diff --git a/node_modules/libnpm/CHANGELOG.md b/node_modules/libnpm/CHANGELOG.md
index cbfddfa9b8fb3..bb3a52a36f93d 100644
--- a/node_modules/libnpm/CHANGELOG.md
+++ b/node_modules/libnpm/CHANGELOG.md
@@ -2,6 +2,11 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [3.0.1](https://github.com/npm/libnpm/compare/v3.0.0...v3.0.1) (2019-07-16)
+
+
+
# [3.0.0](https://github.com/npm/libnpm/compare/v2.0.1...v3.0.0) (2019-07-10)
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/.travis.yml b/node_modules/libnpm/node_modules/libnpmaccess/.travis.yml
new file mode 100644
index 0000000000000..db5ea8b018640
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+ - "10"
+ - "9"
+ - "8"
+ - "6"
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/CHANGELOG.md b/node_modules/libnpm/node_modules/libnpmaccess/CHANGELOG.md
new file mode 100644
index 0000000000000..cbec879a7db2e
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/CHANGELOG.md
@@ -0,0 +1,129 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.0.2](https://github.com/npm/libnpmaccess/compare/v3.0.1...v3.0.2) (2019-07-16)
+
+
+
+
+## [3.0.1](https://github.com/npm/libnpmaccess/compare/v3.0.0...v3.0.1) (2018-11-12)
+
+
+### Bug Fixes
+
+* **ls-packages:** fix confusing splitEntity arg check ([1769090](https://github.com/npm/libnpmaccess/commit/1769090))
+
+
+
+
+# [3.0.0](https://github.com/npm/libnpmaccess/compare/v2.0.1...v3.0.0) (2018-08-24)
+
+
+### Features
+
+* **api:** overhaul API ergonomics ([1faf00a](https://github.com/npm/libnpmaccess/commit/1faf00a))
+
+
+### BREAKING CHANGES
+
+* **api:** all API calls where scope and team were separate, or
+where team was an extra, optional argument should now use a
+fully-qualified team name instead, in the `scope:team` format.
+
+
+
+
+## [2.0.1](https://github.com/npm/libnpmaccess/compare/v2.0.0...v2.0.1) (2018-08-24)
+
+
+
+
+# [2.0.0](https://github.com/npm/libnpmaccess/compare/v1.2.2...v2.0.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **json:** stop trying to parse response JSON ([20fdd84](https://github.com/npm/libnpmaccess/commit/20fdd84))
+* **lsPackages:** team URL was wrong D: ([b52201c](https://github.com/npm/libnpmaccess/commit/b52201c))
+
+
+### BREAKING CHANGES
+
+* **json:** use cases where registries were returning JSON
+strings in the response body will no longer have an effect. All
+API functions except for lsPackages and lsCollaborators will return
+`true` on completion.
+
+
+
+
+## [1.2.2](https://github.com/npm/libnpmaccess/compare/v1.2.1...v1.2.2) (2018-08-20)
+
+
+### Bug Fixes
+
+* **docs:** tiny doc hiccup fix ([106396f](https://github.com/npm/libnpmaccess/commit/106396f))
+
+
+
+
+## [1.2.1](https://github.com/npm/libnpmaccess/compare/v1.2.0...v1.2.1) (2018-08-20)
+
+
+### Bug Fixes
+
+* **docs:** document the stream interfaces ([c435aa2](https://github.com/npm/libnpmaccess/commit/c435aa2))
+
+
+
+
+# [1.2.0](https://github.com/npm/libnpmaccess/compare/v1.1.0...v1.2.0) (2018-08-20)
+
+
+### Bug Fixes
+
+* **readme:** fix up appveyor badge url ([42b45a1](https://github.com/npm/libnpmaccess/commit/42b45a1))
+
+
+### Features
+
+* **streams:** add streaming result support for lsPkg and lsCollab ([0f06f46](https://github.com/npm/libnpmaccess/commit/0f06f46))
+
+
+
+
+# [1.1.0](https://github.com/npm/libnpmaccess/compare/v1.0.0...v1.1.0) (2018-08-17)
+
+
+### Bug Fixes
+
+* **2fa:** escape package names correctly ([f2d83fe](https://github.com/npm/libnpmaccess/commit/f2d83fe))
+* **grant:** fix permissions validation ([07f7435](https://github.com/npm/libnpmaccess/commit/07f7435))
+* **ls-collaborators:** fix package name escaping + query ([3c02858](https://github.com/npm/libnpmaccess/commit/3c02858))
+* **ls-packages:** add query + fix fallback request order ([bdc4791](https://github.com/npm/libnpmaccess/commit/bdc4791))
+* **node6:** stop using Object.entries() ([4fec03c](https://github.com/npm/libnpmaccess/commit/4fec03c))
+* **public/restricted:** body should be string, not bool ([cffc727](https://github.com/npm/libnpmaccess/commit/cffc727))
+* **readme:** fix up title and badges ([2bd6113](https://github.com/npm/libnpmaccess/commit/2bd6113))
+* **specs:** require specs to be registry specs ([7892891](https://github.com/npm/libnpmaccess/commit/7892891))
+
+
+### Features
+
+* **test:** add 100% coverage test suite ([22b5dec](https://github.com/npm/libnpmaccess/commit/22b5dec))
+
+
+
+
+# 1.0.0 (2018-08-17)
+
+
+### Bug Fixes
+
+* **test:** -100 is apparently bad now ([a5ab879](https://github.com/npm/libnpmaccess/commit/a5ab879))
+
+
+### Features
+
+* **impl:** initial implementation of api ([7039390](https://github.com/npm/libnpmaccess/commit/7039390))
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/CODE_OF_CONDUCT.md b/node_modules/libnpm/node_modules/libnpmaccess/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000000..aeb72f598dcb4
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/CODE_OF_CONDUCT.md
@@ -0,0 +1,151 @@
+# Code of Conduct
+
+## When Something Happens
+
+If you see a Code of Conduct violation, follow these steps:
+
+1. Let the person know that what they did is not appropriate and ask them to stop and/or edit their message(s) or commits.
+2. That person should immediately stop the behavior and correct the issue.
+3. If this doesn’t happen, or if you're uncomfortable speaking up, [contact the maintainers](#contacting-maintainers).
+4. As soon as available, a maintainer will look into the issue, and take [further action (see below)](#further-enforcement), starting with a warning, then temporary block, then long-term repo or organization ban.
+
+When reporting, please include any relevant details, links, screenshots, context, or other information that may be used to better understand and resolve the situation.
+
+**The maintainer team will prioritize the well-being and comfort of the recipients of the violation over the comfort of the violator.** See [some examples below](#enforcement-examples).
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers of this project pledge to making participation in our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, technical preferences, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+ * Using welcoming and inclusive language.
+ * Being respectful of differing viewpoints and experiences.
+ * Gracefully accepting constructive feedback.
+ * Focusing on what is best for the community.
+ * Showing empathy and kindness towards other community members.
+ * Encouraging and raising up your peers in the project so you can all bask in hacks and glory.
+
+Examples of unacceptable behavior by participants include:
+
+ * The use of sexualized language or imagery and unwelcome sexual attention or advances, including when simulated online. The only exception to sexual topics is channels/spaces specifically for topics of sexual identity.
+ * Casual mention of slavery or indentured servitude and/or false comparisons of one's occupation or situation to slavery. Please consider using or asking about alternate terminology when referring to such metaphors in technology.
+ * Making light of/making mocking comments about trigger warnings and content warnings.
+ * Trolling, insulting/derogatory comments, and personal or political attacks.
+ * Public or private harassment, deliberate intimidation, or threats.
+ * Publishing others' private information, such as a physical or electronic address, without explicit permission. This includes any sort of "outing" of any aspect of someone's identity without their consent.
+ * Publishing private screenshots or quotes of interactions in the context of this project without all quoted users' *explicit* consent.
+ * Publishing of private communication that doesn't have to do with reporting harrassment.
+ * Any of the above even when [presented as "ironic" or "joking"](https://en.wikipedia.org/wiki/Hipster_racism).
+ * Any attempt to present "reverse-ism" versions of the above as violations. Examples of reverse-isms are "reverse racism", "reverse sexism", "heterophobia", and "cisphobia".
+ * Unsolicited explanations under the assumption that someone doesn't already know it. Ask before you teach! Don't assume what people's knowledge gaps are.
+ * [Feigning or exaggerating surprise](https://www.recurse.com/manual#no-feigned-surprise) when someone admits to not knowing something.
+ * "[Well-actuallies](https://www.recurse.com/manual#no-well-actuallys)"
+ * Other conduct which could reasonably be considered inappropriate in a professional or community setting.
+
+## Scope
+
+This Code of Conduct applies both within spaces involving this project and in other spaces involving community members. This includes the repository, its Pull Requests and Issue tracker, its Twitter community, private email communications in the context of the project, and any events where members of the project are participating, as well as adjacent communities and venues affecting the project's members.
+
+Depending on the violation, the maintainers may decide that violations of this code of conduct that have happened outside of the scope of the community may deem an individual unwelcome, and take appropriate action to maintain the comfort and safety of its members.
+
+### Other Community Standards
+
+As a project on GitHub, this project is additionally covered by the [GitHub Community Guidelines](https://help.github.com/articles/github-community-guidelines/).
+
+Additionally, as a project hosted on npm, is is covered by [npm, Inc's Code of Conduct](https://www.npmjs.com/policies/conduct).
+
+Enforcement of those guidelines after violations overlapping with the above are the responsibility of the entities, and enforcement may happen in any or all of the services/communities.
+
+## Maintainer Enforcement Process
+
+Once the maintainers get involved, they will follow a documented series of steps and do their best to preserve the well-being of project members. This section covers actual concrete steps.
+
+### Contacting Maintainers
+
+You may get in touch with the maintainer team through any of the following methods:
+
+ * Through email:
+ * [kzm@zkat.tech](mailto:kzm@zkat.tech) (Kat Marchán)
+
+ * Through Twitter:
+ * [@maybekatz](https://twitter.com/maybekatz) (Kat Marchán)
+
+### Further Enforcement
+
+If you've already followed the [initial enforcement steps](#enforcement), these are the steps maintainers will take for further enforcement, as needed:
+
+ 1. Repeat the request to stop.
+ 2. If the person doubles down, they will have offending messages removed or edited by a maintainers given an official warning. The PR or Issue may be locked.
+ 3. If the behavior continues or is repeated later, the person will be blocked from participating for 24 hours.
+ 4. If the behavior continues or is repeated after the temporary block, a long-term (6-12mo) ban will be used.
+
+On top of this, maintainers may remove any offending messages, images, contributions, etc, as they deem necessary.
+
+Maintainers reserve full rights to skip any of these steps, at their discretion, if the violation is considered to be a serious and/or immediate threat to the health and well-being of members of the community. These include any threats, serious physical or verbal attacks, and other such behavior that would be completely unacceptable in any social setting that puts our members at risk.
+
+Members expelled from events or venues with any sort of paid attendance will not be refunded.
+
+### Who Watches the Watchers?
+
+Maintainers and other leaders who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. These may include anything from removal from the maintainer team to a permanent ban from the community.
+
+Additionally, as a project hosted on both GitHub and npm, [their own Codes of Conducts may be applied against maintainers of this project](#other-community-standards), externally of this project's procedures.
+
+### Enforcement Examples
+
+#### The Best Case
+
+The vast majority of situations work out like this. This interaction is common, and generally positive.
+
+> Alex: "Yeah I used X and it was really crazy!"
+
+> Patt (not a maintainer): "Hey, could you not use that word? What about 'ridiculous' instead?"
+
+> Alex: "oh sorry, sure." -> edits old comment to say "it was really confusing!"
+
+#### The Maintainer Case
+
+Sometimes, though, you need to get maintainers involved. Maintainers will do their best to resolve conflicts, but people who were harmed by something **will take priority**.
+
+> Patt: "Honestly, sometimes I just really hate using $library and anyone who uses it probably sucks at their job."
+
+> Alex: "Whoa there, could you dial it back a bit? There's a CoC thing about attacking folks' tech use like that."
+
+> Patt: "I'm not attacking anyone, what's your problem?"
+
+> Alex: "@maintainers hey uh. Can someone look at this issue? Patt is getting a bit aggro. I tried to nudge them about it, but nope."
+
+> KeeperOfCommitBits: (on issue) "Hey Patt, maintainer here. Could you tone it down? This sort of attack is really not okay in this space."
+
+> Patt: "Leave me alone I haven't said anything bad wtf is wrong with you."
+
+> KeeperOfCommitBits: (deletes user's comment), "@patt I mean it. Please refer to the CoC over at (URL to this CoC) if you have questions, but you can consider this an actual warning. I'd appreciate it if you reworded your messages in this thread, since they made folks there uncomfortable. Let's try and be kind, yeah?"
+
+> Patt: "@keeperofbits Okay sorry. I'm just frustrated and I'm kinda burnt out and I guess I got carried away. I'll DM Alex a note apologizing and edit my messages. Sorry for the trouble."
+
+> KeeperOfCommitBits: "@patt Thanks for that. I hear you on the stress. Burnout sucks :/. Have a good one!"
+
+#### The Nope Case
+
+> PepeTheFrog🐸: "Hi, I am a literal actual nazi and I think white supremacists are quite fashionable."
+
+> Patt: "NOOOOPE. OH NOPE NOPE."
+
+> Alex: "JFC NO. NOPE. @keeperofbits NOPE NOPE LOOK HERE"
+
+> KeeperOfCommitBits: "👀 Nope. NOPE NOPE NOPE. 🔥"
+
+> PepeTheFrog🐸 has been banned from all organization or user repositories belonging to KeeperOfCommitBits.
+
+## Attribution
+
+This Code of Conduct was generated using [WeAllJS Code of Conduct Generator](https://npm.im/weallbehave), which is based on the [WeAllJS Code of
+Conduct](https://wealljs.org/code-of-conduct), which is itself based on
+[Contributor Covenant](http://contributor-covenant.org), version 1.4, available
+at
+[http://contributor-covenant.org/version/1/4](http://contributor-covenant.org/version/1/4),
+and the LGBTQ in Technology Slack [Code of
+Conduct](http://lgbtq.technology/coc.html).
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/CONTRIBUTING.md b/node_modules/libnpm/node_modules/libnpmaccess/CONTRIBUTING.md
new file mode 100644
index 0000000000000..e13356ea44497
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/CONTRIBUTING.md
@@ -0,0 +1,256 @@
+# Contributing
+
+## How do I...
+
+* [Use This Guide](#introduction)?
+* Ask or Say Something? 🤔🐛😱
+ * [Request Support](#request-support)
+ * [Report an Error or Bug](#report-an-error-or-bug)
+ * [Request a Feature](#request-a-feature)
+* Make Something? 🤓👩🏽💻📜🍳
+ * [Project Setup](#project-setup)
+ * [Contribute Documentation](#contribute-documentation)
+ * [Contribute Code](#contribute-code)
+* Manage Something ✅🙆🏼💃👔
+ * [Provide Support on Issues](#provide-support-on-issues)
+ * [Label Issues](#label-issues)
+ * [Clean Up Issues and PRs](#clean-up-issues-and-prs)
+ * [Review Pull Requests](#review-pull-requests)
+ * [Merge Pull Requests](#merge-pull-requests)
+ * [Tag a Release](#tag-a-release)
+ * [Join the Project Team](#join-the-project-team)
+* Add a Guide Like This One [To My Project](#attribution)? 🤖😻👻
+
+## Introduction
+
+Thank you so much for your interest in contributing!. All types of contributions are encouraged and valued. See the [table of contents](#toc) for different ways to help and details about how this project handles them!📝
+
+Please make sure to read the relevant section before making your contribution! It will make it a lot easier for us maintainers to make the most of it and smooth out the experience for all involved. 💚
+
+The [Project Team](#join-the-project-team) looks forward to your contributions. 🙌🏾✨
+
+## Request Support
+
+If you have a question about this project, how to use it, or just need clarification about something:
+
+* Open an Issue at https://github.com/npm/libnpmaccess/issues
+* Provide as much context as you can about what you're running into.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* Someone will try to have a response soon.
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+
+## Report an Error or Bug
+
+If you run into an error or bug with the project:
+
+* Open an Issue at https://github.com/npm/libnpmaccess/issues
+* Include *reproduction steps* that someone else can follow to recreate the bug or error on their own.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* A team member will try to reproduce the issue with your provided steps. If there are no repro steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+* If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#contribute-code).
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+* `critical` issues may be left open, depending on perceived immediacy and severity, even past the 30 day deadline.
+
+## Request a Feature
+
+If the project doesn't do something you need or want it to do:
+
+* Open an Issue at https://github.com/npm/libnpmaccess/issues
+* Provide as much context as you can about what you're running into.
+* Please try and be clear about why existing features and alternatives would not work for you.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* The project team will evaluate the feature request, possibly asking you more questions to understand its purpose and any relevant requirements. If the issue is closed, the team will convey their reasoning and suggest an alternative path forward.
+* If the feature request is accepted, it will be marked for implementation with `feature-accepted`, which can then be done by either by a core team member or by anyone in the community who wants to [contribute code](#contribute-code).
+
+Note: The team is unlikely to be able to accept every single feature request that is filed. Please understand if they need to say no.
+
+## Project Setup
+
+So you wanna contribute some code! That's great! This project uses GitHub Pull Requests to manage contributions, so [read up on how to fork a GitHub project and file a PR](https://guides.github.com/activities/forking) if you've never done it before.
+
+If this seems like a lot or you aren't able to do all this setup, you might also be able to [edit the files directly](https://help.github.com/articles/editing-files-in-another-user-s-repository/) without having to do any of this setup. Yes, [even code](#contribute-code).
+
+If you want to go the usual route and run the project locally, though:
+
+* [Install Node.js](https://nodejs.org/en/download/)
+* [Fork the project](https://guides.github.com/activities/forking/#fork)
+
+Then in your terminal:
+* `cd path/to/your/clone`
+* `npm install`
+* `npm test`
+
+And you should be ready to go!
+
+## Contribute Documentation
+
+Documentation is a super important, critical part of this project. Docs are how we keep track of what we're doing, how, and why. It's how we stay on the same page about our policies. And it's how we tell others everything they need in order to be able to use this project -- or contribute to it. So thank you in advance.
+
+Documentation contributions of any size are welcome! Feel free to file a PR even if you're just rewording a sentence to be more clear, or fixing a spelling mistake!
+
+To contribute documentation:
+
+* [Set up the project](#project-setup).
+* Edit or add any relevant documentation.
+* Make sure your changes are formatted correctly and consistently with the rest of the documentation.
+* Re-read what you wrote, and run a spellchecker on it to make sure you didn't miss anything.
+* In your commit message(s), begin the first line with `docs: `. For example: `docs: Adding a doc contrib section to CONTRIBUTING.md`.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md). Documentation commits should use `docs(): `.
+* Go to https://github.com/npm/libnpmaccess/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Contribute Code
+
+We like code commits a lot! They're super handy, and they keep the project going and doing the work it needs to do to be useful to others.
+
+Code contributions of just about any size are acceptable!
+
+The main difference between code contributions and documentation contributions is that contributing code requires inclusion of relevant tests for the code being added or changed. Contributions without accompanying tests will be held off until a test is added, unless the maintainers consider the specific tests to be either impossible, or way too much of a burden for such a contribution.
+
+To contribute code:
+
+* [Set up the project](#project-setup).
+* Make any necessary changes to the source code.
+* Include any [additional documentation](#contribute-documentation) the changes might need.
+* Write tests that verify that your contribution works as expected.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md).
+* Dependency updates, additions, or removals must be in individual commits, and the message must use the format: `(deps): PKG@VERSION`, where `` is any of the usual `conventional-changelog` prefixes, at your discretion.
+* Go to https://github.com/npm/libnpmaccess/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* Barring special circumstances, maintainers will not review PRs until all checks pass (Travis, AppVeyor, etc).
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review. Additional tags (such as `needs-tests`) will be added depending on the review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Provide Support on Issues
+
+[Needs Collaborator](#join-the-project-team): none
+
+Helping out other users with their questions is a really awesome way of contributing to any community. It's not uncommon for most of the issues on an open source projects being support-related questions by users trying to understand something they ran into, or find their way around a known bug.
+
+Sometimes, the `support` label will be added to things that turn out to actually be other things, like bugs or feature requests. In that case, suss out the details with the person who filed the original issue, add a comment explaining what the bug is, and change the label from `support` to `bug` or `feature`. If you can't do this yourself, @mention a maintainer so they can do it.
+
+In order to help other folks out with their questions:
+
+* Go to the issue tracker and [filter open issues by the `support` label](https://github.com/npm/libnpmaccess/issues?q=is%3Aopen+is%3Aissue+label%3Asupport).
+* Read through the list until you find something that you're familiar enough with to give an answer to.
+* Respond to the issue with whatever details are needed to clarify the question, or get more details about what's going on.
+* Once the discussion wraps up and things are clarified, either close the issue, or ask the original issue filer (or a maintainer) to close it for you.
+
+Some notes on picking up support issues:
+
+* Avoid responding to issues you don't know you can answer accurately.
+* As much as possible, try to refer to past issues with accepted answers. Link to them from your replies with the `#123` format.
+* Be kind and patient with users -- often, folks who have run into confusing things might be upset or impatient. This is ok. Try to understand where they're coming from, and if you're too uncomfortable with the tone, feel free to stay away or withdraw from the issue. (note: if the user is outright hostile or is violating the CoC, [refer to the Code of Conduct](CODE_OF_CONDUCT.md) to resolve the conflict).
+
+## Label Issues
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+One of the most important tasks in handling issues is labeling them usefully and accurately. All other tasks involving issues ultimately rely on the issue being classified in such a way that relevant parties looking to do their own tasks can find them quickly and easily.
+
+In order to label issues, [open up the list of unlabeled issues](https://github.com/npm/libnpmaccess/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and, **from newest to oldest**, read through each one and apply issue labels according to the table below. If you're unsure about what label to apply, skip the issue and try the next one: don't feel obligated to label each and every issue yourself!
+
+Label | Apply When | Notes
+--- | --- | ---
+`bug` | Cases where the code (or documentation) is behaving in a way it wasn't intended to. | If something is happening that surprises the *user* but does not go against the way the code is designed, it should use the `enhancement` label.
+`critical` | Added to `bug` issues if the problem described makes the code completely unusable in a common situation. |
+`documentation` | Added to issues or pull requests that affect any of the documentation for the project. | Can be combined with other labels, such as `bug` or `enhancement`.
+`duplicate` | Added to issues or PRs that refer to the exact same issue as another one that's been previously labeled. | Duplicate issues should be marked and closed right away, with a message referencing the issue it's a duplicate of (with `#123`)
+`enhancement` | Added to [feature requests](#request-a-feature), PRs, or documentation issues that are purely additive: the code or docs currently work as expected, but a change is being requested or suggested. |
+`help wanted` | Applied by [Committers](#join-the-project-team) to issues and PRs that they would like to get outside help for. Generally, this means it's lower priority for the maintainer team to itself implement, but that the community is encouraged to pick up if they so desire | Never applied on first-pass labeling.
+`in-progress` | Applied by [Committers](#join-the-project-team) to PRs that are pending some work before they're ready for review. | The original PR submitter should @mention the team member that applied the label once the PR is complete.
+`performance` | This issue or PR is directly related to improving performance. |
+`refactor` | Added to issues or PRs that deal with cleaning up or modifying the project for the betterment of it. |
+`starter` | Applied by [Committers](#join-the-project-team) to issues that they consider good introductions to the project for people who have not contributed before. These are not necessarily "easy", but rather focused around how much context is necessary in order to understand what needs to be done for this project in particular. | Existing project members are expected to stay away from these unless they increase in priority.
+`support` | This issue is either asking a question about how to use the project, clarifying the reason for unexpected behavior, or possibly reporting a `bug` but does not have enough detail yet to determine whether it would count as such. | The label should be switched to `bug` if reliable reproduction steps are provided. Issues primarily with unintended configurations of a user's environment are not considered bugs, even if they cause crashes.
+`tests` | This issue or PR either requests or adds primarily tests to the project. | If a PR is pending tests, that will be handled through the [PR review process](#review-pull-requests)
+`wontfix` | Labelers may apply this label to issues that clearly have nothing at all to do with the project or are otherwise entirely outside of its scope/sphere of influence. [Committers](#join-the-project-team) may apply this label and close an issue or PR if they decide to pass on an otherwise relevant issue. | The issue or PR should be closed as soon as the label is applied, and a clear explanation provided of why the label was used. Contributors are free to contest the labeling, but the decision ultimately falls on committers as to whether to accept something or not.
+
+## Clean Up Issues and PRs
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+Issues and PRs can go stale after a while. Maybe they're abandoned. Maybe the team will just plain not have time to address them any time soon.
+
+In these cases, they should be closed until they're brought up again or the interaction starts over.
+
+To clean up issues and PRs:
+
+* Search the issue tracker for issues or PRs, and add the term `updated:<=YYYY-MM-DD`, where the date is 30 days before today.
+* Go through each issue *from oldest to newest*, and close them if **all of the following are true**:
+ * not opened by a maintainer
+ * not marked as `critical`
+ * not marked as `starter` or `help wanted` (these might stick around for a while, in general, as they're intended to be available)
+ * no explicit messages in the comments asking for it to be left open
+ * does not belong to a milestone
+* Leave a message when closing saying "Cleaning up stale issue. Please reopen or ping us if and when you're ready to resume this. See https://github.com/npm/libnpmaccess/blob/latest/CONTRIBUTING.md#clean-up-issues-and-prs for more details."
+
+## Review Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+While anyone can comment on a PR, add feedback, etc, PRs are only *approved* by team members with Issue Tracker or higher permissions.
+
+PR reviews use [GitHub's own review feature](https://help.github.com/articles/about-pull-request-reviews/), which manages comments, approval, and review iteration.
+
+Some notes:
+
+* You may ask for minor changes ("nitpicks"), but consider whether they are really blockers to merging: try to err on the side of "approve, with comments".
+* *ALL PULL REQUESTS* should be covered by a test: either by a previously-failing test, an existing test that covers the entire functionality of the submitted code, or new tests to verify any new/changed behavior. All tests must also pass and follow established conventions. Test coverage should not drop, unless the specific case is considered reasonable by maintainers.
+* Please make sure you're familiar with the code or documentation being updated, unless it's a minor change (spellchecking, minor formatting, etc). You may @mention another project member who you think is better suited for the review, but still provide a non-approving review of your own.
+* Be extra kind: people who submit code/doc contributions are putting themselves in a pretty vulnerable position, and have put time and care into what they've done (even if that's not obvious to you!) -- always respond with respect, be understanding, but don't feel like you need to sacrifice your standards for their sake, either. Just don't be a jerk about it?
+
+## Merge Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process.
+
+## Tag A Release
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process. The most important bit here is probably that all tests must pass, and tags must use [semver](https://semver.org).
+
+## Join the Project Team
+
+### Ways to Join
+
+There are many ways to contribute! Most of them don't require any official status unless otherwise noted. That said, there's a couple of positions that grant special repository abilities, and this section describes how they're granted and what they do.
+
+All of the below positions are granted based on the project team's needs, as well as their consensus opinion about whether they would like to work with the person and think that they would fit well into that position. The process is relatively informal, and it's likely that people who express interest in participating can just be granted the permissions they'd like.
+
+You can spot a collaborator on the repo by looking for the `[Collaborator]` or `[Owner]` tags next to their names.
+
+Permission | Description
+--- | ---
+Issue Tracker | Granted to contributors who express a strong interest in spending time on the project's issue tracker. These tasks are mainly [labeling issues](#label-issues), [cleaning up old ones](#clean-up-issues-and-prs), and [reviewing pull requests](#review-pull-requests), as well as all the usual things non-team-member contributors can do. Issue handlers should not merge pull requests, tag releases, or directly commit code themselves: that should still be done through the usual pull request process. Becoming an Issue Handler means the project team trusts you to understand enough of the team's process and context to implement it on the issue tracker.
+Committer | Granted to contributors who want to handle the actual pull request merges, tagging new versions, etc. Committers should have a good level of familiarity with the codebase, and enough context to understand the implications of various changes, as well as a good sense of the will and expectations of the project team.
+Admin/Owner | Granted to people ultimately responsible for the project, its community, etc.
+
+## Attribution
+
+This guide was generated using the WeAllJS `CONTRIBUTING.md` generator. [Make your own](https://npm.im/weallcontribute)!
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/LICENSE b/node_modules/libnpm/node_modules/libnpmaccess/LICENSE
new file mode 100644
index 0000000000000..209e4477f39c1
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/LICENSE
@@ -0,0 +1,13 @@
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/PULL_REQUEST_TEMPLATE b/node_modules/libnpm/node_modules/libnpmaccess/PULL_REQUEST_TEMPLATE
new file mode 100644
index 0000000000000..9471c6d325f7e
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/PULL_REQUEST_TEMPLATE
@@ -0,0 +1,7 @@
+
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/README.md b/node_modules/libnpm/node_modules/libnpmaccess/README.md
new file mode 100644
index 0000000000000..2b639823a0641
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/README.md
@@ -0,0 +1,258 @@
+# libnpmaccess [](https://npm.im/libnpmaccess) [](https://npm.im/libnpmaccess) [](https://travis-ci.org/npm/libnpmaccess) [](https://ci.appveyor.com/project/zkat/libnpmaccess) [](https://coveralls.io/github/npm/libnpmaccess?branch=latest)
+
+[`libnpmaccess`](https://github.com/npm/libnpmaccess) is a Node.js
+library that provides programmatic access to the guts of the npm CLI's `npm
+access` command and its various subcommands. This includes managing account 2FA,
+listing packages and permissions, looking at package collaborators, and defining
+package permissions for users, orgs, and teams.
+
+## Example
+
+```javascript
+const access = require('libnpmaccess')
+
+// List all packages @zkat has access to on the npm registry.
+console.log(Object.keys(await access.lsPackages('zkat')))
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [access opts](#opts)
+ * [`public()`](#public)
+ * [`restricted()`](#restricted)
+ * [`grant()`](#grant)
+ * [`revoke()`](#revoke)
+ * [`tfaRequired()`](#tfa-required)
+ * [`tfaNotRequired()`](#tfa-not-required)
+ * [`lsPackages()`](#ls-packages)
+ * [`lsPackages.stream()`](#ls-packages-stream)
+ * [`lsCollaborators()`](#ls-collaborators)
+ * [`lsCollaborators.stream()`](#ls-collaborators-stream)
+
+### Install
+
+`$ npm install libnpmaccess`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `opts` for `libnpmaccess` commands
+
+`libnpmaccess` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+All options are passed through directly to that library, so please refer to [its
+own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+A couple of options of note for those in a hurry:
+
+* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.
+* `opts.otp` - certain operations will require an OTP token to be passed in. If a `libnpmaccess` command fails with `err.code === EOTP`, please retry the request with `{otp: <2fa token>}`
+* `opts.Promise` - If you pass this in, the Promises returned by `libnpmaccess` commands will use this Promise class instead. For example: `{Promise: require('bluebird')}`
+
+#### `> access.public(spec, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec.
+
+Makes package described by `spec` public.
+
+##### Example
+
+```javascript
+await access.public('@foo/bar', {token: 'myregistrytoken'})
+// `@foo/bar` is now public
+```
+
+#### `> access.restricted(spec, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec.
+
+Makes package described by `spec` private/restricted.
+
+##### Example
+
+```javascript
+await access.restricted('@foo/bar', {token: 'myregistrytoken'})
+// `@foo/bar` is now private
+```
+
+#### `> access.grant(spec, team, permissions, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec. `team` must be a fully-qualified team name, in the `scope:team`
+format, with or without the `@` prefix, and the team must be a valid team within
+that scope. `permissions` must be one of `'read-only'` or `'read-write'`.
+
+Grants `read-only` or `read-write` permissions for a certain package to a team.
+
+##### Example
+
+```javascript
+await access.grant('@foo/bar', '@foo:myteam', 'read-write', {
+ token: 'myregistrytoken'
+})
+// `@foo/bar` is now read/write enabled for the @foo:myteam team.
+```
+
+#### `> access.revoke(spec, team, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec. `team` must be a fully-qualified team name, in the `scope:team`
+format, with or without the `@` prefix, and the team must be a valid team within
+that scope. `permissions` must be one of `'read-only'` or `'read-write'`.
+
+Removes access to a package from a certain team.
+
+##### Example
+
+```javascript
+await access.revoke('@foo/bar', '@foo:myteam', {
+ token: 'myregistrytoken'
+})
+// @foo:myteam can no longer access `@foo/bar`
+```
+
+#### `> access.tfaRequired(spec, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec.
+
+Makes it so publishing or managing a package requires using 2FA tokens to
+complete operations.
+
+##### Example
+
+```javascript
+await access.tfaRequires('lodash', {token: 'myregistrytoken'})
+// Publishing or changing dist-tags on `lodash` now require OTP to be enabled.
+```
+
+#### `> access.tfaNotRequired(spec, [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec.
+
+Disabled the package-level 2FA requirement for `spec`. Note that you will need
+to pass in an `otp` token in `opts` in order to complete this operation.
+
+##### Example
+
+```javascript
+await access.tfaNotRequired('lodash', {otp: '123654', token: 'myregistrytoken'})
+// Publishing or editing dist-tags on `lodash` no longer requires OTP to be
+// enabled.
+```
+
+#### `> access.lsPackages(entity, [opts]) -> Promise`
+
+`entity` must be either a valid org or user name, or a fully-qualified team name
+in the `scope:team` format, with or without the `@` prefix.
+
+Lists out packages a user, org, or team has access to, with corresponding
+permissions. Packages that the access token does not have access to won't be
+listed.
+
+In order to disambiguate between users and orgs, two requests may end up being
+made when listing orgs or users.
+
+For a streamed version of these results, see
+[`access.lsPackages.stream()`](#ls-package-stream).
+
+##### Example
+
+```javascript
+await access.lsPackages('zkat', {
+ token: 'myregistrytoken'
+})
+// Lists all packages `@zkat` has access to on the registry, and the
+// corresponding permissions.
+```
+
+#### `> access.lsPackages.stream(scope, [team], [opts]) -> Stream`
+
+`entity` must be either a valid org or user name, or a fully-qualified team name
+in the `scope:team` format, with or without the `@` prefix.
+
+Streams out packages a user, org, or team has access to, with corresponding
+permissions, with each stream entry being formatted like `[packageName,
+permissions]`. Packages that the access token does not have access to won't be
+listed.
+
+In order to disambiguate between users and orgs, two requests may end up being
+made when listing orgs or users.
+
+The returned stream is a valid `asyncIterator`.
+
+##### Example
+
+```javascript
+for await (let [pkg, perm] of access.lsPackages.stream('zkat')) {
+ console.log('zkat has', perm, 'access to', pkg)
+}
+// zkat has read-write access to eggplant
+// zkat has read-only access to @npmcorp/secret
+```
+
+#### `> access.lsCollaborators(spec, [user], [opts]) -> Promise`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec. `user` must be a valid user name, with or without the `@`
+prefix.
+
+Lists out access privileges for a certain package. Will only show permissions
+for packages to which you have at least read access. If `user` is passed in, the
+list is filtered only to teams _that_ user happens to belong to.
+
+For a streamed version of these results, see [`access.lsCollaborators.stream()`](#ls-collaborators-stream).
+
+##### Example
+
+```javascript
+await access.lsCollaborators('@npm/foo', 'zkat', {
+ token: 'myregistrytoken'
+})
+// Lists all teams with access to @npm/foo that @zkat belongs to.
+```
+
+#### `> access.lsCollaborators.stream(spec, [user], [opts]) -> Stream`
+
+`spec` must be an [`npm-package-arg`](https://npm.im/npm-package-arg)-compatible
+registry spec. `user` must be a valid user name, with or without the `@`
+prefix.
+
+Stream out access privileges for a certain package, with each entry in `[user,
+permissions]` format. Will only show permissions for packages to which you have
+at least read access. If `user` is passed in, the list is filtered only to teams
+_that_ user happens to belong to.
+
+The returned stream is a valid `asyncIterator`.
+
+##### Example
+
+```javascript
+for await (let [usr, perm] of access.lsCollaborators.stream('npm')) {
+ console.log(usr, 'has', perm, 'access to npm')
+}
+// zkat has read-write access to npm
+// iarna has read-write access to npm
+```
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/appveyor.yml b/node_modules/libnpm/node_modules/libnpmaccess/appveyor.yml
new file mode 100644
index 0000000000000..9cc64c58e02f9
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/appveyor.yml
@@ -0,0 +1,22 @@
+environment:
+ matrix:
+ - nodejs_version: "10"
+ - nodejs_version: "9"
+ - nodejs_version: "8"
+ - nodejs_version: "6"
+
+platform:
+ - x64
+
+install:
+ - ps: Install-Product node $env:nodejs_version $env:platform
+ - npm config set spin false
+ - npm install
+
+test_script:
+ - npm test
+
+matrix:
+ fast_finish: true
+
+build: off
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/index.js b/node_modules/libnpm/node_modules/libnpmaccess/index.js
new file mode 100644
index 0000000000000..e241fcbfc68a2
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/index.js
@@ -0,0 +1,201 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const npa = require('npm-package-arg')
+const npmFetch = require('npm-registry-fetch')
+const {PassThrough} = require('stream')
+const validate = require('aproba')
+
+const AccessConfig = figgyPudding({
+ Promise: {default: () => Promise}
+})
+
+const eu = encodeURIComponent
+const npar = spec => {
+ spec = npa(spec)
+ if (!spec.registry) {
+ throw new Error('`spec` must be a registry spec')
+ }
+ return spec
+}
+
+const cmd = module.exports = {}
+
+cmd.public = (spec, opts) => setAccess(spec, 'public', opts)
+cmd.restricted = (spec, opts) => setAccess(spec, 'restricted', opts)
+function setAccess (spec, access, opts) {
+ opts = AccessConfig(opts)
+ return pwrap(opts, () => {
+ spec = npar(spec)
+ validate('OSO', [spec, access, opts])
+ const uri = `/-/package/${eu(spec.name)}/access`
+ return npmFetch(uri, opts.concat({
+ method: 'POST',
+ body: {access},
+ spec
+ }))
+ }).then(res => res.body.resume() && true)
+}
+
+cmd.grant = (spec, entity, permissions, opts) => {
+ opts = AccessConfig(opts)
+ return pwrap(opts, () => {
+ spec = npar(spec)
+ const {scope, team} = splitEntity(entity)
+ validate('OSSSO', [spec, scope, team, permissions, opts])
+ if (permissions !== 'read-write' && permissions !== 'read-only') {
+ throw new Error('`permissions` must be `read-write` or `read-only`. Got `' + permissions + '` instead')
+ }
+ const uri = `/-/team/${eu(scope)}/${eu(team)}/package`
+ return npmFetch(uri, opts.concat({
+ method: 'PUT',
+ body: {package: spec.name, permissions},
+ scope,
+ spec,
+ ignoreBody: true
+ }))
+ }).then(() => true)
+}
+
+cmd.revoke = (spec, entity, opts) => {
+ opts = AccessConfig(opts)
+ return pwrap(opts, () => {
+ spec = npar(spec)
+ const {scope, team} = splitEntity(entity)
+ validate('OSSO', [spec, scope, team, opts])
+ const uri = `/-/team/${eu(scope)}/${eu(team)}/package`
+ return npmFetch(uri, opts.concat({
+ method: 'DELETE',
+ body: {package: spec.name},
+ scope,
+ spec,
+ ignoreBody: true
+ }))
+ }).then(() => true)
+}
+
+cmd.lsPackages = (entity, opts) => {
+ opts = AccessConfig(opts)
+ return pwrap(opts, () => {
+ return getStream.array(
+ cmd.lsPackages.stream(entity, opts)
+ ).then(data => data.reduce((acc, [key, val]) => {
+ if (!acc) {
+ acc = {}
+ }
+ acc[key] = val
+ return acc
+ }, null))
+ })
+}
+
+cmd.lsPackages.stream = (entity, opts) => {
+ validate('SO|SZ', [entity, opts])
+ opts = AccessConfig(opts)
+ const {scope, team} = splitEntity(entity)
+ let uri
+ if (team) {
+ uri = `/-/team/${eu(scope)}/${eu(team)}/package`
+ } else {
+ uri = `/-/org/${eu(scope)}/package`
+ }
+ opts = opts.concat({
+ query: {format: 'cli'},
+ mapJson (value, [key]) {
+ if (value === 'read') {
+ return [key, 'read-only']
+ } else if (value === 'write') {
+ return [key, 'read-write']
+ } else {
+ return [key, value]
+ }
+ }
+ })
+ const ret = new PassThrough({objectMode: true})
+ npmFetch.json.stream(uri, '*', opts).on('error', err => {
+ if (err.code === 'E404' && !team) {
+ uri = `/-/user/${eu(scope)}/package`
+ npmFetch.json.stream(uri, '*', opts).on(
+ 'error', err => ret.emit('error', err)
+ ).pipe(ret)
+ } else {
+ ret.emit('error', err)
+ }
+ }).pipe(ret)
+ return ret
+}
+
+cmd.lsCollaborators = (spec, user, opts) => {
+ if (typeof user === 'object' && !opts) {
+ opts = user
+ user = undefined
+ }
+ opts = AccessConfig(opts)
+ return pwrap(opts, () => {
+ return getStream.array(
+ cmd.lsCollaborators.stream(spec, user, opts)
+ ).then(data => data.reduce((acc, [key, val]) => {
+ if (!acc) {
+ acc = {}
+ }
+ acc[key] = val
+ return acc
+ }, null))
+ })
+}
+
+cmd.lsCollaborators.stream = (spec, user, opts) => {
+ if (typeof user === 'object' && !opts) {
+ opts = user
+ user = undefined
+ }
+ opts = AccessConfig(opts)
+ spec = npar(spec)
+ validate('OSO|OZO', [spec, user, opts])
+ const uri = `/-/package/${eu(spec.name)}/collaborators`
+ return npmFetch.json.stream(uri, '*', opts.concat({
+ query: {format: 'cli', user: user || undefined},
+ mapJson (value, [key]) {
+ if (value === 'read') {
+ return [key, 'read-only']
+ } else if (value === 'write') {
+ return [key, 'read-write']
+ } else {
+ return [key, value]
+ }
+ }
+ }))
+}
+
+cmd.tfaRequired = (spec, opts) => setRequires2fa(spec, true, opts)
+cmd.tfaNotRequired = (spec, opts) => setRequires2fa(spec, false, opts)
+function setRequires2fa (spec, required, opts) {
+ opts = AccessConfig(opts)
+ return new opts.Promise((resolve, reject) => {
+ spec = npar(spec)
+ validate('OBO', [spec, required, opts])
+ const uri = `/-/package/${eu(spec.name)}/access`
+ return npmFetch(uri, opts.concat({
+ method: 'POST',
+ body: {publish_requires_tfa: required},
+ spec,
+ ignoreBody: true
+ })).then(resolve, reject)
+ }).then(() => true)
+}
+
+cmd.edit = () => {
+ throw new Error('Not implemented yet')
+}
+
+function splitEntity (entity = '') {
+ let [, scope, team] = entity.match(/^@?([^:]+)(?::(.*))?$/) || []
+ return {scope, team}
+}
+
+function pwrap (opts, fn) {
+ return new opts.Promise((resolve, reject) => {
+ fn().then(resolve, reject)
+ })
+}
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/package.json b/node_modules/libnpm/node_modules/libnpmaccess/package.json
new file mode 100644
index 0000000000000..e121fc11ee143
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/package.json
@@ -0,0 +1,66 @@
+{
+ "_from": "libnpmaccess@^3.0.2",
+ "_id": "libnpmaccess@3.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-01512AK7MqByrI2mfC7h5j8N9V4I7MHJuk9buo8Gv+5QgThpOgpjB7sQBDDkeZqRteFb1QM/6YNdHfG7cDvfAQ==",
+ "_location": "/libnpm/libnpmaccess",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "libnpmaccess@^3.0.2",
+ "name": "libnpmaccess",
+ "escapedName": "libnpmaccess",
+ "rawSpec": "^3.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^3.0.2"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/libnpmaccess/-/libnpmaccess-3.0.2.tgz",
+ "_shasum": "8b2d72345ba3bef90d3b4f694edd5c0417f58923",
+ "_spec": "libnpmaccess@^3.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/libnpmaccess/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "aproba": "^2.0.0",
+ "get-stream": "^4.0.0",
+ "npm-package-arg": "^6.1.0",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "programmatic library for `npm access` commands",
+ "devDependencies": {
+ "nock": "^9.6.1",
+ "standard": "*",
+ "standard-version": "*",
+ "tap": "*",
+ "weallbehave": "*",
+ "weallcontribute": "*"
+ },
+ "homepage": "https://npmjs.com/package/libnpmaccess",
+ "license": "ISC",
+ "name": "libnpmaccess",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/libnpmaccess.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --100 test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.0.2"
+}
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/test/index.js b/node_modules/libnpm/node_modules/libnpmaccess/test/index.js
new file mode 100644
index 0000000000000..b48815e79a1fb
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/test/index.js
@@ -0,0 +1,347 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const {test} = require('tap')
+const tnock = require('./util/tnock.js')
+
+const access = require('../index.js')
+
+const REG = 'http://localhost:1337'
+const OPTS = figgyPudding({})({
+ registry: REG
+})
+
+test('access public', t => {
+ tnock(t, REG).post(
+ '/-/package/%40foo%2Fbar/access', {access: 'public'}
+ ).reply(200)
+ return access.public('@foo/bar', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access restricted', t => {
+ tnock(t, REG).post(
+ '/-/package/%40foo%2Fbar/access', {access: 'restricted'}
+ ).reply(200)
+ return access.restricted('@foo/bar', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access 2fa-required', t => {
+ tnock(t, REG).post('/-/package/%40foo%2Fbar/access', {
+ publish_requires_tfa: true
+ }).reply(200, {ok: true})
+ return access.tfaRequired('@foo/bar', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access 2fa-not-required', t => {
+ tnock(t, REG).post('/-/package/%40foo%2Fbar/access', {
+ publish_requires_tfa: false
+ }).reply(200, {ok: true})
+ return access.tfaNotRequired('@foo/bar', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access grant basic read-write', t => {
+ tnock(t, REG).put('/-/team/myorg/myteam/package', {
+ package: '@foo/bar',
+ permissions: 'read-write'
+ }).reply(201)
+ return access.grant(
+ '@foo/bar', 'myorg:myteam', 'read-write', OPTS
+ ).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access grant basic read-only', t => {
+ tnock(t, REG).put('/-/team/myorg/myteam/package', {
+ package: '@foo/bar',
+ permissions: 'read-only'
+ }).reply(201)
+ return access.grant(
+ '@foo/bar', 'myorg:myteam', 'read-only', OPTS
+ ).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access grant bad perm', t => {
+ return access.grant(
+ '@foo/bar', 'myorg:myteam', 'unknown', OPTS
+ ).then(ret => {
+ throw new Error('should not have succeeded')
+ }, err => {
+ t.match(
+ err.message,
+ /must be.*read-write.*read-only/,
+ 'only read-write and read-only are accepted'
+ )
+ })
+})
+
+test('access grant no entity', t => {
+ return access.grant(
+ '@foo/bar', undefined, 'read-write', OPTS
+ ).then(ret => {
+ throw new Error('should not have succeeded')
+ }, err => {
+ t.match(
+ err.message,
+ /Expected string/,
+ 'passing undefined entity gives useful error'
+ )
+ })
+})
+
+test('access grant basic unscoped', t => {
+ tnock(t, REG).put('/-/team/myorg/myteam/package', {
+ package: 'bar',
+ permissions: 'read-write'
+ }).reply(201)
+ return access.grant(
+ 'bar', 'myorg:myteam', 'read-write', OPTS
+ ).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access revoke basic', t => {
+ tnock(t, REG).delete('/-/team/myorg/myteam/package', {
+ package: '@foo/bar'
+ }).reply(200)
+ return access.revoke('@foo/bar', 'myorg:myteam', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('access revoke basic unscoped', t => {
+ tnock(t, REG).delete('/-/team/myorg/myteam/package', {
+ package: 'bar'
+ }).reply(200, {accessChanged: true})
+ return access.revoke('bar', 'myorg:myteam', OPTS).then(ret => {
+ t.deepEqual(ret, true, 'request succeeded')
+ })
+})
+
+test('ls-packages on team', t => {
+ const serverPackages = {
+ '@foo/bar': 'write',
+ '@foo/util': 'read',
+ '@foo/other': 'shrödinger'
+ }
+ const clientPackages = {
+ '@foo/bar': 'read-write',
+ '@foo/util': 'read-only',
+ '@foo/other': 'shrödinger'
+ }
+ tnock(t, REG).get(
+ '/-/team/myorg/myteam/package?format=cli'
+ ).reply(200, serverPackages)
+ return access.lsPackages('myorg:myteam', OPTS).then(data => {
+ t.deepEqual(data, clientPackages, 'got client package info')
+ })
+})
+
+test('ls-packages on org', t => {
+ const serverPackages = {
+ '@foo/bar': 'write',
+ '@foo/util': 'read',
+ '@foo/other': 'shrödinger'
+ }
+ const clientPackages = {
+ '@foo/bar': 'read-write',
+ '@foo/util': 'read-only',
+ '@foo/other': 'shrödinger'
+ }
+ tnock(t, REG).get(
+ '/-/org/myorg/package?format=cli'
+ ).reply(200, serverPackages)
+ return access.lsPackages('myorg', OPTS).then(data => {
+ t.deepEqual(data, clientPackages, 'got client package info')
+ })
+})
+
+test('ls-packages on user', t => {
+ const serverPackages = {
+ '@foo/bar': 'write',
+ '@foo/util': 'read',
+ '@foo/other': 'shrödinger'
+ }
+ const clientPackages = {
+ '@foo/bar': 'read-write',
+ '@foo/util': 'read-only',
+ '@foo/other': 'shrödinger'
+ }
+ const srv = tnock(t, REG)
+ srv.get('/-/org/myuser/package?format=cli').reply(404, {error: 'not found'})
+ srv.get('/-/user/myuser/package?format=cli').reply(200, serverPackages)
+ return access.lsPackages('myuser', OPTS).then(data => {
+ t.deepEqual(data, clientPackages, 'got client package info')
+ })
+})
+
+test('ls-packages error on team', t => {
+ tnock(t, REG).get('/-/team/myorg/myteam/package?format=cli').reply(404)
+ return access.lsPackages('myorg:myteam', OPTS).then(
+ () => { throw new Error('should not have succeeded') },
+ err => t.equal(err.code, 'E404', 'spit out 404 directly if team provided')
+ )
+})
+
+test('ls-packages error on user', t => {
+ const srv = tnock(t, REG)
+ srv.get('/-/org/myuser/package?format=cli').reply(404, {error: 'not found'})
+ srv.get('/-/user/myuser/package?format=cli').reply(404, {error: 'not found'})
+ return access.lsPackages('myuser', OPTS).then(
+ () => { throw new Error('should not have succeeded') },
+ err => t.equal(err.code, 'E404', 'spit out 404 if both reqs fail')
+ )
+})
+
+test('ls-packages bad response', t => {
+ tnock(t, REG).get(
+ '/-/team/myorg/myteam/package?format=cli'
+ ).reply(200, JSON.stringify(null))
+ return access.lsPackages('myorg:myteam', OPTS).then(data => {
+ t.deepEqual(data, null, 'succeeds with null')
+ })
+})
+
+test('ls-packages stream', t => {
+ const serverPackages = {
+ '@foo/bar': 'write',
+ '@foo/util': 'read',
+ '@foo/other': 'shrödinger'
+ }
+ const clientPackages = [
+ ['@foo/bar', 'read-write'],
+ ['@foo/util', 'read-only'],
+ ['@foo/other', 'shrödinger']
+ ]
+ tnock(t, REG).get(
+ '/-/team/myorg/myteam/package?format=cli'
+ ).reply(200, serverPackages)
+ return getStream.array(
+ access.lsPackages.stream('myorg:myteam', OPTS)
+ ).then(data => {
+ t.deepEqual(data, clientPackages, 'got streamed client package info')
+ })
+})
+
+test('ls-collaborators', t => {
+ const serverCollaborators = {
+ 'myorg:myteam': 'write',
+ 'myorg:anotherteam': 'read',
+ 'myorg:thirdteam': 'special-case'
+ }
+ const clientCollaborators = {
+ 'myorg:myteam': 'read-write',
+ 'myorg:anotherteam': 'read-only',
+ 'myorg:thirdteam': 'special-case'
+ }
+ tnock(t, REG).get(
+ '/-/package/%40foo%2Fbar/collaborators?format=cli'
+ ).reply(200, serverCollaborators)
+ return access.lsCollaborators('@foo/bar', OPTS).then(data => {
+ t.deepEqual(data, clientCollaborators, 'got collaborators')
+ })
+})
+
+test('ls-collaborators stream', t => {
+ const serverCollaborators = {
+ 'myorg:myteam': 'write',
+ 'myorg:anotherteam': 'read',
+ 'myorg:thirdteam': 'special-case'
+ }
+ const clientCollaborators = [
+ ['myorg:myteam', 'read-write'],
+ ['myorg:anotherteam', 'read-only'],
+ ['myorg:thirdteam', 'special-case']
+ ]
+ tnock(t, REG).get(
+ '/-/package/%40foo%2Fbar/collaborators?format=cli'
+ ).reply(200, serverCollaborators)
+ return getStream.array(
+ access.lsCollaborators.stream('@foo/bar', OPTS)
+ ).then(data => {
+ t.deepEqual(data, clientCollaborators, 'got collaborators')
+ })
+})
+
+test('ls-collaborators w/scope', t => {
+ const serverCollaborators = {
+ 'myorg:myteam': 'write',
+ 'myorg:anotherteam': 'read',
+ 'myorg:thirdteam': 'special-case'
+ }
+ const clientCollaborators = {
+ 'myorg:myteam': 'read-write',
+ 'myorg:anotherteam': 'read-only',
+ 'myorg:thirdteam': 'special-case'
+ }
+ tnock(t, REG).get(
+ '/-/package/%40foo%2Fbar/collaborators?format=cli&user=zkat'
+ ).reply(200, serverCollaborators)
+ return access.lsCollaborators('@foo/bar', 'zkat', OPTS).then(data => {
+ t.deepEqual(data, clientCollaborators, 'got collaborators')
+ })
+})
+
+test('ls-collaborators w/o scope', t => {
+ const serverCollaborators = {
+ 'myorg:myteam': 'write',
+ 'myorg:anotherteam': 'read',
+ 'myorg:thirdteam': 'special-case'
+ }
+ const clientCollaborators = {
+ 'myorg:myteam': 'read-write',
+ 'myorg:anotherteam': 'read-only',
+ 'myorg:thirdteam': 'special-case'
+ }
+ tnock(t, REG).get(
+ '/-/package/bar/collaborators?format=cli&user=zkat'
+ ).reply(200, serverCollaborators)
+ return access.lsCollaborators('bar', 'zkat', OPTS).then(data => {
+ t.deepEqual(data, clientCollaborators, 'got collaborators')
+ })
+})
+
+test('ls-collaborators bad response', t => {
+ tnock(t, REG).get(
+ '/-/package/%40foo%2Fbar/collaborators?format=cli'
+ ).reply(200, JSON.stringify(null))
+ return access.lsCollaborators('@foo/bar', null, OPTS).then(data => {
+ t.deepEqual(data, null, 'succeeds with null')
+ })
+})
+
+test('error on non-registry specs', t => {
+ const resolve = () => { throw new Error('should not succeed') }
+ const reject = err => t.match(
+ err.message, /spec.*must be a registry spec/, 'registry spec required'
+ )
+ return Promise.all([
+ access.public('foo/bar').then(resolve, reject),
+ access.restricted('foo/bar').then(resolve, reject),
+ access.grant('foo/bar', 'myorg', 'myteam', 'read-only').then(resolve, reject),
+ access.revoke('foo/bar', 'myorg', 'myteam').then(resolve, reject),
+ access.lsCollaborators('foo/bar').then(resolve, reject),
+ access.tfaRequired('foo/bar').then(resolve, reject),
+ access.tfaNotRequired('foo/bar').then(resolve, reject)
+ ])
+})
+
+test('edit', t => {
+ t.equal(typeof access.edit, 'function', 'access.edit exists')
+ t.throws(() => {
+ access.edit()
+ }, /Not implemented/, 'directly throws NIY message')
+ t.done()
+})
diff --git a/node_modules/libnpm/node_modules/libnpmaccess/test/util/tnock.js b/node_modules/libnpm/node_modules/libnpmaccess/test/util/tnock.js
new file mode 100644
index 0000000000000..00b6e160e1019
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmaccess/test/util/tnock.js
@@ -0,0 +1,12 @@
+'use strict'
+
+const nock = require('nock')
+
+module.exports = tnock
+function tnock (t, host) {
+ const server = nock(host)
+ t.tearDown(function () {
+ server.done()
+ })
+ return server
+}
diff --git a/node_modules/libnpm/node_modules/libnpmhook/CHANGELOG.md b/node_modules/libnpm/node_modules/libnpmhook/CHANGELOG.md
new file mode 100644
index 0000000000000..4121122e0b735
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmhook/CHANGELOG.md
@@ -0,0 +1,101 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [5.0.3](https://github.com/npm/libnpmhook/compare/v5.0.2...v5.0.3) (2019-07-16)
+
+
+
+
+## [5.0.2](https://github.com/npm/libnpmhook/compare/v5.0.1...v5.0.2) (2018-08-24)
+
+
+
+
+## [5.0.1](https://github.com/npm/libnpmhook/compare/v5.0.0...v5.0.1) (2018-08-23)
+
+
+### Bug Fixes
+
+* **deps:** move JSONStream to prod deps ([bb63594](https://github.com/npm/libnpmhook/commit/bb63594))
+
+
+
+
+# [5.0.0](https://github.com/npm/libnpmhook/compare/v4.0.1...v5.0.0) (2018-08-21)
+
+
+### Features
+
+* **api:** overhauled API ([46b271b](https://github.com/npm/libnpmhook/commit/46b271b))
+
+
+### BREAKING CHANGES
+
+* **api:** the API for ls() has changed, and rm() no longer errors on 404
+
+
+
+
+## [4.0.1](https://github.com/npm/libnpmhook/compare/v4.0.0...v4.0.1) (2018-04-09)
+
+
+
+
+# [4.0.0](https://github.com/npm/libnpmhook/compare/v3.0.1...v4.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node 4 and 7 ([f2a301e](https://github.com/npm/libnpmhook/commit/f2a301e))
+
+
+### BREAKING CHANGES
+
+* node@4 and node@7 are no longer supported
+
+
+
+
+## [3.0.1](https://github.com/npm/libnpmhook/compare/v3.0.0...v3.0.1) (2018-04-08)
+
+
+
+
+# [3.0.0](https://github.com/npm/libnpmhook/compare/v2.0.1...v3.0.0) (2018-04-04)
+
+
+### add
+
+* guess type based on name ([9418224](https://github.com/npm/libnpmhook/commit/9418224))
+
+
+### BREAKING CHANGES
+
+* hook type is now based on name prefix
+
+
+
+
+## [2.0.1](https://github.com/npm/libnpmhook/compare/v2.0.0...v2.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **urls:** was hitting the wrong URL endpoints ([10171a9](https://github.com/npm/libnpmhook/commit/10171a9))
+
+
+
+
+# [2.0.0](https://github.com/npm/libnpmhook/compare/v1.0.0...v2.0.0) (2018-03-16)
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Features
+
+* **api:** baseline working api ([122658e](https://github.com/npm/npm-hooks/commit/122658e))
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpm/node_modules/libnpmhook/LICENSE.md
similarity index 100%
rename from node_modules/libnpm/node_modules/npm-registry-fetch/LICENSE.md
rename to node_modules/libnpm/node_modules/libnpmhook/LICENSE.md
diff --git a/node_modules/libnpm/node_modules/libnpmhook/README.md b/node_modules/libnpm/node_modules/libnpmhook/README.md
new file mode 100644
index 0000000000000..9a13d055317a5
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmhook/README.md
@@ -0,0 +1,267 @@
+# libnpmhook [](https://npm.im/libnpmhook) [](https://npm.im/libnpmhook) [](https://travis-ci.org/npm/libnpmhook) [](https://ci.appveyor.com/project/zkat/libnpmhook) [](https://coveralls.io/github/npm/libnpmhook?branch=latest)
+
+[`libnpmhook`](https://github.com/npm/libnpmhook) is a Node.js library for
+programmatically managing the npm registry's server-side hooks.
+
+For a more general introduction to managing hooks, see [the introductory blog
+post](https://blog.npmjs.org/post/145260155635/introducing-hooks-get-notifications-of-npm).
+
+## Example
+
+```js
+const hooks = require('libnpmhook')
+
+console.log(await hooks.ls('mypkg', {token: 'deadbeef'}))
+// array of hook objects on `mypkg`.
+```
+
+## Install
+
+`$ npm install libnpmhook`
+
+## Table of Contents
+
+* [Example](#example)
+* [Install](#install)
+* [API](#api)
+ * [hook opts](#opts)
+ * [`add()`](#add)
+ * [`rm()`](#rm)
+ * [`ls()`](#ls)
+ * [`ls.stream()`](#ls-stream)
+ * [`update()`](#update)
+
+### API
+
+#### `opts` for `libnpmhook` commands
+
+`libnpmhook` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+All options are passed through directly to that library, so please refer to [its
+own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+A couple of options of note for those in a hurry:
+
+* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.
+* `opts.otp` - certain operations will require an OTP token to be passed in. If a `libnpmhook` command fails with `err.code === EOTP`, please retry the request with `{otp: <2fa token>}`
+* `opts.Promise` - If you pass this in, the Promises returned by `libnpmhook` commands will use this Promise class instead. For example: `{Promise: require('bluebird')}`
+
+#### `> hooks.add(name, endpoint, secret, [opts]) -> Promise`
+
+`name` is the name of the package, org, or user/org scope to watch. The type is
+determined by the name syntax: `'@foo/bar'` and `'foo'` are treated as packages,
+`@foo` is treated as a scope, and `~user` is treated as an org name or scope.
+Each type will attach to different events.
+
+The `endpoint` should be a fully-qualified http URL for the endpoint the hook
+will send its payload to when it fires. `secret` is a shared secret that the
+hook will send to that endpoint to verify that it's actually coming from the
+registry hook.
+
+The returned Promise resolves to the full hook object that was created,
+including its generated `id`.
+
+See also: [`POST
+/v1/hooks/hook`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#post-v1hookshook)
+
+##### Example
+
+```javascript
+await hooks.add('~zkat', 'https://zkat.tech/api/added', 'supersekrit', {
+ token: 'myregistrytoken',
+ otp: '694207'
+})
+
+=>
+
+{ id: '16f7xoal',
+ username: 'zkat',
+ name: 'zkat',
+ endpoint: 'https://zkat.tech/api/added',
+ secret: 'supersekrit',
+ type: 'owner',
+ created: '2018-08-21T20:05:25.125Z',
+ updated: '2018-08-21T20:05:25.125Z',
+ deleted: false,
+ delivered: false,
+ last_delivery: null,
+ response_code: 0,
+ status: 'active' }
+```
+
+#### `> hooks.find(id, [opts]) -> Promise`
+
+Returns the hook identified by `id`.
+
+The returned Promise resolves to the full hook object that was found, or error
+with `err.code` of `'E404'` if it didn't exist.
+
+See also: [`GET
+/v1/hooks/hook/:id`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#get-v1hookshookid)
+
+##### Example
+
+```javascript
+await hooks.find('16f7xoal', {token: 'myregistrytoken'})
+
+=>
+
+{ id: '16f7xoal',
+ username: 'zkat',
+ name: 'zkat',
+ endpoint: 'https://zkat.tech/api/added',
+ secret: 'supersekrit',
+ type: 'owner',
+ created: '2018-08-21T20:05:25.125Z',
+ updated: '2018-08-21T20:05:25.125Z',
+ deleted: false,
+ delivered: false,
+ last_delivery: null,
+ response_code: 0,
+ status: 'active' }
+```
+
+#### `> hooks.rm(id, [opts]) -> Promise`
+
+Removes the hook identified by `id`.
+
+The returned Promise resolves to the full hook object that was removed, if it
+existed, or `null` if no such hook was there (instead of erroring).
+
+See also: [`DELETE
+/v1/hooks/hook/:id`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#delete-v1hookshookid)
+
+##### Example
+
+```javascript
+await hooks.rm('16f7xoal', {
+ token: 'myregistrytoken',
+ otp: '694207'
+})
+
+=>
+
+{ id: '16f7xoal',
+ username: 'zkat',
+ name: 'zkat',
+ endpoint: 'https://zkat.tech/api/added',
+ secret: 'supersekrit',
+ type: 'owner',
+ created: '2018-08-21T20:05:25.125Z',
+ updated: '2018-08-21T20:05:25.125Z',
+ deleted: true,
+ delivered: false,
+ last_delivery: null,
+ response_code: 0,
+ status: 'active' }
+
+// Repeat it...
+await hooks.rm('16f7xoal', {
+ token: 'myregistrytoken',
+ otp: '694207'
+})
+
+=> null
+```
+
+#### `> hooks.update(id, endpoint, secret, [opts]) -> Promise`
+
+The `id` should be a hook ID from a previously-created hook.
+
+The `endpoint` should be a fully-qualified http URL for the endpoint the hook
+will send its payload to when it fires. `secret` is a shared secret that the
+hook will send to that endpoint to verify that it's actually coming from the
+registry hook.
+
+The returned Promise resolves to the full hook object that was updated, if it
+existed. Otherwise, it will error with an `'E404'` error code.
+
+See also: [`PUT
+/v1/hooks/hook/:id`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#put-v1hookshookid)
+
+##### Example
+
+```javascript
+await hooks.update('16fxoal', 'https://zkat.tech/api/other', 'newsekrit', {
+ token: 'myregistrytoken',
+ otp: '694207'
+})
+
+=>
+
+{ id: '16f7xoal',
+ username: 'zkat',
+ name: 'zkat',
+ endpoint: 'https://zkat.tech/api/other',
+ secret: 'newsekrit',
+ type: 'owner',
+ created: '2018-08-21T20:05:25.125Z',
+ updated: '2018-08-21T20:14:41.964Z',
+ deleted: false,
+ delivered: false,
+ last_delivery: null,
+ response_code: 0,
+ status: 'active' }
+```
+
+#### `> hooks.ls([opts]) -> Promise`
+
+Resolves to an array of hook objects associated with the account you're
+authenticated as.
+
+Results can be further filtered with three values that can be passed in through
+`opts`:
+
+* `opts.package` - filter results by package name
+* `opts.limit` - maximum number of hooks to return
+* `opts.offset` - pagination offset for results (use with `opts.limit`)
+
+See also:
+ * [`hooks.ls.stream()`](#ls-stream)
+ * [`GET
+/v1/hooks`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#get-v1hooks)
+
+##### Example
+
+```javascript
+await hooks.ls({token: 'myregistrytoken'})
+
+=>
+[
+ { id: '16f7xoal', ... },
+ { id: 'wnyf98a1', ... },
+ ...
+]
+```
+
+#### `> hooks.ls.stream([opts]) -> Stream`
+
+Returns a stream of hook objects associated with the account you're
+authenticated as. The returned stream is a valid `Symbol.asyncIterator` on
+`node@>=10`.
+
+Results can be further filtered with three values that can be passed in through
+`opts`:
+
+* `opts.package` - filter results by package name
+* `opts.limit` - maximum number of hooks to return
+* `opts.offset` - pagination offset for results (use with `opts.limit`)
+
+See also:
+ * [`hooks.ls()`](#ls)
+ * [`GET
+/v1/hooks`](https://github.com/npm/registry/blob/master/docs/hooks/endpoints.md#get-v1hooks)
+
+##### Example
+
+```javascript
+for await (let hook of hooks.ls.stream({token: 'myregistrytoken'})) {
+ console.log('found hook:', hook.id)
+}
+
+=>
+// outputs:
+// found hook: 16f7xoal
+// found hook: wnyf98a1
+```
diff --git a/node_modules/libnpm/node_modules/libnpmhook/index.js b/node_modules/libnpm/node_modules/libnpmhook/index.js
new file mode 100644
index 0000000000000..b489294951dd0
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmhook/index.js
@@ -0,0 +1,80 @@
+'use strict'
+
+const fetch = require('npm-registry-fetch')
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const validate = require('aproba')
+
+const HooksConfig = figgyPudding({
+ package: {},
+ limit: {},
+ offset: {},
+ Promise: {default: () => Promise}
+})
+
+const eu = encodeURIComponent
+const cmd = module.exports = {}
+cmd.add = (name, endpoint, secret, opts) => {
+ opts = HooksConfig(opts)
+ validate('SSSO', [name, endpoint, secret, opts])
+ let type = 'package'
+ if (name.match(/^@[^/]+$/)) {
+ type = 'scope'
+ }
+ if (name[0] === '~') {
+ type = 'owner'
+ name = name.substr(1)
+ }
+ return fetch.json('/-/npm/v1/hooks/hook', opts.concat({
+ method: 'POST',
+ body: { type, name, endpoint, secret }
+ }))
+}
+
+cmd.rm = (id, opts) => {
+ opts = HooksConfig(opts)
+ validate('SO', [id, opts])
+ return fetch.json(`/-/npm/v1/hooks/hook/${eu(id)}`, opts.concat({
+ method: 'DELETE'
+ }, opts)).catch(err => {
+ if (err.code === 'E404') {
+ return null
+ } else {
+ throw err
+ }
+ })
+}
+
+cmd.update = (id, endpoint, secret, opts) => {
+ opts = HooksConfig(opts)
+ validate('SSSO', [id, endpoint, secret, opts])
+ return fetch.json(`/-/npm/v1/hooks/hook/${eu(id)}`, opts.concat({
+ method: 'PUT',
+ body: {endpoint, secret}
+ }, opts))
+}
+
+cmd.find = (id, opts) => {
+ opts = HooksConfig(opts)
+ validate('SO', [id, opts])
+ return fetch.json(`/-/npm/v1/hooks/hook/${eu(id)}`, opts)
+}
+
+cmd.ls = (opts) => {
+ return getStream.array(cmd.ls.stream(opts))
+}
+
+cmd.ls.stream = (opts) => {
+ opts = HooksConfig(opts)
+ const {package: pkg, limit, offset} = opts
+ validate('S|Z', [pkg])
+ validate('N|Z', [limit])
+ validate('N|Z', [offset])
+ return fetch.json.stream('/-/npm/v1/hooks', 'objects.*', opts.concat({
+ query: {
+ package: pkg,
+ limit,
+ offset
+ }
+ }))
+}
diff --git a/node_modules/libnpm/node_modules/libnpmhook/package.json b/node_modules/libnpm/node_modules/libnpmhook/package.json
new file mode 100644
index 0000000000000..2c3b5f44ad547
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmhook/package.json
@@ -0,0 +1,77 @@
+{
+ "_from": "libnpmhook@^5.0.3",
+ "_id": "libnpmhook@5.0.3",
+ "_inBundle": false,
+ "_integrity": "sha512-UdNLMuefVZra/wbnBXECZPefHMGsVDTq5zaM/LgKNE9Keyl5YXQTnGAzEo+nFOpdRqTWI9LYi4ApqF9uVCCtuA==",
+ "_location": "/libnpm/libnpmhook",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "libnpmhook@^5.0.3",
+ "name": "libnpmhook",
+ "escapedName": "libnpmhook",
+ "rawSpec": "^5.0.3",
+ "saveSpec": null,
+ "fetchSpec": "^5.0.3"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/libnpmhook/-/libnpmhook-5.0.3.tgz",
+ "_shasum": "4020c0f5edbf08ebe395325caa5ea01885b928f7",
+ "_spec": "libnpmhook@^5.0.3",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/libnpmhook/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "aproba": "^2.0.0",
+ "figgy-pudding": "^3.4.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "programmatic API for managing npm registry hooks",
+ "devDependencies": {
+ "nock": "^9.6.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/libnpmhook#readme",
+ "keywords": [
+ "npm",
+ "hooks",
+ "registry",
+ "npm api"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "libnpmhook",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/libnpmhook.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --100 --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "5.0.3"
+}
diff --git a/node_modules/libnpm/node_modules/libnpmorg/.travis.yml b/node_modules/libnpm/node_modules/libnpmorg/.travis.yml
new file mode 100644
index 0000000000000..db5ea8b018640
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+ - "10"
+ - "9"
+ - "8"
+ - "6"
diff --git a/node_modules/libnpm/node_modules/libnpmorg/CHANGELOG.md b/node_modules/libnpm/node_modules/libnpmorg/CHANGELOG.md
new file mode 100644
index 0000000000000..3d70c79c5614b
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [1.0.1](https://github.com/npm/libnpmorg/compare/v1.0.0...v1.0.1) (2019-07-16)
+
+
+### Bug Fixes
+
+* **standard:** standard --fix ([5118358](https://github.com/npm/libnpmorg/commit/5118358))
+
+
+
+
+# 1.0.0 (2018-08-23)
+
+
+### Features
+
+* **API:** implement org api ([731b9c6](https://github.com/npm/libnpmorg/commit/731b9c6))
diff --git a/node_modules/libnpm/node_modules/libnpmorg/CODE_OF_CONDUCT.md b/node_modules/libnpm/node_modules/libnpmorg/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000000..aeb72f598dcb4
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/CODE_OF_CONDUCT.md
@@ -0,0 +1,151 @@
+# Code of Conduct
+
+## When Something Happens
+
+If you see a Code of Conduct violation, follow these steps:
+
+1. Let the person know that what they did is not appropriate and ask them to stop and/or edit their message(s) or commits.
+2. That person should immediately stop the behavior and correct the issue.
+3. If this doesn’t happen, or if you're uncomfortable speaking up, [contact the maintainers](#contacting-maintainers).
+4. As soon as available, a maintainer will look into the issue, and take [further action (see below)](#further-enforcement), starting with a warning, then temporary block, then long-term repo or organization ban.
+
+When reporting, please include any relevant details, links, screenshots, context, or other information that may be used to better understand and resolve the situation.
+
+**The maintainer team will prioritize the well-being and comfort of the recipients of the violation over the comfort of the violator.** See [some examples below](#enforcement-examples).
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers of this project pledge to making participation in our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, technical preferences, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+ * Using welcoming and inclusive language.
+ * Being respectful of differing viewpoints and experiences.
+ * Gracefully accepting constructive feedback.
+ * Focusing on what is best for the community.
+ * Showing empathy and kindness towards other community members.
+ * Encouraging and raising up your peers in the project so you can all bask in hacks and glory.
+
+Examples of unacceptable behavior by participants include:
+
+ * The use of sexualized language or imagery and unwelcome sexual attention or advances, including when simulated online. The only exception to sexual topics is channels/spaces specifically for topics of sexual identity.
+ * Casual mention of slavery or indentured servitude and/or false comparisons of one's occupation or situation to slavery. Please consider using or asking about alternate terminology when referring to such metaphors in technology.
+ * Making light of/making mocking comments about trigger warnings and content warnings.
+ * Trolling, insulting/derogatory comments, and personal or political attacks.
+ * Public or private harassment, deliberate intimidation, or threats.
+ * Publishing others' private information, such as a physical or electronic address, without explicit permission. This includes any sort of "outing" of any aspect of someone's identity without their consent.
+ * Publishing private screenshots or quotes of interactions in the context of this project without all quoted users' *explicit* consent.
+ * Publishing of private communication that doesn't have to do with reporting harrassment.
+ * Any of the above even when [presented as "ironic" or "joking"](https://en.wikipedia.org/wiki/Hipster_racism).
+ * Any attempt to present "reverse-ism" versions of the above as violations. Examples of reverse-isms are "reverse racism", "reverse sexism", "heterophobia", and "cisphobia".
+ * Unsolicited explanations under the assumption that someone doesn't already know it. Ask before you teach! Don't assume what people's knowledge gaps are.
+ * [Feigning or exaggerating surprise](https://www.recurse.com/manual#no-feigned-surprise) when someone admits to not knowing something.
+ * "[Well-actuallies](https://www.recurse.com/manual#no-well-actuallys)"
+ * Other conduct which could reasonably be considered inappropriate in a professional or community setting.
+
+## Scope
+
+This Code of Conduct applies both within spaces involving this project and in other spaces involving community members. This includes the repository, its Pull Requests and Issue tracker, its Twitter community, private email communications in the context of the project, and any events where members of the project are participating, as well as adjacent communities and venues affecting the project's members.
+
+Depending on the violation, the maintainers may decide that violations of this code of conduct that have happened outside of the scope of the community may deem an individual unwelcome, and take appropriate action to maintain the comfort and safety of its members.
+
+### Other Community Standards
+
+As a project on GitHub, this project is additionally covered by the [GitHub Community Guidelines](https://help.github.com/articles/github-community-guidelines/).
+
+Additionally, as a project hosted on npm, is is covered by [npm, Inc's Code of Conduct](https://www.npmjs.com/policies/conduct).
+
+Enforcement of those guidelines after violations overlapping with the above are the responsibility of the entities, and enforcement may happen in any or all of the services/communities.
+
+## Maintainer Enforcement Process
+
+Once the maintainers get involved, they will follow a documented series of steps and do their best to preserve the well-being of project members. This section covers actual concrete steps.
+
+### Contacting Maintainers
+
+You may get in touch with the maintainer team through any of the following methods:
+
+ * Through email:
+ * [kzm@zkat.tech](mailto:kzm@zkat.tech) (Kat Marchán)
+
+ * Through Twitter:
+ * [@maybekatz](https://twitter.com/maybekatz) (Kat Marchán)
+
+### Further Enforcement
+
+If you've already followed the [initial enforcement steps](#enforcement), these are the steps maintainers will take for further enforcement, as needed:
+
+ 1. Repeat the request to stop.
+ 2. If the person doubles down, they will have offending messages removed or edited by a maintainers given an official warning. The PR or Issue may be locked.
+ 3. If the behavior continues or is repeated later, the person will be blocked from participating for 24 hours.
+ 4. If the behavior continues or is repeated after the temporary block, a long-term (6-12mo) ban will be used.
+
+On top of this, maintainers may remove any offending messages, images, contributions, etc, as they deem necessary.
+
+Maintainers reserve full rights to skip any of these steps, at their discretion, if the violation is considered to be a serious and/or immediate threat to the health and well-being of members of the community. These include any threats, serious physical or verbal attacks, and other such behavior that would be completely unacceptable in any social setting that puts our members at risk.
+
+Members expelled from events or venues with any sort of paid attendance will not be refunded.
+
+### Who Watches the Watchers?
+
+Maintainers and other leaders who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. These may include anything from removal from the maintainer team to a permanent ban from the community.
+
+Additionally, as a project hosted on both GitHub and npm, [their own Codes of Conducts may be applied against maintainers of this project](#other-community-standards), externally of this project's procedures.
+
+### Enforcement Examples
+
+#### The Best Case
+
+The vast majority of situations work out like this. This interaction is common, and generally positive.
+
+> Alex: "Yeah I used X and it was really crazy!"
+
+> Patt (not a maintainer): "Hey, could you not use that word? What about 'ridiculous' instead?"
+
+> Alex: "oh sorry, sure." -> edits old comment to say "it was really confusing!"
+
+#### The Maintainer Case
+
+Sometimes, though, you need to get maintainers involved. Maintainers will do their best to resolve conflicts, but people who were harmed by something **will take priority**.
+
+> Patt: "Honestly, sometimes I just really hate using $library and anyone who uses it probably sucks at their job."
+
+> Alex: "Whoa there, could you dial it back a bit? There's a CoC thing about attacking folks' tech use like that."
+
+> Patt: "I'm not attacking anyone, what's your problem?"
+
+> Alex: "@maintainers hey uh. Can someone look at this issue? Patt is getting a bit aggro. I tried to nudge them about it, but nope."
+
+> KeeperOfCommitBits: (on issue) "Hey Patt, maintainer here. Could you tone it down? This sort of attack is really not okay in this space."
+
+> Patt: "Leave me alone I haven't said anything bad wtf is wrong with you."
+
+> KeeperOfCommitBits: (deletes user's comment), "@patt I mean it. Please refer to the CoC over at (URL to this CoC) if you have questions, but you can consider this an actual warning. I'd appreciate it if you reworded your messages in this thread, since they made folks there uncomfortable. Let's try and be kind, yeah?"
+
+> Patt: "@keeperofbits Okay sorry. I'm just frustrated and I'm kinda burnt out and I guess I got carried away. I'll DM Alex a note apologizing and edit my messages. Sorry for the trouble."
+
+> KeeperOfCommitBits: "@patt Thanks for that. I hear you on the stress. Burnout sucks :/. Have a good one!"
+
+#### The Nope Case
+
+> PepeTheFrog🐸: "Hi, I am a literal actual nazi and I think white supremacists are quite fashionable."
+
+> Patt: "NOOOOPE. OH NOPE NOPE."
+
+> Alex: "JFC NO. NOPE. @keeperofbits NOPE NOPE LOOK HERE"
+
+> KeeperOfCommitBits: "👀 Nope. NOPE NOPE NOPE. 🔥"
+
+> PepeTheFrog🐸 has been banned from all organization or user repositories belonging to KeeperOfCommitBits.
+
+## Attribution
+
+This Code of Conduct was generated using [WeAllJS Code of Conduct Generator](https://npm.im/weallbehave), which is based on the [WeAllJS Code of
+Conduct](https://wealljs.org/code-of-conduct), which is itself based on
+[Contributor Covenant](http://contributor-covenant.org), version 1.4, available
+at
+[http://contributor-covenant.org/version/1/4](http://contributor-covenant.org/version/1/4),
+and the LGBTQ in Technology Slack [Code of
+Conduct](http://lgbtq.technology/coc.html).
diff --git a/node_modules/libnpm/node_modules/libnpmorg/CONTRIBUTING.md b/node_modules/libnpm/node_modules/libnpmorg/CONTRIBUTING.md
new file mode 100644
index 0000000000000..eb4b58b03ef1a
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/CONTRIBUTING.md
@@ -0,0 +1,256 @@
+# Contributing
+
+## How do I...
+
+* [Use This Guide](#introduction)?
+* Ask or Say Something? 🤔🐛😱
+ * [Request Support](#request-support)
+ * [Report an Error or Bug](#report-an-error-or-bug)
+ * [Request a Feature](#request-a-feature)
+* Make Something? 🤓👩🏽💻📜🍳
+ * [Project Setup](#project-setup)
+ * [Contribute Documentation](#contribute-documentation)
+ * [Contribute Code](#contribute-code)
+* Manage Something ✅🙆🏼💃👔
+ * [Provide Support on Issues](#provide-support-on-issues)
+ * [Label Issues](#label-issues)
+ * [Clean Up Issues and PRs](#clean-up-issues-and-prs)
+ * [Review Pull Requests](#review-pull-requests)
+ * [Merge Pull Requests](#merge-pull-requests)
+ * [Tag a Release](#tag-a-release)
+ * [Join the Project Team](#join-the-project-team)
+* Add a Guide Like This One [To My Project](#attribution)? 🤖😻👻
+
+## Introduction
+
+Thank you so much for your interest in contributing!. All types of contributions are encouraged and valued. See the [table of contents](#toc) for different ways to help and details about how this project handles them!📝
+
+Please make sure to read the relevant section before making your contribution! It will make it a lot easier for us maintainers to make the most of it and smooth out the experience for all involved. 💚
+
+The [Project Team](#join-the-project-team) looks forward to your contributions. 🙌🏾✨
+
+## Request Support
+
+If you have a question about this project, how to use it, or just need clarification about something:
+
+* Open an Issue at https://github.com/npm/libnpmorg/issues
+* Provide as much context as you can about what you're running into.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* Someone will try to have a response soon.
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+
+## Report an Error or Bug
+
+If you run into an error or bug with the project:
+
+* Open an Issue at https://github.com/npm/libnpmorg/issues
+* Include *reproduction steps* that someone else can follow to recreate the bug or error on their own.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* A team member will try to reproduce the issue with your provided steps. If there are no repro steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+* If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#contribute-code).
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+* `critical` issues may be left open, depending on perceived immediacy and severity, even past the 30 day deadline.
+
+## Request a Feature
+
+If the project doesn't do something you need or want it to do:
+
+* Open an Issue at https://github.com/npm/libnpmorg/issues
+* Provide as much context as you can about what you're running into.
+* Please try and be clear about why existing features and alternatives would not work for you.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* The project team will evaluate the feature request, possibly asking you more questions to understand its purpose and any relevant requirements. If the issue is closed, the team will convey their reasoning and suggest an alternative path forward.
+* If the feature request is accepted, it will be marked for implementation with `feature-accepted`, which can then be done by either by a core team member or by anyone in the community who wants to [contribute code](#contribute-code).
+
+Note: The team is unlikely to be able to accept every single feature request that is filed. Please understand if they need to say no.
+
+## Project Setup
+
+So you wanna contribute some code! That's great! This project uses GitHub Pull Requests to manage contributions, so [read up on how to fork a GitHub project and file a PR](https://guides.github.com/activities/forking) if you've never done it before.
+
+If this seems like a lot or you aren't able to do all this setup, you might also be able to [edit the files directly](https://help.github.com/articles/editing-files-in-another-user-s-repository/) without having to do any of this setup. Yes, [even code](#contribute-code).
+
+If you want to go the usual route and run the project locally, though:
+
+* [Install Node.js](https://nodejs.org/en/download/)
+* [Fork the project](https://guides.github.com/activities/forking/#fork)
+
+Then in your terminal:
+* `cd path/to/your/clone`
+* `npm install`
+* `npm test`
+
+And you should be ready to go!
+
+## Contribute Documentation
+
+Documentation is a super important, critical part of this project. Docs are how we keep track of what we're doing, how, and why. It's how we stay on the same page about our policies. And it's how we tell others everything they need in order to be able to use this project -- or contribute to it. So thank you in advance.
+
+Documentation contributions of any size are welcome! Feel free to file a PR even if you're just rewording a sentence to be more clear, or fixing a spelling mistake!
+
+To contribute documentation:
+
+* [Set up the project](#project-setup).
+* Edit or add any relevant documentation.
+* Make sure your changes are formatted correctly and consistently with the rest of the documentation.
+* Re-read what you wrote, and run a spellchecker on it to make sure you didn't miss anything.
+* In your commit message(s), begin the first line with `docs: `. For example: `docs: Adding a doc contrib section to CONTRIBUTING.md`.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md). Documentation commits should use `docs(): `.
+* Go to https://github.com/npm/libnpmorg/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Contribute Code
+
+We like code commits a lot! They're super handy, and they keep the project going and doing the work it needs to do to be useful to others.
+
+Code contributions of just about any size are acceptable!
+
+The main difference between code contributions and documentation contributions is that contributing code requires inclusion of relevant tests for the code being added or changed. Contributions without accompanying tests will be held off until a test is added, unless the maintainers consider the specific tests to be either impossible, or way too much of a burden for such a contribution.
+
+To contribute code:
+
+* [Set up the project](#project-setup).
+* Make any necessary changes to the source code.
+* Include any [additional documentation](#contribute-documentation) the changes might need.
+* Write tests that verify that your contribution works as expected.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md).
+* Dependency updates, additions, or removals must be in individual commits, and the message must use the format: `(deps): PKG@VERSION`, where `` is any of the usual `conventional-changelog` prefixes, at your discretion.
+* Go to https://github.com/npm/libnpmorg/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* Barring special circumstances, maintainers will not review PRs until all checks pass (Travis, AppVeyor, etc).
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review. Additional tags (such as `needs-tests`) will be added depending on the review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Provide Support on Issues
+
+[Needs Collaborator](#join-the-project-team): none
+
+Helping out other users with their questions is a really awesome way of contributing to any community. It's not uncommon for most of the issues on an open source projects being support-related questions by users trying to understand something they ran into, or find their way around a known bug.
+
+Sometimes, the `support` label will be added to things that turn out to actually be other things, like bugs or feature requests. In that case, suss out the details with the person who filed the original issue, add a comment explaining what the bug is, and change the label from `support` to `bug` or `feature`. If you can't do this yourself, @mention a maintainer so they can do it.
+
+In order to help other folks out with their questions:
+
+* Go to the issue tracker and [filter open issues by the `support` label](https://github.com/npm/libnpmorg/issues?q=is%3Aopen+is%3Aissue+label%3Asupport).
+* Read through the list until you find something that you're familiar enough with to give an answer to.
+* Respond to the issue with whatever details are needed to clarify the question, or get more details about what's going on.
+* Once the discussion wraps up and things are clarified, either close the issue, or ask the original issue filer (or a maintainer) to close it for you.
+
+Some notes on picking up support issues:
+
+* Avoid responding to issues you don't know you can answer accurately.
+* As much as possible, try to refer to past issues with accepted answers. Link to them from your replies with the `#123` format.
+* Be kind and patient with users -- often, folks who have run into confusing things might be upset or impatient. This is ok. Try to understand where they're coming from, and if you're too uncomfortable with the tone, feel free to stay away or withdraw from the issue. (note: if the user is outright hostile or is violating the CoC, [refer to the Code of Conduct](CODE_OF_CONDUCT.md) to resolve the conflict).
+
+## Label Issues
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+One of the most important tasks in handling issues is labeling them usefully and accurately. All other tasks involving issues ultimately rely on the issue being classified in such a way that relevant parties looking to do their own tasks can find them quickly and easily.
+
+In order to label issues, [open up the list of unlabeled issues](https://github.com/npm/libnpmorg/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and, **from newest to oldest**, read through each one and apply issue labels according to the table below. If you're unsure about what label to apply, skip the issue and try the next one: don't feel obligated to label each and every issue yourself!
+
+Label | Apply When | Notes
+--- | --- | ---
+`bug` | Cases where the code (or documentation) is behaving in a way it wasn't intended to. | If something is happening that surprises the *user* but does not go against the way the code is designed, it should use the `enhancement` label.
+`critical` | Added to `bug` issues if the problem described makes the code completely unusable in a common situation. |
+`documentation` | Added to issues or pull requests that affect any of the documentation for the project. | Can be combined with other labels, such as `bug` or `enhancement`.
+`duplicate` | Added to issues or PRs that refer to the exact same issue as another one that's been previously labeled. | Duplicate issues should be marked and closed right away, with a message referencing the issue it's a duplicate of (with `#123`)
+`enhancement` | Added to [feature requests](#request-a-feature), PRs, or documentation issues that are purely additive: the code or docs currently work as expected, but a change is being requested or suggested. |
+`help wanted` | Applied by [Committers](#join-the-project-team) to issues and PRs that they would like to get outside help for. Generally, this means it's lower priority for the maintainer team to itself implement, but that the community is encouraged to pick up if they so desire | Never applied on first-pass labeling.
+`in-progress` | Applied by [Committers](#join-the-project-team) to PRs that are pending some work before they're ready for review. | The original PR submitter should @mention the team member that applied the label once the PR is complete.
+`performance` | This issue or PR is directly related to improving performance. |
+`refactor` | Added to issues or PRs that deal with cleaning up or modifying the project for the betterment of it. |
+`starter` | Applied by [Committers](#join-the-project-team) to issues that they consider good introductions to the project for people who have not contributed before. These are not necessarily "easy", but rather focused around how much context is necessary in order to understand what needs to be done for this project in particular. | Existing project members are expected to stay away from these unless they increase in priority.
+`support` | This issue is either asking a question about how to use the project, clarifying the reason for unexpected behavior, or possibly reporting a `bug` but does not have enough detail yet to determine whether it would count as such. | The label should be switched to `bug` if reliable reproduction steps are provided. Issues primarily with unintended configurations of a user's environment are not considered bugs, even if they cause crashes.
+`tests` | This issue or PR either requests or adds primarily tests to the project. | If a PR is pending tests, that will be handled through the [PR review process](#review-pull-requests)
+`wontfix` | Labelers may apply this label to issues that clearly have nothing at all to do with the project or are otherwise entirely outside of its scope/sphere of influence. [Committers](#join-the-project-team) may apply this label and close an issue or PR if they decide to pass on an otherwise relevant issue. | The issue or PR should be closed as soon as the label is applied, and a clear explanation provided of why the label was used. Contributors are free to contest the labeling, but the decision ultimately falls on committers as to whether to accept something or not.
+
+## Clean Up Issues and PRs
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+Issues and PRs can go stale after a while. Maybe they're abandoned. Maybe the team will just plain not have time to address them any time soon.
+
+In these cases, they should be closed until they're brought up again or the interaction starts over.
+
+To clean up issues and PRs:
+
+* Search the issue tracker for issues or PRs, and add the term `updated:<=YYYY-MM-DD`, where the date is 30 days before today.
+* Go through each issue *from oldest to newest*, and close them if **all of the following are true**:
+ * not opened by a maintainer
+ * not marked as `critical`
+ * not marked as `starter` or `help wanted` (these might stick around for a while, in general, as they're intended to be available)
+ * no explicit messages in the comments asking for it to be left open
+ * does not belong to a milestone
+* Leave a message when closing saying "Cleaning up stale issue. Please reopen or ping us if and when you're ready to resume this. See https://github.com/npm/libnpmorg/blob/latest/CONTRIBUTING.md#clean-up-issues-and-prs for more details."
+
+## Review Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+While anyone can comment on a PR, add feedback, etc, PRs are only *approved* by team members with Issue Tracker or higher permissions.
+
+PR reviews use [GitHub's own review feature](https://help.github.com/articles/about-pull-request-reviews/), which manages comments, approval, and review iteration.
+
+Some notes:
+
+* You may ask for minor changes ("nitpicks"), but consider whether they are really blockers to merging: try to err on the side of "approve, with comments".
+* *ALL PULL REQUESTS* should be covered by a test: either by a previously-failing test, an existing test that covers the entire functionality of the submitted code, or new tests to verify any new/changed behavior. All tests must also pass and follow established conventions. Test coverage should not drop, unless the specific case is considered reasonable by maintainers.
+* Please make sure you're familiar with the code or documentation being updated, unless it's a minor change (spellchecking, minor formatting, etc). You may @mention another project member who you think is better suited for the review, but still provide a non-approving review of your own.
+* Be extra kind: people who submit code/doc contributions are putting themselves in a pretty vulnerable position, and have put time and care into what they've done (even if that's not obvious to you!) -- always respond with respect, be understanding, but don't feel like you need to sacrifice your standards for their sake, either. Just don't be a jerk about it?
+
+## Merge Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process.
+
+## Tag A Release
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process. The most important bit here is probably that all tests must pass, and tags must use [semver](https://semver.org).
+
+## Join the Project Team
+
+### Ways to Join
+
+There are many ways to contribute! Most of them don't require any official status unless otherwise noted. That said, there's a couple of positions that grant special repository abilities, and this section describes how they're granted and what they do.
+
+All of the below positions are granted based on the project team's needs, as well as their consensus opinion about whether they would like to work with the person and think that they would fit well into that position. The process is relatively informal, and it's likely that people who express interest in participating can just be granted the permissions they'd like.
+
+You can spot a collaborator on the repo by looking for the `[Collaborator]` or `[Owner]` tags next to their names.
+
+Permission | Description
+--- | ---
+Issue Tracker | Granted to contributors who express a strong interest in spending time on the project's issue tracker. These tasks are mainly [labeling issues](#label-issues), [cleaning up old ones](#clean-up-issues-and-prs), and [reviewing pull requests](#review-pull-requests), as well as all the usual things non-team-member contributors can do. Issue handlers should not merge pull requests, tag releases, or directly commit code themselves: that should still be done through the usual pull request process. Becoming an Issue Handler means the project team trusts you to understand enough of the team's process and context to implement it on the issue tracker.
+Committer | Granted to contributors who want to handle the actual pull request merges, tagging new versions, etc. Committers should have a good level of familiarity with the codebase, and enough context to understand the implications of various changes, as well as a good sense of the will and expectations of the project team.
+Admin/Owner | Granted to people ultimately responsible for the project, its community, etc.
+
+## Attribution
+
+This guide was generated using the WeAllJS `CONTRIBUTING.md` generator. [Make your own](https://npm.im/weallcontribute)!
diff --git a/node_modules/libnpm/node_modules/libnpmorg/LICENSE b/node_modules/libnpm/node_modules/libnpmorg/LICENSE
new file mode 100644
index 0000000000000..209e4477f39c1
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/LICENSE
@@ -0,0 +1,13 @@
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/libnpmorg/PULL_REQUEST_TEMPLATE b/node_modules/libnpm/node_modules/libnpmorg/PULL_REQUEST_TEMPLATE
new file mode 100644
index 0000000000000..9471c6d325f7e
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/PULL_REQUEST_TEMPLATE
@@ -0,0 +1,7 @@
+
diff --git a/node_modules/libnpm/node_modules/libnpmorg/README.md b/node_modules/libnpm/node_modules/libnpmorg/README.md
new file mode 100644
index 0000000000000..6244794eda016
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/README.md
@@ -0,0 +1,144 @@
+# libnpmorg [](https://npm.im/libnpmorg) [](https://npm.im/libnpmorg) [](https://travis-ci.org/npm/libnpmorg) [](https://ci.appveyor.com/project/zkat/libnpmorg) [](https://coveralls.io/github/npm/libnpmorg?branch=latest)
+
+[`libnpmorg`](https://github.com/npm/libnpmorg) is a Node.js library for
+programmatically accessing the [npm Org membership
+API](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#membership-detail).
+
+## Example
+
+```js
+const org = require('libnpmorg')
+
+console.log(await org.ls('myorg', {token: 'deadbeef'}))
+=>
+Roster {
+ zkat: 'developer',
+ iarna: 'admin',
+ isaacs: 'owner'
+}
+```
+
+## Install
+
+`$ npm install libnpmorg`
+
+## Table of Contents
+
+* [Example](#example)
+* [Install](#install)
+* [API](#api)
+ * [hook opts](#opts)
+ * [`set()`](#set)
+ * [`rm()`](#rm)
+ * [`ls()`](#ls)
+ * [`ls.stream()`](#ls-stream)
+
+### API
+
+#### `opts` for `libnpmorg` commands
+
+`libnpmorg` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+All options are passed through directly to that library, so please refer to [its
+own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+A couple of options of note for those in a hurry:
+
+* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.
+* `opts.otp` - certain operations will require an OTP token to be passed in. If a `libnpmorg` command fails with `err.code === EOTP`, please retry the request with `{otp: <2fa token>}`
+* `opts.Promise` - If you pass this in, the Promises returned by `libnpmorg` commands will use this Promise class instead. For example: `{Promise: require('bluebird')}`
+
+#### `> org.set(org, user, [role], [opts]) -> Promise`
+
+The returned Promise resolves to a [Membership
+Detail](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#membership-detail)
+object.
+
+The `role` is optional and should be one of `admin`, `owner`, or `developer`.
+`developer` is the default if no `role` is provided.
+
+`org` and `user` must be scope names for the org name and user name
+respectively. They can optionally be prefixed with `@`.
+
+See also: [`PUT
+/-/org/:scope/user`](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#org-membership-replace)
+
+##### Example
+
+```javascript
+await org.set('@myorg', '@myuser', 'admin', {token: 'deadbeef'})
+=>
+MembershipDetail {
+ org: {
+ name: 'myorg',
+ size: 15
+ },
+ user: 'myuser',
+ role: 'admin'
+}
+```
+
+#### `> org.rm(org, user, [opts]) -> Promise`
+
+The Promise resolves to `null` on success.
+
+`org` and `user` must be scope names for the org name and user name
+respectively. They can optionally be prefixed with `@`.
+
+See also: [`DELETE
+/-/org/:scope/user`](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#org-membership-delete)
+
+##### Example
+
+```javascript
+await org.rm('myorg', 'myuser', {token: 'deadbeef'})
+```
+
+#### `> org.ls(org, [opts]) -> Promise`
+
+The Promise resolves to a
+[Roster](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#roster)
+object.
+
+`org` must be a scope name for an org, and can be optionally prefixed with `@`.
+
+See also: [`GET
+/-/org/:scope/user`](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#org-roster)
+
+##### Example
+
+```javascript
+await org.ls('myorg', {token: 'deadbeef'})
+=>
+Roster {
+ zkat: 'developer',
+ iarna: 'admin',
+ isaacs: 'owner'
+}
+```
+
+#### `> org.ls.stream(org, [opts]) -> Stream`
+
+Returns a stream of entries for a
+[Roster](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#roster),
+with each emitted entry in `[key, value]` format.
+
+`org` must be a scope name for an org, and can be optionally prefixed with `@`.
+
+The returned stream is a valid `Symbol.asyncIterator`.
+
+See also: [`GET
+/-/org/:scope/user`](https://github.com/npm/registry/blob/master/docs/orgs/memberships.md#org-roster)
+
+##### Example
+
+```javascript
+for await (let [user, role] of org.ls.stream('myorg', {token: 'deadbeef'})) {
+ console.log(`user: ${user} (${role})`)
+}
+=>
+user: zkat (developer)
+user: iarna (admin)
+user: isaacs (owner)
+```
diff --git a/node_modules/libnpm/node_modules/libnpmorg/appveyor.yml b/node_modules/libnpm/node_modules/libnpmorg/appveyor.yml
new file mode 100644
index 0000000000000..9cc64c58e02f9
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/appveyor.yml
@@ -0,0 +1,22 @@
+environment:
+ matrix:
+ - nodejs_version: "10"
+ - nodejs_version: "9"
+ - nodejs_version: "8"
+ - nodejs_version: "6"
+
+platform:
+ - x64
+
+install:
+ - ps: Install-Product node $env:nodejs_version $env:platform
+ - npm config set spin false
+ - npm install
+
+test_script:
+ - npm test
+
+matrix:
+ fast_finish: true
+
+build: off
diff --git a/node_modules/libnpm/node_modules/libnpmorg/index.js b/node_modules/libnpm/node_modules/libnpmorg/index.js
new file mode 100644
index 0000000000000..cd3e51e6ad172
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/index.js
@@ -0,0 +1,71 @@
+'use strict'
+
+const eu = encodeURIComponent
+const fetch = require('npm-registry-fetch')
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const validate = require('aproba')
+
+const OrgConfig = figgyPudding({
+ Promise: { default: () => Promise }
+})
+
+// From https://github.com/npm/registry/blob/master/docs/orgs/memberships.md
+const cmd = module.exports = {}
+
+class MembershipDetail {}
+cmd.set = (org, user, role, opts) => {
+ if (typeof role === 'object' && !opts) {
+ opts = role
+ role = undefined
+ }
+ opts = OrgConfig(opts)
+ return new opts.Promise((resolve, reject) => {
+ validate('SSSO|SSZO', [org, user, role, opts])
+ user = user.replace(/^@?/, '')
+ org = org.replace(/^@?/, '')
+ fetch.json(`/-/org/${eu(org)}/user`, opts.concat({
+ method: 'PUT',
+ body: { user, role }
+ })).then(resolve, reject)
+ }).then(ret => Object.assign(new MembershipDetail(), ret))
+}
+
+cmd.rm = (org, user, opts) => {
+ opts = OrgConfig(opts)
+ return new opts.Promise((resolve, reject) => {
+ validate('SSO', [org, user, opts])
+ user = user.replace(/^@?/, '')
+ org = org.replace(/^@?/, '')
+ fetch(`/-/org/${eu(org)}/user`, opts.concat({
+ method: 'DELETE',
+ body: { user },
+ ignoreBody: true
+ })).then(resolve, reject)
+ }).then(() => null)
+}
+
+class Roster {}
+cmd.ls = (org, opts) => {
+ opts = OrgConfig(opts)
+ return new opts.Promise((resolve, reject) => {
+ getStream.array(cmd.ls.stream(org, opts)).then(entries => {
+ const obj = {}
+ for (let [key, val] of entries) {
+ obj[key] = val
+ }
+ return obj
+ }).then(resolve, reject)
+ }).then(ret => Object.assign(new Roster(), ret))
+}
+
+cmd.ls.stream = (org, opts) => {
+ opts = OrgConfig(opts)
+ validate('SO', [org, opts])
+ org = org.replace(/^@?/, '')
+ return fetch.json.stream(`/-/org/${eu(org)}/user`, '*', opts.concat({
+ mapJson (value, [key]) {
+ return [key, value]
+ }
+ }))
+}
diff --git a/node_modules/libnpm/node_modules/libnpmorg/package.json b/node_modules/libnpm/node_modules/libnpmorg/package.json
new file mode 100644
index 0000000000000..449c0a1534cae
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/package.json
@@ -0,0 +1,74 @@
+{
+ "_from": "libnpmorg@^1.0.1",
+ "_id": "libnpmorg@1.0.1",
+ "_inBundle": false,
+ "_integrity": "sha512-0sRUXLh+PLBgZmARvthhYXQAWn0fOsa6T5l3JSe2n9vKG/lCVK4nuG7pDsa7uMq+uTt2epdPK+a2g6btcY11Ww==",
+ "_location": "/libnpm/libnpmorg",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "libnpmorg@^1.0.1",
+ "name": "libnpmorg",
+ "escapedName": "libnpmorg",
+ "rawSpec": "^1.0.1",
+ "saveSpec": null,
+ "fetchSpec": "^1.0.1"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/libnpmorg/-/libnpmorg-1.0.1.tgz",
+ "_shasum": "5d2503f6ceb57f33dbdcc718e6698fea6d5ad087",
+ "_spec": "libnpmorg@^1.0.1",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/libnpmorg/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "aproba": "^2.0.0",
+ "figgy-pudding": "^3.4.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "Programmatic api for `npm org` commands",
+ "devDependencies": {
+ "nock": "^9.6.1",
+ "standard": "^12.0.0",
+ "standard-version": "*",
+ "tap": "*",
+ "weallbehave": "*",
+ "weallcontribute": "*"
+ },
+ "homepage": "https://npmjs.com/package/libnpmorg",
+ "keywords": [
+ "libnpm",
+ "npm",
+ "package manager",
+ "api",
+ "orgs",
+ "teams"
+ ],
+ "license": "ISC",
+ "name": "libnpmorg",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/libnpmorg.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --100 test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "1.0.1"
+}
diff --git a/node_modules/libnpm/node_modules/libnpmorg/test/index.js b/node_modules/libnpm/node_modules/libnpmorg/test/index.js
new file mode 100644
index 0000000000000..e6ec33ab8a6c4
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/test/index.js
@@ -0,0 +1,81 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const test = require('tap').test
+const tnock = require('./util/tnock.js')
+
+const org = require('../index.js')
+
+const OPTS = figgyPudding({ registry: {} })({
+ registry: 'https://mock.reg/'
+})
+
+test('set', t => {
+ const memDeets = {
+ org: {
+ name: 'myorg',
+ size: 15
+ },
+ user: 'myuser',
+ role: 'admin'
+ }
+ tnock(t, OPTS.registry).put('/-/org/myorg/user', {
+ user: 'myuser',
+ role: 'admin'
+ }).reply(201, memDeets)
+ return org.set('myorg', 'myuser', 'admin', OPTS).then(res => {
+ t.deepEqual(res, memDeets, 'got a membership details object back')
+ })
+})
+
+test('optional role for set', t => {
+ const memDeets = {
+ org: {
+ name: 'myorg',
+ size: 15
+ },
+ user: 'myuser',
+ role: 'developer'
+ }
+ tnock(t, OPTS.registry).put('/-/org/myorg/user', {
+ user: 'myuser'
+ }).reply(201, memDeets)
+ return org.set('myorg', 'myuser', OPTS).then(res => {
+ t.deepEqual(res, memDeets, 'got a membership details object back')
+ })
+})
+
+test('rm', t => {
+ tnock(t, OPTS.registry).delete('/-/org/myorg/user', {
+ user: 'myuser'
+ }).reply(204)
+ return org.rm('myorg', 'myuser', OPTS).then(() => {
+ t.ok(true, 'request succeeded')
+ })
+})
+
+test('ls', t => {
+ const roster = {
+ 'zkat': 'developer',
+ 'iarna': 'admin',
+ 'isaacs': 'owner'
+ }
+ tnock(t, OPTS.registry).get('/-/org/myorg/user').reply(200, roster)
+ return org.ls('myorg', OPTS).then(res => {
+ t.deepEqual(res, roster, 'got back a roster')
+ })
+})
+
+test('ls stream', t => {
+ const roster = {
+ 'zkat': 'developer',
+ 'iarna': 'admin',
+ 'isaacs': 'owner'
+ }
+ const rosterArr = Object.keys(roster).map(k => [k, roster[k]])
+ tnock(t, OPTS.registry).get('/-/org/myorg/user').reply(200, roster)
+ return getStream.array(org.ls.stream('myorg', OPTS)).then(res => {
+ t.deepEqual(res, rosterArr, 'got back a roster, in entries format')
+ })
+})
diff --git a/node_modules/libnpm/node_modules/libnpmorg/test/util/tnock.js b/node_modules/libnpm/node_modules/libnpmorg/test/util/tnock.js
new file mode 100644
index 0000000000000..00b6e160e1019
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmorg/test/util/tnock.js
@@ -0,0 +1,12 @@
+'use strict'
+
+const nock = require('nock')
+
+module.exports = tnock
+function tnock (t, host) {
+ const server = nock(host)
+ t.tearDown(function () {
+ server.done()
+ })
+ return server
+}
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/.travis.yml b/node_modules/libnpm/node_modules/libnpmsearch/.travis.yml
new file mode 100644
index 0000000000000..db5ea8b018640
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+ - "10"
+ - "9"
+ - "8"
+ - "6"
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/CHANGELOG.md b/node_modules/libnpm/node_modules/libnpmsearch/CHANGELOG.md
new file mode 100644
index 0000000000000..1adf2d0db52ce
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/CHANGELOG.md
@@ -0,0 +1,42 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [2.0.2](https://github.com/npm/libnpmsearch/compare/v2.0.1...v2.0.2) (2019-07-16)
+
+
+
+
+## [2.0.1](https://github.com/npm/libnpmsearch/compare/v2.0.0...v2.0.1) (2019-06-10)
+
+
+### Bug Fixes
+
+* **opts:** support `opts.from` properly ([#2](https://github.com/npm/libnpmsearch/issues/2)) ([da6636c](https://github.com/npm/libnpmsearch/commit/da6636c))
+* **standard:** standard --fix ([beca19c](https://github.com/npm/libnpmsearch/commit/beca19c))
+
+
+
+
+# [2.0.0](https://github.com/npm/libnpmsearch/compare/v1.0.0...v2.0.0) (2018-08-28)
+
+
+### Features
+
+* **opts:** added options for pagination, details, and sorting weights ([ff97eb5](https://github.com/npm/libnpmsearch/commit/ff97eb5))
+
+
+### BREAKING CHANGES
+
+* **opts:** this changes default requests and makes libnpmsearch return more complete data for individual packages, without null-defaulting
+
+
+
+
+# 1.0.0 (2018-08-27)
+
+
+### Features
+
+* **api:** got API working ([fe90008](https://github.com/npm/libnpmsearch/commit/fe90008))
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/CODE_OF_CONDUCT.md b/node_modules/libnpm/node_modules/libnpmsearch/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000000..aeb72f598dcb4
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/CODE_OF_CONDUCT.md
@@ -0,0 +1,151 @@
+# Code of Conduct
+
+## When Something Happens
+
+If you see a Code of Conduct violation, follow these steps:
+
+1. Let the person know that what they did is not appropriate and ask them to stop and/or edit their message(s) or commits.
+2. That person should immediately stop the behavior and correct the issue.
+3. If this doesn’t happen, or if you're uncomfortable speaking up, [contact the maintainers](#contacting-maintainers).
+4. As soon as available, a maintainer will look into the issue, and take [further action (see below)](#further-enforcement), starting with a warning, then temporary block, then long-term repo or organization ban.
+
+When reporting, please include any relevant details, links, screenshots, context, or other information that may be used to better understand and resolve the situation.
+
+**The maintainer team will prioritize the well-being and comfort of the recipients of the violation over the comfort of the violator.** See [some examples below](#enforcement-examples).
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers of this project pledge to making participation in our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, technical preferences, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+ * Using welcoming and inclusive language.
+ * Being respectful of differing viewpoints and experiences.
+ * Gracefully accepting constructive feedback.
+ * Focusing on what is best for the community.
+ * Showing empathy and kindness towards other community members.
+ * Encouraging and raising up your peers in the project so you can all bask in hacks and glory.
+
+Examples of unacceptable behavior by participants include:
+
+ * The use of sexualized language or imagery and unwelcome sexual attention or advances, including when simulated online. The only exception to sexual topics is channels/spaces specifically for topics of sexual identity.
+ * Casual mention of slavery or indentured servitude and/or false comparisons of one's occupation or situation to slavery. Please consider using or asking about alternate terminology when referring to such metaphors in technology.
+ * Making light of/making mocking comments about trigger warnings and content warnings.
+ * Trolling, insulting/derogatory comments, and personal or political attacks.
+ * Public or private harassment, deliberate intimidation, or threats.
+ * Publishing others' private information, such as a physical or electronic address, without explicit permission. This includes any sort of "outing" of any aspect of someone's identity without their consent.
+ * Publishing private screenshots or quotes of interactions in the context of this project without all quoted users' *explicit* consent.
+ * Publishing of private communication that doesn't have to do with reporting harrassment.
+ * Any of the above even when [presented as "ironic" or "joking"](https://en.wikipedia.org/wiki/Hipster_racism).
+ * Any attempt to present "reverse-ism" versions of the above as violations. Examples of reverse-isms are "reverse racism", "reverse sexism", "heterophobia", and "cisphobia".
+ * Unsolicited explanations under the assumption that someone doesn't already know it. Ask before you teach! Don't assume what people's knowledge gaps are.
+ * [Feigning or exaggerating surprise](https://www.recurse.com/manual#no-feigned-surprise) when someone admits to not knowing something.
+ * "[Well-actuallies](https://www.recurse.com/manual#no-well-actuallys)"
+ * Other conduct which could reasonably be considered inappropriate in a professional or community setting.
+
+## Scope
+
+This Code of Conduct applies both within spaces involving this project and in other spaces involving community members. This includes the repository, its Pull Requests and Issue tracker, its Twitter community, private email communications in the context of the project, and any events where members of the project are participating, as well as adjacent communities and venues affecting the project's members.
+
+Depending on the violation, the maintainers may decide that violations of this code of conduct that have happened outside of the scope of the community may deem an individual unwelcome, and take appropriate action to maintain the comfort and safety of its members.
+
+### Other Community Standards
+
+As a project on GitHub, this project is additionally covered by the [GitHub Community Guidelines](https://help.github.com/articles/github-community-guidelines/).
+
+Additionally, as a project hosted on npm, is is covered by [npm, Inc's Code of Conduct](https://www.npmjs.com/policies/conduct).
+
+Enforcement of those guidelines after violations overlapping with the above are the responsibility of the entities, and enforcement may happen in any or all of the services/communities.
+
+## Maintainer Enforcement Process
+
+Once the maintainers get involved, they will follow a documented series of steps and do their best to preserve the well-being of project members. This section covers actual concrete steps.
+
+### Contacting Maintainers
+
+You may get in touch with the maintainer team through any of the following methods:
+
+ * Through email:
+ * [kzm@zkat.tech](mailto:kzm@zkat.tech) (Kat Marchán)
+
+ * Through Twitter:
+ * [@maybekatz](https://twitter.com/maybekatz) (Kat Marchán)
+
+### Further Enforcement
+
+If you've already followed the [initial enforcement steps](#enforcement), these are the steps maintainers will take for further enforcement, as needed:
+
+ 1. Repeat the request to stop.
+ 2. If the person doubles down, they will have offending messages removed or edited by a maintainers given an official warning. The PR or Issue may be locked.
+ 3. If the behavior continues or is repeated later, the person will be blocked from participating for 24 hours.
+ 4. If the behavior continues or is repeated after the temporary block, a long-term (6-12mo) ban will be used.
+
+On top of this, maintainers may remove any offending messages, images, contributions, etc, as they deem necessary.
+
+Maintainers reserve full rights to skip any of these steps, at their discretion, if the violation is considered to be a serious and/or immediate threat to the health and well-being of members of the community. These include any threats, serious physical or verbal attacks, and other such behavior that would be completely unacceptable in any social setting that puts our members at risk.
+
+Members expelled from events or venues with any sort of paid attendance will not be refunded.
+
+### Who Watches the Watchers?
+
+Maintainers and other leaders who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. These may include anything from removal from the maintainer team to a permanent ban from the community.
+
+Additionally, as a project hosted on both GitHub and npm, [their own Codes of Conducts may be applied against maintainers of this project](#other-community-standards), externally of this project's procedures.
+
+### Enforcement Examples
+
+#### The Best Case
+
+The vast majority of situations work out like this. This interaction is common, and generally positive.
+
+> Alex: "Yeah I used X and it was really crazy!"
+
+> Patt (not a maintainer): "Hey, could you not use that word? What about 'ridiculous' instead?"
+
+> Alex: "oh sorry, sure." -> edits old comment to say "it was really confusing!"
+
+#### The Maintainer Case
+
+Sometimes, though, you need to get maintainers involved. Maintainers will do their best to resolve conflicts, but people who were harmed by something **will take priority**.
+
+> Patt: "Honestly, sometimes I just really hate using $library and anyone who uses it probably sucks at their job."
+
+> Alex: "Whoa there, could you dial it back a bit? There's a CoC thing about attacking folks' tech use like that."
+
+> Patt: "I'm not attacking anyone, what's your problem?"
+
+> Alex: "@maintainers hey uh. Can someone look at this issue? Patt is getting a bit aggro. I tried to nudge them about it, but nope."
+
+> KeeperOfCommitBits: (on issue) "Hey Patt, maintainer here. Could you tone it down? This sort of attack is really not okay in this space."
+
+> Patt: "Leave me alone I haven't said anything bad wtf is wrong with you."
+
+> KeeperOfCommitBits: (deletes user's comment), "@patt I mean it. Please refer to the CoC over at (URL to this CoC) if you have questions, but you can consider this an actual warning. I'd appreciate it if you reworded your messages in this thread, since they made folks there uncomfortable. Let's try and be kind, yeah?"
+
+> Patt: "@keeperofbits Okay sorry. I'm just frustrated and I'm kinda burnt out and I guess I got carried away. I'll DM Alex a note apologizing and edit my messages. Sorry for the trouble."
+
+> KeeperOfCommitBits: "@patt Thanks for that. I hear you on the stress. Burnout sucks :/. Have a good one!"
+
+#### The Nope Case
+
+> PepeTheFrog🐸: "Hi, I am a literal actual nazi and I think white supremacists are quite fashionable."
+
+> Patt: "NOOOOPE. OH NOPE NOPE."
+
+> Alex: "JFC NO. NOPE. @keeperofbits NOPE NOPE LOOK HERE"
+
+> KeeperOfCommitBits: "👀 Nope. NOPE NOPE NOPE. 🔥"
+
+> PepeTheFrog🐸 has been banned from all organization or user repositories belonging to KeeperOfCommitBits.
+
+## Attribution
+
+This Code of Conduct was generated using [WeAllJS Code of Conduct Generator](https://npm.im/weallbehave), which is based on the [WeAllJS Code of
+Conduct](https://wealljs.org/code-of-conduct), which is itself based on
+[Contributor Covenant](http://contributor-covenant.org), version 1.4, available
+at
+[http://contributor-covenant.org/version/1/4](http://contributor-covenant.org/version/1/4),
+and the LGBTQ in Technology Slack [Code of
+Conduct](http://lgbtq.technology/coc.html).
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/CONTRIBUTING.md b/node_modules/libnpm/node_modules/libnpmsearch/CONTRIBUTING.md
new file mode 100644
index 0000000000000..1a61601a16dba
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/CONTRIBUTING.md
@@ -0,0 +1,256 @@
+# Contributing
+
+## How do I...
+
+* [Use This Guide](#introduction)?
+* Ask or Say Something? 🤔🐛😱
+ * [Request Support](#request-support)
+ * [Report an Error or Bug](#report-an-error-or-bug)
+ * [Request a Feature](#request-a-feature)
+* Make Something? 🤓👩🏽💻📜🍳
+ * [Project Setup](#project-setup)
+ * [Contribute Documentation](#contribute-documentation)
+ * [Contribute Code](#contribute-code)
+* Manage Something ✅🙆🏼💃👔
+ * [Provide Support on Issues](#provide-support-on-issues)
+ * [Label Issues](#label-issues)
+ * [Clean Up Issues and PRs](#clean-up-issues-and-prs)
+ * [Review Pull Requests](#review-pull-requests)
+ * [Merge Pull Requests](#merge-pull-requests)
+ * [Tag a Release](#tag-a-release)
+ * [Join the Project Team](#join-the-project-team)
+* Add a Guide Like This One [To My Project](#attribution)? 🤖😻👻
+
+## Introduction
+
+Thank you so much for your interest in contributing!. All types of contributions are encouraged and valued. See the [table of contents](#toc) for different ways to help and details about how this project handles them!📝
+
+Please make sure to read the relevant section before making your contribution! It will make it a lot easier for us maintainers to make the most of it and smooth out the experience for all involved. 💚
+
+The [Project Team](#join-the-project-team) looks forward to your contributions. 🙌🏾✨
+
+## Request Support
+
+If you have a question about this project, how to use it, or just need clarification about something:
+
+* Open an Issue at https://github.com/npm/libnpmsearch/issues
+* Provide as much context as you can about what you're running into.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* Someone will try to have a response soon.
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+
+## Report an Error or Bug
+
+If you run into an error or bug with the project:
+
+* Open an Issue at https://github.com/npm/libnpmsearch/issues
+* Include *reproduction steps* that someone else can follow to recreate the bug or error on their own.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* A team member will try to reproduce the issue with your provided steps. If there are no repro steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+* If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#contribute-code).
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+* `critical` issues may be left open, depending on perceived immediacy and severity, even past the 30 day deadline.
+
+## Request a Feature
+
+If the project doesn't do something you need or want it to do:
+
+* Open an Issue at https://github.com/npm/libnpmsearch/issues
+* Provide as much context as you can about what you're running into.
+* Please try and be clear about why existing features and alternatives would not work for you.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* The project team will evaluate the feature request, possibly asking you more questions to understand its purpose and any relevant requirements. If the issue is closed, the team will convey their reasoning and suggest an alternative path forward.
+* If the feature request is accepted, it will be marked for implementation with `feature-accepted`, which can then be done by either by a core team member or by anyone in the community who wants to [contribute code](#contribute-code).
+
+Note: The team is unlikely to be able to accept every single feature request that is filed. Please understand if they need to say no.
+
+## Project Setup
+
+So you wanna contribute some code! That's great! This project uses GitHub Pull Requests to manage contributions, so [read up on how to fork a GitHub project and file a PR](https://guides.github.com/activities/forking) if you've never done it before.
+
+If this seems like a lot or you aren't able to do all this setup, you might also be able to [edit the files directly](https://help.github.com/articles/editing-files-in-another-user-s-repository/) without having to do any of this setup. Yes, [even code](#contribute-code).
+
+If you want to go the usual route and run the project locally, though:
+
+* [Install Node.js](https://nodejs.org/en/download/)
+* [Fork the project](https://guides.github.com/activities/forking/#fork)
+
+Then in your terminal:
+* `cd path/to/your/clone`
+* `npm install`
+* `npm test`
+
+And you should be ready to go!
+
+## Contribute Documentation
+
+Documentation is a super important, critical part of this project. Docs are how we keep track of what we're doing, how, and why. It's how we stay on the same page about our policies. And it's how we tell others everything they need in order to be able to use this project -- or contribute to it. So thank you in advance.
+
+Documentation contributions of any size are welcome! Feel free to file a PR even if you're just rewording a sentence to be more clear, or fixing a spelling mistake!
+
+To contribute documentation:
+
+* [Set up the project](#project-setup).
+* Edit or add any relevant documentation.
+* Make sure your changes are formatted correctly and consistently with the rest of the documentation.
+* Re-read what you wrote, and run a spellchecker on it to make sure you didn't miss anything.
+* In your commit message(s), begin the first line with `docs: `. For example: `docs: Adding a doc contrib section to CONTRIBUTING.md`.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md). Documentation commits should use `docs(): `.
+* Go to https://github.com/npm/libnpmsearch/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Contribute Code
+
+We like code commits a lot! They're super handy, and they keep the project going and doing the work it needs to do to be useful to others.
+
+Code contributions of just about any size are acceptable!
+
+The main difference between code contributions and documentation contributions is that contributing code requires inclusion of relevant tests for the code being added or changed. Contributions without accompanying tests will be held off until a test is added, unless the maintainers consider the specific tests to be either impossible, or way too much of a burden for such a contribution.
+
+To contribute code:
+
+* [Set up the project](#project-setup).
+* Make any necessary changes to the source code.
+* Include any [additional documentation](#contribute-documentation) the changes might need.
+* Write tests that verify that your contribution works as expected.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md).
+* Dependency updates, additions, or removals must be in individual commits, and the message must use the format: `(deps): PKG@VERSION`, where `` is any of the usual `conventional-changelog` prefixes, at your discretion.
+* Go to https://github.com/npm/libnpmsearch/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* Barring special circumstances, maintainers will not review PRs until all checks pass (Travis, AppVeyor, etc).
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review. Additional tags (such as `needs-tests`) will be added depending on the review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Provide Support on Issues
+
+[Needs Collaborator](#join-the-project-team): none
+
+Helping out other users with their questions is a really awesome way of contributing to any community. It's not uncommon for most of the issues on an open source projects being support-related questions by users trying to understand something they ran into, or find their way around a known bug.
+
+Sometimes, the `support` label will be added to things that turn out to actually be other things, like bugs or feature requests. In that case, suss out the details with the person who filed the original issue, add a comment explaining what the bug is, and change the label from `support` to `bug` or `feature`. If you can't do this yourself, @mention a maintainer so they can do it.
+
+In order to help other folks out with their questions:
+
+* Go to the issue tracker and [filter open issues by the `support` label](https://github.com/npm/libnpmsearch/issues?q=is%3Aopen+is%3Aissue+label%3Asupport).
+* Read through the list until you find something that you're familiar enough with to give an answer to.
+* Respond to the issue with whatever details are needed to clarify the question, or get more details about what's going on.
+* Once the discussion wraps up and things are clarified, either close the issue, or ask the original issue filer (or a maintainer) to close it for you.
+
+Some notes on picking up support issues:
+
+* Avoid responding to issues you don't know you can answer accurately.
+* As much as possible, try to refer to past issues with accepted answers. Link to them from your replies with the `#123` format.
+* Be kind and patient with users -- often, folks who have run into confusing things might be upset or impatient. This is ok. Try to understand where they're coming from, and if you're too uncomfortable with the tone, feel free to stay away or withdraw from the issue. (note: if the user is outright hostile or is violating the CoC, [refer to the Code of Conduct](CODE_OF_CONDUCT.md) to resolve the conflict).
+
+## Label Issues
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+One of the most important tasks in handling issues is labeling them usefully and accurately. All other tasks involving issues ultimately rely on the issue being classified in such a way that relevant parties looking to do their own tasks can find them quickly and easily.
+
+In order to label issues, [open up the list of unlabeled issues](https://github.com/npm/libnpmsearch/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and, **from newest to oldest**, read through each one and apply issue labels according to the table below. If you're unsure about what label to apply, skip the issue and try the next one: don't feel obligated to label each and every issue yourself!
+
+Label | Apply When | Notes
+--- | --- | ---
+`bug` | Cases where the code (or documentation) is behaving in a way it wasn't intended to. | If something is happening that surprises the *user* but does not go against the way the code is designed, it should use the `enhancement` label.
+`critical` | Added to `bug` issues if the problem described makes the code completely unusable in a common situation. |
+`documentation` | Added to issues or pull requests that affect any of the documentation for the project. | Can be combined with other labels, such as `bug` or `enhancement`.
+`duplicate` | Added to issues or PRs that refer to the exact same issue as another one that's been previously labeled. | Duplicate issues should be marked and closed right away, with a message referencing the issue it's a duplicate of (with `#123`)
+`enhancement` | Added to [feature requests](#request-a-feature), PRs, or documentation issues that are purely additive: the code or docs currently work as expected, but a change is being requested or suggested. |
+`help wanted` | Applied by [Committers](#join-the-project-team) to issues and PRs that they would like to get outside help for. Generally, this means it's lower priority for the maintainer team to itself implement, but that the community is encouraged to pick up if they so desire | Never applied on first-pass labeling.
+`in-progress` | Applied by [Committers](#join-the-project-team) to PRs that are pending some work before they're ready for review. | The original PR submitter should @mention the team member that applied the label once the PR is complete.
+`performance` | This issue or PR is directly related to improving performance. |
+`refactor` | Added to issues or PRs that deal with cleaning up or modifying the project for the betterment of it. |
+`starter` | Applied by [Committers](#join-the-project-team) to issues that they consider good introductions to the project for people who have not contributed before. These are not necessarily "easy", but rather focused around how much context is necessary in order to understand what needs to be done for this project in particular. | Existing project members are expected to stay away from these unless they increase in priority.
+`support` | This issue is either asking a question about how to use the project, clarifying the reason for unexpected behavior, or possibly reporting a `bug` but does not have enough detail yet to determine whether it would count as such. | The label should be switched to `bug` if reliable reproduction steps are provided. Issues primarily with unintended configurations of a user's environment are not considered bugs, even if they cause crashes.
+`tests` | This issue or PR either requests or adds primarily tests to the project. | If a PR is pending tests, that will be handled through the [PR review process](#review-pull-requests)
+`wontfix` | Labelers may apply this label to issues that clearly have nothing at all to do with the project or are otherwise entirely outside of its scope/sphere of influence. [Committers](#join-the-project-team) may apply this label and close an issue or PR if they decide to pass on an otherwise relevant issue. | The issue or PR should be closed as soon as the label is applied, and a clear explanation provided of why the label was used. Contributors are free to contest the labeling, but the decision ultimately falls on committers as to whether to accept something or not.
+
+## Clean Up Issues and PRs
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+Issues and PRs can go stale after a while. Maybe they're abandoned. Maybe the team will just plain not have time to address them any time soon.
+
+In these cases, they should be closed until they're brought up again or the interaction starts over.
+
+To clean up issues and PRs:
+
+* Search the issue tracker for issues or PRs, and add the term `updated:<=YYYY-MM-DD`, where the date is 30 days before today.
+* Go through each issue *from oldest to newest*, and close them if **all of the following are true**:
+ * not opened by a maintainer
+ * not marked as `critical`
+ * not marked as `starter` or `help wanted` (these might stick around for a while, in general, as they're intended to be available)
+ * no explicit messages in the comments asking for it to be left open
+ * does not belong to a milestone
+* Leave a message when closing saying "Cleaning up stale issue. Please reopen or ping us if and when you're ready to resume this. See https://github.com/npm/libnpmsearch/blob/latest/CONTRIBUTING.md#clean-up-issues-and-prs for more details."
+
+## Review Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+While anyone can comment on a PR, add feedback, etc, PRs are only *approved* by team members with Issue Tracker or higher permissions.
+
+PR reviews use [GitHub's own review feature](https://help.github.com/articles/about-pull-request-reviews/), which manages comments, approval, and review iteration.
+
+Some notes:
+
+* You may ask for minor changes ("nitpicks"), but consider whether they are really blockers to merging: try to err on the side of "approve, with comments".
+* *ALL PULL REQUESTS* should be covered by a test: either by a previously-failing test, an existing test that covers the entire functionality of the submitted code, or new tests to verify any new/changed behavior. All tests must also pass and follow established conventions. Test coverage should not drop, unless the specific case is considered reasonable by maintainers.
+* Please make sure you're familiar with the code or documentation being updated, unless it's a minor change (spellchecking, minor formatting, etc). You may @mention another project member who you think is better suited for the review, but still provide a non-approving review of your own.
+* Be extra kind: people who submit code/doc contributions are putting themselves in a pretty vulnerable position, and have put time and care into what they've done (even if that's not obvious to you!) -- always respond with respect, be understanding, but don't feel like you need to sacrifice your standards for their sake, either. Just don't be a jerk about it?
+
+## Merge Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process.
+
+## Tag A Release
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process. The most important bit here is probably that all tests must pass, and tags must use [semver](https://semver.org).
+
+## Join the Project Team
+
+### Ways to Join
+
+There are many ways to contribute! Most of them don't require any official status unless otherwise noted. That said, there's a couple of positions that grant special repository abilities, and this section describes how they're granted and what they do.
+
+All of the below positions are granted based on the project team's needs, as well as their consensus opinion about whether they would like to work with the person and think that they would fit well into that position. The process is relatively informal, and it's likely that people who express interest in participating can just be granted the permissions they'd like.
+
+You can spot a collaborator on the repo by looking for the `[Collaborator]` or `[Owner]` tags next to their names.
+
+Permission | Description
+--- | ---
+Issue Tracker | Granted to contributors who express a strong interest in spending time on the project's issue tracker. These tasks are mainly [labeling issues](#label-issues), [cleaning up old ones](#clean-up-issues-and-prs), and [reviewing pull requests](#review-pull-requests), as well as all the usual things non-team-member contributors can do. Issue handlers should not merge pull requests, tag releases, or directly commit code themselves: that should still be done through the usual pull request process. Becoming an Issue Handler means the project team trusts you to understand enough of the team's process and context to implement it on the issue tracker.
+Committer | Granted to contributors who want to handle the actual pull request merges, tagging new versions, etc. Committers should have a good level of familiarity with the codebase, and enough context to understand the implications of various changes, as well as a good sense of the will and expectations of the project team.
+Admin/Owner | Granted to people ultimately responsible for the project, its community, etc.
+
+## Attribution
+
+This guide was generated using the WeAllJS `CONTRIBUTING.md` generator. [Make your own](https://npm.im/weallcontribute)!
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/LICENSE b/node_modules/libnpm/node_modules/libnpmsearch/LICENSE
new file mode 100644
index 0000000000000..209e4477f39c1
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/LICENSE
@@ -0,0 +1,13 @@
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/PULL_REQUEST_TEMPLATE b/node_modules/libnpm/node_modules/libnpmsearch/PULL_REQUEST_TEMPLATE
new file mode 100644
index 0000000000000..9471c6d325f7e
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/PULL_REQUEST_TEMPLATE
@@ -0,0 +1,7 @@
+
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/README.md b/node_modules/libnpm/node_modules/libnpmsearch/README.md
new file mode 100644
index 0000000000000..a83988cc2867d
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/README.md
@@ -0,0 +1,169 @@
+# libnpmsearch [](https://npm.im/libnpmsearch) [](https://npm.im/libnpmsearch) [](https://travis-ci.org/npm/libnpmsearch) [](https://ci.appveyor.com/project/zkat/libnpmsearch) [](https://coveralls.io/github/npm/libnpmsearch?branch=latest)
+
+[`libnpmsearch`](https://github.com/npm/libnpmsearch) is a Node.js library for
+programmatically accessing the npm search endpoint. It does **not** support
+legacy search through `/-/all`.
+
+## Example
+
+```js
+const search = require('libnpmsearch')
+
+console.log(await search('libnpm'))
+=>
+[
+ {
+ name: 'libnpm',
+ description: 'programmatic npm API',
+ ...etc
+ },
+ {
+ name: 'libnpmsearch',
+ description: 'Programmatic API for searching in npm and compatible registries',
+ ...etc
+ },
+ ...more
+]
+```
+
+## Install
+
+`$ npm install libnpmsearch`
+
+## Table of Contents
+
+* [Example](#example)
+* [Install](#install)
+* [API](#api)
+ * [search opts](#opts)
+ * [`search()`](#search)
+ * [`search.stream()`](#search-stream)
+
+### API
+
+#### `opts` for `libnpmsearch` commands
+
+The following opts are used directly by `libnpmsearch` itself:
+
+* `opts.limit` - Number of results to limit the query to. Default: 20
+* `opts.from` - Offset number for results. Used with `opts.limit` for pagination. Default: 0
+* `opts.detailed` - If true, returns an object with `package`, `score`, and `searchScore` fields, with `package` being what would usually be returned, and the other two containing details about how that package scored. Useful for UIs. Default: false
+* `opts.sortBy` - Used as a shorthand to set `opts.quality`, `opts.maintenance`, and `opts.popularity` with values that prioritize each one. Should be one of `'optimal'`, `'quality'`, `'maintenance'`, or `'popularity'`. Default: `'optimal'`
+* `opts.maintenance` - Decimal number between `0` and `1` that defines the weight of `maintenance` metrics when scoring and sorting packages. Default: `0.65` (same as `opts.sortBy: 'optimal'`)
+* `opts.popularity` - Decimal number between `0` and `1` that defines the weight of `popularity` metrics when scoring and sorting packages. Default: `0.98` (same as `opts.sortBy: 'optimal'`)
+* `opts.quality` - Decimal number between `0` and `1` that defines the weight of `quality` metrics when scoring and sorting packages. Default: `0.5` (same as `opts.sortBy: 'optimal'`)
+
+`libnpmsearch` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+Most options are passed through directly to that library, so please refer to
+[its own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+A couple of options of note for those in a hurry:
+
+* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.
+* `opts.Promise` - If you pass this in, the Promises returned by `libnpmsearch` commands will use this Promise class instead. For example: `{Promise: require('bluebird')}`
+
+#### `> search(query, [opts]) -> Promise`
+
+`query` must be either a String or an Array of search terms.
+
+If `opts.limit` is provided, it will be sent to the API to constrain the number
+of returned results. You may receive more, or fewer results, at the endpoint's
+discretion.
+
+The returned Promise resolved to an Array of search results with the following
+format:
+
+```js
+{
+ name: String,
+ version: SemverString,
+ description: String || null,
+ maintainers: [
+ {
+ username: String,
+ email: String
+ },
+ ...etc
+ ] || null,
+ keywords: [String] || null,
+ date: Date || null
+}
+```
+
+If `opts.limit` is provided, it will be sent to the API to constrain the number
+of returned results. You may receive more, or fewer results, at the endpoint's
+discretion.
+
+For streamed results, see [`search.stream`](#search-stream).
+
+##### Example
+
+```javascript
+await search('libnpm')
+=>
+[
+ {
+ name: 'libnpm',
+ description: 'programmatic npm API',
+ ...etc
+ },
+ {
+ name: 'libnpmsearch',
+ description: 'Programmatic API for searching in npm and compatible registries',
+ ...etc
+ },
+ ...more
+]
+```
+
+#### `> search.stream(query, [opts]) -> Stream`
+
+`query` must be either a String or an Array of search terms.
+
+If `opts.limit` is provided, it will be sent to the API to constrain the number
+of returned results. You may receive more, or fewer results, at the endpoint's
+discretion.
+
+The returned Stream emits one entry per search result, with each entry having
+the following format:
+
+```js
+{
+ name: String,
+ version: SemverString,
+ description: String || null,
+ maintainers: [
+ {
+ username: String,
+ email: String
+ },
+ ...etc
+ ] || null,
+ keywords: [String] || null,
+ date: Date || null
+}
+```
+
+For getting results in one chunk, see [`search`](#search-stream).
+
+##### Example
+
+```javascript
+search.stream('libnpm').on('data', console.log)
+=>
+// entry 1
+{
+ name: 'libnpm',
+ description: 'programmatic npm API',
+ ...etc
+}
+// entry 2
+{
+ name: 'libnpmsearch',
+ description: 'Programmatic API for searching in npm and compatible registries',
+ ...etc
+}
+// etc
+```
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/appveyor.yml b/node_modules/libnpm/node_modules/libnpmsearch/appveyor.yml
new file mode 100644
index 0000000000000..9cc64c58e02f9
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/appveyor.yml
@@ -0,0 +1,22 @@
+environment:
+ matrix:
+ - nodejs_version: "10"
+ - nodejs_version: "9"
+ - nodejs_version: "8"
+ - nodejs_version: "6"
+
+platform:
+ - x64
+
+install:
+ - ps: Install-Product node $env:nodejs_version $env:platform
+ - npm config set spin false
+ - npm install
+
+test_script:
+ - npm test
+
+matrix:
+ fast_finish: true
+
+build: off
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/index.js b/node_modules/libnpm/node_modules/libnpmsearch/index.js
new file mode 100644
index 0000000000000..995549aeee03d
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/index.js
@@ -0,0 +1,80 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const npmFetch = require('npm-registry-fetch')
+
+const SearchOpts = figgyPudding({
+ detailed: { default: false },
+ limit: { default: 20 },
+ from: { default: 0 },
+ quality: { default: 0.65 },
+ popularity: { default: 0.98 },
+ maintenance: { default: 0.5 },
+ sortBy: {}
+})
+
+module.exports = search
+function search (query, opts) {
+ return getStream.array(search.stream(query, opts))
+}
+search.stream = searchStream
+function searchStream (query, opts) {
+ opts = SearchOpts(opts)
+ switch (opts.sortBy) {
+ case 'optimal': {
+ opts = opts.concat({
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ break
+ }
+ case 'quality': {
+ opts = opts.concat({
+ quality: 1,
+ popularity: 0,
+ maintenance: 0
+ })
+ break
+ }
+ case 'popularity': {
+ opts = opts.concat({
+ quality: 0,
+ popularity: 1,
+ maintenance: 0
+ })
+ break
+ }
+ case 'maintenance': {
+ opts = opts.concat({
+ quality: 0,
+ popularity: 0,
+ maintenance: 1
+ })
+ break
+ }
+ }
+ return npmFetch.json.stream('/-/v1/search', 'objects.*',
+ opts.concat({
+ query: {
+ text: Array.isArray(query) ? query.join(' ') : query,
+ size: opts.limit,
+ from: opts.from,
+ quality: opts.quality,
+ popularity: opts.popularity,
+ maintenance: opts.maintenance
+ },
+ mapJson (obj) {
+ if (obj.package.date) {
+ obj.package.date = new Date(obj.package.date)
+ }
+ if (opts.detailed) {
+ return obj
+ } else {
+ return obj.package
+ }
+ }
+ })
+ )
+}
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/package.json b/node_modules/libnpm/node_modules/libnpmsearch/package.json
new file mode 100644
index 0000000000000..9572fbfa2d733
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/package.json
@@ -0,0 +1,71 @@
+{
+ "_from": "libnpmsearch@^2.0.2",
+ "_id": "libnpmsearch@2.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-VTBbV55Q6fRzTdzziYCr64+f8AopQ1YZ+BdPOv16UegIEaE8C0Kch01wo4s3kRTFV64P121WZJwgmBwrq68zYg==",
+ "_location": "/libnpm/libnpmsearch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "libnpmsearch@^2.0.2",
+ "name": "libnpmsearch",
+ "escapedName": "libnpmsearch",
+ "rawSpec": "^2.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^2.0.2"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/libnpmsearch/-/libnpmsearch-2.0.2.tgz",
+ "_shasum": "9a4f059102d38e3dd44085bdbfe5095f2a5044cf",
+ "_spec": "libnpmsearch@^2.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/libnpmsearch/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "figgy-pudding": "^3.5.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "Programmatic API for searching in npm and compatible registries.",
+ "devDependencies": {
+ "nock": "^9.6.1",
+ "standard": "^12.0.0",
+ "standard-version": "*",
+ "tap": "^12.0.1",
+ "weallbehave": "*",
+ "weallcontribute": "*"
+ },
+ "homepage": "https://npmjs.com/package/libnpmsearch",
+ "keywords": [
+ "npm",
+ "search",
+ "api",
+ "libnpm"
+ ],
+ "license": "ISC",
+ "name": "libnpmsearch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/libnpmsearch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --100 test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "2.0.2"
+}
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/test/index.js b/node_modules/libnpm/node_modules/libnpmsearch/test/index.js
new file mode 100644
index 0000000000000..bec5c70e46424
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/test/index.js
@@ -0,0 +1,300 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const qs = require('querystring')
+const test = require('tap').test
+const tnock = require('./util/tnock.js')
+
+const OPTS = figgyPudding({ registry: {} })({
+ registry: 'https://mock.reg/'
+})
+
+const REG = OPTS.registry
+const search = require('../index.js')
+
+test('basic test', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'foo', version: '2.0.0' } }
+ ]
+ })
+ return search('oo', OPTS).then(results => {
+ t.similar(results, [{
+ name: 'cool',
+ version: '1.0.0'
+ }, {
+ name: 'foo',
+ version: '2.0.0'
+ }], 'got back an array of search results')
+ })
+})
+
+test('search.stream', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0', date: new Date().toISOString() } },
+ { package: { name: 'foo', version: '2.0.0' } }
+ ]
+ })
+ return getStream.array(
+ search.stream('oo', OPTS)
+ ).then(results => {
+ t.similar(results, [{
+ name: 'cool',
+ version: '1.0.0'
+ }, {
+ name: 'foo',
+ version: '2.0.0'
+ }], 'has a stream-based API function with identical results')
+ })
+})
+
+test('accepts a limit option', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 3,
+ from: 0,
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({ limit: 3 })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('accepts a from option', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 1,
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.1.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({ from: 1 })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('accepts quality/mainenance/popularity options', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 1,
+ popularity: 2,
+ maintenance: 3
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({
+ quality: 1,
+ popularity: 2,
+ maintenance: 3
+ })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('sortBy: quality', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 1,
+ popularity: 0,
+ maintenance: 0
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({
+ sortBy: 'quality'
+ })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('sortBy: popularity', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0,
+ popularity: 1,
+ maintenance: 0
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({
+ sortBy: 'popularity'
+ })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('sortBy: maintenance', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0,
+ popularity: 0,
+ maintenance: 1
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({
+ sortBy: 'maintenance'
+ })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('sortBy: optimal', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0.65,
+ popularity: 0.98,
+ maintenance: 0.5
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: [
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } },
+ { package: { name: 'cool', version: '1.0.0' } }
+ ]
+ })
+ return search('oo', OPTS.concat({
+ sortBy: 'optimal'
+ })).then(results => {
+ t.equal(results.length, 4, 'returns more results if endpoint does so')
+ })
+})
+
+test('detailed format', t => {
+ const query = qs.stringify({
+ text: 'oo',
+ size: 20,
+ from: 0,
+ quality: 0,
+ popularity: 0,
+ maintenance: 1
+ })
+ const results = [
+ {
+ package: { name: 'cool', version: '1.0.0' },
+ score: {
+ final: 0.9237841281241451,
+ detail: {
+ quality: 0.9270640902288084,
+ popularity: 0.8484861649808381,
+ maintenance: 0.9962706951777409
+ }
+ },
+ searchScore: 100000.914
+ },
+ {
+ package: { name: 'ok', version: '2.0.0' },
+ score: {
+ final: 0.9237841281451,
+ detail: {
+ quality: 0.9270602288084,
+ popularity: 0.8461649808381,
+ maintenance: 0.9706951777409
+ }
+ },
+ searchScore: 1000.91
+ }
+ ]
+ tnock(t, REG).get(`/-/v1/search?${query}`).once().reply(200, {
+ objects: results
+ })
+ return search('oo', OPTS.concat({
+ sortBy: 'maintenance',
+ detailed: true
+ })).then(res => {
+ t.deepEqual(res, results, 'return full-format results with opts.detailed')
+ })
+})
+
+test('space-separates and URI-encodes multiple search params', t => {
+ const query = qs.stringify({
+ text: 'foo bar:baz quux?=',
+ size: 1,
+ from: 0,
+ quality: 1,
+ popularity: 2,
+ maintenance: 3
+ })
+ tnock(t, REG).get(`/-/v1/search?${query}`).reply(200, { objects: [] })
+ return search(['foo', 'bar:baz', 'quux?='], OPTS.concat({
+ limit: 1,
+ quality: 1,
+ popularity: 2,
+ maintenance: 3
+ })).then(
+ () => t.ok(true, 'sent parameters correctly urlencoded')
+ )
+})
diff --git a/node_modules/libnpm/node_modules/libnpmsearch/test/util/tnock.js b/node_modules/libnpm/node_modules/libnpmsearch/test/util/tnock.js
new file mode 100644
index 0000000000000..00b6e160e1019
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmsearch/test/util/tnock.js
@@ -0,0 +1,12 @@
+'use strict'
+
+const nock = require('nock')
+
+module.exports = tnock
+function tnock (t, host) {
+ const server = nock(host)
+ t.tearDown(function () {
+ server.done()
+ })
+ return server
+}
diff --git a/node_modules/libnpm/node_modules/libnpmteam/.travis.yml b/node_modules/libnpm/node_modules/libnpmteam/.travis.yml
new file mode 100644
index 0000000000000..db5ea8b018640
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/.travis.yml
@@ -0,0 +1,7 @@
+language: node_js
+sudo: false
+node_js:
+ - "10"
+ - "9"
+ - "8"
+ - "6"
diff --git a/node_modules/libnpm/node_modules/libnpmteam/CHANGELOG.md b/node_modules/libnpm/node_modules/libnpmteam/CHANGELOG.md
new file mode 100644
index 0000000000000..c5a8630a91164
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/CHANGELOG.md
@@ -0,0 +1,28 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [1.0.2](https://github.com/npm/libnpmteam/compare/v1.0.1...v1.0.2) (2019-07-16)
+
+
+### Bug Fixes
+
+* **standard:** standard --fix ([3dc9144](https://github.com/npm/libnpmteam/commit/3dc9144))
+
+
+
+
+## [1.0.1](https://github.com/npm/libnpmteam/compare/v1.0.0...v1.0.1) (2018-08-24)
+
+
+
+
+# 1.0.0 (2018-08-22)
+
+
+### Features
+
+* **api:** implement team api ([50dd0e1](https://github.com/npm/libnpmteam/commit/50dd0e1))
+* **docs:** add fully-documented readme ([b1370f3](https://github.com/npm/libnpmteam/commit/b1370f3))
+* **test:** test --100 ftw ([9d3bdc3](https://github.com/npm/libnpmteam/commit/9d3bdc3))
diff --git a/node_modules/libnpm/node_modules/libnpmteam/CODE_OF_CONDUCT.md b/node_modules/libnpm/node_modules/libnpmteam/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000000..aeb72f598dcb4
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/CODE_OF_CONDUCT.md
@@ -0,0 +1,151 @@
+# Code of Conduct
+
+## When Something Happens
+
+If you see a Code of Conduct violation, follow these steps:
+
+1. Let the person know that what they did is not appropriate and ask them to stop and/or edit their message(s) or commits.
+2. That person should immediately stop the behavior and correct the issue.
+3. If this doesn’t happen, or if you're uncomfortable speaking up, [contact the maintainers](#contacting-maintainers).
+4. As soon as available, a maintainer will look into the issue, and take [further action (see below)](#further-enforcement), starting with a warning, then temporary block, then long-term repo or organization ban.
+
+When reporting, please include any relevant details, links, screenshots, context, or other information that may be used to better understand and resolve the situation.
+
+**The maintainer team will prioritize the well-being and comfort of the recipients of the violation over the comfort of the violator.** See [some examples below](#enforcement-examples).
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers of this project pledge to making participation in our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, technical preferences, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+ * Using welcoming and inclusive language.
+ * Being respectful of differing viewpoints and experiences.
+ * Gracefully accepting constructive feedback.
+ * Focusing on what is best for the community.
+ * Showing empathy and kindness towards other community members.
+ * Encouraging and raising up your peers in the project so you can all bask in hacks and glory.
+
+Examples of unacceptable behavior by participants include:
+
+ * The use of sexualized language or imagery and unwelcome sexual attention or advances, including when simulated online. The only exception to sexual topics is channels/spaces specifically for topics of sexual identity.
+ * Casual mention of slavery or indentured servitude and/or false comparisons of one's occupation or situation to slavery. Please consider using or asking about alternate terminology when referring to such metaphors in technology.
+ * Making light of/making mocking comments about trigger warnings and content warnings.
+ * Trolling, insulting/derogatory comments, and personal or political attacks.
+ * Public or private harassment, deliberate intimidation, or threats.
+ * Publishing others' private information, such as a physical or electronic address, without explicit permission. This includes any sort of "outing" of any aspect of someone's identity without their consent.
+ * Publishing private screenshots or quotes of interactions in the context of this project without all quoted users' *explicit* consent.
+ * Publishing of private communication that doesn't have to do with reporting harrassment.
+ * Any of the above even when [presented as "ironic" or "joking"](https://en.wikipedia.org/wiki/Hipster_racism).
+ * Any attempt to present "reverse-ism" versions of the above as violations. Examples of reverse-isms are "reverse racism", "reverse sexism", "heterophobia", and "cisphobia".
+ * Unsolicited explanations under the assumption that someone doesn't already know it. Ask before you teach! Don't assume what people's knowledge gaps are.
+ * [Feigning or exaggerating surprise](https://www.recurse.com/manual#no-feigned-surprise) when someone admits to not knowing something.
+ * "[Well-actuallies](https://www.recurse.com/manual#no-well-actuallys)"
+ * Other conduct which could reasonably be considered inappropriate in a professional or community setting.
+
+## Scope
+
+This Code of Conduct applies both within spaces involving this project and in other spaces involving community members. This includes the repository, its Pull Requests and Issue tracker, its Twitter community, private email communications in the context of the project, and any events where members of the project are participating, as well as adjacent communities and venues affecting the project's members.
+
+Depending on the violation, the maintainers may decide that violations of this code of conduct that have happened outside of the scope of the community may deem an individual unwelcome, and take appropriate action to maintain the comfort and safety of its members.
+
+### Other Community Standards
+
+As a project on GitHub, this project is additionally covered by the [GitHub Community Guidelines](https://help.github.com/articles/github-community-guidelines/).
+
+Additionally, as a project hosted on npm, is is covered by [npm, Inc's Code of Conduct](https://www.npmjs.com/policies/conduct).
+
+Enforcement of those guidelines after violations overlapping with the above are the responsibility of the entities, and enforcement may happen in any or all of the services/communities.
+
+## Maintainer Enforcement Process
+
+Once the maintainers get involved, they will follow a documented series of steps and do their best to preserve the well-being of project members. This section covers actual concrete steps.
+
+### Contacting Maintainers
+
+You may get in touch with the maintainer team through any of the following methods:
+
+ * Through email:
+ * [kzm@zkat.tech](mailto:kzm@zkat.tech) (Kat Marchán)
+
+ * Through Twitter:
+ * [@maybekatz](https://twitter.com/maybekatz) (Kat Marchán)
+
+### Further Enforcement
+
+If you've already followed the [initial enforcement steps](#enforcement), these are the steps maintainers will take for further enforcement, as needed:
+
+ 1. Repeat the request to stop.
+ 2. If the person doubles down, they will have offending messages removed or edited by a maintainers given an official warning. The PR or Issue may be locked.
+ 3. If the behavior continues or is repeated later, the person will be blocked from participating for 24 hours.
+ 4. If the behavior continues or is repeated after the temporary block, a long-term (6-12mo) ban will be used.
+
+On top of this, maintainers may remove any offending messages, images, contributions, etc, as they deem necessary.
+
+Maintainers reserve full rights to skip any of these steps, at their discretion, if the violation is considered to be a serious and/or immediate threat to the health and well-being of members of the community. These include any threats, serious physical or verbal attacks, and other such behavior that would be completely unacceptable in any social setting that puts our members at risk.
+
+Members expelled from events or venues with any sort of paid attendance will not be refunded.
+
+### Who Watches the Watchers?
+
+Maintainers and other leaders who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. These may include anything from removal from the maintainer team to a permanent ban from the community.
+
+Additionally, as a project hosted on both GitHub and npm, [their own Codes of Conducts may be applied against maintainers of this project](#other-community-standards), externally of this project's procedures.
+
+### Enforcement Examples
+
+#### The Best Case
+
+The vast majority of situations work out like this. This interaction is common, and generally positive.
+
+> Alex: "Yeah I used X and it was really crazy!"
+
+> Patt (not a maintainer): "Hey, could you not use that word? What about 'ridiculous' instead?"
+
+> Alex: "oh sorry, sure." -> edits old comment to say "it was really confusing!"
+
+#### The Maintainer Case
+
+Sometimes, though, you need to get maintainers involved. Maintainers will do their best to resolve conflicts, but people who were harmed by something **will take priority**.
+
+> Patt: "Honestly, sometimes I just really hate using $library and anyone who uses it probably sucks at their job."
+
+> Alex: "Whoa there, could you dial it back a bit? There's a CoC thing about attacking folks' tech use like that."
+
+> Patt: "I'm not attacking anyone, what's your problem?"
+
+> Alex: "@maintainers hey uh. Can someone look at this issue? Patt is getting a bit aggro. I tried to nudge them about it, but nope."
+
+> KeeperOfCommitBits: (on issue) "Hey Patt, maintainer here. Could you tone it down? This sort of attack is really not okay in this space."
+
+> Patt: "Leave me alone I haven't said anything bad wtf is wrong with you."
+
+> KeeperOfCommitBits: (deletes user's comment), "@patt I mean it. Please refer to the CoC over at (URL to this CoC) if you have questions, but you can consider this an actual warning. I'd appreciate it if you reworded your messages in this thread, since they made folks there uncomfortable. Let's try and be kind, yeah?"
+
+> Patt: "@keeperofbits Okay sorry. I'm just frustrated and I'm kinda burnt out and I guess I got carried away. I'll DM Alex a note apologizing and edit my messages. Sorry for the trouble."
+
+> KeeperOfCommitBits: "@patt Thanks for that. I hear you on the stress. Burnout sucks :/. Have a good one!"
+
+#### The Nope Case
+
+> PepeTheFrog🐸: "Hi, I am a literal actual nazi and I think white supremacists are quite fashionable."
+
+> Patt: "NOOOOPE. OH NOPE NOPE."
+
+> Alex: "JFC NO. NOPE. @keeperofbits NOPE NOPE LOOK HERE"
+
+> KeeperOfCommitBits: "👀 Nope. NOPE NOPE NOPE. 🔥"
+
+> PepeTheFrog🐸 has been banned from all organization or user repositories belonging to KeeperOfCommitBits.
+
+## Attribution
+
+This Code of Conduct was generated using [WeAllJS Code of Conduct Generator](https://npm.im/weallbehave), which is based on the [WeAllJS Code of
+Conduct](https://wealljs.org/code-of-conduct), which is itself based on
+[Contributor Covenant](http://contributor-covenant.org), version 1.4, available
+at
+[http://contributor-covenant.org/version/1/4](http://contributor-covenant.org/version/1/4),
+and the LGBTQ in Technology Slack [Code of
+Conduct](http://lgbtq.technology/coc.html).
diff --git a/node_modules/libnpm/node_modules/libnpmteam/CONTRIBUTING.md b/node_modules/libnpm/node_modules/libnpmteam/CONTRIBUTING.md
new file mode 100644
index 0000000000000..3fd40076caae8
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/CONTRIBUTING.md
@@ -0,0 +1,256 @@
+# Contributing
+
+## How do I...
+
+* [Use This Guide](#introduction)?
+* Ask or Say Something? 🤔🐛😱
+ * [Request Support](#request-support)
+ * [Report an Error or Bug](#report-an-error-or-bug)
+ * [Request a Feature](#request-a-feature)
+* Make Something? 🤓👩🏽💻📜🍳
+ * [Project Setup](#project-setup)
+ * [Contribute Documentation](#contribute-documentation)
+ * [Contribute Code](#contribute-code)
+* Manage Something ✅🙆🏼💃👔
+ * [Provide Support on Issues](#provide-support-on-issues)
+ * [Label Issues](#label-issues)
+ * [Clean Up Issues and PRs](#clean-up-issues-and-prs)
+ * [Review Pull Requests](#review-pull-requests)
+ * [Merge Pull Requests](#merge-pull-requests)
+ * [Tag a Release](#tag-a-release)
+ * [Join the Project Team](#join-the-project-team)
+* Add a Guide Like This One [To My Project](#attribution)? 🤖😻👻
+
+## Introduction
+
+Thank you so much for your interest in contributing!. All types of contributions are encouraged and valued. See the [table of contents](#toc) for different ways to help and details about how this project handles them!📝
+
+Please make sure to read the relevant section before making your contribution! It will make it a lot easier for us maintainers to make the most of it and smooth out the experience for all involved. 💚
+
+The [Project Team](#join-the-project-team) looks forward to your contributions. 🙌🏾✨
+
+## Request Support
+
+If you have a question about this project, how to use it, or just need clarification about something:
+
+* Open an Issue at https://github.com/npm/libnpmteam/issues
+* Provide as much context as you can about what you're running into.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* Someone will try to have a response soon.
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+
+## Report an Error or Bug
+
+If you run into an error or bug with the project:
+
+* Open an Issue at https://github.com/npm/libnpmteam/issues
+* Include *reproduction steps* that someone else can follow to recreate the bug or error on their own.
+* Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. If not, please be ready to provide that information if maintainers ask for it.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* A team member will try to reproduce the issue with your provided steps. If there are no repro steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+* If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#contribute-code).
+* If you or the maintainers don't respond to an issue for 30 days, the [issue will be closed](#clean-up-issues-and-prs). If you want to come back to it, reply (once, please), and we'll reopen the existing issue. Please avoid filing new issues as extensions of one you already made.
+* `critical` issues may be left open, depending on perceived immediacy and severity, even past the 30 day deadline.
+
+## Request a Feature
+
+If the project doesn't do something you need or want it to do:
+
+* Open an Issue at https://github.com/npm/libnpmteam/issues
+* Provide as much context as you can about what you're running into.
+* Please try and be clear about why existing features and alternatives would not work for you.
+
+Once it's filed:
+
+* The project team will [label the issue](#label-issues).
+* The project team will evaluate the feature request, possibly asking you more questions to understand its purpose and any relevant requirements. If the issue is closed, the team will convey their reasoning and suggest an alternative path forward.
+* If the feature request is accepted, it will be marked for implementation with `feature-accepted`, which can then be done by either by a core team member or by anyone in the community who wants to [contribute code](#contribute-code).
+
+Note: The team is unlikely to be able to accept every single feature request that is filed. Please understand if they need to say no.
+
+## Project Setup
+
+So you wanna contribute some code! That's great! This project uses GitHub Pull Requests to manage contributions, so [read up on how to fork a GitHub project and file a PR](https://guides.github.com/activities/forking) if you've never done it before.
+
+If this seems like a lot or you aren't able to do all this setup, you might also be able to [edit the files directly](https://help.github.com/articles/editing-files-in-another-user-s-repository/) without having to do any of this setup. Yes, [even code](#contribute-code).
+
+If you want to go the usual route and run the project locally, though:
+
+* [Install Node.js](https://nodejs.org/en/download/)
+* [Fork the project](https://guides.github.com/activities/forking/#fork)
+
+Then in your terminal:
+* `cd path/to/your/clone`
+* `npm install`
+* `npm test`
+
+And you should be ready to go!
+
+## Contribute Documentation
+
+Documentation is a super important, critical part of this project. Docs are how we keep track of what we're doing, how, and why. It's how we stay on the same page about our policies. And it's how we tell others everything they need in order to be able to use this project -- or contribute to it. So thank you in advance.
+
+Documentation contributions of any size are welcome! Feel free to file a PR even if you're just rewording a sentence to be more clear, or fixing a spelling mistake!
+
+To contribute documentation:
+
+* [Set up the project](#project-setup).
+* Edit or add any relevant documentation.
+* Make sure your changes are formatted correctly and consistently with the rest of the documentation.
+* Re-read what you wrote, and run a spellchecker on it to make sure you didn't miss anything.
+* In your commit message(s), begin the first line with `docs: `. For example: `docs: Adding a doc contrib section to CONTRIBUTING.md`.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md). Documentation commits should use `docs(): `.
+* Go to https://github.com/npm/libnpmteam/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Contribute Code
+
+We like code commits a lot! They're super handy, and they keep the project going and doing the work it needs to do to be useful to others.
+
+Code contributions of just about any size are acceptable!
+
+The main difference between code contributions and documentation contributions is that contributing code requires inclusion of relevant tests for the code being added or changed. Contributions without accompanying tests will be held off until a test is added, unless the maintainers consider the specific tests to be either impossible, or way too much of a burden for such a contribution.
+
+To contribute code:
+
+* [Set up the project](#project-setup).
+* Make any necessary changes to the source code.
+* Include any [additional documentation](#contribute-documentation) the changes might need.
+* Write tests that verify that your contribution works as expected.
+* Write clear, concise commit message(s) using [conventional-changelog format](https://github.com/conventional-changelog/conventional-changelog-angular/blob/master/convention.md).
+* Dependency updates, additions, or removals must be in individual commits, and the message must use the format: `(deps): PKG@VERSION`, where `` is any of the usual `conventional-changelog` prefixes, at your discretion.
+* Go to https://github.com/npm/libnpmteam/pulls and open a new pull request with your changes.
+* If your PR is connected to an open issue, add a line in your PR's description that says `Fixes: #123`, where `#123` is the number of the issue you're fixing.
+
+Once you've filed the PR:
+
+* Barring special circumstances, maintainers will not review PRs until all checks pass (Travis, AppVeyor, etc).
+* One or more maintainers will use GitHub's review feature to review your PR.
+* If the maintainer asks for any changes, edit your changes, push, and ask for another review. Additional tags (such as `needs-tests`) will be added depending on the review.
+* If the maintainer decides to pass on your PR, they will thank you for the contribution and explain why they won't be accepting the changes. That's ok! We still really appreciate you taking the time to do it, and we don't take that lightly. 💚
+* If your PR gets accepted, it will be marked as such, and merged into the `latest` branch soon after. Your contribution will be distributed to the masses next time the maintainers [tag a release](#tag-a-release)
+
+## Provide Support on Issues
+
+[Needs Collaborator](#join-the-project-team): none
+
+Helping out other users with their questions is a really awesome way of contributing to any community. It's not uncommon for most of the issues on an open source projects being support-related questions by users trying to understand something they ran into, or find their way around a known bug.
+
+Sometimes, the `support` label will be added to things that turn out to actually be other things, like bugs or feature requests. In that case, suss out the details with the person who filed the original issue, add a comment explaining what the bug is, and change the label from `support` to `bug` or `feature`. If you can't do this yourself, @mention a maintainer so they can do it.
+
+In order to help other folks out with their questions:
+
+* Go to the issue tracker and [filter open issues by the `support` label](https://github.com/npm/libnpmteam/issues?q=is%3Aopen+is%3Aissue+label%3Asupport).
+* Read through the list until you find something that you're familiar enough with to give an answer to.
+* Respond to the issue with whatever details are needed to clarify the question, or get more details about what's going on.
+* Once the discussion wraps up and things are clarified, either close the issue, or ask the original issue filer (or a maintainer) to close it for you.
+
+Some notes on picking up support issues:
+
+* Avoid responding to issues you don't know you can answer accurately.
+* As much as possible, try to refer to past issues with accepted answers. Link to them from your replies with the `#123` format.
+* Be kind and patient with users -- often, folks who have run into confusing things might be upset or impatient. This is ok. Try to understand where they're coming from, and if you're too uncomfortable with the tone, feel free to stay away or withdraw from the issue. (note: if the user is outright hostile or is violating the CoC, [refer to the Code of Conduct](CODE_OF_CONDUCT.md) to resolve the conflict).
+
+## Label Issues
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+One of the most important tasks in handling issues is labeling them usefully and accurately. All other tasks involving issues ultimately rely on the issue being classified in such a way that relevant parties looking to do their own tasks can find them quickly and easily.
+
+In order to label issues, [open up the list of unlabeled issues](https://github.com/npm/libnpmteam/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and, **from newest to oldest**, read through each one and apply issue labels according to the table below. If you're unsure about what label to apply, skip the issue and try the next one: don't feel obligated to label each and every issue yourself!
+
+Label | Apply When | Notes
+--- | --- | ---
+`bug` | Cases where the code (or documentation) is behaving in a way it wasn't intended to. | If something is happening that surprises the *user* but does not go against the way the code is designed, it should use the `enhancement` label.
+`critical` | Added to `bug` issues if the problem described makes the code completely unusable in a common situation. |
+`documentation` | Added to issues or pull requests that affect any of the documentation for the project. | Can be combined with other labels, such as `bug` or `enhancement`.
+`duplicate` | Added to issues or PRs that refer to the exact same issue as another one that's been previously labeled. | Duplicate issues should be marked and closed right away, with a message referencing the issue it's a duplicate of (with `#123`)
+`enhancement` | Added to [feature requests](#request-a-feature), PRs, or documentation issues that are purely additive: the code or docs currently work as expected, but a change is being requested or suggested. |
+`help wanted` | Applied by [Committers](#join-the-project-team) to issues and PRs that they would like to get outside help for. Generally, this means it's lower priority for the maintainer team to itself implement, but that the community is encouraged to pick up if they so desire | Never applied on first-pass labeling.
+`in-progress` | Applied by [Committers](#join-the-project-team) to PRs that are pending some work before they're ready for review. | The original PR submitter should @mention the team member that applied the label once the PR is complete.
+`performance` | This issue or PR is directly related to improving performance. |
+`refactor` | Added to issues or PRs that deal with cleaning up or modifying the project for the betterment of it. |
+`starter` | Applied by [Committers](#join-the-project-team) to issues that they consider good introductions to the project for people who have not contributed before. These are not necessarily "easy", but rather focused around how much context is necessary in order to understand what needs to be done for this project in particular. | Existing project members are expected to stay away from these unless they increase in priority.
+`support` | This issue is either asking a question about how to use the project, clarifying the reason for unexpected behavior, or possibly reporting a `bug` but does not have enough detail yet to determine whether it would count as such. | The label should be switched to `bug` if reliable reproduction steps are provided. Issues primarily with unintended configurations of a user's environment are not considered bugs, even if they cause crashes.
+`tests` | This issue or PR either requests or adds primarily tests to the project. | If a PR is pending tests, that will be handled through the [PR review process](#review-pull-requests)
+`wontfix` | Labelers may apply this label to issues that clearly have nothing at all to do with the project or are otherwise entirely outside of its scope/sphere of influence. [Committers](#join-the-project-team) may apply this label and close an issue or PR if they decide to pass on an otherwise relevant issue. | The issue or PR should be closed as soon as the label is applied, and a clear explanation provided of why the label was used. Contributors are free to contest the labeling, but the decision ultimately falls on committers as to whether to accept something or not.
+
+## Clean Up Issues and PRs
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+Issues and PRs can go stale after a while. Maybe they're abandoned. Maybe the team will just plain not have time to address them any time soon.
+
+In these cases, they should be closed until they're brought up again or the interaction starts over.
+
+To clean up issues and PRs:
+
+* Search the issue tracker for issues or PRs, and add the term `updated:<=YYYY-MM-DD`, where the date is 30 days before today.
+* Go through each issue *from oldest to newest*, and close them if **all of the following are true**:
+ * not opened by a maintainer
+ * not marked as `critical`
+ * not marked as `starter` or `help wanted` (these might stick around for a while, in general, as they're intended to be available)
+ * no explicit messages in the comments asking for it to be left open
+ * does not belong to a milestone
+* Leave a message when closing saying "Cleaning up stale issue. Please reopen or ping us if and when you're ready to resume this. See https://github.com/npm/libnpmteam/blob/latest/CONTRIBUTING.md#clean-up-issues-and-prs for more details."
+
+## Review Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Issue Tracker
+
+While anyone can comment on a PR, add feedback, etc, PRs are only *approved* by team members with Issue Tracker or higher permissions.
+
+PR reviews use [GitHub's own review feature](https://help.github.com/articles/about-pull-request-reviews/), which manages comments, approval, and review iteration.
+
+Some notes:
+
+* You may ask for minor changes ("nitpicks"), but consider whether they are really blockers to merging: try to err on the side of "approve, with comments".
+* *ALL PULL REQUESTS* should be covered by a test: either by a previously-failing test, an existing test that covers the entire functionality of the submitted code, or new tests to verify any new/changed behavior. All tests must also pass and follow established conventions. Test coverage should not drop, unless the specific case is considered reasonable by maintainers.
+* Please make sure you're familiar with the code or documentation being updated, unless it's a minor change (spellchecking, minor formatting, etc). You may @mention another project member who you think is better suited for the review, but still provide a non-approving review of your own.
+* Be extra kind: people who submit code/doc contributions are putting themselves in a pretty vulnerable position, and have put time and care into what they've done (even if that's not obvious to you!) -- always respond with respect, be understanding, but don't feel like you need to sacrifice your standards for their sake, either. Just don't be a jerk about it?
+
+## Merge Pull Requests
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process.
+
+## Tag A Release
+
+[Needs Collaborator](#join-the-project-team): Committer
+
+TBD - need to hash out a bit more of this process. The most important bit here is probably that all tests must pass, and tags must use [semver](https://semver.org).
+
+## Join the Project Team
+
+### Ways to Join
+
+There are many ways to contribute! Most of them don't require any official status unless otherwise noted. That said, there's a couple of positions that grant special repository abilities, and this section describes how they're granted and what they do.
+
+All of the below positions are granted based on the project team's needs, as well as their consensus opinion about whether they would like to work with the person and think that they would fit well into that position. The process is relatively informal, and it's likely that people who express interest in participating can just be granted the permissions they'd like.
+
+You can spot a collaborator on the repo by looking for the `[Collaborator]` or `[Owner]` tags next to their names.
+
+Permission | Description
+--- | ---
+Issue Tracker | Granted to contributors who express a strong interest in spending time on the project's issue tracker. These tasks are mainly [labeling issues](#label-issues), [cleaning up old ones](#clean-up-issues-and-prs), and [reviewing pull requests](#review-pull-requests), as well as all the usual things non-team-member contributors can do. Issue handlers should not merge pull requests, tag releases, or directly commit code themselves: that should still be done through the usual pull request process. Becoming an Issue Handler means the project team trusts you to understand enough of the team's process and context to implement it on the issue tracker.
+Committer | Granted to contributors who want to handle the actual pull request merges, tagging new versions, etc. Committers should have a good level of familiarity with the codebase, and enough context to understand the implications of various changes, as well as a good sense of the will and expectations of the project team.
+Admin/Owner | Granted to people ultimately responsible for the project, its community, etc.
+
+## Attribution
+
+This guide was generated using the WeAllJS `CONTRIBUTING.md` generator. [Make your own](https://npm.im/weallcontribute)!
diff --git a/node_modules/libnpm/node_modules/libnpmteam/LICENSE b/node_modules/libnpm/node_modules/libnpmteam/LICENSE
new file mode 100644
index 0000000000000..209e4477f39c1
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/LICENSE
@@ -0,0 +1,13 @@
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/libnpmteam/PULL_REQUEST_TEMPLATE b/node_modules/libnpm/node_modules/libnpmteam/PULL_REQUEST_TEMPLATE
new file mode 100644
index 0000000000000..9471c6d325f7e
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/PULL_REQUEST_TEMPLATE
@@ -0,0 +1,7 @@
+
diff --git a/node_modules/libnpm/node_modules/libnpmteam/README.md b/node_modules/libnpm/node_modules/libnpmteam/README.md
new file mode 100644
index 0000000000000..e0e771c7fac86
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/README.md
@@ -0,0 +1,185 @@
+# libnpmteam [](https://npm.im/libnpmteam) [](https://npm.im/libnpmteam) [](https://travis-ci.org/npm/libnpmteam) [](https://ci.appveyor.com/project/zkat/libnpmteam) [](https://coveralls.io/github/npm/libnpmteam?branch=latest)
+
+[`libnpmteam`](https://github.com/npm/libnpmteam) is a Node.js
+library that provides programmatic access to the guts of the npm CLI's `npm
+team` command and its various subcommands.
+
+## Example
+
+```javascript
+const access = require('libnpmteam')
+
+// List all teams for the @npm org.
+console.log(await team.lsTeams('npm'))
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [team opts](#opts)
+ * [`create()`](#create)
+ * [`destroy()`](#destroy)
+ * [`add()`](#add)
+ * [`rm()`](#rm)
+ * [`lsTeams()`](#ls-teams)
+ * [`lsTeams.stream()`](#ls-teams-stream)
+ * [`lsUsers()`](#ls-users)
+ * [`lsUsers.stream()`](#ls-users-stream)
+
+### Install
+
+`$ npm install libnpmteam`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `opts` for `libnpmteam` commands
+
+`libnpmteam` uses [`npm-registry-fetch`](https://npm.im/npm-registry-fetch).
+All options are passed through directly to that library, so please refer to [its
+own `opts`
+documentation](https://www.npmjs.com/package/npm-registry-fetch#fetch-options)
+for options that can be passed in.
+
+A couple of options of note for those in a hurry:
+
+* `opts.token` - can be passed in and will be used as the authentication token for the registry. For other ways to pass in auth details, see the n-r-f docs.
+* `opts.otp` - certain operations will require an OTP token to be passed in. If a `libnpmteam` command fails with `err.code === EOTP`, please retry the request with `{otp: <2fa token>}`
+* `opts.Promise` - If you pass this in, the Promises returned by `libnpmteam` commands will use this Promise class instead. For example: `{Promise: require('bluebird')}`
+
+#### `> team.create(team, [opts]) -> Promise`
+
+Creates a team named `team`. Team names use the format `@:`, with
+the `@` being optional.
+
+Additionally, `opts.description` may be passed in to include a description.
+
+##### Example
+
+```javascript
+await team.create('@npm:cli', {token: 'myregistrytoken'})
+// The @npm:cli team now exists.
+```
+
+#### `> team.destroy(team, [opts]) -> Promise`
+
+Destroys a team named `team`. Team names use the format `@:`, with
+the `@` being optional.
+
+##### Example
+
+```javascript
+await team.destroy('@npm:cli', {token: 'myregistrytoken'})
+// The @npm:cli team has been destroyed.
+```
+
+#### `> team.add(user, team, [opts]) -> Promise`
+
+Adds `user` to `team`.
+
+##### Example
+
+```javascript
+await team.add('zkat', '@npm:cli', {token: 'myregistrytoken'})
+// @zkat now belongs to the @npm:cli team.
+```
+
+#### `> team.rm(user, team, [opts]) -> Promise`
+
+Removes `user` from `team`.
+
+##### Example
+
+```javascript
+await team.rm('zkat', '@npm:cli', {token: 'myregistrytoken'})
+// @zkat is no longer part of the @npm:cli team.
+```
+
+#### `> team.lsTeams(scope, [opts]) -> Promise`
+
+Resolves to an array of team names belonging to `scope`.
+
+##### Example
+
+```javascript
+await team.lsTeams('@npm', {token: 'myregistrytoken'})
+=>
+[
+ 'npm:cli',
+ 'npm:web',
+ 'npm:registry',
+ 'npm:developers'
+]
+```
+
+#### `> team.lsTeams.stream(scope, [opts]) -> Stream`
+
+Returns a stream of teams belonging to `scope`.
+
+For a Promise-based version of these results, see [`team.lsTeams()`](#ls-teams).
+
+##### Example
+
+```javascript
+for await (let team of team.lsTeams.stream('@npm', {token: 'myregistrytoken'})) {
+ console.log(team)
+}
+
+// outputs
+// npm:cli
+// npm:web
+// npm:registry
+// npm:developers
+```
+
+#### `> team.lsUsers(team, [opts]) -> Promise`
+
+Resolves to an array of usernames belonging to `team`.
+
+For a streamed version of these results, see [`team.lsUsers.stream()`](#ls-users-stream).
+
+##### Example
+
+```javascript
+await team.lsUsers('@npm:cli', {token: 'myregistrytoken'})
+=>
+[
+ 'iarna',
+ 'zkat'
+]
+```
+
+#### `> team.lsUsers.stream(team, [opts]) -> Stream`
+
+Returns a stream of usernames belonging to `team`.
+
+For a Promise-based version of these results, see [`team.lsUsers()`](#ls-users).
+
+##### Example
+
+```javascript
+for await (let user of team.lsUsers.stream('@npm:cli', {token: 'myregistrytoken'})) {
+ console.log(user)
+}
+
+// outputs
+// iarna
+// zkat
+```
diff --git a/node_modules/libnpm/node_modules/libnpmteam/appveyor.yml b/node_modules/libnpm/node_modules/libnpmteam/appveyor.yml
new file mode 100644
index 0000000000000..9cc64c58e02f9
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/appveyor.yml
@@ -0,0 +1,22 @@
+environment:
+ matrix:
+ - nodejs_version: "10"
+ - nodejs_version: "9"
+ - nodejs_version: "8"
+ - nodejs_version: "6"
+
+platform:
+ - x64
+
+install:
+ - ps: Install-Product node $env:nodejs_version $env:platform
+ - npm config set spin false
+ - npm install
+
+test_script:
+ - npm test
+
+matrix:
+ fast_finish: true
+
+build: off
diff --git a/node_modules/libnpm/node_modules/libnpmteam/index.js b/node_modules/libnpm/node_modules/libnpmteam/index.js
new file mode 100644
index 0000000000000..3d9c906791c87
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/index.js
@@ -0,0 +1,106 @@
+'use strict'
+
+const eu = encodeURIComponent
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const npmFetch = require('npm-registry-fetch')
+const validate = require('aproba')
+
+const TeamConfig = figgyPudding({
+ description: {},
+ Promise: { default: () => Promise }
+})
+
+const cmd = module.exports = {}
+
+cmd.create = (entity, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => {
+ const { scope, team } = splitEntity(entity)
+ validate('SSO', [scope, team, opts])
+ return npmFetch.json(`/-/org/${eu(scope)}/team`, opts.concat({
+ method: 'PUT',
+ scope,
+ body: { name: team, description: opts.description }
+ }))
+ })
+}
+
+cmd.destroy = (entity, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => {
+ const { scope, team } = splitEntity(entity)
+ validate('SSO', [scope, team, opts])
+ return npmFetch.json(`/-/team/${eu(scope)}/${eu(team)}`, opts.concat({
+ method: 'DELETE',
+ scope
+ }))
+ })
+}
+
+cmd.add = (user, entity, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => {
+ const { scope, team } = splitEntity(entity)
+ validate('SSO', [scope, team, opts])
+ return npmFetch.json(`/-/team/${eu(scope)}/${eu(team)}/user`, opts.concat({
+ method: 'PUT',
+ scope,
+ body: { user }
+ }))
+ })
+}
+
+cmd.rm = (user, entity, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => {
+ const { scope, team } = splitEntity(entity)
+ validate('SSO', [scope, team, opts])
+ return npmFetch.json(`/-/team/${eu(scope)}/${eu(team)}/user`, opts.concat({
+ method: 'DELETE',
+ scope,
+ body: { user }
+ }))
+ })
+}
+
+cmd.lsTeams = (scope, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => getStream.array(cmd.lsTeams.stream(scope, opts)))
+}
+cmd.lsTeams.stream = (scope, opts) => {
+ opts = TeamConfig(opts)
+ validate('SO', [scope, opts])
+ return npmFetch.json.stream(`/-/org/${eu(scope)}/team`, '.*', opts.concat({
+ query: { format: 'cli' }
+ }))
+}
+
+cmd.lsUsers = (entity, opts) => {
+ opts = TeamConfig(opts)
+ return pwrap(opts, () => getStream.array(cmd.lsUsers.stream(entity, opts)))
+}
+cmd.lsUsers.stream = (entity, opts) => {
+ opts = TeamConfig(opts)
+ const { scope, team } = splitEntity(entity)
+ validate('SSO', [scope, team, opts])
+ const uri = `/-/team/${eu(scope)}/${eu(team)}/user`
+ return npmFetch.json.stream(uri, '.*', opts.concat({
+ query: { format: 'cli' }
+ }))
+}
+
+cmd.edit = () => {
+ throw new Error('edit is not implemented yet')
+}
+
+function splitEntity (entity = '') {
+ let [, scope, team] = entity.match(/^@?([^:]+):(.*)$/) || []
+ return { scope, team }
+}
+
+function pwrap (opts, fn) {
+ return new opts.Promise((resolve, reject) => {
+ fn().then(resolve, reject)
+ })
+}
diff --git a/node_modules/libnpm/node_modules/libnpmteam/package.json b/node_modules/libnpm/node_modules/libnpmteam/package.json
new file mode 100644
index 0000000000000..75e9570624722
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/package.json
@@ -0,0 +1,66 @@
+{
+ "_from": "libnpmteam@^1.0.2",
+ "_id": "libnpmteam@1.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-p420vM28Us04NAcg1rzgGW63LMM6rwe+6rtZpfDxCcXxM0zUTLl7nPFEnRF3JfFBF5skF/yuZDUthTsHgde8QA==",
+ "_location": "/libnpm/libnpmteam",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "libnpmteam@^1.0.2",
+ "name": "libnpmteam",
+ "escapedName": "libnpmteam",
+ "rawSpec": "^1.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^1.0.2"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/libnpmteam/-/libnpmteam-1.0.2.tgz",
+ "_shasum": "8b48bcbb6ce70dd8150c950fcbdbf3feb6eec820",
+ "_spec": "libnpmteam@^1.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/libnpmteam/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "aproba": "^2.0.0",
+ "figgy-pudding": "^3.4.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "npm Team management APIs",
+ "devDependencies": {
+ "nock": "^9.6.1",
+ "standard": "^12.0.0",
+ "standard-version": "*",
+ "tap": "*",
+ "weallbehave": "*",
+ "weallcontribute": "*"
+ },
+ "homepage": "https://npmjs.com/package/libnpmteam",
+ "license": "ISC",
+ "name": "libnpmteam",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/libnpmteam.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --100 test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "1.0.2"
+}
diff --git a/node_modules/libnpm/node_modules/libnpmteam/test/index.js b/node_modules/libnpm/node_modules/libnpmteam/test/index.js
new file mode 100644
index 0000000000000..7bc79d5181223
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/test/index.js
@@ -0,0 +1,138 @@
+'use strict'
+
+const figgyPudding = require('figgy-pudding')
+const getStream = require('get-stream')
+const { test } = require('tap')
+const tnock = require('./util/tnock.js')
+
+const team = require('../index.js')
+
+const REG = 'http://localhost:1337'
+const OPTS = figgyPudding({})({
+ registry: REG
+})
+
+test('create', t => {
+ tnock(t, REG).put(
+ '/-/org/foo/team', { name: 'cli' }
+ ).reply(201, { name: 'cli' })
+ return team.create('@foo:cli', OPTS).then(ret => {
+ t.deepEqual(ret, { name: 'cli' }, 'request succeeded')
+ })
+})
+
+test('create bad entity name', t => {
+ return team.create('go away', OPTS).then(
+ () => { throw new Error('should not succeed') },
+ err => { t.ok(err, 'error on bad entity name') }
+ )
+})
+
+test('create empty entity', t => {
+ return team.create(undefined, OPTS).then(
+ () => { throw new Error('should not succeed') },
+ err => { t.ok(err, 'error on bad entity name') }
+ )
+})
+
+test('create w/ description', t => {
+ tnock(t, REG).put('/-/org/foo/team', {
+ name: 'cli',
+ description: 'just some cool folx'
+ }).reply(201, { name: 'cli' })
+ return team.create('@foo:cli', OPTS.concat({
+ description: 'just some cool folx'
+ })).then(ret => {
+ t.deepEqual(ret, { name: 'cli' }, 'no desc in return')
+ })
+})
+
+test('destroy', t => {
+ tnock(t, REG).delete(
+ '/-/team/foo/cli'
+ ).reply(204, {})
+ return team.destroy('@foo:cli', OPTS).then(ret => {
+ t.deepEqual(ret, {}, 'request succeeded')
+ })
+})
+
+test('add', t => {
+ tnock(t, REG).put(
+ '/-/team/foo/cli/user', { user: 'zkat' }
+ ).reply(201, {})
+ return team.add('zkat', '@foo:cli', OPTS).then(ret => {
+ t.deepEqual(ret, {}, 'request succeeded')
+ })
+})
+
+test('rm', t => {
+ tnock(t, REG).delete(
+ '/-/team/foo/cli/user', { user: 'zkat' }
+ ).reply(204, {})
+ return team.rm('zkat', '@foo:cli', OPTS).then(ret => {
+ t.deepEqual(ret, {}, 'request succeeded')
+ })
+})
+
+test('lsTeams', t => {
+ tnock(t, REG).get(
+ '/-/org/foo/team?format=cli'
+ ).reply(200, ['foo:bar', 'foo:cli'])
+ return team.lsTeams('foo', OPTS).then(ret => {
+ t.deepEqual(ret, ['foo:bar', 'foo:cli'], 'got teams')
+ })
+})
+
+test('lsTeams error', t => {
+ tnock(t, REG).get(
+ '/-/org/foo/team?format=cli'
+ ).reply(500)
+ return team.lsTeams('foo', OPTS).then(
+ () => { throw new Error('should not succeed') },
+ err => { t.equal(err.code, 'E500', 'got error code') }
+ )
+})
+
+test('lsTeams.stream', t => {
+ tnock(t, REG).get(
+ '/-/org/foo/team?format=cli'
+ ).reply(200, ['foo:bar', 'foo:cli'])
+ return getStream.array(team.lsTeams.stream('foo', OPTS)).then(ret => {
+ t.deepEqual(ret, ['foo:bar', 'foo:cli'], 'got teams')
+ })
+})
+
+test('lsUsers', t => {
+ tnock(t, REG).get(
+ '/-/team/foo/cli/user?format=cli'
+ ).reply(500)
+ return team.lsUsers('@foo:cli', OPTS).then(
+ () => { throw new Error('should not succeed') },
+ err => { t.equal(err.code, 'E500', 'got error code') }
+ )
+})
+
+test('lsUsers error', t => {
+ tnock(t, REG).get(
+ '/-/team/foo/cli/user?format=cli'
+ ).reply(200, ['iarna', 'zkat'])
+ return team.lsUsers('@foo:cli', OPTS).then(ret => {
+ t.deepEqual(ret, ['iarna', 'zkat'], 'got team members')
+ })
+})
+
+test('lsUsers.stream', t => {
+ tnock(t, REG).get(
+ '/-/team/foo/cli/user?format=cli'
+ ).reply(200, ['iarna', 'zkat'])
+ return getStream.array(team.lsUsers.stream('@foo:cli', OPTS)).then(ret => {
+ t.deepEqual(ret, ['iarna', 'zkat'], 'got team members')
+ })
+})
+
+test('edit', t => {
+ t.throws(() => {
+ team.edit()
+ }, /not implemented/)
+ t.done()
+})
diff --git a/node_modules/libnpm/node_modules/libnpmteam/test/util/tnock.js b/node_modules/libnpm/node_modules/libnpmteam/test/util/tnock.js
new file mode 100644
index 0000000000000..00b6e160e1019
--- /dev/null
+++ b/node_modules/libnpm/node_modules/libnpmteam/test/util/tnock.js
@@ -0,0 +1,12 @@
+'use strict'
+
+const nock = require('nock')
+
+module.exports = tnock
+function tnock (t, host) {
+ const server = nock(host)
+ t.tearDown(function () {
+ server.done()
+ })
+ return server
+}
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpm/node_modules/make-fetch-happen/CHANGELOG.md
deleted file mode 100644
index a446842f55d80..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/CHANGELOG.md
+++ /dev/null
@@ -1,555 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
-
-## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
-
-
-
-
-## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
-
-
-### Bug Fixes
-
-* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
-
-
-
-
-# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
-
-
-### meta
-
-* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
-
-
-### BREAKING CHANGES
-
-* node@4 is no longer supported
-
-
-
-
-# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
-
-
-### Bug Fixes
-
-* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
-* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
-
-
-### BREAKING CHANGES
-
-* **license:** license changed from CC0 to ISC.
-
-
-
-
-# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
-
-
-### Bug Fixes
-
-* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
-
-
-### Features
-
-* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
-
-
-
-
-# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
-
-
-### Bug Fixes
-
-* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
-
-
-### Features
-
-* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
-
-
-
-
-## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
-
-
-### Bug Fixes
-
-* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
-* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
-
-
-
-
-## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
-
-
-### Bug Fixes
-
-* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
-
-
-
-
-## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
-
-
-### Bug Fixes
-
-* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
-
-
-
-
-## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
-
-
-### Bug Fixes
-
-* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
-* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
-
-
-
-
-## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
-
-
-### Bug Fixes
-
-* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
-
-
-
-
-## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
-
-
-### Bug Fixes
-
-* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
-
-
-
-
-## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
-
-
-### Bug Fixes
-
-* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
-
-
-
-
-## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
-
-
-### Bug Fixes
-
-* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
-* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
-* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
-
-
-
-
-## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
-
-
-### Bug Fixes
-
-* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
-
-
-
-
-## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
-
-
-### Bug Fixes
-
-* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
-
-
-
-
-## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
-
-
-### Bug Fixes
-
-* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
-
-
-
-
-## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
-
-
-### Bug Fixes
-
-* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
-* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
-
-
-
-
-## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
-
-
-### Bug Fixes
-
-* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
-
-
-
-
-# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
-
-
-### Bug Fixes
-
-* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
-
-
-### Features
-
-* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
-
-
-
-
-# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
-
-
-### Features
-
-* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
-* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
-
-
-
-
-## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
-
-
-### Bug Fixes
-
-* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
-* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
-
-
-
-
-## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
-
-
-### Bug Fixes
-
-* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
-
-
-
-
-## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
-
-
-### Bug Fixes
-
-* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
-
-
-
-
-## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
-
-
-### Bug Fixes
-
-* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
-* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
-
-
-
-
-## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
-
-
-### Bug Fixes
-
-* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
-
-
-
-
-## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
-
-
-### Bug Fixes
-
-* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
-
-
-
-
-# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
-
-
-### Bug Fixes
-
-* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
-
-
-### Features
-
-* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
-
-
-
-
-# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
-
-
-### Features
-
-* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
-
-
-
-
-## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
-
-
-### Bug Fixes
-
-* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
-
-
-
-
-## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
-
-
-
-
-## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
-
-
-
-
-## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
-
-
-
-
-# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
-* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
-
-
-### Features
-
-* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
-
-
-### BREAKING CHANGES
-
-* **agent:** pac proxies are no longer supported.
-* **retry:** Retry logic has changes.
-
-* 404s, 420s, and 429s all retry now.
-* ENOTFOUND no longer retries.
-* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
-
-
-
-
-# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
-
-
-### Features
-
-* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
-
-
-
-
-# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
-
-
-### Features
-
-* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
-
-
-
-
-## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
-
-
-### Bug Fixes
-
-* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
-* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
-
-
-
-
-# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
-
-
-### Features
-
-* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
-
-
-
-
-# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
-
-
-### Features
-
-* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
-
-
-
-
-## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
-
-
-
-
-# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
-
-
-### Features
-
-* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
-* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
-
-
-
-
-## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
-
-
-### Bug Fixes
-
-* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
-
-
-
-
-# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
-
-
-### Features
-
-* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
-
-
-
-
-# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
-
-
-### Features
-
-* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
-
-
-
-
-## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
-
-
-
-
-# 1.0.0 (2017-04-01)
-
-
-### Bug Fixes
-
-* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
-* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
-* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
-* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
-* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
-* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
-* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
-* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
-* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
-* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
-* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
-* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
-* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
-* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
-* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
-* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
-* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
-* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
-* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
-* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
-* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
-* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
-* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
-* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
-* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
-
-
-### Features
-
-* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
-* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
-
-
-### BREAKING CHANGES
-
-* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
-* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
-* **api:** actual api implemented
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpm/node_modules/make-fetch-happen/LICENSE
deleted file mode 100644
index 8d28acf866d93..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/LICENSE
+++ /dev/null
@@ -1,16 +0,0 @@
-ISC License
-
-Copyright (c) npm, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for
-any purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
-COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/README.md b/node_modules/libnpm/node_modules/make-fetch-happen/README.md
deleted file mode 100644
index 4d12d8dae7e31..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/README.md
+++ /dev/null
@@ -1,404 +0,0 @@
-# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
-
-
-[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
-library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
-features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
-pooling, proxies, retries, [and more](#features)!
-
-## Install
-
-`$ npm install --save make-fetch-happen`
-
-## Table of Contents
-
-* [Example](#example)
-* [Features](#features)
-* [Contributing](#contributing)
-* [API](#api)
- * [`fetch`](#fetch)
- * [`fetch.defaults`](#fetch-defaults)
- * [`node-fetch` options](#node-fetch-options)
- * [`make-fetch-happen` options](#extra-options)
- * [`opts.cacheManager`](#opts-cache-manager)
- * [`opts.cache`](#opts-cache)
- * [`opts.proxy`](#opts-proxy)
- * [`opts.noProxy`](#opts-no-proxy)
- * [`opts.ca, opts.cert, opts.key`](#https-opts)
- * [`opts.maxSockets`](#opts-max-sockets)
- * [`opts.retry`](#opts-retry)
- * [`opts.onRetry`](#opts-onretry)
- * [`opts.integrity`](#opts-integrity)
-* [Message From Our Sponsors](#wow)
-
-### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-cache' // path where cache will be written (and read)
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
- return res.json() // download the body as JSON
-}).then(body => {
- console.log(`got ${body.name} from web`)
- return fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'no-cache' // forces a conditional request
- })
-}).then(res => {
- console.log(res.status) // 304! cache validated!
- return res.json().then(body => {
- console.log(`got ${body.name} from cache`)
- })
-})
-```
-
-### Features
-
-* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
-* Request pooling out of the box
-* Quite fast, really
-* Automatic HTTP-semantics-aware request retries
-* Cache-fallback automatic "offline mode"
-* Proxy support (http, https, socks, socks4, socks5)
-* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
-* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
-* Node.js Stream support
-* Transparent gzip and deflate support
-* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
-* Literally punches nazis
-* (PENDING) Range request caching and resuming
-
-### Contributing
-
-The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
-
-All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
-
-Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
-
-Happy hacking!
-
-### API
-
-#### `> fetch(uriOrRequest, [opts]) -> Promise`
-
-This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
-
-If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
-
-##### Example
-
-```javascript
-fetch('https://google.com').then(res => res.buffer())
-```
-
-#### `> fetch.defaults([defaultUrl], [defaultOpts])`
-
-Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
-
-A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
-
-##### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-local-cache'
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
-```
-
-#### `> node-fetch options`
-
-The following options for `node-fetch` are used as-is:
-
-* method
-* body
-* redirect
-* follow
-* timeout
-* compress
-* size
-
-These other options are modified or augmented by make-fetch-happen:
-
-* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
-* agent
- * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
- * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
- * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
- * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
-
-For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
-
-#### `> make-fetch-happen options`
-
-make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
-
-* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
-* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
-* [`opts.proxy`](#opts-proxy) - Proxy agent
-* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
-* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
-* [`opts.localAddress`](#opts-local-address)
-* [`opts.maxSockets`](#opts-max-sockets)
-* [`opts.retry`](#opts-retry) - Request retry settings
-* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
-* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
-
-#### `> opts.cacheManager`
-
-Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
-
-If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
-
-By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
-
-You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
-
-**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
-
-The default cache manager also adds the following headers to cached responses:
-
-* `X-Local-Cache`: Path to the cache the content was found in
-* `X-Local-Cache-Key`: Unique cache entry key for this response
-* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
-* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
-
-Using [`cacache`](https://npm.im/cacache), a call like this may be used to
-manually fetch the cached entry:
-
-```javascript
-const h = response.headers
-cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
-
-// grab content only, directly:
-cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
-```
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cacheManager: './my-local-cache'
-}) // -> 200-level response will be written to disk
-
-fetch('https://npm.im/cacache', {
- cacheManager: new MyCustomRedisCache(process.env.PORT)
-}) // -> 200-level response will be written to redis
-```
-
-A possible (minimal) implementation for `MyCustomRedisCache`:
-
-```javascript
-const bluebird = require('bluebird')
-const redis = require("redis")
-bluebird.promisifyAll(redis.RedisClient.prototype)
-class MyCustomRedisCache {
- constructor (opts) {
- this.redis = redis.createClient(opts)
- }
- match (req) {
- return this.redis.getAsync(req.url).then(res => {
- if (res) {
- const parsed = JSON.parse(res)
- return new fetch.Response(parsed.body, {
- url: req.url,
- headers: parsed.headers,
- status: 200
- })
- }
- })
- }
- put (req, res) {
- return res.buffer().then(body => {
- return this.redis.setAsync(req.url, JSON.stringify({
- body: body,
- headers: res.headers.raw()
- }))
- }).then(() => {
- // return the response itself
- return res
- })
- }
- 'delete' (req) {
- return this.redis.unlinkAsync(req.url)
- }
-}
-```
-
-#### `> opts.cache`
-
-This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
-
-* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
-* `no-store` - Fetch behaves as if there is no HTTP cache at all.
-* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
-* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
-* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
-* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
-
-(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
-
-##### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-cache'
-})
-
-// Will error with ENOTCACHED if we haven't already cached this url
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'only-if-cached'
-})
-
-// Will refresh any local content and cache the new response
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'reload'
-})
-
-// Will use any local data, even if stale. Otherwise, will hit network.
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'force-cache'
-})
-```
-
-#### `> opts.proxy`
-
-A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
-used depending on the proxy's protocol.
-
-Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
-`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
-
-(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- proxy: 'https://corporate.yourcompany.proxy:4445'
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- proxy: {
- protocol: 'https:',
- hostname: 'corporate.yourcompany.proxy',
- port: 4445
- }
-})
-```
-
-#### `> opts.noProxy`
-
-If present, should be a comma-separated string or an array of domain extensions
-that a proxy should _not_ be used for.
-
-This option may also be provided through `process.env.NO_PROXY`.
-
-#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
-
-These values are passed in directly to the HTTPS agent and will be used for both
-proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
-same options the `https` module accepts, which will be themselves passed to
-`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
-
-#### `> opts.localAddress`
-
-Passed directly to `http` and `https` request calls. Determines the local
-address to bind to.
-
-#### `> opts.maxSockets`
-
-Default: 15
-
-Maximum number of active concurrent sockets to use for the underlying
-Http/Https/Proxy agents. This setting applies once per spawned agent.
-
-15 is probably a _pretty good value_ for most use-cases, and balances speed
-with, uh, not knocking out people's routers. 🤓
-
-#### `> opts.retry`
-
-An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
-
-* Request method is NOT `POST` AND
-* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
-* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
-
-The following are worth noting as explicitly not retried:
-
-* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
-* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
-
-If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
-
-If `opts.retry` is a number, it is equivalent to `{retries: num}`
-
-The following retry options are available if you want more control over it:
-
-* retries
-* factor
-* minTimeout
-* maxTimeout
-* randomize
-
-For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
-
-##### Example
-
-```javascript
-fetch('https://flaky.site.com', {
- retry: {
- retries: 10,
- randomize: true
- }
-})
-
-fetch('http://reliable.site.com', {
- retry: false
-})
-
-fetch('http://one-more.site.com', {
- retry: 3
-})
-```
-
-#### `> opts.onRetry`
-
-A function called whenever a retry is attempted.
-
-##### Example
-
-```javascript
-fetch('https://flaky.site.com', {
- onRetry() {
- console.log('we will retry!')
- }
-})
-```
-
-#### `> opts.integrity`
-
-Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
-
-`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
- integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
-}) // -> ok
-
-fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
- integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
-}) // Error: EINTEGRITY
-```
-
-### Message From Our Sponsors
-
-
-
-
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/agent.js b/node_modules/libnpm/node_modules/make-fetch-happen/agent.js
deleted file mode 100644
index 55675946ad97d..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/agent.js
+++ /dev/null
@@ -1,171 +0,0 @@
-'use strict'
-const LRU = require('lru-cache')
-const url = require('url')
-
-let AGENT_CACHE = new LRU({ max: 50 })
-let HttpsAgent
-let HttpAgent
-
-module.exports = getAgent
-
-function getAgent (uri, opts) {
- const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
- const isHttps = parsedUri.protocol === 'https:'
- const pxuri = getProxyUri(uri, opts)
-
- const key = [
- `https:${isHttps}`,
- pxuri
- ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
- : '>no-proxy<',
- `local-address:${opts.localAddress || '>no-local-address<'}`,
- `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
- `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
- `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
- `key:${(isHttps && opts.key) || '>no-key<'}`
- ].join(':')
-
- if (opts.agent != null) { // `agent: false` has special behavior!
- return opts.agent
- }
-
- if (AGENT_CACHE.peek(key)) {
- return AGENT_CACHE.get(key)
- }
-
- if (pxuri) {
- const proxy = getProxy(pxuri, opts, isHttps)
- AGENT_CACHE.set(key, proxy)
- return proxy
- }
-
- if (isHttps && !HttpsAgent) {
- HttpsAgent = require('agentkeepalive').HttpsAgent
- } else if (!isHttps && !HttpAgent) {
- HttpAgent = require('agentkeepalive')
- }
-
- // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
- // of zero disables the timeout behavior (OS limits still apply). Else, if
- // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
- // the node-fetch-npm timeout will always fire first, giving us more
- // consistent errors.
- const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
-
- const agent = isHttps ? new HttpsAgent({
- maxSockets: opts.maxSockets || 15,
- ca: opts.ca,
- cert: opts.cert,
- key: opts.key,
- localAddress: opts.localAddress,
- rejectUnauthorized: opts.strictSSL,
- timeout: agentTimeout
- }) : new HttpAgent({
- maxSockets: opts.maxSockets || 15,
- localAddress: opts.localAddress,
- timeout: agentTimeout
- })
- AGENT_CACHE.set(key, agent)
- return agent
-}
-
-function checkNoProxy (uri, opts) {
- const host = url.parse(uri).hostname.split('.').reverse()
- let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
- if (typeof noproxy === 'string') {
- noproxy = noproxy.split(/\s*,\s*/g)
- }
- return noproxy && noproxy.some(no => {
- const noParts = no.split('.').filter(x => x).reverse()
- if (!noParts.length) { return false }
- for (let i = 0; i < noParts.length; i++) {
- if (host[i] !== noParts[i]) {
- return false
- }
- }
- return true
- })
-}
-
-module.exports.getProcessEnv = getProcessEnv
-
-function getProcessEnv (env) {
- if (!env) { return }
-
- let value
-
- if (Array.isArray(env)) {
- for (let e of env) {
- value = process.env[e] ||
- process.env[e.toUpperCase()] ||
- process.env[e.toLowerCase()]
- if (typeof value !== 'undefined') { break }
- }
- }
-
- if (typeof env === 'string') {
- value = process.env[env] ||
- process.env[env.toUpperCase()] ||
- process.env[env.toLowerCase()]
- }
-
- return value
-}
-
-function getProxyUri (uri, opts) {
- const protocol = url.parse(uri).protocol
-
- const proxy = opts.proxy || (
- protocol === 'https:' && getProcessEnv('https_proxy')
- ) || (
- protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
- )
- if (!proxy) { return null }
-
- const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
-
- return !checkNoProxy(uri, opts) && parsedProxy
-}
-
-let HttpProxyAgent
-let HttpsProxyAgent
-let SocksProxyAgent
-function getProxy (proxyUrl, opts, isHttps) {
- let popts = {
- host: proxyUrl.hostname,
- port: proxyUrl.port,
- protocol: proxyUrl.protocol,
- path: proxyUrl.path,
- auth: proxyUrl.auth,
- ca: opts.ca,
- cert: opts.cert,
- key: opts.key,
- timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
- localAddress: opts.localAddress,
- maxSockets: opts.maxSockets || 15,
- rejectUnauthorized: opts.strictSSL
- }
-
- if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
- if (!isHttps) {
- if (!HttpProxyAgent) {
- HttpProxyAgent = require('http-proxy-agent')
- }
-
- return new HttpProxyAgent(popts)
- } else {
- if (!HttpsProxyAgent) {
- HttpsProxyAgent = require('https-proxy-agent')
- }
-
- return new HttpsProxyAgent(popts)
- }
- }
- if (proxyUrl.protocol.startsWith('socks')) {
- if (!SocksProxyAgent) {
- SocksProxyAgent = require('socks-proxy-agent')
- }
-
- return new SocksProxyAgent(popts)
- }
-}
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/cache.js b/node_modules/libnpm/node_modules/make-fetch-happen/cache.js
deleted file mode 100644
index 0c519e69fbe81..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/cache.js
+++ /dev/null
@@ -1,249 +0,0 @@
-'use strict'
-
-const cacache = require('cacache')
-const fetch = require('node-fetch-npm')
-const pipe = require('mississippi').pipe
-const ssri = require('ssri')
-const through = require('mississippi').through
-const to = require('mississippi').to
-const url = require('url')
-const stream = require('stream')
-
-const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
-
-function cacheKey (req) {
- const parsed = url.parse(req.url)
- return `make-fetch-happen:request-cache:${
- url.format({
- protocol: parsed.protocol,
- slashes: parsed.slashes,
- host: parsed.host,
- hostname: parsed.hostname,
- pathname: parsed.pathname
- })
- }`
-}
-
-// This is a cacache-based implementation of the Cache standard,
-// using node-fetch.
-// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
-//
-module.exports = class Cache {
- constructor (path, opts) {
- this._path = path
- this._uid = opts && opts.uid
- this._gid = opts && opts.gid
- this.Promise = (opts && opts.Promise) || Promise
- }
-
- // Returns a Promise that resolves to the response associated with the first
- // matching request in the Cache object.
- match (req, opts) {
- opts = opts || {}
- const key = cacheKey(req)
- return cacache.get.info(this._path, key).then(info => {
- return info && cacache.get.hasContent(
- this._path, info.integrity, opts
- ).then(exists => exists && info)
- }).then(info => {
- if (info && info.metadata && matchDetails(req, {
- url: info.metadata.url,
- reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
- resHeaders: new fetch.Headers(info.metadata.resHeaders),
- cacheIntegrity: info.integrity,
- integrity: opts && opts.integrity
- })) {
- const resHeaders = new fetch.Headers(info.metadata.resHeaders)
- addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
- if (req.method === 'HEAD') {
- return new fetch.Response(null, {
- url: req.url,
- headers: resHeaders,
- status: 200
- })
- }
- let body
- const cachePath = this._path
- // avoid opening cache file handles until a user actually tries to
- // read from it.
- if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
- body = new stream.PassThrough()
- const realRead = body._read
- body._read = function (size) {
- body._read = realRead
- pipe(
- cacache.get.stream.byDigest(cachePath, info.integrity, {
- memoize: opts.memoize
- }),
- body,
- err => body.emit(err))
- return realRead.call(this, size)
- }
- } else {
- let readOnce = false
- // cacache is much faster at bulk reads
- body = new stream.Readable({
- read () {
- if (readOnce) return this.push(null)
- readOnce = true
- cacache.get.byDigest(cachePath, info.integrity, {
- memoize: opts.memoize
- }).then(data => {
- this.push(data)
- this.push(null)
- }, err => this.emit('error', err))
- }
- })
- }
- return this.Promise.resolve(new fetch.Response(body, {
- url: req.url,
- headers: resHeaders,
- status: 200,
- size: info.size
- }))
- }
- })
- }
-
- // Takes both a request and its response and adds it to the given cache.
- put (req, response, opts) {
- opts = opts || {}
- const size = response.headers.get('content-length')
- const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
- const ckey = cacheKey(req)
- const cacheOpts = {
- algorithms: opts.algorithms,
- metadata: {
- url: req.url,
- reqHeaders: req.headers.raw(),
- resHeaders: response.headers.raw()
- },
- uid: this._uid,
- gid: this._gid,
- size,
- memoize: fitInMemory && opts.memoize
- }
- if (req.method === 'HEAD' || response.status === 304) {
- // Update metadata without writing
- return cacache.get.info(this._path, ckey).then(info => {
- // Providing these will bypass content write
- cacheOpts.integrity = info.integrity
- addCacheHeaders(
- response.headers, this._path, ckey, info.integrity, info.time
- )
- return new this.Promise((resolve, reject) => {
- pipe(
- cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
- cacache.put.stream(this._path, cacheKey(req), cacheOpts),
- err => err ? reject(err) : resolve(response)
- )
- })
- }).then(() => response)
- }
- let buf = []
- let bufSize = 0
- let cacheTargetStream = false
- const cachePath = this._path
- let cacheStream = to((chunk, enc, cb) => {
- if (!cacheTargetStream) {
- if (fitInMemory) {
- cacheTargetStream =
- to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
- buf.push(chunk)
- bufSize += chunk.length
- cb()
- }, done => {
- cacache.put(
- cachePath,
- cacheKey(req),
- Buffer.concat(buf, bufSize),
- cacheOpts
- ).then(
- () => done(),
- done
- )
- })
- } else {
- cacheTargetStream =
- cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
- }
- }
- cacheTargetStream.write(chunk, enc, cb)
- }, done => {
- cacheTargetStream ? cacheTargetStream.end(done) : done()
- })
- const oldBody = response.body
- const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
- response.body = newBody
- oldBody.once('error', err => newBody.emit('error', err))
- newBody.once('error', err => oldBody.emit('error', err))
- cacheStream.once('error', err => newBody.emit('error', err))
- pipe(oldBody, to((chunk, enc, cb) => {
- cacheStream.write(chunk, enc, () => {
- newBody.write(chunk, enc, cb)
- })
- }, done => {
- cacheStream.end(() => {
- newBody.end(() => {
- done()
- })
- })
- }), err => err && newBody.emit('error', err))
- return response
- }
-
- // Finds the Cache entry whose key is the request, and if found, deletes the
- // Cache entry and returns a Promise that resolves to true. If no Cache entry
- // is found, it returns false.
- 'delete' (req, opts) {
- opts = opts || {}
- if (typeof opts.memoize === 'object') {
- if (opts.memoize.reset) {
- opts.memoize.reset()
- } else if (opts.memoize.clear) {
- opts.memoize.clear()
- } else {
- Object.keys(opts.memoize).forEach(k => {
- opts.memoize[k] = null
- })
- }
- }
- return cacache.rm.entry(
- this._path,
- cacheKey(req)
- // TODO - true/false
- ).then(() => false)
- }
-}
-
-function matchDetails (req, cached) {
- const reqUrl = url.parse(req.url)
- const cacheUrl = url.parse(cached.url)
- const vary = cached.resHeaders.get('Vary')
- // https://tools.ietf.org/html/rfc7234#section-4.1
- if (vary) {
- if (vary.match(/\*/)) {
- return false
- } else {
- const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
- return cached.reqHeaders.get(field) === req.headers.get(field)
- })
- if (!fieldsMatch) {
- return false
- }
- }
- }
- if (cached.integrity) {
- return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
- }
- reqUrl.hash = null
- cacheUrl.hash = null
- return url.format(reqUrl) === url.format(cacheUrl)
-}
-
-function addCacheHeaders (resHeaders, path, key, hash, time) {
- resHeaders.set('X-Local-Cache', encodeURIComponent(path))
- resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
- resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
- resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
-}
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/index.js b/node_modules/libnpm/node_modules/make-fetch-happen/index.js
deleted file mode 100644
index 0f2c164e19f28..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/index.js
+++ /dev/null
@@ -1,482 +0,0 @@
-'use strict'
-
-let Cache
-const url = require('url')
-const CachePolicy = require('http-cache-semantics')
-const fetch = require('node-fetch-npm')
-const pkg = require('./package.json')
-const retry = require('promise-retry')
-let ssri
-const Stream = require('stream')
-const getAgent = require('./agent')
-const setWarning = require('./warning')
-
-const isURL = /^https?:/
-const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
-
-const RETRY_ERRORS = [
- 'ECONNRESET', // remote socket closed on us
- 'ECONNREFUSED', // remote host refused to open connection
- 'EADDRINUSE', // failed to bind to a local port (proxy?)
- 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
- // Known codes we do NOT retry on:
- // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
-]
-
-const RETRY_TYPES = [
- 'request-timeout'
-]
-
-// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
-module.exports = cachingFetch
-cachingFetch.defaults = function (_uri, _opts) {
- const fetch = this
- if (typeof _uri === 'object') {
- _opts = _uri
- _uri = null
- }
-
- function defaultedFetch (uri, opts) {
- const finalOpts = Object.assign({}, _opts || {}, opts || {})
- return fetch(uri || _uri, finalOpts)
- }
-
- defaultedFetch.defaults = fetch.defaults
- defaultedFetch.delete = fetch.delete
- return defaultedFetch
-}
-
-cachingFetch.delete = cacheDelete
-function cacheDelete (uri, opts) {
- opts = configureOptions(opts)
- if (opts.cacheManager) {
- const req = new fetch.Request(uri, {
- method: opts.method,
- headers: opts.headers
- })
- return opts.cacheManager.delete(req, opts)
- }
-}
-
-function initializeCache (opts) {
- if (typeof opts.cacheManager === 'string') {
- if (!Cache) {
- // Default cacache-based cache
- Cache = require('./cache')
- }
-
- opts.cacheManager = new Cache(opts.cacheManager, opts)
- }
-
- opts.cache = opts.cache || 'default'
-
- if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
- // If header list contains `If-Modified-Since`, `If-None-Match`,
- // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
- // mode to "no-store" if it is "default".
- opts.cache = 'no-store'
- }
-}
-
-function configureOptions (_opts) {
- const opts = Object.assign({}, _opts || {})
- opts.method = (opts.method || 'GET').toUpperCase()
-
- if (opts.retry && typeof opts.retry === 'number') {
- opts.retry = { retries: opts.retry }
- }
-
- if (opts.retry === false) {
- opts.retry = { retries: 0 }
- }
-
- if (opts.cacheManager) {
- initializeCache(opts)
- }
-
- return opts
-}
-
-function initializeSsri () {
- if (!ssri) {
- ssri = require('ssri')
- }
-}
-
-function cachingFetch (uri, _opts) {
- const opts = configureOptions(_opts)
-
- if (opts.integrity) {
- initializeSsri()
- // if verifying integrity, node-fetch must not decompress
- opts.compress = false
- }
-
- const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
- opts.cacheManager &&
- opts.cache !== 'no-store' &&
- opts.cache !== 'reload'
-
- if (isCachable) {
- const req = new fetch.Request(uri, {
- method: opts.method,
- headers: opts.headers
- })
-
- return opts.cacheManager.match(req, opts).then(res => {
- if (res) {
- const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
- if (warningCode && +warningCode >= 100 && +warningCode < 200) {
- // https://tools.ietf.org/html/rfc7234#section-4.3.4
- //
- // If a stored response is selected for update, the cache MUST:
- //
- // * delete any Warning header fields in the stored response with
- // warn-code 1xx (see Section 5.5);
- //
- // * retain any Warning header fields in the stored response with
- // warn-code 2xx;
- //
- res.headers.delete('Warning')
- }
-
- if (opts.cache === 'default' && !isStale(req, res)) {
- return res
- }
-
- if (opts.cache === 'default' || opts.cache === 'no-cache') {
- return conditionalFetch(req, res, opts)
- }
-
- if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
- // 112 Disconnected operation
- // SHOULD be included if the cache is intentionally disconnected from
- // the rest of the network for a period of time.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(res, 112, 'Disconnected operation')
- return res
- }
- }
-
- if (!res && opts.cache === 'only-if-cached') {
- const errorMsg = `request to ${
- uri
- } failed: cache mode is 'only-if-cached' but no cached response available.`
-
- const err = new Error(errorMsg)
- err.code = 'ENOTCACHED'
- throw err
- }
-
- // Missing cache entry, or mode is default (if stale), reload, no-store
- return remoteFetch(req.url, opts)
- })
- }
-
- return remoteFetch(uri, opts)
-}
-
-function iterableToObject (iter) {
- const obj = {}
- for (let k of iter.keys()) {
- obj[k] = iter.get(k)
- }
- return obj
-}
-
-function makePolicy (req, res) {
- const _req = {
- url: req.url,
- method: req.method,
- headers: iterableToObject(req.headers)
- }
- const _res = {
- status: res.status,
- headers: iterableToObject(res.headers)
- }
-
- return new CachePolicy(_req, _res, { shared: false })
-}
-
-// https://tools.ietf.org/html/rfc7234#section-4.2
-function isStale (req, res) {
- if (!res) {
- return null
- }
-
- const _req = {
- url: req.url,
- method: req.method,
- headers: iterableToObject(req.headers)
- }
-
- const policy = makePolicy(req, res)
-
- const responseTime = res.headers.get('x-local-cache-time') ||
- res.headers.get('date') ||
- 0
-
- policy._responseTime = new Date(responseTime)
-
- const bool = !policy.satisfiesWithoutRevalidation(_req)
- return bool
-}
-
-function mustRevalidate (res) {
- return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
-}
-
-function conditionalFetch (req, cachedRes, opts) {
- const _req = {
- url: req.url,
- method: req.method,
- headers: Object.assign({}, opts.headers || {})
- }
-
- const policy = makePolicy(req, cachedRes)
- opts.headers = policy.revalidationHeaders(_req)
-
- return remoteFetch(req.url, opts)
- .then(condRes => {
- const revalidatedPolicy = policy.revalidatedPolicy(_req, {
- status: condRes.status,
- headers: iterableToObject(condRes.headers)
- })
-
- if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
- // 111 Revalidation failed
- // MUST be included if a cache returns a stale response because an
- // attempt to revalidate the response failed, due to an inability to
- // reach the server.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(cachedRes, 111, 'Revalidation failed')
- return cachedRes
- }
-
- if (condRes.status === 304) { // 304 Not Modified
- condRes.body = cachedRes.body
- return opts.cacheManager.put(req, condRes, opts)
- .then(newRes => {
- newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
- return newRes
- })
- }
-
- return condRes
- })
- .then(res => res)
- .catch(err => {
- if (mustRevalidate(cachedRes)) {
- throw err
- } else {
- // 111 Revalidation failed
- // MUST be included if a cache returns a stale response because an
- // attempt to revalidate the response failed, due to an inability to
- // reach the server.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(cachedRes, 111, 'Revalidation failed')
- // 199 Miscellaneous warning
- // The warning text MAY include arbitrary information to be presented to
- // a human user, or logged. A system receiving this warning MUST NOT take
- // any automated action, besides presenting the warning to the user.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(
- cachedRes,
- 199,
- `Miscellaneous Warning ${err.code}: ${err.message}`
- )
-
- return cachedRes
- }
- })
-}
-
-function remoteFetchHandleIntegrity (res, integrity) {
- const oldBod = res.body
- const newBod = ssri.integrityStream({
- integrity
- })
- oldBod.pipe(newBod)
- res.body = newBod
- oldBod.once('error', err => {
- newBod.emit('error', err)
- })
- newBod.once('error', err => {
- oldBod.emit('error', err)
- })
-}
-
-function remoteFetch (uri, opts) {
- const agent = getAgent(uri, opts)
- const headers = Object.assign({
- 'connection': agent ? 'keep-alive' : 'close',
- 'user-agent': USER_AGENT
- }, opts.headers || {})
-
- const reqOpts = {
- agent,
- body: opts.body,
- compress: opts.compress,
- follow: opts.follow,
- headers: new fetch.Headers(headers),
- method: opts.method,
- redirect: 'manual',
- size: opts.size,
- counter: opts.counter,
- timeout: opts.timeout
- }
-
- return retry(
- (retryHandler, attemptNum) => {
- const req = new fetch.Request(uri, reqOpts)
- return fetch(req)
- .then(res => {
- res.headers.set('x-fetch-attempts', attemptNum)
-
- if (opts.integrity) {
- remoteFetchHandleIntegrity(res, opts.integrity)
- }
-
- const isStream = req.body instanceof Stream
-
- if (opts.cacheManager) {
- const isMethodGetHead = req.method === 'GET' ||
- req.method === 'HEAD'
-
- const isCachable = opts.cache !== 'no-store' &&
- isMethodGetHead &&
- makePolicy(req, res).storable() &&
- res.status === 200 // No other statuses should be stored!
-
- if (isCachable) {
- return opts.cacheManager.put(req, res, opts)
- }
-
- if (!isMethodGetHead) {
- return opts.cacheManager.delete(req).then(() => {
- if (res.status >= 500 && req.method !== 'POST' && !isStream) {
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(res)
- }
-
- return retryHandler(res)
- }
-
- return res
- })
- }
- }
-
- const isRetriable = req.method !== 'POST' &&
- !isStream && (
- res.status === 408 || // Request Timeout
- res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
- res.status === 429 || // Too Many Requests ("standard" rate-limiting)
- res.status >= 500 // Assume server errors are momentary hiccups
- )
-
- if (isRetriable) {
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(res)
- }
-
- return retryHandler(res)
- }
-
- if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
- return res
- }
-
- // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
- if (opts.redirect === 'error') {
- const err = new Error(`redirect mode is set to error: ${uri}`)
- err.code = 'ENOREDIRECT'
- throw err
- }
-
- if (!res.headers.get('location')) {
- const err = new Error(`redirect location header missing at: ${uri}`)
- err.code = 'EINVALIDREDIRECT'
- throw err
- }
-
- if (req.counter >= req.follow) {
- const err = new Error(`maximum redirect reached at: ${uri}`)
- err.code = 'EMAXREDIRECT'
- throw err
- }
-
- const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
- let redirectURL = url.parse(resolvedUrl)
-
- if (isURL.test(res.headers.get('location'))) {
- redirectURL = url.parse(res.headers.get('location'))
- }
-
- // Remove authorization if changing hostnames (but not if just
- // changing ports or protocols). This matches the behavior of request:
- // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
- if (url.parse(req.url).hostname !== redirectURL.hostname) {
- req.headers.delete('authorization')
- }
-
- // for POST request with 301/302 response, or any request with 303 response,
- // use GET when following redirect
- if (res.status === 303 ||
- ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
- opts.method = 'GET'
- opts.body = null
- req.headers.delete('content-length')
- }
-
- opts.headers = {}
- req.headers.forEach((value, name) => {
- opts.headers[name] = value
- })
-
- opts.counter = ++req.counter
- return cachingFetch(resolvedUrl, opts)
- })
- .catch(err => {
- const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
-
- const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
- RETRY_TYPES.indexOf(err.type) === -1
-
- if (req.method === 'POST' || isRetryError) {
- throw err
- }
-
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(err)
- }
-
- return retryHandler(err)
- })
- },
- opts.retry
- ).catch(err => {
- if (err.status >= 400) {
- return err
- }
-
- throw err
- })
-}
-
-function isHeaderConditional (headers) {
- if (!headers || typeof headers !== 'object') {
- return false
- }
-
- const modifiers = [
- 'if-modified-since',
- 'if-none-match',
- 'if-unmodified-since',
- 'if-match',
- 'if-range'
- ]
-
- return Object.keys(headers)
- .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
-}
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/package.json b/node_modules/libnpm/node_modules/make-fetch-happen/package.json
deleted file mode 100644
index e01e060f231e2..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/package.json
+++ /dev/null
@@ -1,94 +0,0 @@
-{
- "_from": "make-fetch-happen@^4.0.2",
- "_id": "make-fetch-happen@4.0.2",
- "_inBundle": false,
- "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
- "_location": "/libnpm/make-fetch-happen",
- "_phantomChildren": {},
- "_requested": {
- "type": "range",
- "registry": true,
- "raw": "make-fetch-happen@^4.0.2",
- "name": "make-fetch-happen",
- "escapedName": "make-fetch-happen",
- "rawSpec": "^4.0.2",
- "saveSpec": null,
- "fetchSpec": "^4.0.2"
- },
- "_requiredBy": [
- "/libnpm/npm-registry-fetch"
- ],
- "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
- "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
- "_spec": "make-fetch-happen@^4.0.2",
- "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm/node_modules/npm-registry-fetch",
- "author": {
- "name": "Kat Marchán",
- "email": "kzm@zkat.tech"
- },
- "bugs": {
- "url": "https://github.com/zkat/make-fetch-happen/issues"
- },
- "bundleDependencies": false,
- "dependencies": {
- "agentkeepalive": "^3.4.1",
- "cacache": "^11.3.3",
- "http-cache-semantics": "^3.8.1",
- "http-proxy-agent": "^2.1.0",
- "https-proxy-agent": "^2.2.1",
- "lru-cache": "^5.1.1",
- "mississippi": "^3.0.0",
- "node-fetch-npm": "^2.0.2",
- "promise-retry": "^1.1.1",
- "socks-proxy-agent": "^4.0.0",
- "ssri": "^6.0.0"
- },
- "deprecated": false,
- "description": "Opinionated, caching, retrying fetch client",
- "devDependencies": {
- "bluebird": "^3.5.1",
- "mkdirp": "^0.5.1",
- "nock": "^9.2.3",
- "npmlog": "^4.1.2",
- "require-inject": "^1.4.2",
- "rimraf": "^2.6.2",
- "safe-buffer": "^5.1.1",
- "standard": "^11.0.1",
- "standard-version": "^4.3.0",
- "tacks": "^1.2.6",
- "tap": "^12.7.0",
- "weallbehave": "^1.0.0",
- "weallcontribute": "^1.0.7"
- },
- "files": [
- "*.js",
- "lib"
- ],
- "homepage": "https://github.com/zkat/make-fetch-happen#readme",
- "keywords": [
- "http",
- "request",
- "fetch",
- "mean girls",
- "caching",
- "cache",
- "subresource integrity"
- ],
- "license": "ISC",
- "main": "index.js",
- "name": "make-fetch-happen",
- "repository": {
- "type": "git",
- "url": "git+https://github.com/zkat/make-fetch-happen.git"
- },
- "scripts": {
- "postrelease": "npm publish && git push --follow-tags",
- "prerelease": "npm t",
- "pretest": "standard",
- "release": "standard-version -s",
- "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
- "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
- "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
- },
- "version": "4.0.2"
-}
diff --git a/node_modules/libnpm/node_modules/make-fetch-happen/warning.js b/node_modules/libnpm/node_modules/make-fetch-happen/warning.js
deleted file mode 100644
index b8f13cf83195a..0000000000000
--- a/node_modules/libnpm/node_modules/make-fetch-happen/warning.js
+++ /dev/null
@@ -1,24 +0,0 @@
-const url = require('url')
-
-module.exports = setWarning
-
-function setWarning (reqOrRes, code, message, replace) {
- // Warning = "Warning" ":" 1#warning-value
- // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
- // warn-code = 3DIGIT
- // warn-agent = ( host [ ":" port ] ) | pseudonym
- // ; the name or pseudonym of the server adding
- // ; the Warning header, for use in debugging
- // warn-text = quoted-string
- // warn-date = <"> HTTP-date <">
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- const host = url.parse(reqOrRes.url).host
- const jsonMessage = JSON.stringify(message)
- const jsonDate = JSON.stringify(new Date().toUTCString())
- const header = replace ? 'set' : 'append'
-
- reqOrRes.headers[header](
- 'Warning',
- `${code} ${host} ${jsonMessage} ${jsonDate}`
- )
-}
diff --git a/node_modules/libnpm/node_modules/npm-profile/CHANGELOG.md b/node_modules/libnpm/node_modules/npm-profile/CHANGELOG.md
new file mode 100644
index 0000000000000..6d937580c307b
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-profile/CHANGELOG.md
@@ -0,0 +1,45 @@
+# v4.0.1 (2018-08-29)
+
+- `opts.password` needs to be base64-encoded when passed in for login
+- Bump `npm-registry-fetch` dep because we depend on `opts.forceAuth`
+
+# v4.0.0 (2018-08-28)
+
+## BREAKING CHANGES:
+
+- Networking and auth-related options now use the latest [`npm-registry-fetch` config format](https://www.npmjs.com/package/npm-registry-fetch#fetch-opts).
+
+# v3.0.2 (2018-06-07)
+
+- Allow newer make-fetch-happen.
+- Report 500s from weblogin end point as unsupported.
+- EAUTHUNKNOWN errors were incorrectly reported as EAUTHIP.
+
+# v3.0.1 (2018-02-18)
+
+- Log `npm-notice` headers
+
+# v3.0.0 (2018-02-18)
+
+## BREAKING CHANGES:
+
+- profile.login() and profile.adduser() take 2 functions: opener() and
+ prompter(). opener is used when we get the url couplet from the
+ registry. prompter is used if web-based login fails.
+- Non-200 status codes now always throw. Previously if the `content.error`
+ property was set, `content` would be returned. Content is available on the
+ thrown error object in the `body` property.
+
+## FEATURES:
+
+- The previous adduser is available as adduserCouch
+- The previous login is available as loginCouch
+- New loginWeb and adduserWeb commands added, which take an opener
+ function to open up the web browser.
+- General errors have better error message reporting
+
+## FIXES:
+
+- General errors now correctly include the URL.
+- Missing user errors from Couch are now thrown. (As was always intended.)
+- Many errors have better stacktrace filtering.
diff --git a/node_modules/libnpm/node_modules/npm-profile/LICENSE b/node_modules/libnpm/node_modules/npm-profile/LICENSE
new file mode 100644
index 0000000000000..7953647e7760b
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-profile/LICENSE
@@ -0,0 +1,15 @@
+The ISC License
+
+Copyright npm, Inc
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/npm-profile/README.md b/node_modules/libnpm/node_modules/npm-profile/README.md
new file mode 100644
index 0000000000000..7a80a729e8996
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-profile/README.md
@@ -0,0 +1,556 @@
+# npm-profile
+
+Provides functions for fetching and updating an npmjs.com profile.
+
+```js
+const profile = require('npm-profile')
+const result = await profile.get(registry, {token})
+//...
+```
+
+The API that this implements is documented here:
+
+* [authentication](https://github.com/npm/registry/blob/master/docs/user/authentication.md)
+* [profile editing](https://github.com/npm/registry/blob/master/docs/user/profile.md) (and two-factor authentication)
+
+## Table of Contents
+
+* [API](#api)
+ * Login and Account Creation
+ * [`adduser()`](#adduser)
+ * [`login()`](#login)
+ * [`adduserWeb()`](#adduser-web)
+ * [`loginWeb()`](#login-web)
+ * [`adduserCouch()`](#adduser-couch)
+ * [`loginCouch()`](#login-couch)
+ * Profile Data Management
+ * [`get()`](#get)
+ * [`set()`](#set)
+ * Token Management
+ * [`listTokens()`](#list-tokens)
+ * [`removeToken()`](#remove-token)
+ * [`createToken()`](#create-token)
+
+## API
+
+### `> profile.adduser(opener, prompter, [opts]) → Promise`
+
+Tries to create a user new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* `prompter` Function (creds) → Promise, returns a promise that resolves to an object with `username`, `email` and `password` properties.
+* [`opts`](#opts) Object (optional) plus extra keys:
+ * `creds` Object, passed through to prompter, common values are:
+ * `username` String, default value for username
+ * `email` String, default value for email
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### `> profile.login(opener, prompter, [opts]) → Promise`
+
+Tries to login using new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* `prompter` Function (creds) → Promise, returns a promise that resolves to an object with `username`, and `password` properties.
+* [`opts`](#opts) Object (optional) plus extra keys:
+ * `creds` Object, passed through to prompter, common values are:
+ * `name` String, default value for username
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`. This error code can only come from a legacy CouchDB login and so
+this should be retried with loginCouch.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### `> profile.adduserWeb(opener, [opts]) → Promise`
+
+Tries to create a user new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* [`opts`](#opts) Object
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the registry does not support web-login then an error will be thrown with
+its `code` property set to `ENYI` . You should retry with `adduserCouch`.
+If you use `adduser` then this fallback will be done automatically.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### `> profile.loginWeb(opener, [opts]) → Promise`
+
+Tries to login using new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the registry does not support web-login then an error will be thrown with
+its `code` property set to `ENYI` . You should retry with `loginCouch`.
+If you use `login` then this fallback will be done automatically.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### `> profile.adduserCouch(username, email, password, [opts]) → Promise`
+
+```js
+const {token} = await profile.adduser(username, email, password, {registry})
+// `token` can be passed in through `opts` for authentication.
+```
+
+Creates a new user on the server along with a fresh bearer token for future
+authentication as this user. This is what you see as an `authToken` in an
+`.npmrc`.
+
+If the user already exists then the npm registry will return an error, but
+this is registry specific and not guaranteed.
+
+* `username` String
+* `email` String
+* `password` String
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### `> profile.loginCouch(username, password, [opts]) → Promise`
+
+```js
+let token
+try {
+ {token} = await profile.login(username, password, {registry})
+} catch (err) {
+ if (err.code === 'otp') {
+ const otp = await getOTPFromSomewhere()
+ {token} = await profile.login(username, password, {otp})
+ }
+}
+// `token` can now be passed in through `opts` for authentication.
+```
+
+Logs you into an existing user. Does not create the user if they do not
+already exist. Logging in means generating a new bearer token for use in
+future authentication. This is what you use as an `authToken` in an `.npmrc`.
+
+* `username` String
+* `email` String
+* `password` String
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+If the object has a `code` property set to `EOTP` then that indicates that
+this account must use two-factor authentication to login. Try again with a
+one-time password.
+
+If the object has a `code` property set to `EAUTHIP` then that indicates that
+this account is only allowed to login from certain networks and this ip is
+not on one of those networks.
+
+If the error was neither of these then the error object will have a
+`code` property set to the HTTP response code and a `headers` property with
+the HTTP headers in the response.
+
+### `> profile.get([opts]) → Promise`
+
+```js
+const {name, email} = await profile.get({token})
+console.log(`${token} belongs to https://npm.im/~${name}, (mailto:${email})`)
+```
+
+Fetch profile information for the authenticated user.
+
+* [`opts`](#opts) Object
+
+#### **Promise Value**
+
+An object that looks like this:
+
+```js
+// "*" indicates a field that may not always appear
+{
+ tfa: null |
+ false |
+ {"mode": "auth-only", pending: Boolean} |
+ ["recovery", "codes"] |
+ "otpauth://...",
+ name: String,
+ email: String,
+ email_verified: Boolean,
+ created: Date,
+ updated: Date,
+ cidr_whitelist: null | ["192.168.1.1/32", ...],
+ fullname: String, // *
+ homepage: String, // *
+ freenode: String, // *
+ twitter: String, // *
+ github: String // *
+}
+```
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### `> profile.set(profileData, [opts]) → Promise`
+
+```js
+await profile.set({github: 'great-github-account-name'}, {token})
+```
+
+Update profile information for the authenticated user.
+
+* `profileData` An object, like that returned from `profile.get`, but see
+ below for caveats relating to `password`, `tfa` and `cidr_whitelist`.
+* [`opts`](#opts) Object (optional)
+
+#### **SETTING `password`**
+
+This is used to change your password and is not visible (for obvious
+reasons) through the `get()` API. The value should be an object with `old`
+and `new` properties, where the former has the user's current password and
+the latter has the desired new password. For example
+
+```js
+await profile.set({
+ password: {
+ old: 'abc123',
+ new: 'my new (more secure) password'
+ }
+}, {token})
+```
+
+#### **SETTING `cidr_whitelist`**
+
+The value for this is an Array. Only valid CIDR ranges are allowed in it.
+Be very careful as it's possible to lock yourself out of your account with
+this. This is not currently exposed in `npm` itself.
+
+```js
+await profile.set({
+ cidr_whitelist: [ '8.8.8.8/32' ]
+}, {token})
+// ↑ only one of google's dns servers can now access this account.
+```
+
+#### **SETTING `tfa`**
+
+Enabling two-factor authentication is a multi-step process.
+
+1. Call `profile.get` and check the status of `tfa`. If `pending` is true then
+ you'll need to disable it with `profile.set({tfa: {password, mode: 'disable'}, …)`.
+2. `profile.set({tfa: {password, mode}}, {registry, token})`
+ * Note that the user's `password` is required here in the `tfa` object,
+ regardless of how you're authenticating.
+ * `mode` is either `auth-only` which requires an `otp` when calling `login`
+ or `createToken`, or `mode` is `auth-and-writes` and an `otp` will be
+ required on login, publishing or when granting others access to your
+ modules.
+ * Be aware that this set call may require otp as part of the auth object.
+ If otp is needed it will be indicated through a rejection in the usual
+ way.
+3. If tfa was already enabled then you're just switch modes and a
+ successful response means that you're done. If the tfa property is empty
+ and tfa _wasn't_ enabled then it means they were in a pending state.
+3. The response will have a `tfa` property set to an `otpauth` URL, as
+ [used by Google Authenticator](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
+ You will need to show this to the user for them to add to their
+ authenticator application. This is typically done as a QRCODE, but you
+ can also show the value of the `secret` key in the `otpauth` query string
+ and they can type or copy paste that in.
+4. To complete setting up two factor auth you need to make a second call to
+ `profile.set` with `tfa` set to an array of TWO codes from the user's
+ authenticator, eg: `profile.set(tfa: [otp1, otp2]}, {registry, token})`
+5. On success you'll get a result object with a `tfa` property that has an
+ array of one-time-use recovery codes. These are used to authenticate
+ later if the second factor is lost and generally should be printed and
+ put somewhere safe.
+
+Disabling two-factor authentication is more straightforward, set the `tfa`
+attribute to an object with a `password` property and a `mode` of `disable`.
+
+```js
+await profile.set({tfa: {password, mode: 'disable'}}, {token})
+```
+
+#### **Promise Value**
+
+An object reflecting the changes you made, see description for `profile.get`.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### `> profile.listTokens([opts]) → Promise`
+
+```js
+const tokens = await profile.listTokens({registry, token})
+console.log(`Number of tokens in your accounts: ${tokens.length}`)
+```
+
+Fetch a list of all of the authentication tokens the authenticated user has.
+
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An array of token objects. Each token object has the following properties:
+
+* key — A sha512 that can be used to remove this token.
+* token — The first six characters of the token UUID. This should be used
+ by the user to identify which token this is.
+* created — The date and time the token was created
+* readonly — If true, this token can only be used to download private modules. Critically, it CAN NOT be used to publish.
+* cidr_whitelist — An array of CIDR ranges that this token is allowed to be used from.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### `> profile.removeToken(token|key, opts) → Promise`
+
+```js
+await profile.removeToken(key, {token})
+// token is gone!
+```
+
+Remove a specific authentication token.
+
+* `token|key` String, either a complete authentication token or the key returned by `profile.listTokens`.
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+No value.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### `> profile.createToken(password, readonly, cidr_whitelist, [opts]) → Promise`
+
+```js
+const newToken = await profile.createToken(
+ password, readonly, cidr_whitelist, {token, otp}
+)
+// do something with the newToken
+```
+
+Create a new authentication token, possibly with restrictions.
+
+* `password` String
+* `readonly` Boolean
+* `cidr_whitelist` Array
+* [`opts`](#opts) Object Optional
+
+#### **Promise Value**
+
+The promise will resolve with an object very much like the one's returned by
+`profile.listTokens`. The only difference is that `token` is not truncated.
+
+```js
+{
+ token: String,
+ key: String, // sha512 hash of the token UUID
+ cidr_whitelist: [String],
+ created: Date,
+ readonly: Boolean
+}
+```
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### options objects
+
+The various API functions accept an optional `opts` object as a final
+argument. This opts object can either be a regular Object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) options object instance.
+
+Unless otherwise noted, the options accepted are the same as the
+[`npm-registry-fetch`
+options](https://www.npmjs.com/package/npm-registry-fetch#fetch-opts).
+
+Of particular note are `opts.registry`, and the auth-related options:
+
+* `opts.token` - used for Bearer auth
+* `opts.username` and `opts.password` - used for Basic auth
+* `opts.otp` - the 2fa OTP token
+
+## Logging
+
+This modules logs by emitting `log` events on the global `process` object.
+These events look like this:
+
+```js
+process.emit('log', 'loglevel', 'feature', 'message part 1', 'part 2', 'part 3', 'etc')
+```
+
+`loglevel` can be one of: `error`, `warn`, `notice`, `http`, `timing`, `info`, `verbose`, and `silly`.
+
+`feature` is any brief string that describes the component doing the logging.
+
+The remaining arguments are evaluated like `console.log` and joined together with spaces.
+
+A real world example of this is:
+
+```js
+ process.emit('log', 'http', 'request', '→', conf.method || 'GET', conf.target)
+```
+
+To handle the log events, you would do something like this:
+
+```js
+const log = require('npmlog')
+process.on('log', function (level) {
+ return log[level].apply(log, [].slice.call(arguments, 1))
+})
+```
diff --git a/node_modules/libnpm/node_modules/npm-profile/index.js b/node_modules/libnpm/node_modules/npm-profile/index.js
new file mode 100644
index 0000000000000..b7f753fb4d41d
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-profile/index.js
@@ -0,0 +1,284 @@
+'use strict'
+
+const fetch = require('npm-registry-fetch')
+const {HttpErrorBase} = require('npm-registry-fetch/errors.js')
+const os = require('os')
+const pudding = require('figgy-pudding')
+const validate = require('aproba')
+
+exports.adduserCouch = adduserCouch
+exports.loginCouch = loginCouch
+exports.adduserWeb = adduserWeb
+exports.loginWeb = loginWeb
+exports.login = login
+exports.adduser = adduser
+exports.get = get
+exports.set = set
+exports.listTokens = listTokens
+exports.removeToken = removeToken
+exports.createToken = createToken
+
+const ProfileConfig = pudding({
+ creds: {},
+ hostname: {},
+ otp: {}
+})
+
+// try loginWeb, catch the "not supported" message and fall back to couch
+function login (opener, prompter, opts) {
+ validate('FFO', arguments)
+ opts = ProfileConfig(opts)
+ return loginWeb(opener, opts).catch(er => {
+ if (er instanceof WebLoginNotSupported) {
+ process.emit('log', 'verbose', 'web login not supported, trying couch')
+ return prompter(opts.creds)
+ .then(data => loginCouch(data.username, data.password, opts))
+ } else {
+ throw er
+ }
+ })
+}
+
+function adduser (opener, prompter, opts) {
+ validate('FFO', arguments)
+ opts = ProfileConfig(opts)
+ return adduserWeb(opener, opts).catch(er => {
+ if (er instanceof WebLoginNotSupported) {
+ process.emit('log', 'verbose', 'web adduser not supported, trying couch')
+ return prompter(opts.creds)
+ .then(data => adduserCouch(data.username, data.email, data.password, opts))
+ } else {
+ throw er
+ }
+ })
+}
+
+function adduserWeb (opener, opts) {
+ validate('FO', arguments)
+ const body = { create: true }
+ process.emit('log', 'verbose', 'web adduser', 'before first POST')
+ return webAuth(opener, opts, body)
+}
+
+function loginWeb (opener, opts) {
+ validate('FO', arguments)
+ process.emit('log', 'verbose', 'web login', 'before first POST')
+ return webAuth(opener, opts, {})
+}
+
+function webAuth (opener, opts, body) {
+ opts = ProfileConfig(opts)
+ body.hostname = opts.hostname || os.hostname()
+ const target = '/-/v1/login'
+ return fetch(target, opts.concat({
+ method: 'POST',
+ body
+ })).then(res => {
+ return Promise.all([res, res.json()])
+ }).then(([res, content]) => {
+ const {doneUrl, loginUrl} = content
+ process.emit('log', 'verbose', 'web auth', 'got response', content)
+ if (
+ typeof doneUrl !== 'string' ||
+ typeof loginUrl !== 'string' ||
+ !doneUrl ||
+ !loginUrl
+ ) {
+ throw new WebLoginInvalidResponse('POST', res, content)
+ }
+ return content
+ }).then(({doneUrl, loginUrl}) => {
+ process.emit('log', 'verbose', 'web auth', 'opening url pair')
+ return opener(loginUrl).then(
+ () => webAuthCheckLogin(doneUrl, opts.concat({cache: false}))
+ )
+ }).catch(er => {
+ if ((er.statusCode >= 400 && er.statusCode <= 499) || er.statusCode === 500) {
+ throw new WebLoginNotSupported('POST', {
+ status: er.statusCode,
+ headers: { raw: () => er.headers }
+ }, er.body)
+ } else {
+ throw er
+ }
+ })
+}
+
+function webAuthCheckLogin (doneUrl, opts) {
+ return fetch(doneUrl, opts).then(res => {
+ return Promise.all([res, res.json()])
+ }).then(([res, content]) => {
+ if (res.status === 200) {
+ if (!content.token) {
+ throw new WebLoginInvalidResponse('GET', res, content)
+ } else {
+ return content
+ }
+ } else if (res.status === 202) {
+ const retry = +res.headers.get('retry-after') * 1000
+ if (retry > 0) {
+ return sleep(retry).then(() => webAuthCheckLogin(doneUrl, opts))
+ } else {
+ return webAuthCheckLogin(doneUrl, opts)
+ }
+ } else {
+ throw new WebLoginInvalidResponse('GET', res, content)
+ }
+ })
+}
+
+function adduserCouch (username, email, password, opts) {
+ validate('SSSO', arguments)
+ opts = ProfileConfig(opts)
+ const body = {
+ _id: 'org.couchdb.user:' + username,
+ name: username,
+ password: password,
+ email: email,
+ type: 'user',
+ roles: [],
+ date: new Date().toISOString()
+ }
+ const logObj = {}
+ Object.keys(body).forEach(k => {
+ logObj[k] = k === 'password' ? 'XXXXX' : body[k]
+ })
+ process.emit('log', 'verbose', 'adduser', 'before first PUT', logObj)
+
+ const target = '/-/user/org.couchdb.user:' + encodeURIComponent(username)
+ return fetch.json(target, opts.concat({
+ method: 'PUT',
+ body
+ })).then(result => {
+ result.username = username
+ return result
+ })
+}
+
+function loginCouch (username, password, opts) {
+ validate('SSO', arguments)
+ opts = ProfileConfig(opts)
+ const body = {
+ _id: 'org.couchdb.user:' + username,
+ name: username,
+ password: password,
+ type: 'user',
+ roles: [],
+ date: new Date().toISOString()
+ }
+ const logObj = {}
+ Object.keys(body).forEach(k => {
+ logObj[k] = k === 'password' ? 'XXXXX' : body[k]
+ })
+ process.emit('log', 'verbose', 'login', 'before first PUT', logObj)
+
+ const target = '-/user/org.couchdb.user:' + encodeURIComponent(username)
+ return fetch.json(target, opts.concat({
+ method: 'PUT',
+ body
+ })).catch(err => {
+ if (err.code === 'E400') {
+ err.message = `There is no user with the username "${username}".`
+ throw err
+ }
+ if (err.code !== 'E409') throw err
+ return fetch.json(target, opts.concat({
+ query: {write: true}
+ })).then(result => {
+ Object.keys(result).forEach(function (k) {
+ if (!body[k] || k === 'roles') {
+ body[k] = result[k]
+ }
+ })
+ return fetch.json(`${target}/-rev/${body._rev}`, opts.concat({
+ method: 'PUT',
+ body,
+ forceAuth: {
+ username,
+ password: Buffer.from(password, 'utf8').toString('base64'),
+ otp: opts.otp
+ }
+ }))
+ })
+ }).then(result => {
+ result.username = username
+ return result
+ })
+}
+
+function get (opts) {
+ validate('O', arguments)
+ return fetch.json('/-/npm/v1/user', opts)
+}
+
+function set (profile, opts) {
+ validate('OO', arguments)
+ Object.keys(profile).forEach(key => {
+ // profile keys can't be empty strings, but they CAN be null
+ if (profile[key] === '') profile[key] = null
+ })
+ return fetch.json('/-/npm/v1/user', ProfileConfig(opts, {
+ method: 'POST',
+ body: profile
+ }))
+}
+
+function listTokens (opts) {
+ validate('O', arguments)
+ opts = ProfileConfig(opts)
+
+ return untilLastPage('/-/npm/v1/tokens')
+
+ function untilLastPage (href, objects) {
+ return fetch.json(href, opts).then(result => {
+ objects = objects ? objects.concat(result.objects) : result.objects
+ if (result.urls.next) {
+ return untilLastPage(result.urls.next, objects)
+ } else {
+ return objects
+ }
+ })
+ }
+}
+
+function removeToken (tokenKey, opts) {
+ validate('SO', arguments)
+ const target = `/-/npm/v1/tokens/token/${tokenKey}`
+ return fetch(target, ProfileConfig(opts, {
+ method: 'DELETE',
+ ignoreBody: true
+ })).then(() => null)
+}
+
+function createToken (password, readonly, cidrs, opts) {
+ validate('SBAO', arguments)
+ return fetch.json('/-/npm/v1/tokens', ProfileConfig(opts, {
+ method: 'POST',
+ body: {
+ password: password,
+ readonly: readonly,
+ cidr_whitelist: cidrs
+ }
+ }))
+}
+
+class WebLoginInvalidResponse extends HttpErrorBase {
+ constructor (method, res, body) {
+ super(method, res, body)
+ this.message = 'Invalid response from web login endpoint'
+ Error.captureStackTrace(this, WebLoginInvalidResponse)
+ }
+}
+
+class WebLoginNotSupported extends HttpErrorBase {
+ constructor (method, res, body) {
+ super(method, res, body)
+ this.message = 'Web login not supported'
+ this.code = 'ENYI'
+ Error.captureStackTrace(this, WebLoginNotSupported)
+ }
+}
+
+function sleep (ms) {
+ return new Promise((resolve, reject) => setTimeout(resolve, ms))
+}
diff --git a/node_modules/libnpm/node_modules/npm-profile/package.json b/node_modules/libnpm/node_modules/npm-profile/package.json
new file mode 100644
index 0000000000000..99834026c7e56
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-profile/package.json
@@ -0,0 +1,55 @@
+{
+ "_from": "npm-profile@^4.0.2",
+ "_id": "npm-profile@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-VRsC04pvRH+9cF+PoVh2nTmJjiG21yu59IHpsBpkxk+jaGAV8lxx96G4SDc0jOHAkfWLXbc6kIph3dGAuRnotQ==",
+ "_location": "/libnpm/npm-profile",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-profile@^4.0.2",
+ "name": "npm-profile",
+ "escapedName": "npm-profile",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.2.tgz",
+ "_shasum": "8272a71c19634d0dce9c35a5daf8ee589cbb0f52",
+ "_spec": "npm-profile@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Rebecca Turner",
+ "email": "me@re-becca.org",
+ "url": "http://re-becca.org/"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/npm-profile/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "aproba": "^1.1.2 || 2",
+ "figgy-pudding": "^3.4.1",
+ "npm-registry-fetch": "^4.0.0"
+ },
+ "deprecated": false,
+ "description": "Library for updating an npmjs.com profile",
+ "files": [
+ "CHANGELOG.md",
+ "index.js"
+ ],
+ "homepage": "https://github.com/npm/npm-profile/tree/latest/lib#readme",
+ "keywords": [],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-profile",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/npm-profile.git"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md
deleted file mode 100644
index d24e026914c23..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md
+++ /dev/null
@@ -1,214 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
-
-## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
-
-
-
-
-# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
-
-
-### Features
-
-* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
-
-
-
-
-# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
-
-
-### Features
-
-* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
-
-
-
-
-# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
-
-
-### Features
-
-* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
-
-
-
-
-# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
-
-
-### Bug Fixes
-
-* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
-
-
-### Features
-
-* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
-
-
-
-
-# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
-
-
-### Features
-
-* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
-
-
-
-
-# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
-
-
-### Bug Fixes
-
-* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
-
-
-### Features
-
-* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
-
-
-
-
-# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
-
-
-### Bug Fixes
-
-* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
-
-
-### Features
-
-* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
-
-
-
-
-## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
-
-
-### Bug Fixes
-
-* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
-
-
-
-
-# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
-
-
-### Features
-
-* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
-
-
-
-
-## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
-
-
-
-
-# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
-
-
-### Features
-
-* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
-
-
-
-
-# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
-
-
-### Bug Fixes
-
-* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
-* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
-
-
-### BREAKING CHANGES
-
-* **config:** opts.config is no longer supported. Pass the options down in opts itself.
-
-
-
-
-# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
-
-
-### Features
-
-* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
-
-
-
-
-# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
-
-
-### meta
-
-* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
-
-
-### BREAKING CHANGES
-
-* node@4 is no longer supported
-
-
-
-
-## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
-
-
-
-
-# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
-
-
-### Features
-
-* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
-
-
-
-
-## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
-
-
-### Bug Fixes
-
-* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
-
-
-
-
-# 1.0.0 (2018-03-16)
-
-
-### Bug Fixes
-
-* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
-* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
-* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
-* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
-
-
-### Features
-
-* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
-* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
-* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
-* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
-* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/README.md b/node_modules/libnpm/node_modules/npm-registry-fetch/README.md
deleted file mode 100644
index 0c3f4f9469955..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/README.md
+++ /dev/null
@@ -1,609 +0,0 @@
-# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
-
-[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
-library that implements a `fetch`-like API for accessing npm registry APIs
-consistently. It's able to consume npm-style configuration values and has all
-the necessary logic for picking registries, handling scopes, and dealing with
-authentication details built-in.
-
-This package is meant to replace the older
-[`npm-registry-client`](https://npm.im/npm-registry-client).
-
-## Example
-
-```javascript
-const npmFetch = require('npm-registry-fetch')
-
-console.log(
- await npmFetch.json('/-/ping')
-)
-```
-
-## Table of Contents
-
-* [Installing](#install)
-* [Example](#example)
-* [Contributing](#contributing)
-* [API](#api)
- * [`fetch`](#fetch)
- * [`fetch.json`](#fetch-json)
- * [`fetch` options](#fetch-opts)
-
-### Install
-
-`$ npm install npm-registry-fetch`
-
-### Contributing
-
-The npm team enthusiastically welcomes contributions and project participation!
-There's a bunch of things you can do if you want to contribute! The [Contributor
-Guide](CONTRIBUTING.md) has all the information you need for everything from
-reporting bugs to contributing entire new features. Please don't hesitate to
-jump in if you'd like to, or even ask us questions if something isn't clear.
-
-All participants and maintainers in this project are expected to follow [Code of
-Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
-
-Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
-
-Happy hacking!
-
-### API
-
-#### `> fetch(url, [opts]) -> Promise`
-
-Performs a request to a given URL.
-
-The URL can be either a full URL, or a path to one. The appropriate registry
-will be automatically picked if only a URL path is given.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-const res = await fetch('/-/ping')
-console.log(res.headers)
-res.on('data', d => console.log(d.toString('utf8')))
-```
-
-#### `> fetch.json(url, [opts]) -> Promise`
-
-Performs a request to a given registry URL, parses the body of the response as
-JSON, and returns it as its final value. This is a utility shorthand for
-`fetch(url).then(res => res.json())`.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-const res = await fetch.json('/-/ping')
-console.log(res) // Body parsed as JSON
-```
-
-#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
-
-Performs a request to a given registry URL and parses the body of the response
-as JSON, with each entry being emitted through the stream.
-
-The `jsonPath` argument is a [`JSONStream.parse()`
-path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
-returned stream (unlike default `JSONStream`s), has a valid
-`Symbol.asyncIterator` implementation.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-console.log('https://npm.im/~zkat has access to the following packages:')
-for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
- console.log(`https://npm.im/${key} (perms: ${value})`)
-}
-```
-
-#### `fetch` Options
-
-Fetch options are optional, and can be passed in as either a Map-like object
-(one with a `.get()` method), a plain javascript object, or a
-[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
-
-##### `opts.agent`
-
-* Type: http.Agent
-* Default: an appropriate agent based on URL protocol and proxy settings
-
-An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
-be shared across requests. This allows multiple concurrent `fetch` requests to
-happen on the same socket.
-
-You do _not_ need to provide this option unless you want something particularly
-specialized, since proxy configurations and http/https agents are already
-automatically managed internally when this option is not passed through.
-
-##### `opts.body`
-
-* Type: Buffer | Stream | Object
-* Default: null
-
-Request body to send through the outgoing request. Buffers and Streams will be
-passed through as-is, with a default `content-type` of
-`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
-and the `content-type` will default to `application/json`.
-
-Use [`opts.headers`](#opts-headers) to set the content-type to something else.
-
-##### `opts.ca`
-
-* Type: String, Array, or null
-* Default: null
-
-The Certificate Authority signing certificate that is trusted for SSL
-connections to the registry. Values should be in PEM format (Windows calls it
-"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
-example:
-
-```
-{
- ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
-}
-```
-
-Set to `null` to only allow "known" registrars, or to a specific CA cert
-to trust only that specific signing authority.
-
-Multiple CAs can be trusted by specifying an array of certificates instead of a
-single string.
-
-See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
-[`opts.key`](#opts-key)
-
-##### `opts.cache`
-
-* Type: path
-* Default: null
-
-The location of the http cache directory. If provided, certain cachable requests
-will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
-rules. This will speed up future requests, as well as make the cached data
-available offline if necessary/requested.
-
-See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
-and [`prefer-online`](#opts-prefer-online).
-
-##### `opts.cert`
-
-* Type: String
-* Default: null
-
-A client certificate to pass when accessing the registry. Values should be in
-PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
-replaced by the string `'\n'`. For example:
-
-```
-{
- cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
-}
-```
-
-It is _not_ the path to a certificate file (and there is no "certfile" option).
-
-See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
-
-##### `opts.fetch-retries`
-
-* Type: Number
-* Default: 2
-
-The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
-packages from the registry.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-factor`
-
-* Type: Number
-* Default: 10
-
-The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-mintimeout`
-
-* Type: Number
-* Default: 10000 (10 seconds)
-
-The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-maxtimeout`
-
-* Type: Number
-* Default: 60000 (1 minute)
-
-The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.force-auth`
-
-* Alias: `opts.forceAuth`
-* Type: Object
-* Default: null
-
-If present, other auth-related values in `opts` will be completely ignored,
-including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
-and the auth details in `opts.forceAuth` will be used instead.
-
-##### `opts.gzip`
-
-* Type: Boolean
-* Default: false
-
-If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
-and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
-[`opts.body`](#opts-body).
-
-##### `opts.headers`
-
-* Type: Object
-* Default: null
-
-Additional headers for the outgoing request. This option can also be used to
-override headers automatically generated by `npm-registry-fetch`, such as
-`Content-Type`.
-
-##### `opts.ignore-body`
-
-* Alias: `opts.ignoreBody`
-* Type: Boolean
-* Default: false
-
-If true, the **response body** will be thrown away and `res.body` set to `null`.
-This will prevent dangling response sockets for requests where you don't usually
-care what the response body is.
-
-##### `opts.integrity`
-
-* Type: String | [SRI object](https://npm.im/ssri)
-* Default: null
-
-If provided, the response body's will be verified against this integrity string,
-using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
-complete as normal. If verification fails, the response body will error with an
-`EINTEGRITY` error.
-
-Body integrity is only verified if the body is actually consumed to completion --
-that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
-`res` stream data to its end.
-
-Cached data will have its integrity automatically verified using the
-previously-generated integrity hash for the saved request information, so
-`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
-`opts.integrity` is not passed in.
-
-##### `opts.is-from-ci`
-
-* Alias: `opts.isFromCI`
-* Type: Boolean
-* Default: Based on environment variables
-
-This is used to populate the `npm-in-ci` request header sent to the registry.
-
-##### `opts.key`
-
-* Type: String
-* Default: null
-
-A client key to pass when accessing the registry. Values should be in PEM
-format with newlines replaced by the string `'\n'`. For example:
-
-```
-{
- key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
-}
-```
-
-It is _not_ the path to a key file (and there is no "keyfile" option).
-
-See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
-
-##### `opts.local-address`
-
-* Type: IP Address String
-* Default: null
-
-The IP address of the local interface to use when making connections
-to the registry.
-
-See also [`opts.proxy`](#opts-proxy)
-
-##### `opts.log`
-
-* Type: [`npmlog`](https://npm.im/npmlog)-like
-* Default: null
-
-Logger object to use for logging operation details. Must have the same methods
-as `npmlog`.
-
-##### `opts.map-json`
-
-* Alias: `mapJson`, `mapJSON`
-* Type: Function
-* Default: undefined
-
-When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
-to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
-`JSONStream.parse`, and can be used to transform stream data before output.
-
-##### `opts.maxsockets`
-
-* Alias: `opts.max-sockets`
-* Type: Integer
-* Default: 12
-
-Maximum number of sockets to keep open during requests. Has no effect if
-[`opts.agent`](#opts-agent) is used.
-
-##### `opts.method`
-
-* Type: String
-* Default: 'GET'
-
-HTTP method to use for the outgoing request. Case-insensitive.
-
-##### `opts.noproxy`
-
-* Type: Boolean
-* Default: process.env.NOPROXY
-
-If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
-
-##### `opts.npm-session`
-
-* Alias: `opts.npmSession`
-* Type: String
-* Default: null
-
-If provided, will be sent in the `npm-session` header. This header is used by
-the npm registry to identify individual user sessions (usually individual
-invocations of the CLI).
-
-##### `opts.offline`
-
-* Type: Boolean
-* Default: false
-
-Force offline mode: no network requests will be done during install. To allow
-`npm-registry-fetch` to fill in missing cache data, see
-[`opts.prefer-offline`](#opts-prefer-offline).
-
-This option is only really useful if you're also using
-[`opts.cache`](#opts-cache).
-
-##### `opts.otp`
-
-* Type: Number | String
-* Default: null
-
-This is a one-time password from a two-factor authenticator. It is required for
-certain registry interactions when two-factor auth is enabled for a user
-account.
-
-##### `opts.password`
-
-* Alias: _password
-* Type: String
-* Default: null
-
-Password used for basic authentication. For the more modern authentication
-method, please use the (more secure) [`opts.token`](#opts-token)
-
-Can optionally be scoped to a registry by using a "nerf dart" for that registry.
-That is:
-
-```
-{
- '//registry.npmjs.org/:password': 't0k3nH34r'
-}
-```
-
-See also [`opts.username`](#opts-username)
-
-##### `opts.prefer-offline`
-
-* Type: Boolean
-* Default: false
-
-If true, staleness checks for cached data will be bypassed, but missing data
-will be requested from the server. To force full offline mode, use
-[`opts.offline`](#opts-offline).
-
-This option is generally only useful if you're also using
-[`opts.cache`](#opts-cache).
-
-##### `opts.prefer-online`
-
-* Type: Boolean
-* Default: false
-
-If true, staleness checks for cached data will be forced, making the CLI look
-for updates immediately even for fresh package data.
-
-This option is generally only useful if you're also using
-[`opts.cache`](#opts-cache).
-
-
-##### `opts.project-scope`
-
-* Alias: `opts.projectScope`
-* Type: String
-* Default: null
-
-If provided, will be sent in the `npm-scope` header. This header is used by the
-npm registry to identify the toplevel package scope that a particular project
-installation is using.
-
-##### `opts.proxy`
-
-* Type: url
-* Default: null
-
-A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
-environment variable will be used.
-
-##### `opts.query`
-
-* Type: String | Object
-* Default: null
-
-If provided, the request URI will have a query string appended to it using this
-query. If `opts.query` is an object, it will be converted to a query string
-using
-[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
-
-If the request URI already has a query string, it will be merged with
-`opts.query`, preferring `opts.query` values.
-
-##### `opts.refer`
-
-* Alias: `opts.referer`
-* Type: String
-* Default: null
-
-Value to use for the `Referer` header. The npm CLI itself uses this to serialize
-the npm command line using the given request.
-
-##### `opts.registry`
-
-* Type: URL
-* Default: `'https://registry.npmjs.org'`
-
-Registry configuration for a request. If a request URL only includes the URL
-path, this registry setting will be prepended. This configuration is also used
-to determine authentication details, so even if the request URL references a
-completely different host, `opts.registry` will be used to find the auth details
-for that request.
-
-See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
-[`opts.:registry`](#opts-scope-registry) which can all affect the actual
-registry URL used by the outgoing request.
-
-##### `opts.retry`
-
-* Type: Object
-* Default: null
-
-Single-object configuration for request retry settings. If passed in, will
-override individually-passed `fetch-retry-*` settings.
-
-##### `opts.scope`
-
-* Type: String
-* Default: null
-
-Associate an operation with a scope for a scoped registry. This option can force
-lookup of scope-specific registries and authentication.
-
-See also [`opts.:registry`](#opts-scope-registry) and
-[`opts.spec`](#opts-spec) for interactions with this option.
-
-##### `opts.:registry`
-
-* Type: String
-* Default: null
-
-This option type can be used to configure the registry used for requests
-involving a particular scope. For example, `opts['@myscope:registry'] =
-'https://scope-specific.registry/'` will make it so requests go out to this
-registry instead of [`opts.registry`](#opts-registry) when
-[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
-scoped package spec.
-
-The `@` before the scope name is optional, but recommended.
-
-##### `opts.spec`
-
-* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
-* Default: null
-
-If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
-based on a specific package name. Non-registry package specs will throw an
-error.
-
-##### `opts.strict-ssl`
-
-* Type: Boolean
-* Default: true
-
-Whether or not to do SSL key validation when making requests to the
-registry via https.
-
-See also [`opts.ca`](#opts-ca).
-
-##### `opts.timeout`
-
-* Type: Milliseconds
-* Default: 30000 (30 seconds)
-
-Time before a hanging request times out.
-
-##### `opts.token`
-
-* Alias: `opts._authToken`
-* Type: String
-* Default: null
-
-Authentication token string.
-
-Can be scoped to a registry by using a "nerf dart" for that registry. That is:
-
-```
-{
- '//registry.npmjs.org/:token': 't0k3nH34r'
-}
-```
-
-##### `opts.user-agent`
-
-* Type: String
-* Default: `'npm-registry-fetch@/node@+ ()'`
-
-User agent string to send in the `User-Agent` header.
-
-##### `opts.username`
-
-* Type: String
-* Default: null
-
-Username used for basic authentication. For the more modern authentication
-method, please use the (more secure) [`opts.token`](#opts-token)
-
-Can optionally be scoped to a registry by using a "nerf dart" for that registry.
-That is:
-
-```
-{
- '//registry.npmjs.org/:username': 't0k3nH34r'
-}
-```
-
-See also [`opts.password`](#opts-password)
-
-##### `opts._auth`
-
-* Type: String
-* Default: null
-
-** DEPRECATED ** This is a legacy authentication token supported only for
-*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js
deleted file mode 100644
index d583982d0a8b2..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js
+++ /dev/null
@@ -1,57 +0,0 @@
-'use strict'
-
-const config = require('./config.js')
-const url = require('url')
-
-module.exports = getAuth
-function getAuth (registry, opts) {
- if (!registry) { throw new Error('registry is required') }
- opts = config(opts)
- let AUTH = {}
- const regKey = registry && registryKey(registry)
- if (opts.forceAuth) {
- opts = opts.forceAuth
- }
- const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
- doKey('token')
- doKey('_authToken', 'token')
- doKey('username')
- doKey('password')
- doKey('_password', 'password')
- doKey('email')
- doKey('_auth')
- doKey('otp')
- doKey('always-auth', 'alwaysAuth')
- if (AUTH.password) {
- AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
- }
- if (AUTH._auth && !(AUTH.username && AUTH.password)) {
- let auth = Buffer.from(AUTH._auth, 'base64').toString()
- auth = auth.split(':')
- AUTH.username = auth.shift()
- AUTH.password = auth.join(':')
- }
- AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
- return AUTH
-}
-
-function addKey (opts, obj, scope, key, objKey) {
- if (opts[key]) {
- obj[objKey || key] = opts[key]
- }
- if (scope && opts[`${scope}:${key}`]) {
- obj[objKey || key] = opts[`${scope}:${key}`]
- }
-}
-
-// Called a nerf dart in the main codebase. Used as a "safe"
-// key when fetching registry info from config.
-function registryKey (registry) {
- const parsed = url.parse(registry)
- const formatted = url.format({
- host: parsed.host,
- pathname: parsed.pathname,
- slashes: parsed.slashes
- })
- return url.resolve(formatted, '.')
-}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js
deleted file mode 100644
index bfde699edcfbd..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js
+++ /dev/null
@@ -1,109 +0,0 @@
-'use strict'
-
-const config = require('./config.js')
-const errors = require('./errors.js')
-const LRU = require('lru-cache')
-
-module.exports = checkResponse
-function checkResponse (method, res, registry, startTime, opts) {
- opts = config(opts)
- if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
- opts.log.notice('', res.headers.get('npm-notice'))
- }
- checkWarnings(res, registry, opts)
- if (res.status >= 400) {
- logRequest(method, res, startTime, opts)
- return checkErrors(method, res, startTime, opts)
- } else {
- res.body.on('end', () => logRequest(method, res, startTime, opts))
- if (opts.ignoreBody) {
- res.body.resume()
- res.body = null
- }
- return res
- }
-}
-
-function logRequest (method, res, startTime, opts) {
- const elapsedTime = Date.now() - startTime
- const attempt = res.headers.get('x-fetch-attempts')
- const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
- const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
- opts.log.http(
- 'fetch',
- `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
- )
-}
-
-const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
-const BAD_HOSTS = new LRU({ max: 50 })
-
-function checkWarnings (res, registry, opts) {
- if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
- const warnings = {}
- res.headers.raw()['warning'].forEach(w => {
- const match = w.match(WARNING_REGEXP)
- if (match) {
- warnings[match[1]] = {
- code: match[1],
- host: match[2],
- message: match[3],
- date: new Date(match[4])
- }
- }
- })
- BAD_HOSTS.set(registry, true)
- if (warnings['199']) {
- if (warnings['199'].message.match(/ENOTFOUND/)) {
- opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
- } else {
- opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
- }
- }
- if (warnings['111']) {
- // 111 Revalidation failed -- we're using stale data
- opts.log.warn(
- 'registry',
- `Using stale data from ${registry} due to a request error during revalidation.`
- )
- }
- }
-}
-
-function checkErrors (method, res, startTime, opts) {
- return res.buffer()
- .catch(() => null)
- .then(body => {
- let parsed = body
- try {
- parsed = JSON.parse(body.toString('utf8'))
- } catch (e) {}
- if (res.status === 401 && res.headers.get('www-authenticate')) {
- const auth = res.headers.get('www-authenticate')
- .split(/,\s*/)
- .map(s => s.toLowerCase())
- if (auth.indexOf('ipaddress') !== -1) {
- throw new errors.HttpErrorAuthIPAddress(
- method, res, parsed, opts.spec
- )
- } else if (auth.indexOf('otp') !== -1) {
- throw new errors.HttpErrorAuthOTP(
- method, res, parsed, opts.spec
- )
- } else {
- throw new errors.HttpErrorAuthUnknown(
- method, res, parsed, opts.spec
- )
- }
- } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
- // Heuristic for malformed OTP responses that don't include the www-authenticate header.
- throw new errors.HttpErrorAuthOTP(
- method, res, parsed, opts.spec
- )
- } else {
- throw new errors.HttpErrorGeneral(
- method, res, parsed, opts.spec
- )
- }
- })
-}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/config.js b/node_modules/libnpm/node_modules/npm-registry-fetch/config.js
deleted file mode 100644
index 7fe5dacc94362..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/config.js
+++ /dev/null
@@ -1,98 +0,0 @@
-'use strict'
-
-const pkg = require('./package.json')
-const figgyPudding = require('figgy-pudding')
-const silentLog = require('./silentlog.js')
-
-const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
-const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
-module.exports = figgyPudding({
- 'agent': {},
- 'algorithms': {},
- 'body': {},
- 'ca': {},
- 'cache': {},
- 'cert': {},
- 'fetch-retries': {},
- 'fetch-retry-factor': {},
- 'fetch-retry-maxtimeout': {},
- 'fetch-retry-mintimeout': {},
- 'force-auth': {},
- forceAuth: 'force-auth',
- 'gid': {},
- 'gzip': {},
- 'headers': {},
- 'https-proxy': {},
- 'ignore-body': {},
- ignoreBody: 'ignore-body',
- 'integrity': {},
- 'is-from-ci': 'isFromCI',
- 'isFromCI': {
- default () {
- return (
- process.env['CI'] === 'true' ||
- process.env['TDDIUM'] ||
- process.env['JENKINS_URL'] ||
- process.env['bamboo.buildKey'] ||
- process.env['GO_PIPELINE_NAME']
- )
- }
- },
- 'key': {},
- 'local-address': {},
- 'log': {
- default: silentLog
- },
- 'map-json': 'mapJson',
- 'mapJSON': 'mapJson',
- 'mapJson': {},
- 'max-sockets': 'maxsockets',
- 'maxsockets': {
- default: 12
- },
- 'memoize': {},
- 'method': {
- default: 'GET'
- },
- 'no-proxy': {},
- 'noproxy': {},
- 'npm-session': 'npmSession',
- 'npmSession': {},
- 'offline': {},
- 'otp': {},
- 'prefer-offline': {},
- 'prefer-online': {},
- 'projectScope': {},
- 'project-scope': 'projectScope',
- 'Promise': {default: () => Promise},
- 'proxy': {},
- 'query': {},
- 'refer': {},
- 'referer': 'refer',
- 'registry': {
- default: 'https://registry.npmjs.org/'
- },
- 'retry': {},
- 'scope': {},
- 'spec': {},
- 'strict-ssl': {},
- 'timeout': {},
- 'uid': {},
- 'user-agent': {
- default: `${
- pkg.name
- }@${
- pkg.version
- }/node@${
- process.version
- }+${
- process.arch
- } (${
- process.platform
- })`
- }
-}, {
- other (key) {
- return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
- }
-})
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js
deleted file mode 100644
index ba78735fce135..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js
+++ /dev/null
@@ -1,79 +0,0 @@
-'use strict'
-
-const url = require('url')
-
-function packageName (href) {
- try {
- let basePath = url.parse(href).pathname.substr(1)
- if (!basePath.match(/^-/)) {
- basePath = basePath.split('/')
- var index = basePath.indexOf('_rewrite')
- if (index === -1) {
- index = basePath.length - 1
- } else {
- index++
- }
- return decodeURIComponent(basePath[index])
- }
- } catch (_) {
- // this is ok
- }
-}
-
-class HttpErrorBase extends Error {
- constructor (method, res, body, spec) {
- super()
- this.headers = res.headers.raw()
- this.statusCode = res.status
- this.code = `E${res.status}`
- this.method = method
- this.uri = res.url
- this.body = body
- this.pkgid = spec ? spec.toString() : packageName(res.url)
- }
-}
-module.exports.HttpErrorBase = HttpErrorBase
-
-class HttpErrorGeneral extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = `${res.status} ${res.statusText} - ${
- this.method.toUpperCase()
- } ${
- this.spec || this.uri
- }${
- (body && body.error) ? ' - ' + body.error : ''
- }`
- Error.captureStackTrace(this, HttpErrorGeneral)
- }
-}
-module.exports.HttpErrorGeneral = HttpErrorGeneral
-
-class HttpErrorAuthOTP extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'OTP required for authentication'
- this.code = 'EOTP'
- Error.captureStackTrace(this, HttpErrorAuthOTP)
- }
-}
-module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
-
-class HttpErrorAuthIPAddress extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'Login is not allowed from your IP address'
- this.code = 'EAUTHIP'
- Error.captureStackTrace(this, HttpErrorAuthIPAddress)
- }
-}
-module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
-
-class HttpErrorAuthUnknown extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
- Error.captureStackTrace(this, HttpErrorAuthUnknown)
- }
-}
-module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/index.js b/node_modules/libnpm/node_modules/npm-registry-fetch/index.js
deleted file mode 100644
index 4ba3c19243471..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/index.js
+++ /dev/null
@@ -1,193 +0,0 @@
-'use strict'
-
-const Buffer = require('safe-buffer').Buffer
-
-const checkResponse = require('./check-response.js')
-const config = require('./config.js')
-const getAuth = require('./auth.js')
-const fetch = require('make-fetch-happen')
-const JSONStream = require('JSONStream')
-const npa = require('npm-package-arg')
-const {PassThrough} = require('stream')
-const qs = require('querystring')
-const url = require('url')
-const zlib = require('zlib')
-
-module.exports = regFetch
-function regFetch (uri, opts) {
- opts = config(opts)
- const registry = (
- (opts.spec && pickRegistry(opts.spec, opts)) ||
- opts.registry ||
- 'https://registry.npmjs.org/'
- )
- uri = url.parse(uri).protocol
- ? uri
- : `${
- registry.trim().replace(/\/?$/g, '')
- }/${
- uri.trim().replace(/^\//, '')
- }`
- // through that takes into account the scope, the prefix of `uri`, etc
- const startTime = Date.now()
- const headers = getHeaders(registry, uri, opts)
- let body = opts.body
- const bodyIsStream = body &&
- typeof body === 'object' &&
- typeof body.pipe === 'function'
- if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
- headers['content-type'] = headers['content-type'] || 'application/json'
- body = JSON.stringify(body)
- } else if (body && !headers['content-type']) {
- headers['content-type'] = 'application/octet-stream'
- }
- if (opts.gzip) {
- headers['content-encoding'] = 'gzip'
- if (bodyIsStream) {
- const gz = zlib.createGzip()
- body.on('error', err => gz.emit('error', err))
- body = body.pipe(gz)
- } else {
- body = new opts.Promise((resolve, reject) => {
- zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
- })
- }
- }
- if (opts.query) {
- let q = opts.query
- if (typeof q === 'string') {
- q = qs.parse(q)
- }
- Object.keys(q).forEach(key => {
- if (q[key] === undefined) {
- delete q[key]
- }
- })
- if (Object.keys(q).length) {
- const parsed = url.parse(uri)
- parsed.search = '?' + qs.stringify(
- parsed.query
- ? Object.assign(qs.parse(parsed.query), q)
- : q
- )
- uri = url.format(parsed)
- }
- }
- return opts.Promise.resolve(body).then(body => fetch(uri, {
- agent: opts.agent,
- algorithms: opts.algorithms,
- body,
- cache: getCacheMode(opts),
- cacheManager: opts.cache,
- ca: opts.ca,
- cert: opts.cert,
- headers,
- integrity: opts.integrity,
- key: opts.key,
- localAddress: opts['local-address'],
- maxSockets: opts.maxsockets,
- memoize: opts.memoize,
- method: opts.method || 'GET',
- noProxy: opts['no-proxy'] || opts.noproxy,
- Promise: opts.Promise,
- proxy: opts['https-proxy'] || opts.proxy,
- referer: opts.refer,
- retry: opts.retry != null ? opts.retry : {
- retries: opts['fetch-retries'],
- factor: opts['fetch-retry-factor'],
- minTimeout: opts['fetch-retry-mintimeout'],
- maxTimeout: opts['fetch-retry-maxtimeout']
- },
- strictSSL: !!opts['strict-ssl'],
- timeout: opts.timeout,
- uid: opts.uid,
- gid: opts.gid
- }).then(res => checkResponse(
- opts.method || 'GET', res, registry, startTime, opts
- )))
-}
-
-module.exports.json = fetchJSON
-function fetchJSON (uri, opts) {
- return regFetch(uri, opts).then(res => res.json())
-}
-
-module.exports.json.stream = fetchJSONStream
-function fetchJSONStream (uri, jsonPath, opts) {
- opts = config(opts)
- const parser = JSONStream.parse(jsonPath, opts.mapJson)
- const pt = parser.pipe(new PassThrough({objectMode: true}))
- parser.on('error', err => pt.emit('error', err))
- regFetch(uri, opts).then(res => {
- res.body.on('error', err => parser.emit('error', err))
- res.body.pipe(parser)
- }, err => pt.emit('error', err))
- return pt
-}
-
-module.exports.pickRegistry = pickRegistry
-function pickRegistry (spec, opts) {
- spec = npa(spec)
- opts = config(opts)
- let registry = spec.scope &&
- opts[spec.scope.replace(/^@?/, '@') + ':registry']
-
- if (!registry && opts.scope) {
- registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
- }
-
- if (!registry) {
- registry = opts.registry || 'https://registry.npmjs.org/'
- }
-
- return registry
-}
-
-function getCacheMode (opts) {
- return opts.offline
- ? 'only-if-cached'
- : opts['prefer-offline']
- ? 'force-cache'
- : opts['prefer-online']
- ? 'no-cache'
- : 'default'
-}
-
-function getHeaders (registry, uri, opts) {
- const headers = Object.assign({
- 'npm-in-ci': !!(
- opts['is-from-ci'] ||
- process.env['CI'] === 'true' ||
- process.env['TDDIUM'] ||
- process.env['JENKINS_URL'] ||
- process.env['bamboo.buildKey'] ||
- process.env['GO_PIPELINE_NAME']
- ),
- 'npm-scope': opts['project-scope'],
- 'npm-session': opts['npm-session'],
- 'user-agent': opts['user-agent'],
- 'referer': opts.refer
- }, opts.headers)
-
- const auth = getAuth(registry, opts)
- // If a tarball is hosted on a different place than the manifest, only send
- // credentials on `alwaysAuth`
- const shouldAuth = (
- auth.alwaysAuth ||
- url.parse(uri).host === url.parse(registry).host
- )
- if (shouldAuth && auth.token) {
- headers.authorization = `Bearer ${auth.token}`
- } else if (shouldAuth && auth.username && auth.password) {
- const encoded = Buffer.from(
- `${auth.username}:${auth.password}`, 'utf8'
- ).toString('base64')
- headers.authorization = `Basic ${encoded}`
- } else if (shouldAuth && auth._auth) {
- headers.authorization = `Basic ${auth._auth}`
- }
- if (shouldAuth && auth.otp) {
- headers['npm-otp'] = auth.otp
- }
- return headers
-}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/package.json b/node_modules/libnpm/node_modules/npm-registry-fetch/package.json
deleted file mode 100644
index 98978b3d76bb0..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/package.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
- "_from": "npm-registry-fetch@^3.8.0",
- "_id": "npm-registry-fetch@3.9.1",
- "_inBundle": false,
- "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
- "_location": "/libnpm/npm-registry-fetch",
- "_phantomChildren": {},
- "_requested": {
- "type": "range",
- "registry": true,
- "raw": "npm-registry-fetch@^3.8.0",
- "name": "npm-registry-fetch",
- "escapedName": "npm-registry-fetch",
- "rawSpec": "^3.8.0",
- "saveSpec": null,
- "fetchSpec": "^3.8.0"
- },
- "_requiredBy": [
- "/libnpm"
- ],
- "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
- "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
- "_spec": "npm-registry-fetch@^3.8.0",
- "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
- "author": {
- "name": "Kat Marchán",
- "email": "kzm@sykosomatic.org"
- },
- "bugs": {
- "url": "https://github.com/npm/registry-fetch/issues"
- },
- "bundleDependencies": false,
- "config": {
- "nyc": {
- "exclude": [
- "node_modules/**",
- "test/**"
- ]
- }
- },
- "dependencies": {
- "JSONStream": "^1.3.4",
- "bluebird": "^3.5.1",
- "figgy-pudding": "^3.4.1",
- "lru-cache": "^5.1.1",
- "make-fetch-happen": "^4.0.2",
- "npm-package-arg": "^6.1.0"
- },
- "deprecated": false,
- "description": "Fetch-based http client for use with npm registry APIs",
- "devDependencies": {
- "cacache": "^11.3.3",
- "get-stream": "^4.0.0",
- "mkdirp": "^0.5.1",
- "nock": "^9.4.3",
- "npmlog": "^4.1.2",
- "rimraf": "^2.6.2",
- "ssri": "^6.0.0",
- "standard": "^11.0.1",
- "standard-version": "^4.4.0",
- "tap": "^12.0.1",
- "weallbehave": "^1.2.0",
- "weallcontribute": "^1.0.8"
- },
- "files": [
- "*.js",
- "lib"
- ],
- "homepage": "https://github.com/npm/registry-fetch#readme",
- "keywords": [
- "npm",
- "registry",
- "fetch"
- ],
- "license": "ISC",
- "main": "index.js",
- "name": "npm-registry-fetch",
- "repository": {
- "type": "git",
- "url": "git+https://github.com/npm/registry-fetch.git"
- },
- "scripts": {
- "postrelease": "npm publish && git push --follow-tags",
- "prerelease": "npm t",
- "pretest": "standard",
- "release": "standard-version -s",
- "test": "tap -J --coverage test/*.js",
- "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
- "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
- },
- "version": "3.9.1"
-}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js
deleted file mode 100644
index 886c5d55b2dbb..0000000000000
--- a/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js
+++ /dev/null
@@ -1,14 +0,0 @@
-'use strict'
-
-const noop = Function.prototype
-module.exports = {
- error: noop,
- warn: noop,
- notice: noop,
- info: noop,
- verbose: noop,
- silly: noop,
- http: noop,
- pause: noop,
- resume: noop
-}
diff --git a/node_modules/libnpm/package.json b/node_modules/libnpm/package.json
index 678cf09137fa0..c8caa27aa569f 100644
--- a/node_modules/libnpm/package.json
+++ b/node_modules/libnpm/package.json
@@ -1,27 +1,33 @@
{
- "_from": "libnpm@3.0.0",
- "_id": "libnpm@3.0.0",
+ "_from": "libnpm@3.0.1",
+ "_id": "libnpm@3.0.1",
"_inBundle": false,
- "_integrity": "sha512-H8N3GiytH6rtrBSIyWIL9/kOK5eGp3y8uKvoB8m/fR0UUzRpmJasTkQ4c/E/wwI5adL9l49rf/K7cUctcTHmRw==",
+ "_integrity": "sha512-d7jU5ZcMiTfBqTUJVZ3xid44fE5ERBm9vBnmhp2ECD2Ls+FNXWxHSkO7gtvrnbLO78gwPdNPz1HpsF3W4rjkBQ==",
"_location": "/libnpm",
- "_phantomChildren": {},
+ "_phantomChildren": {
+ "aproba": "2.0.0",
+ "figgy-pudding": "3.5.1",
+ "get-stream": "4.1.0",
+ "npm-package-arg": "6.1.0",
+ "npm-registry-fetch": "4.0.0"
+ },
"_requested": {
"type": "version",
"registry": true,
- "raw": "libnpm@3.0.0",
+ "raw": "libnpm@3.0.1",
"name": "libnpm",
"escapedName": "libnpm",
- "rawSpec": "3.0.0",
+ "rawSpec": "3.0.1",
"saveSpec": null,
- "fetchSpec": "3.0.0"
+ "fetchSpec": "3.0.1"
},
"_requiredBy": [
"#USER",
"/"
],
- "_resolved": "https://registry.npmjs.org/libnpm/-/libnpm-3.0.0.tgz",
- "_shasum": "9a4b5e1b1d4af68c168c9cbfbc4364529cb0a8dc",
- "_spec": "libnpm@3.0.0",
+ "_resolved": "https://registry.npmjs.org/libnpm/-/libnpm-3.0.1.tgz",
+ "_shasum": "0be11b4c9dd4d1ffd7d95c786e92e55d65be77a2",
+ "_spec": "libnpm@3.0.1",
"_where": "/Users/isaacs/dev/npm/cli",
"author": {
"name": "Kat Marchán",
@@ -35,21 +41,21 @@
"bin-links": "^1.1.2",
"bluebird": "^3.5.3",
"find-npm-prefix": "^1.0.2",
- "libnpmaccess": "^3.0.1",
+ "libnpmaccess": "^3.0.2",
"libnpmconfig": "^1.2.1",
- "libnpmhook": "^5.0.2",
- "libnpmorg": "^1.0.0",
- "libnpmpublish": "^1.1.0",
- "libnpmsearch": "^2.0.0",
- "libnpmteam": "^1.0.1",
+ "libnpmhook": "^5.0.3",
+ "libnpmorg": "^1.0.1",
+ "libnpmpublish": "^1.1.2",
+ "libnpmsearch": "^2.0.2",
+ "libnpmteam": "^1.0.2",
"lock-verify": "^2.0.2",
"npm-lifecycle": "^3.0.0",
"npm-logical-tree": "^1.2.1",
"npm-package-arg": "^6.1.0",
- "npm-profile": "^4.0.1",
- "npm-registry-fetch": "^3.8.0",
+ "npm-profile": "^4.0.2",
+ "npm-registry-fetch": "^4.0.0",
"npmlog": "^4.1.2",
- "pacote": "^9.2.3",
+ "pacote": "^9.5.3",
"read-package-json": "^2.0.13",
"stringify-package": "^1.0.0"
},
@@ -90,5 +96,5 @@
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
"update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
},
- "version": "3.0.0"
+ "version": "3.0.1"
}
diff --git a/node_modules/libnpmpublish/CHANGELOG.md b/node_modules/libnpmpublish/CHANGELOG.md
index 529fa805a0927..974b3fd308a6b 100644
--- a/node_modules/libnpmpublish/CHANGELOG.md
+++ b/node_modules/libnpmpublish/CHANGELOG.md
@@ -2,6 +2,11 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [1.1.2](https://github.com/npm/libnpmpublish/compare/v1.1.1...v1.1.2) (2019-07-16)
+
+
+
## [1.1.1](https://github.com/npm/libnpmpublish/compare/v1.1.0...v1.1.1) (2019-01-22)
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md
deleted file mode 100644
index a446842f55d80..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md
+++ /dev/null
@@ -1,555 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
-
-## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
-
-
-
-
-## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
-
-
-### Bug Fixes
-
-* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
-
-
-
-
-# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
-
-
-### meta
-
-* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
-
-
-### BREAKING CHANGES
-
-* node@4 is no longer supported
-
-
-
-
-# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
-
-
-### Bug Fixes
-
-* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
-* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
-
-
-### BREAKING CHANGES
-
-* **license:** license changed from CC0 to ISC.
-
-
-
-
-# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
-
-
-### Bug Fixes
-
-* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
-
-
-### Features
-
-* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
-
-
-
-
-# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
-
-
-### Bug Fixes
-
-* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
-
-
-### Features
-
-* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
-
-
-
-
-## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
-
-
-### Bug Fixes
-
-* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
-* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
-
-
-
-
-## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
-
-
-### Bug Fixes
-
-* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
-
-
-
-
-## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
-
-
-### Bug Fixes
-
-* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
-
-
-
-
-## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
-
-
-### Bug Fixes
-
-* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
-* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
-
-
-
-
-## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
-
-
-### Bug Fixes
-
-* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
-
-
-
-
-## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
-
-
-### Bug Fixes
-
-* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
-
-
-
-
-## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
-
-
-### Bug Fixes
-
-* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
-
-
-
-
-## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
-
-
-### Bug Fixes
-
-* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
-* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
-* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
-
-
-
-
-## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
-
-
-### Bug Fixes
-
-* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
-
-
-
-
-## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
-
-
-### Bug Fixes
-
-* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
-
-
-
-
-## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
-
-
-### Bug Fixes
-
-* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
-
-
-
-
-## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
-
-
-### Bug Fixes
-
-* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
-* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
-
-
-
-
-## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
-
-
-### Bug Fixes
-
-* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
-
-
-
-
-# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
-
-
-### Bug Fixes
-
-* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
-
-
-### Features
-
-* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
-
-
-
-
-# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
-
-
-### Features
-
-* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
-* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
-
-
-
-
-## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
-
-
-### Bug Fixes
-
-* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
-* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
-
-
-
-
-## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
-
-
-### Bug Fixes
-
-* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
-
-
-
-
-## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
-
-
-### Bug Fixes
-
-* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
-
-
-
-
-## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
-
-
-### Bug Fixes
-
-* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
-* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
-
-
-
-
-## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
-
-
-### Bug Fixes
-
-* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
-
-
-
-
-## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
-
-
-### Bug Fixes
-
-* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
-
-
-
-
-# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
-
-
-### Bug Fixes
-
-* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
-
-
-### Features
-
-* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
-
-
-
-
-# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
-
-
-### Features
-
-* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
-
-
-
-
-## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
-
-
-### Bug Fixes
-
-* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
-
-
-
-
-## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
-
-
-
-
-## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
-
-
-
-
-## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
-
-
-
-
-# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
-
-
-### Bug Fixes
-
-* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
-* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
-
-
-### Features
-
-* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
-
-
-### BREAKING CHANGES
-
-* **agent:** pac proxies are no longer supported.
-* **retry:** Retry logic has changes.
-
-* 404s, 420s, and 429s all retry now.
-* ENOTFOUND no longer retries.
-* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
-
-
-
-
-# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
-
-
-### Features
-
-* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
-
-
-
-
-# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
-
-
-### Features
-
-* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
-
-
-
-
-## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
-
-
-### Bug Fixes
-
-* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
-* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
-
-
-
-
-# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
-
-
-### Features
-
-* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
-
-
-
-
-# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
-
-
-### Features
-
-* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
-
-
-
-
-## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
-
-
-
-
-# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
-
-
-### Bug Fixes
-
-* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
-
-
-### Features
-
-* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
-* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
-
-
-
-
-## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
-
-
-### Bug Fixes
-
-* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
-
-
-
-
-# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
-
-
-### Features
-
-* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
-
-
-
-
-# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
-
-
-### Features
-
-* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
-
-
-
-
-## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
-
-
-
-
-# 1.0.0 (2017-04-01)
-
-
-### Bug Fixes
-
-* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
-* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
-* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
-* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
-* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
-* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
-* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
-* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
-* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
-* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
-* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
-* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
-* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
-* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
-* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
-* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
-* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
-* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
-* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
-* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
-* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
-* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
-* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
-* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
-* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
-
-
-### Features
-
-* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
-* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
-
-
-### BREAKING CHANGES
-
-* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
-* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
-* **api:** actual api implemented
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE
deleted file mode 100644
index 8d28acf866d93..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE
+++ /dev/null
@@ -1,16 +0,0 @@
-ISC License
-
-Copyright (c) npm, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for
-any purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
-COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md b/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md
deleted file mode 100644
index 4d12d8dae7e31..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md
+++ /dev/null
@@ -1,404 +0,0 @@
-# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
-
-
-[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
-library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
-features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
-pooling, proxies, retries, [and more](#features)!
-
-## Install
-
-`$ npm install --save make-fetch-happen`
-
-## Table of Contents
-
-* [Example](#example)
-* [Features](#features)
-* [Contributing](#contributing)
-* [API](#api)
- * [`fetch`](#fetch)
- * [`fetch.defaults`](#fetch-defaults)
- * [`node-fetch` options](#node-fetch-options)
- * [`make-fetch-happen` options](#extra-options)
- * [`opts.cacheManager`](#opts-cache-manager)
- * [`opts.cache`](#opts-cache)
- * [`opts.proxy`](#opts-proxy)
- * [`opts.noProxy`](#opts-no-proxy)
- * [`opts.ca, opts.cert, opts.key`](#https-opts)
- * [`opts.maxSockets`](#opts-max-sockets)
- * [`opts.retry`](#opts-retry)
- * [`opts.onRetry`](#opts-onretry)
- * [`opts.integrity`](#opts-integrity)
-* [Message From Our Sponsors](#wow)
-
-### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-cache' // path where cache will be written (and read)
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
- return res.json() // download the body as JSON
-}).then(body => {
- console.log(`got ${body.name} from web`)
- return fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'no-cache' // forces a conditional request
- })
-}).then(res => {
- console.log(res.status) // 304! cache validated!
- return res.json().then(body => {
- console.log(`got ${body.name} from cache`)
- })
-})
-```
-
-### Features
-
-* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
-* Request pooling out of the box
-* Quite fast, really
-* Automatic HTTP-semantics-aware request retries
-* Cache-fallback automatic "offline mode"
-* Proxy support (http, https, socks, socks4, socks5)
-* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
-* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
-* Node.js Stream support
-* Transparent gzip and deflate support
-* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
-* Literally punches nazis
-* (PENDING) Range request caching and resuming
-
-### Contributing
-
-The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
-
-All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
-
-Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
-
-Happy hacking!
-
-### API
-
-#### `> fetch(uriOrRequest, [opts]) -> Promise`
-
-This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
-
-If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
-
-##### Example
-
-```javascript
-fetch('https://google.com').then(res => res.buffer())
-```
-
-#### `> fetch.defaults([defaultUrl], [defaultOpts])`
-
-Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
-
-A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
-
-##### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-local-cache'
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
-```
-
-#### `> node-fetch options`
-
-The following options for `node-fetch` are used as-is:
-
-* method
-* body
-* redirect
-* follow
-* timeout
-* compress
-* size
-
-These other options are modified or augmented by make-fetch-happen:
-
-* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
-* agent
- * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
- * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
- * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
- * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
-
-For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
-
-#### `> make-fetch-happen options`
-
-make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
-
-* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
-* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
-* [`opts.proxy`](#opts-proxy) - Proxy agent
-* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
-* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
-* [`opts.localAddress`](#opts-local-address)
-* [`opts.maxSockets`](#opts-max-sockets)
-* [`opts.retry`](#opts-retry) - Request retry settings
-* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
-* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
-
-#### `> opts.cacheManager`
-
-Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
-
-If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
-
-By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
-
-You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
-
-**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
-
-The default cache manager also adds the following headers to cached responses:
-
-* `X-Local-Cache`: Path to the cache the content was found in
-* `X-Local-Cache-Key`: Unique cache entry key for this response
-* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
-* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
-
-Using [`cacache`](https://npm.im/cacache), a call like this may be used to
-manually fetch the cached entry:
-
-```javascript
-const h = response.headers
-cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
-
-// grab content only, directly:
-cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
-```
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cacheManager: './my-local-cache'
-}) // -> 200-level response will be written to disk
-
-fetch('https://npm.im/cacache', {
- cacheManager: new MyCustomRedisCache(process.env.PORT)
-}) // -> 200-level response will be written to redis
-```
-
-A possible (minimal) implementation for `MyCustomRedisCache`:
-
-```javascript
-const bluebird = require('bluebird')
-const redis = require("redis")
-bluebird.promisifyAll(redis.RedisClient.prototype)
-class MyCustomRedisCache {
- constructor (opts) {
- this.redis = redis.createClient(opts)
- }
- match (req) {
- return this.redis.getAsync(req.url).then(res => {
- if (res) {
- const parsed = JSON.parse(res)
- return new fetch.Response(parsed.body, {
- url: req.url,
- headers: parsed.headers,
- status: 200
- })
- }
- })
- }
- put (req, res) {
- return res.buffer().then(body => {
- return this.redis.setAsync(req.url, JSON.stringify({
- body: body,
- headers: res.headers.raw()
- }))
- }).then(() => {
- // return the response itself
- return res
- })
- }
- 'delete' (req) {
- return this.redis.unlinkAsync(req.url)
- }
-}
-```
-
-#### `> opts.cache`
-
-This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
-
-* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
-* `no-store` - Fetch behaves as if there is no HTTP cache at all.
-* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
-* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
-* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
-* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
-
-(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
-
-##### Example
-
-```javascript
-const fetch = require('make-fetch-happen').defaults({
- cacheManager: './my-cache'
-})
-
-// Will error with ENOTCACHED if we haven't already cached this url
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'only-if-cached'
-})
-
-// Will refresh any local content and cache the new response
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'reload'
-})
-
-// Will use any local data, even if stale. Otherwise, will hit network.
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- cache: 'force-cache'
-})
-```
-
-#### `> opts.proxy`
-
-A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
-used depending on the proxy's protocol.
-
-Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
-`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
-
-(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- proxy: 'https://corporate.yourcompany.proxy:4445'
-})
-
-fetch('https://registry.npmjs.org/make-fetch-happen', {
- proxy: {
- protocol: 'https:',
- hostname: 'corporate.yourcompany.proxy',
- port: 4445
- }
-})
-```
-
-#### `> opts.noProxy`
-
-If present, should be a comma-separated string or an array of domain extensions
-that a proxy should _not_ be used for.
-
-This option may also be provided through `process.env.NO_PROXY`.
-
-#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
-
-These values are passed in directly to the HTTPS agent and will be used for both
-proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
-same options the `https` module accepts, which will be themselves passed to
-`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
-
-#### `> opts.localAddress`
-
-Passed directly to `http` and `https` request calls. Determines the local
-address to bind to.
-
-#### `> opts.maxSockets`
-
-Default: 15
-
-Maximum number of active concurrent sockets to use for the underlying
-Http/Https/Proxy agents. This setting applies once per spawned agent.
-
-15 is probably a _pretty good value_ for most use-cases, and balances speed
-with, uh, not knocking out people's routers. 🤓
-
-#### `> opts.retry`
-
-An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
-
-* Request method is NOT `POST` AND
-* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
-* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
-
-The following are worth noting as explicitly not retried:
-
-* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
-* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
-
-If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
-
-If `opts.retry` is a number, it is equivalent to `{retries: num}`
-
-The following retry options are available if you want more control over it:
-
-* retries
-* factor
-* minTimeout
-* maxTimeout
-* randomize
-
-For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
-
-##### Example
-
-```javascript
-fetch('https://flaky.site.com', {
- retry: {
- retries: 10,
- randomize: true
- }
-})
-
-fetch('http://reliable.site.com', {
- retry: false
-})
-
-fetch('http://one-more.site.com', {
- retry: 3
-})
-```
-
-#### `> opts.onRetry`
-
-A function called whenever a retry is attempted.
-
-##### Example
-
-```javascript
-fetch('https://flaky.site.com', {
- onRetry() {
- console.log('we will retry!')
- }
-})
-```
-
-#### `> opts.integrity`
-
-Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
-
-`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
-
-##### Example
-
-```javascript
-fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
- integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
-}) // -> ok
-
-fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
- integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
-}) // Error: EINTEGRITY
-```
-
-### Message From Our Sponsors
-
-
-
-
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js
deleted file mode 100644
index 55675946ad97d..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js
+++ /dev/null
@@ -1,171 +0,0 @@
-'use strict'
-const LRU = require('lru-cache')
-const url = require('url')
-
-let AGENT_CACHE = new LRU({ max: 50 })
-let HttpsAgent
-let HttpAgent
-
-module.exports = getAgent
-
-function getAgent (uri, opts) {
- const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
- const isHttps = parsedUri.protocol === 'https:'
- const pxuri = getProxyUri(uri, opts)
-
- const key = [
- `https:${isHttps}`,
- pxuri
- ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
- : '>no-proxy<',
- `local-address:${opts.localAddress || '>no-local-address<'}`,
- `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
- `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
- `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
- `key:${(isHttps && opts.key) || '>no-key<'}`
- ].join(':')
-
- if (opts.agent != null) { // `agent: false` has special behavior!
- return opts.agent
- }
-
- if (AGENT_CACHE.peek(key)) {
- return AGENT_CACHE.get(key)
- }
-
- if (pxuri) {
- const proxy = getProxy(pxuri, opts, isHttps)
- AGENT_CACHE.set(key, proxy)
- return proxy
- }
-
- if (isHttps && !HttpsAgent) {
- HttpsAgent = require('agentkeepalive').HttpsAgent
- } else if (!isHttps && !HttpAgent) {
- HttpAgent = require('agentkeepalive')
- }
-
- // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
- // of zero disables the timeout behavior (OS limits still apply). Else, if
- // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
- // the node-fetch-npm timeout will always fire first, giving us more
- // consistent errors.
- const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
-
- const agent = isHttps ? new HttpsAgent({
- maxSockets: opts.maxSockets || 15,
- ca: opts.ca,
- cert: opts.cert,
- key: opts.key,
- localAddress: opts.localAddress,
- rejectUnauthorized: opts.strictSSL,
- timeout: agentTimeout
- }) : new HttpAgent({
- maxSockets: opts.maxSockets || 15,
- localAddress: opts.localAddress,
- timeout: agentTimeout
- })
- AGENT_CACHE.set(key, agent)
- return agent
-}
-
-function checkNoProxy (uri, opts) {
- const host = url.parse(uri).hostname.split('.').reverse()
- let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
- if (typeof noproxy === 'string') {
- noproxy = noproxy.split(/\s*,\s*/g)
- }
- return noproxy && noproxy.some(no => {
- const noParts = no.split('.').filter(x => x).reverse()
- if (!noParts.length) { return false }
- for (let i = 0; i < noParts.length; i++) {
- if (host[i] !== noParts[i]) {
- return false
- }
- }
- return true
- })
-}
-
-module.exports.getProcessEnv = getProcessEnv
-
-function getProcessEnv (env) {
- if (!env) { return }
-
- let value
-
- if (Array.isArray(env)) {
- for (let e of env) {
- value = process.env[e] ||
- process.env[e.toUpperCase()] ||
- process.env[e.toLowerCase()]
- if (typeof value !== 'undefined') { break }
- }
- }
-
- if (typeof env === 'string') {
- value = process.env[env] ||
- process.env[env.toUpperCase()] ||
- process.env[env.toLowerCase()]
- }
-
- return value
-}
-
-function getProxyUri (uri, opts) {
- const protocol = url.parse(uri).protocol
-
- const proxy = opts.proxy || (
- protocol === 'https:' && getProcessEnv('https_proxy')
- ) || (
- protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
- )
- if (!proxy) { return null }
-
- const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
-
- return !checkNoProxy(uri, opts) && parsedProxy
-}
-
-let HttpProxyAgent
-let HttpsProxyAgent
-let SocksProxyAgent
-function getProxy (proxyUrl, opts, isHttps) {
- let popts = {
- host: proxyUrl.hostname,
- port: proxyUrl.port,
- protocol: proxyUrl.protocol,
- path: proxyUrl.path,
- auth: proxyUrl.auth,
- ca: opts.ca,
- cert: opts.cert,
- key: opts.key,
- timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
- localAddress: opts.localAddress,
- maxSockets: opts.maxSockets || 15,
- rejectUnauthorized: opts.strictSSL
- }
-
- if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
- if (!isHttps) {
- if (!HttpProxyAgent) {
- HttpProxyAgent = require('http-proxy-agent')
- }
-
- return new HttpProxyAgent(popts)
- } else {
- if (!HttpsProxyAgent) {
- HttpsProxyAgent = require('https-proxy-agent')
- }
-
- return new HttpsProxyAgent(popts)
- }
- }
- if (proxyUrl.protocol.startsWith('socks')) {
- if (!SocksProxyAgent) {
- SocksProxyAgent = require('socks-proxy-agent')
- }
-
- return new SocksProxyAgent(popts)
- }
-}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js
deleted file mode 100644
index 0c519e69fbe81..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js
+++ /dev/null
@@ -1,249 +0,0 @@
-'use strict'
-
-const cacache = require('cacache')
-const fetch = require('node-fetch-npm')
-const pipe = require('mississippi').pipe
-const ssri = require('ssri')
-const through = require('mississippi').through
-const to = require('mississippi').to
-const url = require('url')
-const stream = require('stream')
-
-const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
-
-function cacheKey (req) {
- const parsed = url.parse(req.url)
- return `make-fetch-happen:request-cache:${
- url.format({
- protocol: parsed.protocol,
- slashes: parsed.slashes,
- host: parsed.host,
- hostname: parsed.hostname,
- pathname: parsed.pathname
- })
- }`
-}
-
-// This is a cacache-based implementation of the Cache standard,
-// using node-fetch.
-// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
-//
-module.exports = class Cache {
- constructor (path, opts) {
- this._path = path
- this._uid = opts && opts.uid
- this._gid = opts && opts.gid
- this.Promise = (opts && opts.Promise) || Promise
- }
-
- // Returns a Promise that resolves to the response associated with the first
- // matching request in the Cache object.
- match (req, opts) {
- opts = opts || {}
- const key = cacheKey(req)
- return cacache.get.info(this._path, key).then(info => {
- return info && cacache.get.hasContent(
- this._path, info.integrity, opts
- ).then(exists => exists && info)
- }).then(info => {
- if (info && info.metadata && matchDetails(req, {
- url: info.metadata.url,
- reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
- resHeaders: new fetch.Headers(info.metadata.resHeaders),
- cacheIntegrity: info.integrity,
- integrity: opts && opts.integrity
- })) {
- const resHeaders = new fetch.Headers(info.metadata.resHeaders)
- addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
- if (req.method === 'HEAD') {
- return new fetch.Response(null, {
- url: req.url,
- headers: resHeaders,
- status: 200
- })
- }
- let body
- const cachePath = this._path
- // avoid opening cache file handles until a user actually tries to
- // read from it.
- if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
- body = new stream.PassThrough()
- const realRead = body._read
- body._read = function (size) {
- body._read = realRead
- pipe(
- cacache.get.stream.byDigest(cachePath, info.integrity, {
- memoize: opts.memoize
- }),
- body,
- err => body.emit(err))
- return realRead.call(this, size)
- }
- } else {
- let readOnce = false
- // cacache is much faster at bulk reads
- body = new stream.Readable({
- read () {
- if (readOnce) return this.push(null)
- readOnce = true
- cacache.get.byDigest(cachePath, info.integrity, {
- memoize: opts.memoize
- }).then(data => {
- this.push(data)
- this.push(null)
- }, err => this.emit('error', err))
- }
- })
- }
- return this.Promise.resolve(new fetch.Response(body, {
- url: req.url,
- headers: resHeaders,
- status: 200,
- size: info.size
- }))
- }
- })
- }
-
- // Takes both a request and its response and adds it to the given cache.
- put (req, response, opts) {
- opts = opts || {}
- const size = response.headers.get('content-length')
- const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
- const ckey = cacheKey(req)
- const cacheOpts = {
- algorithms: opts.algorithms,
- metadata: {
- url: req.url,
- reqHeaders: req.headers.raw(),
- resHeaders: response.headers.raw()
- },
- uid: this._uid,
- gid: this._gid,
- size,
- memoize: fitInMemory && opts.memoize
- }
- if (req.method === 'HEAD' || response.status === 304) {
- // Update metadata without writing
- return cacache.get.info(this._path, ckey).then(info => {
- // Providing these will bypass content write
- cacheOpts.integrity = info.integrity
- addCacheHeaders(
- response.headers, this._path, ckey, info.integrity, info.time
- )
- return new this.Promise((resolve, reject) => {
- pipe(
- cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
- cacache.put.stream(this._path, cacheKey(req), cacheOpts),
- err => err ? reject(err) : resolve(response)
- )
- })
- }).then(() => response)
- }
- let buf = []
- let bufSize = 0
- let cacheTargetStream = false
- const cachePath = this._path
- let cacheStream = to((chunk, enc, cb) => {
- if (!cacheTargetStream) {
- if (fitInMemory) {
- cacheTargetStream =
- to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
- buf.push(chunk)
- bufSize += chunk.length
- cb()
- }, done => {
- cacache.put(
- cachePath,
- cacheKey(req),
- Buffer.concat(buf, bufSize),
- cacheOpts
- ).then(
- () => done(),
- done
- )
- })
- } else {
- cacheTargetStream =
- cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
- }
- }
- cacheTargetStream.write(chunk, enc, cb)
- }, done => {
- cacheTargetStream ? cacheTargetStream.end(done) : done()
- })
- const oldBody = response.body
- const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
- response.body = newBody
- oldBody.once('error', err => newBody.emit('error', err))
- newBody.once('error', err => oldBody.emit('error', err))
- cacheStream.once('error', err => newBody.emit('error', err))
- pipe(oldBody, to((chunk, enc, cb) => {
- cacheStream.write(chunk, enc, () => {
- newBody.write(chunk, enc, cb)
- })
- }, done => {
- cacheStream.end(() => {
- newBody.end(() => {
- done()
- })
- })
- }), err => err && newBody.emit('error', err))
- return response
- }
-
- // Finds the Cache entry whose key is the request, and if found, deletes the
- // Cache entry and returns a Promise that resolves to true. If no Cache entry
- // is found, it returns false.
- 'delete' (req, opts) {
- opts = opts || {}
- if (typeof opts.memoize === 'object') {
- if (opts.memoize.reset) {
- opts.memoize.reset()
- } else if (opts.memoize.clear) {
- opts.memoize.clear()
- } else {
- Object.keys(opts.memoize).forEach(k => {
- opts.memoize[k] = null
- })
- }
- }
- return cacache.rm.entry(
- this._path,
- cacheKey(req)
- // TODO - true/false
- ).then(() => false)
- }
-}
-
-function matchDetails (req, cached) {
- const reqUrl = url.parse(req.url)
- const cacheUrl = url.parse(cached.url)
- const vary = cached.resHeaders.get('Vary')
- // https://tools.ietf.org/html/rfc7234#section-4.1
- if (vary) {
- if (vary.match(/\*/)) {
- return false
- } else {
- const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
- return cached.reqHeaders.get(field) === req.headers.get(field)
- })
- if (!fieldsMatch) {
- return false
- }
- }
- }
- if (cached.integrity) {
- return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
- }
- reqUrl.hash = null
- cacheUrl.hash = null
- return url.format(reqUrl) === url.format(cacheUrl)
-}
-
-function addCacheHeaders (resHeaders, path, key, hash, time) {
- resHeaders.set('X-Local-Cache', encodeURIComponent(path))
- resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
- resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
- resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
-}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js
deleted file mode 100644
index 0f2c164e19f28..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js
+++ /dev/null
@@ -1,482 +0,0 @@
-'use strict'
-
-let Cache
-const url = require('url')
-const CachePolicy = require('http-cache-semantics')
-const fetch = require('node-fetch-npm')
-const pkg = require('./package.json')
-const retry = require('promise-retry')
-let ssri
-const Stream = require('stream')
-const getAgent = require('./agent')
-const setWarning = require('./warning')
-
-const isURL = /^https?:/
-const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
-
-const RETRY_ERRORS = [
- 'ECONNRESET', // remote socket closed on us
- 'ECONNREFUSED', // remote host refused to open connection
- 'EADDRINUSE', // failed to bind to a local port (proxy?)
- 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
- // Known codes we do NOT retry on:
- // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
-]
-
-const RETRY_TYPES = [
- 'request-timeout'
-]
-
-// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
-module.exports = cachingFetch
-cachingFetch.defaults = function (_uri, _opts) {
- const fetch = this
- if (typeof _uri === 'object') {
- _opts = _uri
- _uri = null
- }
-
- function defaultedFetch (uri, opts) {
- const finalOpts = Object.assign({}, _opts || {}, opts || {})
- return fetch(uri || _uri, finalOpts)
- }
-
- defaultedFetch.defaults = fetch.defaults
- defaultedFetch.delete = fetch.delete
- return defaultedFetch
-}
-
-cachingFetch.delete = cacheDelete
-function cacheDelete (uri, opts) {
- opts = configureOptions(opts)
- if (opts.cacheManager) {
- const req = new fetch.Request(uri, {
- method: opts.method,
- headers: opts.headers
- })
- return opts.cacheManager.delete(req, opts)
- }
-}
-
-function initializeCache (opts) {
- if (typeof opts.cacheManager === 'string') {
- if (!Cache) {
- // Default cacache-based cache
- Cache = require('./cache')
- }
-
- opts.cacheManager = new Cache(opts.cacheManager, opts)
- }
-
- opts.cache = opts.cache || 'default'
-
- if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
- // If header list contains `If-Modified-Since`, `If-None-Match`,
- // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
- // mode to "no-store" if it is "default".
- opts.cache = 'no-store'
- }
-}
-
-function configureOptions (_opts) {
- const opts = Object.assign({}, _opts || {})
- opts.method = (opts.method || 'GET').toUpperCase()
-
- if (opts.retry && typeof opts.retry === 'number') {
- opts.retry = { retries: opts.retry }
- }
-
- if (opts.retry === false) {
- opts.retry = { retries: 0 }
- }
-
- if (opts.cacheManager) {
- initializeCache(opts)
- }
-
- return opts
-}
-
-function initializeSsri () {
- if (!ssri) {
- ssri = require('ssri')
- }
-}
-
-function cachingFetch (uri, _opts) {
- const opts = configureOptions(_opts)
-
- if (opts.integrity) {
- initializeSsri()
- // if verifying integrity, node-fetch must not decompress
- opts.compress = false
- }
-
- const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
- opts.cacheManager &&
- opts.cache !== 'no-store' &&
- opts.cache !== 'reload'
-
- if (isCachable) {
- const req = new fetch.Request(uri, {
- method: opts.method,
- headers: opts.headers
- })
-
- return opts.cacheManager.match(req, opts).then(res => {
- if (res) {
- const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
- if (warningCode && +warningCode >= 100 && +warningCode < 200) {
- // https://tools.ietf.org/html/rfc7234#section-4.3.4
- //
- // If a stored response is selected for update, the cache MUST:
- //
- // * delete any Warning header fields in the stored response with
- // warn-code 1xx (see Section 5.5);
- //
- // * retain any Warning header fields in the stored response with
- // warn-code 2xx;
- //
- res.headers.delete('Warning')
- }
-
- if (opts.cache === 'default' && !isStale(req, res)) {
- return res
- }
-
- if (opts.cache === 'default' || opts.cache === 'no-cache') {
- return conditionalFetch(req, res, opts)
- }
-
- if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
- // 112 Disconnected operation
- // SHOULD be included if the cache is intentionally disconnected from
- // the rest of the network for a period of time.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(res, 112, 'Disconnected operation')
- return res
- }
- }
-
- if (!res && opts.cache === 'only-if-cached') {
- const errorMsg = `request to ${
- uri
- } failed: cache mode is 'only-if-cached' but no cached response available.`
-
- const err = new Error(errorMsg)
- err.code = 'ENOTCACHED'
- throw err
- }
-
- // Missing cache entry, or mode is default (if stale), reload, no-store
- return remoteFetch(req.url, opts)
- })
- }
-
- return remoteFetch(uri, opts)
-}
-
-function iterableToObject (iter) {
- const obj = {}
- for (let k of iter.keys()) {
- obj[k] = iter.get(k)
- }
- return obj
-}
-
-function makePolicy (req, res) {
- const _req = {
- url: req.url,
- method: req.method,
- headers: iterableToObject(req.headers)
- }
- const _res = {
- status: res.status,
- headers: iterableToObject(res.headers)
- }
-
- return new CachePolicy(_req, _res, { shared: false })
-}
-
-// https://tools.ietf.org/html/rfc7234#section-4.2
-function isStale (req, res) {
- if (!res) {
- return null
- }
-
- const _req = {
- url: req.url,
- method: req.method,
- headers: iterableToObject(req.headers)
- }
-
- const policy = makePolicy(req, res)
-
- const responseTime = res.headers.get('x-local-cache-time') ||
- res.headers.get('date') ||
- 0
-
- policy._responseTime = new Date(responseTime)
-
- const bool = !policy.satisfiesWithoutRevalidation(_req)
- return bool
-}
-
-function mustRevalidate (res) {
- return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
-}
-
-function conditionalFetch (req, cachedRes, opts) {
- const _req = {
- url: req.url,
- method: req.method,
- headers: Object.assign({}, opts.headers || {})
- }
-
- const policy = makePolicy(req, cachedRes)
- opts.headers = policy.revalidationHeaders(_req)
-
- return remoteFetch(req.url, opts)
- .then(condRes => {
- const revalidatedPolicy = policy.revalidatedPolicy(_req, {
- status: condRes.status,
- headers: iterableToObject(condRes.headers)
- })
-
- if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
- // 111 Revalidation failed
- // MUST be included if a cache returns a stale response because an
- // attempt to revalidate the response failed, due to an inability to
- // reach the server.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(cachedRes, 111, 'Revalidation failed')
- return cachedRes
- }
-
- if (condRes.status === 304) { // 304 Not Modified
- condRes.body = cachedRes.body
- return opts.cacheManager.put(req, condRes, opts)
- .then(newRes => {
- newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
- return newRes
- })
- }
-
- return condRes
- })
- .then(res => res)
- .catch(err => {
- if (mustRevalidate(cachedRes)) {
- throw err
- } else {
- // 111 Revalidation failed
- // MUST be included if a cache returns a stale response because an
- // attempt to revalidate the response failed, due to an inability to
- // reach the server.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(cachedRes, 111, 'Revalidation failed')
- // 199 Miscellaneous warning
- // The warning text MAY include arbitrary information to be presented to
- // a human user, or logged. A system receiving this warning MUST NOT take
- // any automated action, besides presenting the warning to the user.
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- setWarning(
- cachedRes,
- 199,
- `Miscellaneous Warning ${err.code}: ${err.message}`
- )
-
- return cachedRes
- }
- })
-}
-
-function remoteFetchHandleIntegrity (res, integrity) {
- const oldBod = res.body
- const newBod = ssri.integrityStream({
- integrity
- })
- oldBod.pipe(newBod)
- res.body = newBod
- oldBod.once('error', err => {
- newBod.emit('error', err)
- })
- newBod.once('error', err => {
- oldBod.emit('error', err)
- })
-}
-
-function remoteFetch (uri, opts) {
- const agent = getAgent(uri, opts)
- const headers = Object.assign({
- 'connection': agent ? 'keep-alive' : 'close',
- 'user-agent': USER_AGENT
- }, opts.headers || {})
-
- const reqOpts = {
- agent,
- body: opts.body,
- compress: opts.compress,
- follow: opts.follow,
- headers: new fetch.Headers(headers),
- method: opts.method,
- redirect: 'manual',
- size: opts.size,
- counter: opts.counter,
- timeout: opts.timeout
- }
-
- return retry(
- (retryHandler, attemptNum) => {
- const req = new fetch.Request(uri, reqOpts)
- return fetch(req)
- .then(res => {
- res.headers.set('x-fetch-attempts', attemptNum)
-
- if (opts.integrity) {
- remoteFetchHandleIntegrity(res, opts.integrity)
- }
-
- const isStream = req.body instanceof Stream
-
- if (opts.cacheManager) {
- const isMethodGetHead = req.method === 'GET' ||
- req.method === 'HEAD'
-
- const isCachable = opts.cache !== 'no-store' &&
- isMethodGetHead &&
- makePolicy(req, res).storable() &&
- res.status === 200 // No other statuses should be stored!
-
- if (isCachable) {
- return opts.cacheManager.put(req, res, opts)
- }
-
- if (!isMethodGetHead) {
- return opts.cacheManager.delete(req).then(() => {
- if (res.status >= 500 && req.method !== 'POST' && !isStream) {
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(res)
- }
-
- return retryHandler(res)
- }
-
- return res
- })
- }
- }
-
- const isRetriable = req.method !== 'POST' &&
- !isStream && (
- res.status === 408 || // Request Timeout
- res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
- res.status === 429 || // Too Many Requests ("standard" rate-limiting)
- res.status >= 500 // Assume server errors are momentary hiccups
- )
-
- if (isRetriable) {
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(res)
- }
-
- return retryHandler(res)
- }
-
- if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
- return res
- }
-
- // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
- if (opts.redirect === 'error') {
- const err = new Error(`redirect mode is set to error: ${uri}`)
- err.code = 'ENOREDIRECT'
- throw err
- }
-
- if (!res.headers.get('location')) {
- const err = new Error(`redirect location header missing at: ${uri}`)
- err.code = 'EINVALIDREDIRECT'
- throw err
- }
-
- if (req.counter >= req.follow) {
- const err = new Error(`maximum redirect reached at: ${uri}`)
- err.code = 'EMAXREDIRECT'
- throw err
- }
-
- const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
- let redirectURL = url.parse(resolvedUrl)
-
- if (isURL.test(res.headers.get('location'))) {
- redirectURL = url.parse(res.headers.get('location'))
- }
-
- // Remove authorization if changing hostnames (but not if just
- // changing ports or protocols). This matches the behavior of request:
- // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
- if (url.parse(req.url).hostname !== redirectURL.hostname) {
- req.headers.delete('authorization')
- }
-
- // for POST request with 301/302 response, or any request with 303 response,
- // use GET when following redirect
- if (res.status === 303 ||
- ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
- opts.method = 'GET'
- opts.body = null
- req.headers.delete('content-length')
- }
-
- opts.headers = {}
- req.headers.forEach((value, name) => {
- opts.headers[name] = value
- })
-
- opts.counter = ++req.counter
- return cachingFetch(resolvedUrl, opts)
- })
- .catch(err => {
- const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
-
- const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
- RETRY_TYPES.indexOf(err.type) === -1
-
- if (req.method === 'POST' || isRetryError) {
- throw err
- }
-
- if (typeof opts.onRetry === 'function') {
- opts.onRetry(err)
- }
-
- return retryHandler(err)
- })
- },
- opts.retry
- ).catch(err => {
- if (err.status >= 400) {
- return err
- }
-
- throw err
- })
-}
-
-function isHeaderConditional (headers) {
- if (!headers || typeof headers !== 'object') {
- return false
- }
-
- const modifiers = [
- 'if-modified-since',
- 'if-none-match',
- 'if-unmodified-since',
- 'if-match',
- 'if-range'
- ]
-
- return Object.keys(headers)
- .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
-}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json b/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json
deleted file mode 100644
index d5abc57173262..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json
+++ /dev/null
@@ -1,94 +0,0 @@
-{
- "_from": "make-fetch-happen@^4.0.2",
- "_id": "make-fetch-happen@4.0.2",
- "_inBundle": false,
- "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
- "_location": "/libnpmpublish/make-fetch-happen",
- "_phantomChildren": {},
- "_requested": {
- "type": "range",
- "registry": true,
- "raw": "make-fetch-happen@^4.0.2",
- "name": "make-fetch-happen",
- "escapedName": "make-fetch-happen",
- "rawSpec": "^4.0.2",
- "saveSpec": null,
- "fetchSpec": "^4.0.2"
- },
- "_requiredBy": [
- "/libnpmpublish/npm-registry-fetch"
- ],
- "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
- "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
- "_spec": "make-fetch-happen@^4.0.2",
- "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmpublish/node_modules/npm-registry-fetch",
- "author": {
- "name": "Kat Marchán",
- "email": "kzm@zkat.tech"
- },
- "bugs": {
- "url": "https://github.com/zkat/make-fetch-happen/issues"
- },
- "bundleDependencies": false,
- "dependencies": {
- "agentkeepalive": "^3.4.1",
- "cacache": "^11.3.3",
- "http-cache-semantics": "^3.8.1",
- "http-proxy-agent": "^2.1.0",
- "https-proxy-agent": "^2.2.1",
- "lru-cache": "^5.1.1",
- "mississippi": "^3.0.0",
- "node-fetch-npm": "^2.0.2",
- "promise-retry": "^1.1.1",
- "socks-proxy-agent": "^4.0.0",
- "ssri": "^6.0.0"
- },
- "deprecated": false,
- "description": "Opinionated, caching, retrying fetch client",
- "devDependencies": {
- "bluebird": "^3.5.1",
- "mkdirp": "^0.5.1",
- "nock": "^9.2.3",
- "npmlog": "^4.1.2",
- "require-inject": "^1.4.2",
- "rimraf": "^2.6.2",
- "safe-buffer": "^5.1.1",
- "standard": "^11.0.1",
- "standard-version": "^4.3.0",
- "tacks": "^1.2.6",
- "tap": "^12.7.0",
- "weallbehave": "^1.0.0",
- "weallcontribute": "^1.0.7"
- },
- "files": [
- "*.js",
- "lib"
- ],
- "homepage": "https://github.com/zkat/make-fetch-happen#readme",
- "keywords": [
- "http",
- "request",
- "fetch",
- "mean girls",
- "caching",
- "cache",
- "subresource integrity"
- ],
- "license": "ISC",
- "main": "index.js",
- "name": "make-fetch-happen",
- "repository": {
- "type": "git",
- "url": "git+https://github.com/zkat/make-fetch-happen.git"
- },
- "scripts": {
- "postrelease": "npm publish && git push --follow-tags",
- "prerelease": "npm t",
- "pretest": "standard",
- "release": "standard-version -s",
- "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
- "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
- "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
- },
- "version": "4.0.2"
-}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js
deleted file mode 100644
index b8f13cf83195a..0000000000000
--- a/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js
+++ /dev/null
@@ -1,24 +0,0 @@
-const url = require('url')
-
-module.exports = setWarning
-
-function setWarning (reqOrRes, code, message, replace) {
- // Warning = "Warning" ":" 1#warning-value
- // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
- // warn-code = 3DIGIT
- // warn-agent = ( host [ ":" port ] ) | pseudonym
- // ; the name or pseudonym of the server adding
- // ; the Warning header, for use in debugging
- // warn-text = quoted-string
- // warn-date = <"> HTTP-date <">
- // (https://tools.ietf.org/html/rfc2616#section-14.46)
- const host = url.parse(reqOrRes.url).host
- const jsonMessage = JSON.stringify(message)
- const jsonDate = JSON.stringify(new Date().toUTCString())
- const header = replace ? 'set' : 'append'
-
- reqOrRes.headers[header](
- 'Warning',
- `${code} ${host} ${jsonMessage} ${jsonDate}`
- )
-}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md
deleted file mode 100644
index d24e026914c23..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md
+++ /dev/null
@@ -1,214 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
-
-## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
-
-
-
-
-# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
-
-
-### Features
-
-* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
-
-
-
-
-# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
-
-
-### Features
-
-* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
-
-
-
-
-# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
-
-
-### Features
-
-* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
-
-
-
-
-# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
-
-
-### Bug Fixes
-
-* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
-
-
-### Features
-
-* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
-
-
-
-
-# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
-
-
-### Features
-
-* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
-
-
-
-
-# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
-
-
-### Bug Fixes
-
-* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
-
-
-### Features
-
-* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
-
-
-
-
-# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
-
-
-### Bug Fixes
-
-* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
-
-
-### Features
-
-* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
-
-
-
-
-## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
-
-
-### Bug Fixes
-
-* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
-
-
-
-
-# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
-
-
-### Features
-
-* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
-
-
-
-
-## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
-
-
-
-
-# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
-
-
-### Features
-
-* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
-
-
-
-
-# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
-
-
-### Bug Fixes
-
-* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
-* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
-
-
-### BREAKING CHANGES
-
-* **config:** opts.config is no longer supported. Pass the options down in opts itself.
-
-
-
-
-# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
-
-
-### Features
-
-* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
-
-
-
-
-# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
-
-
-### meta
-
-* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
-
-
-### BREAKING CHANGES
-
-* node@4 is no longer supported
-
-
-
-
-## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
-
-
-
-
-# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
-
-
-### Features
-
-* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
-
-
-
-
-## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
-
-
-### Bug Fixes
-
-* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
-
-
-
-
-# 1.0.0 (2018-03-16)
-
-
-### Bug Fixes
-
-* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
-* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
-* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
-* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
-
-
-### Features
-
-* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
-* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
-* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
-* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
-* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md
deleted file mode 100644
index 8d28acf866d93..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md
+++ /dev/null
@@ -1,16 +0,0 @@
-ISC License
-
-Copyright (c) npm, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for
-any purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
-COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md
deleted file mode 100644
index 0c3f4f9469955..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md
+++ /dev/null
@@ -1,609 +0,0 @@
-# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
-
-[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
-library that implements a `fetch`-like API for accessing npm registry APIs
-consistently. It's able to consume npm-style configuration values and has all
-the necessary logic for picking registries, handling scopes, and dealing with
-authentication details built-in.
-
-This package is meant to replace the older
-[`npm-registry-client`](https://npm.im/npm-registry-client).
-
-## Example
-
-```javascript
-const npmFetch = require('npm-registry-fetch')
-
-console.log(
- await npmFetch.json('/-/ping')
-)
-```
-
-## Table of Contents
-
-* [Installing](#install)
-* [Example](#example)
-* [Contributing](#contributing)
-* [API](#api)
- * [`fetch`](#fetch)
- * [`fetch.json`](#fetch-json)
- * [`fetch` options](#fetch-opts)
-
-### Install
-
-`$ npm install npm-registry-fetch`
-
-### Contributing
-
-The npm team enthusiastically welcomes contributions and project participation!
-There's a bunch of things you can do if you want to contribute! The [Contributor
-Guide](CONTRIBUTING.md) has all the information you need for everything from
-reporting bugs to contributing entire new features. Please don't hesitate to
-jump in if you'd like to, or even ask us questions if something isn't clear.
-
-All participants and maintainers in this project are expected to follow [Code of
-Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
-
-Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
-
-Happy hacking!
-
-### API
-
-#### `> fetch(url, [opts]) -> Promise`
-
-Performs a request to a given URL.
-
-The URL can be either a full URL, or a path to one. The appropriate registry
-will be automatically picked if only a URL path is given.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-const res = await fetch('/-/ping')
-console.log(res.headers)
-res.on('data', d => console.log(d.toString('utf8')))
-```
-
-#### `> fetch.json(url, [opts]) -> Promise`
-
-Performs a request to a given registry URL, parses the body of the response as
-JSON, and returns it as its final value. This is a utility shorthand for
-`fetch(url).then(res => res.json())`.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-const res = await fetch.json('/-/ping')
-console.log(res) // Body parsed as JSON
-```
-
-#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
-
-Performs a request to a given registry URL and parses the body of the response
-as JSON, with each entry being emitted through the stream.
-
-The `jsonPath` argument is a [`JSONStream.parse()`
-path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
-returned stream (unlike default `JSONStream`s), has a valid
-`Symbol.asyncIterator` implementation.
-
-For available options, please see the section on [`fetch` options](#fetch-opts).
-
-##### Example
-
-```javascript
-console.log('https://npm.im/~zkat has access to the following packages:')
-for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
- console.log(`https://npm.im/${key} (perms: ${value})`)
-}
-```
-
-#### `fetch` Options
-
-Fetch options are optional, and can be passed in as either a Map-like object
-(one with a `.get()` method), a plain javascript object, or a
-[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
-
-##### `opts.agent`
-
-* Type: http.Agent
-* Default: an appropriate agent based on URL protocol and proxy settings
-
-An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
-be shared across requests. This allows multiple concurrent `fetch` requests to
-happen on the same socket.
-
-You do _not_ need to provide this option unless you want something particularly
-specialized, since proxy configurations and http/https agents are already
-automatically managed internally when this option is not passed through.
-
-##### `opts.body`
-
-* Type: Buffer | Stream | Object
-* Default: null
-
-Request body to send through the outgoing request. Buffers and Streams will be
-passed through as-is, with a default `content-type` of
-`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
-and the `content-type` will default to `application/json`.
-
-Use [`opts.headers`](#opts-headers) to set the content-type to something else.
-
-##### `opts.ca`
-
-* Type: String, Array, or null
-* Default: null
-
-The Certificate Authority signing certificate that is trusted for SSL
-connections to the registry. Values should be in PEM format (Windows calls it
-"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
-example:
-
-```
-{
- ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
-}
-```
-
-Set to `null` to only allow "known" registrars, or to a specific CA cert
-to trust only that specific signing authority.
-
-Multiple CAs can be trusted by specifying an array of certificates instead of a
-single string.
-
-See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
-[`opts.key`](#opts-key)
-
-##### `opts.cache`
-
-* Type: path
-* Default: null
-
-The location of the http cache directory. If provided, certain cachable requests
-will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
-rules. This will speed up future requests, as well as make the cached data
-available offline if necessary/requested.
-
-See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
-and [`prefer-online`](#opts-prefer-online).
-
-##### `opts.cert`
-
-* Type: String
-* Default: null
-
-A client certificate to pass when accessing the registry. Values should be in
-PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
-replaced by the string `'\n'`. For example:
-
-```
-{
- cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
-}
-```
-
-It is _not_ the path to a certificate file (and there is no "certfile" option).
-
-See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
-
-##### `opts.fetch-retries`
-
-* Type: Number
-* Default: 2
-
-The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
-packages from the registry.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-factor`
-
-* Type: Number
-* Default: 10
-
-The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-mintimeout`
-
-* Type: Number
-* Default: 10000 (10 seconds)
-
-The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.fetch-retry-maxtimeout`
-
-* Type: Number
-* Default: 60000 (1 minute)
-
-The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
-packages.
-
-See also [`opts.retry`](#opts-retry) to provide all retry options as a single
-object.
-
-##### `opts.force-auth`
-
-* Alias: `opts.forceAuth`
-* Type: Object
-* Default: null
-
-If present, other auth-related values in `opts` will be completely ignored,
-including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
-and the auth details in `opts.forceAuth` will be used instead.
-
-##### `opts.gzip`
-
-* Type: Boolean
-* Default: false
-
-If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
-and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
-[`opts.body`](#opts-body).
-
-##### `opts.headers`
-
-* Type: Object
-* Default: null
-
-Additional headers for the outgoing request. This option can also be used to
-override headers automatically generated by `npm-registry-fetch`, such as
-`Content-Type`.
-
-##### `opts.ignore-body`
-
-* Alias: `opts.ignoreBody`
-* Type: Boolean
-* Default: false
-
-If true, the **response body** will be thrown away and `res.body` set to `null`.
-This will prevent dangling response sockets for requests where you don't usually
-care what the response body is.
-
-##### `opts.integrity`
-
-* Type: String | [SRI object](https://npm.im/ssri)
-* Default: null
-
-If provided, the response body's will be verified against this integrity string,
-using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
-complete as normal. If verification fails, the response body will error with an
-`EINTEGRITY` error.
-
-Body integrity is only verified if the body is actually consumed to completion --
-that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
-`res` stream data to its end.
-
-Cached data will have its integrity automatically verified using the
-previously-generated integrity hash for the saved request information, so
-`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
-`opts.integrity` is not passed in.
-
-##### `opts.is-from-ci`
-
-* Alias: `opts.isFromCI`
-* Type: Boolean
-* Default: Based on environment variables
-
-This is used to populate the `npm-in-ci` request header sent to the registry.
-
-##### `opts.key`
-
-* Type: String
-* Default: null
-
-A client key to pass when accessing the registry. Values should be in PEM
-format with newlines replaced by the string `'\n'`. For example:
-
-```
-{
- key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
-}
-```
-
-It is _not_ the path to a key file (and there is no "keyfile" option).
-
-See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
-
-##### `opts.local-address`
-
-* Type: IP Address String
-* Default: null
-
-The IP address of the local interface to use when making connections
-to the registry.
-
-See also [`opts.proxy`](#opts-proxy)
-
-##### `opts.log`
-
-* Type: [`npmlog`](https://npm.im/npmlog)-like
-* Default: null
-
-Logger object to use for logging operation details. Must have the same methods
-as `npmlog`.
-
-##### `opts.map-json`
-
-* Alias: `mapJson`, `mapJSON`
-* Type: Function
-* Default: undefined
-
-When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
-to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
-`JSONStream.parse`, and can be used to transform stream data before output.
-
-##### `opts.maxsockets`
-
-* Alias: `opts.max-sockets`
-* Type: Integer
-* Default: 12
-
-Maximum number of sockets to keep open during requests. Has no effect if
-[`opts.agent`](#opts-agent) is used.
-
-##### `opts.method`
-
-* Type: String
-* Default: 'GET'
-
-HTTP method to use for the outgoing request. Case-insensitive.
-
-##### `opts.noproxy`
-
-* Type: Boolean
-* Default: process.env.NOPROXY
-
-If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
-
-##### `opts.npm-session`
-
-* Alias: `opts.npmSession`
-* Type: String
-* Default: null
-
-If provided, will be sent in the `npm-session` header. This header is used by
-the npm registry to identify individual user sessions (usually individual
-invocations of the CLI).
-
-##### `opts.offline`
-
-* Type: Boolean
-* Default: false
-
-Force offline mode: no network requests will be done during install. To allow
-`npm-registry-fetch` to fill in missing cache data, see
-[`opts.prefer-offline`](#opts-prefer-offline).
-
-This option is only really useful if you're also using
-[`opts.cache`](#opts-cache).
-
-##### `opts.otp`
-
-* Type: Number | String
-* Default: null
-
-This is a one-time password from a two-factor authenticator. It is required for
-certain registry interactions when two-factor auth is enabled for a user
-account.
-
-##### `opts.password`
-
-* Alias: _password
-* Type: String
-* Default: null
-
-Password used for basic authentication. For the more modern authentication
-method, please use the (more secure) [`opts.token`](#opts-token)
-
-Can optionally be scoped to a registry by using a "nerf dart" for that registry.
-That is:
-
-```
-{
- '//registry.npmjs.org/:password': 't0k3nH34r'
-}
-```
-
-See also [`opts.username`](#opts-username)
-
-##### `opts.prefer-offline`
-
-* Type: Boolean
-* Default: false
-
-If true, staleness checks for cached data will be bypassed, but missing data
-will be requested from the server. To force full offline mode, use
-[`opts.offline`](#opts-offline).
-
-This option is generally only useful if you're also using
-[`opts.cache`](#opts-cache).
-
-##### `opts.prefer-online`
-
-* Type: Boolean
-* Default: false
-
-If true, staleness checks for cached data will be forced, making the CLI look
-for updates immediately even for fresh package data.
-
-This option is generally only useful if you're also using
-[`opts.cache`](#opts-cache).
-
-
-##### `opts.project-scope`
-
-* Alias: `opts.projectScope`
-* Type: String
-* Default: null
-
-If provided, will be sent in the `npm-scope` header. This header is used by the
-npm registry to identify the toplevel package scope that a particular project
-installation is using.
-
-##### `opts.proxy`
-
-* Type: url
-* Default: null
-
-A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
-environment variable will be used.
-
-##### `opts.query`
-
-* Type: String | Object
-* Default: null
-
-If provided, the request URI will have a query string appended to it using this
-query. If `opts.query` is an object, it will be converted to a query string
-using
-[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
-
-If the request URI already has a query string, it will be merged with
-`opts.query`, preferring `opts.query` values.
-
-##### `opts.refer`
-
-* Alias: `opts.referer`
-* Type: String
-* Default: null
-
-Value to use for the `Referer` header. The npm CLI itself uses this to serialize
-the npm command line using the given request.
-
-##### `opts.registry`
-
-* Type: URL
-* Default: `'https://registry.npmjs.org'`
-
-Registry configuration for a request. If a request URL only includes the URL
-path, this registry setting will be prepended. This configuration is also used
-to determine authentication details, so even if the request URL references a
-completely different host, `opts.registry` will be used to find the auth details
-for that request.
-
-See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
-[`opts.:registry`](#opts-scope-registry) which can all affect the actual
-registry URL used by the outgoing request.
-
-##### `opts.retry`
-
-* Type: Object
-* Default: null
-
-Single-object configuration for request retry settings. If passed in, will
-override individually-passed `fetch-retry-*` settings.
-
-##### `opts.scope`
-
-* Type: String
-* Default: null
-
-Associate an operation with a scope for a scoped registry. This option can force
-lookup of scope-specific registries and authentication.
-
-See also [`opts.:registry`](#opts-scope-registry) and
-[`opts.spec`](#opts-spec) for interactions with this option.
-
-##### `opts.:registry`
-
-* Type: String
-* Default: null
-
-This option type can be used to configure the registry used for requests
-involving a particular scope. For example, `opts['@myscope:registry'] =
-'https://scope-specific.registry/'` will make it so requests go out to this
-registry instead of [`opts.registry`](#opts-registry) when
-[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
-scoped package spec.
-
-The `@` before the scope name is optional, but recommended.
-
-##### `opts.spec`
-
-* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
-* Default: null
-
-If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
-based on a specific package name. Non-registry package specs will throw an
-error.
-
-##### `opts.strict-ssl`
-
-* Type: Boolean
-* Default: true
-
-Whether or not to do SSL key validation when making requests to the
-registry via https.
-
-See also [`opts.ca`](#opts-ca).
-
-##### `opts.timeout`
-
-* Type: Milliseconds
-* Default: 30000 (30 seconds)
-
-Time before a hanging request times out.
-
-##### `opts.token`
-
-* Alias: `opts._authToken`
-* Type: String
-* Default: null
-
-Authentication token string.
-
-Can be scoped to a registry by using a "nerf dart" for that registry. That is:
-
-```
-{
- '//registry.npmjs.org/:token': 't0k3nH34r'
-}
-```
-
-##### `opts.user-agent`
-
-* Type: String
-* Default: `'npm-registry-fetch@/node@+ ()'`
-
-User agent string to send in the `User-Agent` header.
-
-##### `opts.username`
-
-* Type: String
-* Default: null
-
-Username used for basic authentication. For the more modern authentication
-method, please use the (more secure) [`opts.token`](#opts-token)
-
-Can optionally be scoped to a registry by using a "nerf dart" for that registry.
-That is:
-
-```
-{
- '//registry.npmjs.org/:username': 't0k3nH34r'
-}
-```
-
-See also [`opts.password`](#opts-password)
-
-##### `opts._auth`
-
-* Type: String
-* Default: null
-
-** DEPRECATED ** This is a legacy authentication token supported only for
-*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js
deleted file mode 100644
index d583982d0a8b2..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js
+++ /dev/null
@@ -1,57 +0,0 @@
-'use strict'
-
-const config = require('./config.js')
-const url = require('url')
-
-module.exports = getAuth
-function getAuth (registry, opts) {
- if (!registry) { throw new Error('registry is required') }
- opts = config(opts)
- let AUTH = {}
- const regKey = registry && registryKey(registry)
- if (opts.forceAuth) {
- opts = opts.forceAuth
- }
- const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
- doKey('token')
- doKey('_authToken', 'token')
- doKey('username')
- doKey('password')
- doKey('_password', 'password')
- doKey('email')
- doKey('_auth')
- doKey('otp')
- doKey('always-auth', 'alwaysAuth')
- if (AUTH.password) {
- AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
- }
- if (AUTH._auth && !(AUTH.username && AUTH.password)) {
- let auth = Buffer.from(AUTH._auth, 'base64').toString()
- auth = auth.split(':')
- AUTH.username = auth.shift()
- AUTH.password = auth.join(':')
- }
- AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
- return AUTH
-}
-
-function addKey (opts, obj, scope, key, objKey) {
- if (opts[key]) {
- obj[objKey || key] = opts[key]
- }
- if (scope && opts[`${scope}:${key}`]) {
- obj[objKey || key] = opts[`${scope}:${key}`]
- }
-}
-
-// Called a nerf dart in the main codebase. Used as a "safe"
-// key when fetching registry info from config.
-function registryKey (registry) {
- const parsed = url.parse(registry)
- const formatted = url.format({
- host: parsed.host,
- pathname: parsed.pathname,
- slashes: parsed.slashes
- })
- return url.resolve(formatted, '.')
-}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js
deleted file mode 100644
index bfde699edcfbd..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js
+++ /dev/null
@@ -1,109 +0,0 @@
-'use strict'
-
-const config = require('./config.js')
-const errors = require('./errors.js')
-const LRU = require('lru-cache')
-
-module.exports = checkResponse
-function checkResponse (method, res, registry, startTime, opts) {
- opts = config(opts)
- if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
- opts.log.notice('', res.headers.get('npm-notice'))
- }
- checkWarnings(res, registry, opts)
- if (res.status >= 400) {
- logRequest(method, res, startTime, opts)
- return checkErrors(method, res, startTime, opts)
- } else {
- res.body.on('end', () => logRequest(method, res, startTime, opts))
- if (opts.ignoreBody) {
- res.body.resume()
- res.body = null
- }
- return res
- }
-}
-
-function logRequest (method, res, startTime, opts) {
- const elapsedTime = Date.now() - startTime
- const attempt = res.headers.get('x-fetch-attempts')
- const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
- const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
- opts.log.http(
- 'fetch',
- `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
- )
-}
-
-const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
-const BAD_HOSTS = new LRU({ max: 50 })
-
-function checkWarnings (res, registry, opts) {
- if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
- const warnings = {}
- res.headers.raw()['warning'].forEach(w => {
- const match = w.match(WARNING_REGEXP)
- if (match) {
- warnings[match[1]] = {
- code: match[1],
- host: match[2],
- message: match[3],
- date: new Date(match[4])
- }
- }
- })
- BAD_HOSTS.set(registry, true)
- if (warnings['199']) {
- if (warnings['199'].message.match(/ENOTFOUND/)) {
- opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
- } else {
- opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
- }
- }
- if (warnings['111']) {
- // 111 Revalidation failed -- we're using stale data
- opts.log.warn(
- 'registry',
- `Using stale data from ${registry} due to a request error during revalidation.`
- )
- }
- }
-}
-
-function checkErrors (method, res, startTime, opts) {
- return res.buffer()
- .catch(() => null)
- .then(body => {
- let parsed = body
- try {
- parsed = JSON.parse(body.toString('utf8'))
- } catch (e) {}
- if (res.status === 401 && res.headers.get('www-authenticate')) {
- const auth = res.headers.get('www-authenticate')
- .split(/,\s*/)
- .map(s => s.toLowerCase())
- if (auth.indexOf('ipaddress') !== -1) {
- throw new errors.HttpErrorAuthIPAddress(
- method, res, parsed, opts.spec
- )
- } else if (auth.indexOf('otp') !== -1) {
- throw new errors.HttpErrorAuthOTP(
- method, res, parsed, opts.spec
- )
- } else {
- throw new errors.HttpErrorAuthUnknown(
- method, res, parsed, opts.spec
- )
- }
- } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
- // Heuristic for malformed OTP responses that don't include the www-authenticate header.
- throw new errors.HttpErrorAuthOTP(
- method, res, parsed, opts.spec
- )
- } else {
- throw new errors.HttpErrorGeneral(
- method, res, parsed, opts.spec
- )
- }
- })
-}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js
deleted file mode 100644
index 7fe5dacc94362..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js
+++ /dev/null
@@ -1,98 +0,0 @@
-'use strict'
-
-const pkg = require('./package.json')
-const figgyPudding = require('figgy-pudding')
-const silentLog = require('./silentlog.js')
-
-const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
-const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
-module.exports = figgyPudding({
- 'agent': {},
- 'algorithms': {},
- 'body': {},
- 'ca': {},
- 'cache': {},
- 'cert': {},
- 'fetch-retries': {},
- 'fetch-retry-factor': {},
- 'fetch-retry-maxtimeout': {},
- 'fetch-retry-mintimeout': {},
- 'force-auth': {},
- forceAuth: 'force-auth',
- 'gid': {},
- 'gzip': {},
- 'headers': {},
- 'https-proxy': {},
- 'ignore-body': {},
- ignoreBody: 'ignore-body',
- 'integrity': {},
- 'is-from-ci': 'isFromCI',
- 'isFromCI': {
- default () {
- return (
- process.env['CI'] === 'true' ||
- process.env['TDDIUM'] ||
- process.env['JENKINS_URL'] ||
- process.env['bamboo.buildKey'] ||
- process.env['GO_PIPELINE_NAME']
- )
- }
- },
- 'key': {},
- 'local-address': {},
- 'log': {
- default: silentLog
- },
- 'map-json': 'mapJson',
- 'mapJSON': 'mapJson',
- 'mapJson': {},
- 'max-sockets': 'maxsockets',
- 'maxsockets': {
- default: 12
- },
- 'memoize': {},
- 'method': {
- default: 'GET'
- },
- 'no-proxy': {},
- 'noproxy': {},
- 'npm-session': 'npmSession',
- 'npmSession': {},
- 'offline': {},
- 'otp': {},
- 'prefer-offline': {},
- 'prefer-online': {},
- 'projectScope': {},
- 'project-scope': 'projectScope',
- 'Promise': {default: () => Promise},
- 'proxy': {},
- 'query': {},
- 'refer': {},
- 'referer': 'refer',
- 'registry': {
- default: 'https://registry.npmjs.org/'
- },
- 'retry': {},
- 'scope': {},
- 'spec': {},
- 'strict-ssl': {},
- 'timeout': {},
- 'uid': {},
- 'user-agent': {
- default: `${
- pkg.name
- }@${
- pkg.version
- }/node@${
- process.version
- }+${
- process.arch
- } (${
- process.platform
- })`
- }
-}, {
- other (key) {
- return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
- }
-})
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js
deleted file mode 100644
index ba78735fce135..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js
+++ /dev/null
@@ -1,79 +0,0 @@
-'use strict'
-
-const url = require('url')
-
-function packageName (href) {
- try {
- let basePath = url.parse(href).pathname.substr(1)
- if (!basePath.match(/^-/)) {
- basePath = basePath.split('/')
- var index = basePath.indexOf('_rewrite')
- if (index === -1) {
- index = basePath.length - 1
- } else {
- index++
- }
- return decodeURIComponent(basePath[index])
- }
- } catch (_) {
- // this is ok
- }
-}
-
-class HttpErrorBase extends Error {
- constructor (method, res, body, spec) {
- super()
- this.headers = res.headers.raw()
- this.statusCode = res.status
- this.code = `E${res.status}`
- this.method = method
- this.uri = res.url
- this.body = body
- this.pkgid = spec ? spec.toString() : packageName(res.url)
- }
-}
-module.exports.HttpErrorBase = HttpErrorBase
-
-class HttpErrorGeneral extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = `${res.status} ${res.statusText} - ${
- this.method.toUpperCase()
- } ${
- this.spec || this.uri
- }${
- (body && body.error) ? ' - ' + body.error : ''
- }`
- Error.captureStackTrace(this, HttpErrorGeneral)
- }
-}
-module.exports.HttpErrorGeneral = HttpErrorGeneral
-
-class HttpErrorAuthOTP extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'OTP required for authentication'
- this.code = 'EOTP'
- Error.captureStackTrace(this, HttpErrorAuthOTP)
- }
-}
-module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
-
-class HttpErrorAuthIPAddress extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'Login is not allowed from your IP address'
- this.code = 'EAUTHIP'
- Error.captureStackTrace(this, HttpErrorAuthIPAddress)
- }
-}
-module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
-
-class HttpErrorAuthUnknown extends HttpErrorBase {
- constructor (method, res, body, spec) {
- super(method, res, body, spec)
- this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
- Error.captureStackTrace(this, HttpErrorAuthUnknown)
- }
-}
-module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js
deleted file mode 100644
index 4ba3c19243471..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js
+++ /dev/null
@@ -1,193 +0,0 @@
-'use strict'
-
-const Buffer = require('safe-buffer').Buffer
-
-const checkResponse = require('./check-response.js')
-const config = require('./config.js')
-const getAuth = require('./auth.js')
-const fetch = require('make-fetch-happen')
-const JSONStream = require('JSONStream')
-const npa = require('npm-package-arg')
-const {PassThrough} = require('stream')
-const qs = require('querystring')
-const url = require('url')
-const zlib = require('zlib')
-
-module.exports = regFetch
-function regFetch (uri, opts) {
- opts = config(opts)
- const registry = (
- (opts.spec && pickRegistry(opts.spec, opts)) ||
- opts.registry ||
- 'https://registry.npmjs.org/'
- )
- uri = url.parse(uri).protocol
- ? uri
- : `${
- registry.trim().replace(/\/?$/g, '')
- }/${
- uri.trim().replace(/^\//, '')
- }`
- // through that takes into account the scope, the prefix of `uri`, etc
- const startTime = Date.now()
- const headers = getHeaders(registry, uri, opts)
- let body = opts.body
- const bodyIsStream = body &&
- typeof body === 'object' &&
- typeof body.pipe === 'function'
- if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
- headers['content-type'] = headers['content-type'] || 'application/json'
- body = JSON.stringify(body)
- } else if (body && !headers['content-type']) {
- headers['content-type'] = 'application/octet-stream'
- }
- if (opts.gzip) {
- headers['content-encoding'] = 'gzip'
- if (bodyIsStream) {
- const gz = zlib.createGzip()
- body.on('error', err => gz.emit('error', err))
- body = body.pipe(gz)
- } else {
- body = new opts.Promise((resolve, reject) => {
- zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
- })
- }
- }
- if (opts.query) {
- let q = opts.query
- if (typeof q === 'string') {
- q = qs.parse(q)
- }
- Object.keys(q).forEach(key => {
- if (q[key] === undefined) {
- delete q[key]
- }
- })
- if (Object.keys(q).length) {
- const parsed = url.parse(uri)
- parsed.search = '?' + qs.stringify(
- parsed.query
- ? Object.assign(qs.parse(parsed.query), q)
- : q
- )
- uri = url.format(parsed)
- }
- }
- return opts.Promise.resolve(body).then(body => fetch(uri, {
- agent: opts.agent,
- algorithms: opts.algorithms,
- body,
- cache: getCacheMode(opts),
- cacheManager: opts.cache,
- ca: opts.ca,
- cert: opts.cert,
- headers,
- integrity: opts.integrity,
- key: opts.key,
- localAddress: opts['local-address'],
- maxSockets: opts.maxsockets,
- memoize: opts.memoize,
- method: opts.method || 'GET',
- noProxy: opts['no-proxy'] || opts.noproxy,
- Promise: opts.Promise,
- proxy: opts['https-proxy'] || opts.proxy,
- referer: opts.refer,
- retry: opts.retry != null ? opts.retry : {
- retries: opts['fetch-retries'],
- factor: opts['fetch-retry-factor'],
- minTimeout: opts['fetch-retry-mintimeout'],
- maxTimeout: opts['fetch-retry-maxtimeout']
- },
- strictSSL: !!opts['strict-ssl'],
- timeout: opts.timeout,
- uid: opts.uid,
- gid: opts.gid
- }).then(res => checkResponse(
- opts.method || 'GET', res, registry, startTime, opts
- )))
-}
-
-module.exports.json = fetchJSON
-function fetchJSON (uri, opts) {
- return regFetch(uri, opts).then(res => res.json())
-}
-
-module.exports.json.stream = fetchJSONStream
-function fetchJSONStream (uri, jsonPath, opts) {
- opts = config(opts)
- const parser = JSONStream.parse(jsonPath, opts.mapJson)
- const pt = parser.pipe(new PassThrough({objectMode: true}))
- parser.on('error', err => pt.emit('error', err))
- regFetch(uri, opts).then(res => {
- res.body.on('error', err => parser.emit('error', err))
- res.body.pipe(parser)
- }, err => pt.emit('error', err))
- return pt
-}
-
-module.exports.pickRegistry = pickRegistry
-function pickRegistry (spec, opts) {
- spec = npa(spec)
- opts = config(opts)
- let registry = spec.scope &&
- opts[spec.scope.replace(/^@?/, '@') + ':registry']
-
- if (!registry && opts.scope) {
- registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
- }
-
- if (!registry) {
- registry = opts.registry || 'https://registry.npmjs.org/'
- }
-
- return registry
-}
-
-function getCacheMode (opts) {
- return opts.offline
- ? 'only-if-cached'
- : opts['prefer-offline']
- ? 'force-cache'
- : opts['prefer-online']
- ? 'no-cache'
- : 'default'
-}
-
-function getHeaders (registry, uri, opts) {
- const headers = Object.assign({
- 'npm-in-ci': !!(
- opts['is-from-ci'] ||
- process.env['CI'] === 'true' ||
- process.env['TDDIUM'] ||
- process.env['JENKINS_URL'] ||
- process.env['bamboo.buildKey'] ||
- process.env['GO_PIPELINE_NAME']
- ),
- 'npm-scope': opts['project-scope'],
- 'npm-session': opts['npm-session'],
- 'user-agent': opts['user-agent'],
- 'referer': opts.refer
- }, opts.headers)
-
- const auth = getAuth(registry, opts)
- // If a tarball is hosted on a different place than the manifest, only send
- // credentials on `alwaysAuth`
- const shouldAuth = (
- auth.alwaysAuth ||
- url.parse(uri).host === url.parse(registry).host
- )
- if (shouldAuth && auth.token) {
- headers.authorization = `Bearer ${auth.token}`
- } else if (shouldAuth && auth.username && auth.password) {
- const encoded = Buffer.from(
- `${auth.username}:${auth.password}`, 'utf8'
- ).toString('base64')
- headers.authorization = `Basic ${encoded}`
- } else if (shouldAuth && auth._auth) {
- headers.authorization = `Basic ${auth._auth}`
- }
- if (shouldAuth && auth.otp) {
- headers['npm-otp'] = auth.otp
- }
- return headers
-}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json
deleted file mode 100644
index 4302bfc690cb6..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
- "_from": "npm-registry-fetch@^3.8.0",
- "_id": "npm-registry-fetch@3.9.1",
- "_inBundle": false,
- "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
- "_location": "/libnpmpublish/npm-registry-fetch",
- "_phantomChildren": {},
- "_requested": {
- "type": "range",
- "registry": true,
- "raw": "npm-registry-fetch@^3.8.0",
- "name": "npm-registry-fetch",
- "escapedName": "npm-registry-fetch",
- "rawSpec": "^3.8.0",
- "saveSpec": null,
- "fetchSpec": "^3.8.0"
- },
- "_requiredBy": [
- "/libnpmpublish"
- ],
- "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
- "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
- "_spec": "npm-registry-fetch@^3.8.0",
- "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmpublish",
- "author": {
- "name": "Kat Marchán",
- "email": "kzm@sykosomatic.org"
- },
- "bugs": {
- "url": "https://github.com/npm/registry-fetch/issues"
- },
- "bundleDependencies": false,
- "config": {
- "nyc": {
- "exclude": [
- "node_modules/**",
- "test/**"
- ]
- }
- },
- "dependencies": {
- "JSONStream": "^1.3.4",
- "bluebird": "^3.5.1",
- "figgy-pudding": "^3.4.1",
- "lru-cache": "^5.1.1",
- "make-fetch-happen": "^4.0.2",
- "npm-package-arg": "^6.1.0"
- },
- "deprecated": false,
- "description": "Fetch-based http client for use with npm registry APIs",
- "devDependencies": {
- "cacache": "^11.3.3",
- "get-stream": "^4.0.0",
- "mkdirp": "^0.5.1",
- "nock": "^9.4.3",
- "npmlog": "^4.1.2",
- "rimraf": "^2.6.2",
- "ssri": "^6.0.0",
- "standard": "^11.0.1",
- "standard-version": "^4.4.0",
- "tap": "^12.0.1",
- "weallbehave": "^1.2.0",
- "weallcontribute": "^1.0.8"
- },
- "files": [
- "*.js",
- "lib"
- ],
- "homepage": "https://github.com/npm/registry-fetch#readme",
- "keywords": [
- "npm",
- "registry",
- "fetch"
- ],
- "license": "ISC",
- "main": "index.js",
- "name": "npm-registry-fetch",
- "repository": {
- "type": "git",
- "url": "git+https://github.com/npm/registry-fetch.git"
- },
- "scripts": {
- "postrelease": "npm publish && git push --follow-tags",
- "prerelease": "npm t",
- "pretest": "standard",
- "release": "standard-version -s",
- "test": "tap -J --coverage test/*.js",
- "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
- "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
- },
- "version": "3.9.1"
-}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js
deleted file mode 100644
index 886c5d55b2dbb..0000000000000
--- a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js
+++ /dev/null
@@ -1,14 +0,0 @@
-'use strict'
-
-const noop = Function.prototype
-module.exports = {
- error: noop,
- warn: noop,
- notice: noop,
- info: noop,
- verbose: noop,
- silly: noop,
- http: noop,
- pause: noop,
- resume: noop
-}
diff --git a/node_modules/libnpmpublish/package.json b/node_modules/libnpmpublish/package.json
index 4df1f0011dd13..58eda1a508928 100644
--- a/node_modules/libnpmpublish/package.json
+++ b/node_modules/libnpmpublish/package.json
@@ -1,27 +1,27 @@
{
- "_from": "libnpmpublish@^1.1.0",
- "_id": "libnpmpublish@1.1.1",
+ "_from": "libnpmpublish@^1.1.2",
+ "_id": "libnpmpublish@1.1.2",
"_inBundle": false,
- "_integrity": "sha512-nefbvJd/wY38zdt+b9SHL6171vqBrMtZ56Gsgfd0duEKb/pB8rDT4/ObUQLrHz1tOfht1flt2zM+UGaemzAG5g==",
+ "_integrity": "sha512-2yIwaXrhTTcF7bkJKIKmaCV9wZOALf/gsTDxVSu/Gu/6wiG3fA8ce8YKstiWKTxSFNC0R7isPUb6tXTVFZHt2g==",
"_location": "/libnpmpublish",
"_phantomChildren": {},
"_requested": {
"type": "range",
"registry": true,
- "raw": "libnpmpublish@^1.1.0",
+ "raw": "libnpmpublish@^1.1.2",
"name": "libnpmpublish",
"escapedName": "libnpmpublish",
- "rawSpec": "^1.1.0",
+ "rawSpec": "^1.1.2",
"saveSpec": null,
- "fetchSpec": "^1.1.0"
+ "fetchSpec": "^1.1.2"
},
"_requiredBy": [
"/libnpm"
],
- "_resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-1.1.1.tgz",
- "_shasum": "ff0c6bb0b4ad2bda2ad1f5fba6760a4af37125f0",
- "_spec": "libnpmpublish@^1.1.0",
- "_where": "/Users/zkat/Documents/code/work/npm/node_modules/libnpm",
+ "_resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-1.1.2.tgz",
+ "_shasum": "4201cfc4a69c44e6f454ec548fa1cd90f10df0a0",
+ "_spec": "libnpmpublish@^1.1.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
"author": {
"name": "Kat Marchán",
"email": "kzm@zkat.tech"
@@ -37,7 +37,7 @@
"lodash.clonedeep": "^4.5.0",
"normalize-package-data": "^2.4.0",
"npm-package-arg": "^6.1.0",
- "npm-registry-fetch": "^3.8.0",
+ "npm-registry-fetch": "^4.0.0",
"semver": "^5.5.1",
"ssri": "^6.0.1"
},
@@ -69,5 +69,5 @@
"update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
"update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
},
- "version": "1.1.1"
+ "version": "1.1.2"
}
diff --git a/node_modules/libnpmpublish/test/publish.js b/node_modules/libnpmpublish/test/publish.js
index 65b8c82524dd2..23eef2181f1fb 100644
--- a/node_modules/libnpmpublish/test/publish.js
+++ b/node_modules/libnpmpublish/test/publish.js
@@ -917,3 +917,132 @@ test('publishConfig on manifest', t => {
})
})
})
+
+test('publish with encoded _auth', t => {
+ const manifest = {
+ name: 'libnpmpublish',
+ version: '1.0.0',
+ description: 'some stuff'
+ }
+ return mockTar({
+ 'package.json': JSON.stringify(manifest),
+ 'index.js': 'console.log("hello world")'
+ }).then(tarData => {
+ const shasum = crypto.createHash('sha1').update(tarData).digest('hex')
+ const integrity = ssri.fromData(tarData, { algorithms: ['sha512'] })
+ const packument = {
+ name: 'libnpmpublish',
+ description: 'some stuff',
+ readme: '',
+ _id: 'libnpmpublish',
+ 'dist-tags': {
+ latest: '1.0.0'
+ },
+ maintainers: [
+ { name: 'myuser', email: 'my@ema.il' }
+ ],
+ versions: {
+ '1.0.0': {
+ _id: 'libnpmpublish@1.0.0',
+ _npmUser: {
+ name: 'myuser',
+ email: 'my@ema.il'
+ },
+ maintainers: [
+ { name: 'myuser', email: 'my@ema.il' }
+ ],
+ _nodeVersion: process.versions.node,
+ name: 'libnpmpublish',
+ version: '1.0.0',
+ description: 'some stuff',
+ dist: {
+ shasum,
+ integrity: integrity.toString(),
+ tarball: `http://mock.reg/libnpmpublish/-/libnpmpublish-1.0.0.tgz`
+ }
+ }
+ },
+ _attachments: {
+ 'libnpmpublish-1.0.0.tgz': {
+ 'content_type': 'application/octet-stream',
+ data: tarData.toString('base64'),
+ length: tarData.length
+ }
+ }
+ }
+ const srv = tnock(t, REG)
+ srv.put('/libnpmpublish', body => {
+ t.deepEqual(body, packument, 'posted packument matches expectations')
+ return true
+ }, {
+ authorization: 'Bearer deadbeef'
+ }).reply(201, {})
+
+ return publish(manifest, tarData, OPTS.concat({
+ _auth: Buffer.from('myuser:mypassword', 'utf8').toString('base64'),
+ email: 'my@ema.il'
+ })).then(ret => {
+ t.ok(ret, 'publish succeeded using _auth')
+ })
+ })
+})
+
+test('publish with 302 redirect', t => {
+ const manifest = {
+ name: 'libnpmpublish',
+ version: '1.0.0',
+ description: 'some stuff'
+ }
+ return mockTar({
+ 'package.json': JSON.stringify(manifest),
+ 'index.js': 'console.log("hello world")'
+ }).then(tarData => {
+ const shasum = crypto.createHash('sha1').update(tarData).digest('hex')
+ const integrity = ssri.fromData(tarData, { algorithms: ['sha512'] })
+ const packument = {
+ name: 'libnpmpublish',
+ description: 'some stuff',
+ readme: '',
+ _id: 'libnpmpublish',
+ 'dist-tags': {
+ latest: '1.0.0'
+ },
+ versions: {
+ '1.0.0': {
+ _id: 'libnpmpublish@1.0.0',
+ _nodeVersion: process.versions.node,
+ name: 'libnpmpublish',
+ version: '1.0.0',
+ description: 'some stuff',
+ dist: {
+ shasum,
+ integrity: integrity.toString(),
+ tarball: `http://mock.reg/libnpmpublish/-/libnpmpublish-1.0.0.tgz`
+ }
+ }
+ },
+ _attachments: {
+ 'libnpmpublish-1.0.0.tgz': {
+ 'content_type': 'application/octet-stream',
+ data: tarData.toString('base64'),
+ length: tarData.length
+ }
+ }
+ }
+ tnock(t, REG).put('/libnpmpublish').reply(302, '', {
+ location: 'http://blah.net/libnpmpublish'
+ })
+ tnock(t, 'http://blah.net').put('/libnpmpublish', body => {
+ t.deepEqual(body, packument, 'posted packument matches expectations')
+ return true
+ }, {
+ authorization: 'Bearer deadbeef'
+ }).reply(201, {})
+
+ return publish(manifest, tarData, OPTS.concat({
+ token: 'deadbeef'
+ })).then(ret => {
+ t.ok(ret, 'publish succeeded')
+ })
+ })
+})
diff --git a/package-lock.json b/package-lock.json
index a67e718b5cb53..79507cb92d202 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3082,61 +3082,94 @@
}
},
"libnpm": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/libnpm/-/libnpm-3.0.0.tgz",
- "integrity": "sha512-H8N3GiytH6rtrBSIyWIL9/kOK5eGp3y8uKvoB8m/fR0UUzRpmJasTkQ4c/E/wwI5adL9l49rf/K7cUctcTHmRw==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/libnpm/-/libnpm-3.0.1.tgz",
+ "integrity": "sha512-d7jU5ZcMiTfBqTUJVZ3xid44fE5ERBm9vBnmhp2ECD2Ls+FNXWxHSkO7gtvrnbLO78gwPdNPz1HpsF3W4rjkBQ==",
"requires": {
"bin-links": "^1.1.2",
"bluebird": "^3.5.3",
"find-npm-prefix": "^1.0.2",
- "libnpmaccess": "^3.0.1",
+ "libnpmaccess": "^3.0.2",
"libnpmconfig": "^1.2.1",
- "libnpmhook": "^5.0.2",
- "libnpmorg": "^1.0.0",
- "libnpmpublish": "^1.1.0",
- "libnpmsearch": "^2.0.0",
- "libnpmteam": "^1.0.1",
+ "libnpmhook": "^5.0.3",
+ "libnpmorg": "^1.0.1",
+ "libnpmpublish": "^1.1.2",
+ "libnpmsearch": "^2.0.2",
+ "libnpmteam": "^1.0.2",
"lock-verify": "^2.0.2",
"npm-lifecycle": "^3.0.0",
"npm-logical-tree": "^1.2.1",
"npm-package-arg": "^6.1.0",
- "npm-profile": "^4.0.1",
- "npm-registry-fetch": "^3.8.0",
+ "npm-profile": "^4.0.2",
+ "npm-registry-fetch": "^4.0.0",
"npmlog": "^4.1.2",
- "pacote": "^9.2.3",
+ "pacote": "^9.5.3",
"read-package-json": "^2.0.13",
"stringify-package": "^1.0.0"
},
"dependencies": {
- "make-fetch-happen": {
- "version": "4.0.2",
- "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
- "integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "libnpmaccess": {
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/libnpmaccess/-/libnpmaccess-3.0.2.tgz",
+ "integrity": "sha512-01512AK7MqByrI2mfC7h5j8N9V4I7MHJuk9buo8Gv+5QgThpOgpjB7sQBDDkeZqRteFb1QM/6YNdHfG7cDvfAQ==",
"requires": {
- "agentkeepalive": "^3.4.1",
- "cacache": "^11.3.3",
- "http-cache-semantics": "^3.8.1",
- "http-proxy-agent": "^2.1.0",
- "https-proxy-agent": "^2.2.1",
- "lru-cache": "^5.1.1",
- "mississippi": "^3.0.0",
- "node-fetch-npm": "^2.0.2",
- "promise-retry": "^1.1.1",
- "socks-proxy-agent": "^4.0.0",
- "ssri": "^6.0.0"
+ "aproba": "^2.0.0",
+ "get-stream": "^4.0.0",
+ "npm-package-arg": "^6.1.0",
+ "npm-registry-fetch": "^4.0.0"
}
},
- "npm-registry-fetch": {
- "version": "3.9.1",
- "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
- "integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "libnpmhook": {
+ "version": "5.0.3",
+ "resolved": "https://registry.npmjs.org/libnpmhook/-/libnpmhook-5.0.3.tgz",
+ "integrity": "sha512-UdNLMuefVZra/wbnBXECZPefHMGsVDTq5zaM/LgKNE9Keyl5YXQTnGAzEo+nFOpdRqTWI9LYi4ApqF9uVCCtuA==",
"requires": {
- "JSONStream": "^1.3.4",
- "bluebird": "^3.5.1",
+ "aproba": "^2.0.0",
"figgy-pudding": "^3.4.1",
- "lru-cache": "^5.1.1",
- "make-fetch-happen": "^4.0.2",
- "npm-package-arg": "^6.1.0"
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ }
+ },
+ "libnpmorg": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/libnpmorg/-/libnpmorg-1.0.1.tgz",
+ "integrity": "sha512-0sRUXLh+PLBgZmARvthhYXQAWn0fOsa6T5l3JSe2n9vKG/lCVK4nuG7pDsa7uMq+uTt2epdPK+a2g6btcY11Ww==",
+ "requires": {
+ "aproba": "^2.0.0",
+ "figgy-pudding": "^3.4.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ }
+ },
+ "libnpmsearch": {
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/libnpmsearch/-/libnpmsearch-2.0.2.tgz",
+ "integrity": "sha512-VTBbV55Q6fRzTdzziYCr64+f8AopQ1YZ+BdPOv16UegIEaE8C0Kch01wo4s3kRTFV64P121WZJwgmBwrq68zYg==",
+ "requires": {
+ "figgy-pudding": "^3.5.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ }
+ },
+ "libnpmteam": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/libnpmteam/-/libnpmteam-1.0.2.tgz",
+ "integrity": "sha512-p420vM28Us04NAcg1rzgGW63LMM6rwe+6rtZpfDxCcXxM0zUTLl7nPFEnRF3JfFBF5skF/yuZDUthTsHgde8QA==",
+ "requires": {
+ "aproba": "^2.0.0",
+ "figgy-pudding": "^3.4.1",
+ "get-stream": "^4.0.0",
+ "npm-registry-fetch": "^4.0.0"
+ }
+ },
+ "npm-profile": {
+ "version": "4.0.2",
+ "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.2.tgz",
+ "integrity": "sha512-VRsC04pvRH+9cF+PoVh2nTmJjiG21yu59IHpsBpkxk+jaGAV8lxx96G4SDc0jOHAkfWLXbc6kIph3dGAuRnotQ==",
+ "requires": {
+ "aproba": "^1.1.2 || 2",
+ "figgy-pudding": "^3.4.1",
+ "npm-registry-fetch": "^4.0.0"
}
}
}
@@ -3334,9 +3367,9 @@
}
},
"libnpmpublish": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-1.1.1.tgz",
- "integrity": "sha512-nefbvJd/wY38zdt+b9SHL6171vqBrMtZ56Gsgfd0duEKb/pB8rDT4/ObUQLrHz1tOfht1flt2zM+UGaemzAG5g==",
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/libnpmpublish/-/libnpmpublish-1.1.2.tgz",
+ "integrity": "sha512-2yIwaXrhTTcF7bkJKIKmaCV9wZOALf/gsTDxVSu/Gu/6wiG3fA8ce8YKstiWKTxSFNC0R7isPUb6tXTVFZHt2g==",
"requires": {
"aproba": "^2.0.0",
"figgy-pudding": "^3.5.1",
@@ -3344,42 +3377,9 @@
"lodash.clonedeep": "^4.5.0",
"normalize-package-data": "^2.4.0",
"npm-package-arg": "^6.1.0",
- "npm-registry-fetch": "^3.8.0",
+ "npm-registry-fetch": "^4.0.0",
"semver": "^5.5.1",
"ssri": "^6.0.1"
- },
- "dependencies": {
- "make-fetch-happen": {
- "version": "4.0.2",
- "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
- "integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
- "requires": {
- "agentkeepalive": "^3.4.1",
- "cacache": "^11.3.3",
- "http-cache-semantics": "^3.8.1",
- "http-proxy-agent": "^2.1.0",
- "https-proxy-agent": "^2.2.1",
- "lru-cache": "^5.1.1",
- "mississippi": "^3.0.0",
- "node-fetch-npm": "^2.0.2",
- "promise-retry": "^1.1.1",
- "socks-proxy-agent": "^4.0.0",
- "ssri": "^6.0.0"
- }
- },
- "npm-registry-fetch": {
- "version": "3.9.1",
- "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
- "integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
- "requires": {
- "JSONStream": "^1.3.4",
- "bluebird": "^3.5.1",
- "figgy-pudding": "^3.4.1",
- "lru-cache": "^5.1.1",
- "make-fetch-happen": "^4.0.2",
- "npm-package-arg": "^6.1.0"
- }
- }
}
},
"libnpmsearch": {
diff --git a/package.json b/package.json
index 14511136b2ac0..5a9f37b437a8c 100644
--- a/package.json
+++ b/package.json
@@ -73,7 +73,7 @@
"json-parse-better-errors": "^1.0.2",
"lazy-property": "~1.0.0",
"libcipm": "^4.0.0",
- "libnpm": "^3.0.0",
+ "libnpm": "^3.0.1",
"libnpmhook": "^5.0.2",
"libnpmsearch": "^2.0.1",
"libnpx": "^10.2.0",