll only get what is in your lock-file it's
+also much faster (2x-10x!) than `npm install` when you don't start with a
+`node_modules`.
+
+As you may take from the name, we expect it to be a big boon to continuous
+integration environments.  We also expect that folks who do production
+deploys from git tags will see major gains.
+
+* [`5e4de9c99`](https://github.com/npm/npm/commit/5e4de9c99c934e25ef7b9c788244cc3c993da559)
+  Add new `npm ci` installer.
+  ([@zkat](https://github.com/zkat))
+
+### OTHER NEW FEATURES
+
+* [`4d418c21b`](https://github.com/npm/npm/commit/4d418c21b051f23a3b6fb085449fdf4bf4f826f5)
+  [#19817](https://github.com/npm/npm/pull/19817)
+  Include contributor count in installation summary.
+  ([@kemitchell](https://github.com/kemitchell))
+* [`17079c2a8`](https://github.com/npm/npm/commit/17079c2a880d3a6f8a67c8f17eedc7eb51b8f0f8)
+  Require password to change email through `npm profile`.
+  ([@iarna](https://github.com/iarna))
+* [`e7c5d226a`](https://github.com/npm/npm/commit/e7c5d226ac0ad3da0e38f16721c710909d0a9847)
+  [`4f5327c05`](https://github.com/npm/npm/commit/4f5327c0556764aa1bbc9b58b1a8c8a84136c56a)
+  [#19780](https://github.com/npm/npm/pull/19780)
+  Add support for web-based logins. This is not yet available on the registry, however.
+  ([@isaacs](https://github.com/isaacs))
+
+### BIG FIXES TO PRUNING
+
+* [`827951590`](https://github.com/npm/npm/commit/8279515903cfa3026cf7096189485cdf29f74a8f)
+  Handle running `npm install package-name` with a `node_modules` containing
+  packages without sufficient metadata to verify their origin.  The only way
+  to get install packages like this is to use a non-`npm` package manager.
+  Previously `npm` removed any packages that it couldn't verify.  Now it
+  will leave them untouched as long as you're not asking for a full install.
+  On a full install they will be reinstalled (but the same versions will be
+  maintained).
+
+  This will fix problems for folks who are using a third party package
+  manager to install packages that have `postinstall` scripts that run
+  `npm install`.
+  ([@iarna](https://github.com/iarna))
+* [`3b305ee71`](https://github.com/npm/npm/commit/3b305ee71e2bf852ff3037366a1774b8c5fcc0a5)
+  Only auto-prune on installs that will create a lock-file.  This restores
+  `npm@4` compatible behavior when the lock-file is disabled.  When using a
+  lock-file `npm` will continue to remove anything in your `node_modules`
+  that's not in your lock-file.  ([@iarna](https://github.com/iarna))
+* [`cec5be542`](https://github.com/npm/npm/commit/cec5be5427f7f5106a905de8630e1243e9b36ef4)
+  Fix bug where `npm prune --production` would remove dev deps from the lock
+  file.  It will now only remove them from `node_modules` not from your lock
+  file.
+  ([@iarna](https://github.com/iarna))
+* [`857dab03f`](https://github.com/npm/npm/commit/857dab03f2d58586b45d41d3e5af0fb2d4e824d0)
+  Fix bug where git dependencies would be removed or reinstalled when
+  installing other dependencies.
+  ([@iarna](https://github.com/iarna))
+
+### BUG FIXES TO TOKENS AND PROFILES
+
+* [`a66e0cd03`](https://github.com/npm/npm/commit/a66e0cd0314893b745e6b9f6ca1708019b1d7aa3)
+  For CIDR filtered tokens, allow comma separated CIDR ranges, as documented. Previously
+  you could only pass in multiple cidr ranges with multiple `--cidr` command line options.
+  ([@iarna](https://github.com/iarna))
+* [`d259ab014`](https://github.com/npm/npm/commit/d259ab014748634a89cad5b20eb7a40f3223c0d5)
+  Fix token revocation when an OTP is required.  Previously you had to pass
+  it in via `--otp`.  Now it will prompt you for an OTP like other
+  `npm token` commands.
+  ([@iarna](https://github.com/iarna))
+* [`f8b1f6aec`](https://github.com/npm/npm/commit/f8b1f6aecadd3b9953c2b8b05d15f3a9cff67cfd)
+  Update token and profile commands to support legacy (username/password) authentication.
+  (The npm registry uses tokens, not username/password pairs, to authenticate commands.)
+  ([@iarna](https://github.com/iarna))
+
+### OTHER BUG FIXES
+
+* [`6954dfc19`](https://github.com/npm/npm/commit/6954dfc192f88ac263f1fcc66cf820a21f4379f1)
+  Fix a bug where packages would get pushed deeper into the tree when upgrading without
+  an existing copy on disk. Having packages deeper in the tree ordinarily is harmless but
+  is not when peerDependencies are in play.
+  ([@iarna](https://github.com/iarna))
+* [`1ca916a1e`](https://github.com/npm/npm/commit/1ca916a1e9cf94691d1ff2e5e9d0204cfaba39e1)
+  Fix bug where when switching from a linked module to a non-linked module, the dependencies
+  of the module wouldn't be installed on the first run of `npm install`.
+  ([@iarna](https://github.com/iarna))
+* [`8c120ebb2`](https://github.com/npm/npm/commit/8c120ebb28e87bc6fe08a3fad1bb87b50026a33a)
+  Fix integrity matching to eliminate spurious EINTEGRITY errors.
+  ([@zkat](https://github.com/zkat))
+* [`94227e15e`](https://github.com/npm/npm/commit/94227e15eeced836b3d7b3d2b5e5cc41d4959cff)
+  More consistently make directories using perm and ownership preserving features.
+  ([@iarna](https://github.com/iarna))
+
+### DEPENDENCY UPDATES
+
+* [`364b23c7f`](https://github.com/npm/npm/commit/364b23c7f8a231c0df3866d6a8bde4d3f37bbc00)
+  [`f2049f9e7`](https://github.com/npm/npm/commit/f2049f9e7992e6edcfce8619b59746789367150f)
+  `cacache@10.0.4`
+  ([@zkat](https://github.com/zkat))
+* [`d183d7675`](https://github.com/npm/npm/commit/d183d76757e8a29d63a999d7fb4edcc1486c25c1)
+  `find-npm-prefix@1.0.2`:
+  ([@iarna](https://github.com/iarna))
+* [`ffd6ea62c`](https://github.com/npm/npm/commit/ffd6ea62ce583baff38cf4901cf599639bc193c8)
+  `fs-minipass@1.2.5`
+* [`ee63b8a31`](https://github.com/npm/npm/commit/ee63b8a311ac53b0cf2efa79babe61a2c4083ef6)
+  `ini@1.3.5`
+  ([@isaacs](https://github.com/isaacs))
+* [`6f73f5509`](https://github.com/npm/npm/commit/6f73f5509e9e8d606526565c7ceb71c62642466e)
+  `JSONStream@1.3.2`
+  ([@dominictarr](https://github.com/dominictarr))
+* [`26cd64869`](https://github.com/npm/npm/commit/26cd648697c1324979289e381fe837f9837f3874)
+  [`9bc6230cf`](https://github.com/npm/npm/commit/9bc6230cf34a09b7e4358145ff0ac3c69c23c3f6)
+  `libcipm@1.3.3`
+  ([@zkat](https://github.com/zkat))
+* [`21a39be42`](https://github.com/npm/npm/commit/21a39be4241a60a898d11a5967f3fc9868ef70c9)
+  `marked@0.3.1`:5
+  ([@joshbruce](https://github.com/joshbruce))
+* [`dabdf57b2`](https://github.com/npm/npm/commit/dabdf57b2d60d665728894b4c1397b35aa9d41c0)
+  `mississippi@2.0.0`
+* [`2594c5867`](https://github.com/npm/npm/commit/2594c586723023edb1db172779afb2cbf8b30c08)
+  `npm-registry-couchapp@2.7.1`
+  ([@iarna](https://github.com/iarna))
+* [`8abb3f230`](https://github.com/npm/npm/commit/8abb3f230f119fe054353e70cb26248fc05db0b9)
+  `osenv@0.1.5`
+  ([@isaacs](https://github.com/isaacs))
+* [`11a0b00bd`](https://github.com/npm/npm/commit/11a0b00bd3c18625075dcdf4a5cb6500b33c6265)
+  `pacote@7.3.3`
+  ([@zkat](https://github.com/zkat))
+* [`9b6bdb2c7`](https://github.com/npm/npm/commit/9b6bdb2c77e49f6d473e70de4cd83c58d7147965)
+  `query-string@5.1.0`
+  ([@sindresorhus](https://github.com/sindresorhus))
+* [`d6d17d6b5`](https://github.com/npm/npm/commit/d6d17d6b532cf4c3461b1cf2e0404f7c62c47ec4)
+  `readable-stream@2.3.4`
+  ([@mcollina](https://github.com/mcollina))
+* [`51370aad5`](https://github.com/npm/npm/commit/51370aad561b368ccc95c1c935c67c8cd2844d40)
+  `semver@5.5.0`
+  ([@isaacs](https://github.com/isaacs))
+* [`0db14bac7`](https://github.com/npm/npm/commit/0db14bac762dd59c3fe17c20ee96d2426257cdd5)
+  [`81da938ab`](https://github.com/npm/npm/commit/81da938ab6efb881123cdcb44f7f84551924c988)
+  [`9999e83f8`](https://github.com/npm/npm/commit/9999e83f87c957113a12a6bf014a2099d720d716)
+  `ssri@5.2.4`
+  ([@zkat](https://github.com/zkat))
+* [`f526992ab`](https://github.com/npm/npm/commit/f526992ab6f7322a0b3a8d460dc48a2aa4a59a33)
+  `tap@11.1.1`
+  ([@isaacs](https://github.com/isaacs))
+* [`be096b409`](https://github.com/npm/npm/commit/be096b4090e2a33ae057912d28fadc5a53bd3391)
+  [`dc3059522`](https://github.com/npm/npm/commit/dc3059522758470adc225f0651be72c274bd29ef)
+  `tar@4.3.3`
+* [`6b552daac`](https://github.com/npm/npm/commit/6b552daac952f413ed0e2df762024ad219a8dc0a)
+  `uuid@3.2.1`
+  ([@broofa](https://github.com/broofa))
+* [`8c9011b72`](https://github.com/npm/npm/commit/8c9011b724ad96060e7e82d9470e9cc3bb64e9c6)
+  `worker-farm@1.5.2`
+  ([@rvagg](https://github.com/rvagg))
+
+
 ## v5.6.0 (2017-11-27):
 
 ### Features!
@@ -29,11 +232,6 @@ You may have noticed this is a semver-minor bump. Wondering why? This is why!
   will allow npm to explicitly cache git dependencies.
   ([@isaacs](https://github.com/isaacs))
 
-### Performance
-
-* [`39ba4aa74`](https://github.com/npm/npm/commit/39ba4aa7479220e61573c0c1977124c2199f49d0)
-  `tar@4.1.0`: Reduce number of overall fs operations during packing/unpacking.
-
 ### Node 9
 
 Previously, it turns out npm broke on the latest Node, `node@9`. We went ahead
@@ -239,7 +437,7 @@ A very quick, record time, patch release, of a bug fix to a (sigh) last minute b
 
 * [`e628e058b`](https://github.com/npm/npm/commit/e628e058b)
   Fix login to properly recognize OTP request and store bearer tokens.
-  ([@Rebecca Turner](https://github.com/Rebecca Turner))
+  ([@iarna](https://github.com/iarna))
 
 ## v5.5.0 (2017-10-04):
 
@@ -1071,7 +1269,7 @@ helpful when community members go over our code and help clean it up, too!
 * [`7d650048c`](https://github.com/npm/npm/commit/7d650048c8ed5faa0486492f1eeb698e7383e32f)
   [#17563](https://github.com/npm/npm/pull/17563)
   Refactor some code to use `Object.assign`.
-  ([@vramana](https://github.com/vramana))
+  ([@vramana](https://github.com/vramana))
 * [`993f673f0`](https://github.com/npm/npm/commit/993f673f056aea5f602ea04b1e697b027c267a2d)
   [#17600](https://github.com/npm/npm/pull/17600)
   Remove an old comment.

deps/npm/bin/node-gyp-bin/node-gyp.cmd

@@ -1,5 +1,5 @@
-if not defined npm_config_node_gyp (
-  node "%~dp0\..\..\node_modules\node-gyp\bin\node-gyp.js" %*
-) else (
+if not defined npm_config_node_gyp (
+  node "%~dp0\..\..\node_modules\node-gyp\bin\node-gyp.js" %*
+) else (
   node "%npm_config_node_gyp%" %*
-)
+)

deps/npm/bin/npm.cmd

@@ -1,19 +1,19 @@
-:: Created by npm, please don't edit manually.
-@ECHO OFF
-
-SETLOCAL
-
-SET "NODE_EXE=%~dp0\node.exe"
-IF NOT EXIST "%NODE_EXE%" (
-  SET "NODE_EXE=node"
-)
-
-SET "NPM_CLI_JS=%~dp0\node_modules\npm\bin\npm-cli.js"
-FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_CLI_JS%" prefix -g') DO (
-  SET "NPM_PREFIX_NPM_CLI_JS=%%F\node_modules\npm\bin\npm-cli.js"
-)
-IF EXIST "%NPM_PREFIX_NPM_CLI_JS%" (
-  SET "NPM_CLI_JS=%NPM_PREFIX_NPM_CLI_JS%"
-)
-
-"%NODE_EXE%" "%NPM_CLI_JS%" %*
+:: Created by npm, please don't edit manually.
+@ECHO OFF
+
+SETLOCAL
+
+SET "NODE_EXE=%~dp0\node.exe"
+IF NOT EXIST "%NODE_EXE%" (
+  SET "NODE_EXE=node"
+)
+
+SET "NPM_CLI_JS=%~dp0\node_modules\npm\bin\npm-cli.js"
+FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPM_CLI_JS%" prefix -g') DO (
+  SET "NPM_PREFIX_NPM_CLI_JS=%%F\node_modules\npm\bin\npm-cli.js"
+)
+IF EXIST "%NPM_PREFIX_NPM_CLI_JS%" (
+  SET "NPM_CLI_JS=%NPM_PREFIX_NPM_CLI_JS%"
+)
+
+"%NODE_EXE%" "%NPM_CLI_JS%" %*

deps/npm/bin/npx.cmd

@@ -1,19 +1,19 @@
-:: Created by npm, please don't edit manually.
-@ECHO OFF
-
-SETLOCAL
-
-SET "NODE_EXE=%~dp0\node.exe"
-IF NOT EXIST "%NODE_EXE%" (
-  SET "NODE_EXE=node"
-)
-
-SET "NPX_CLI_JS=%~dp0\node_modules\npm\bin\npx-cli.js"
-FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPX_CLI_JS%" prefix -g') DO (
-  SET "NPM_PREFIX_NPX_CLI_JS=%%F\node_modules\npm\bin\npx-cli.js"
-)
-IF EXIST "%NPM_PREFIX_NPX_CLI_JS%" (
-  SET "NPX_CLI_JS=%NPM_PREFIX_NPX_CLI_JS%"
-)
-
-"%NODE_EXE%" "%NPX_CLI_JS%" %*
+:: Created by npm, please don't edit manually.
+@ECHO OFF
+
+SETLOCAL
+
+SET "NODE_EXE=%~dp0\node.exe"
+IF NOT EXIST "%NODE_EXE%" (
+  SET "NODE_EXE=node"
+)
+
+SET "NPX_CLI_JS=%~dp0\node_modules\npm\bin\npx-cli.js"
+FOR /F "delims=" %%F IN ('CALL "%NODE_EXE%" "%NPX_CLI_JS%" prefix -g') DO (
+  SET "NPM_PREFIX_NPX_CLI_JS=%%F\node_modules\npm\bin\npx-cli.js"
+)
+IF EXIST "%NPM_PREFIX_NPX_CLI_JS%" (
+  SET "NPX_CLI_JS=%NPM_PREFIX_NPX_CLI_JS%"
+)
+
+"%NODE_EXE%" "%NPX_CLI_JS%" %*

deps/npm/changelogs/CHANGELOG-3.md

@@ -47,7 +47,7 @@ This is gonna be a much, MUCH smaller major version than 3.x was. Maybe even
 smaller than 2.x was. I can't tell you everything that'll be in there just
 yet, but at the very least it's going to have what's in our
 [4.x milestone](https://github.com/npm/npm/pulls?q=is%3Aopen+is%3Apr+milestone%3A4.x),
-PLUS, the first steps in
+PLUS, the first steps in 
 [making `prepublish` work](https://github.com/npm/npm/issues/10074) the way
 people expect it to.