diff --git a/.eslintrc b/.eslintrc
index 618b3d51116053..0aed06ca55f5c3 100644
--- a/.eslintrc
+++ b/.eslintrc
@@ -76,6 +76,7 @@ rules:
# Stylistic Issues
# http://eslint.org/docs/rules/#stylistic-issues
+ block-spacing: 2
brace-style: [2, 1tbs, {allowSingleLine: true}]
comma-spacing: 2
comma-style: 2
@@ -93,7 +94,7 @@ rules:
no-multiple-empty-lines: [2, {max: 2, maxEOF: 0, maxBOF: 0}]
no-tabs: 2
no-trailing-spaces: 2
- operator-linebreak: [2, after, {overrides: {'?': ignore, ':': ignore}}]
+ operator-linebreak: [2, after]
quotes: [2, single, avoid-escape]
semi: 2
semi-spacing: 2
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 7b004801207054..e14f5fc937d620 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,5 +1,6 @@
-
-
-##### Description of change
-
diff --git a/BUILDING.md b/BUILDING.md
index b1962d53c2caf4..b98bb75d79b656 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -24,8 +24,8 @@ On OS X, you will also need:
this under the menu `Xcode -> Preferences -> Downloads`
* This step will install `gcc` and the related toolchain containing `make`
-* You may want to setup [firewall rules](tools/macosx-firewall.sh) to avoid
-popups asking to accept incoming network connections when running tests:
+* After building, you may want to setup [firewall rules](tools/macosx-firewall.sh)
+to avoid popups asking to accept incoming network connections when running tests:
```console
$ sudo ./tools/macosx-firewall.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d8f2d68e12005..4be43de6d81fbb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,7 +28,8 @@ release.
- 7.3.0
+ 7.4.0
+ 7.3.0 7.2.1 7.2.0 7.1.0
diff --git a/COLLABORATOR_GUIDE.md b/COLLABORATOR_GUIDE.md
index abf91289fcfdec..32533304fecc67 100644
--- a/COLLABORATOR_GUIDE.md
+++ b/COLLABORATOR_GUIDE.md
@@ -36,7 +36,7 @@ Collaborators or additional evidence that the issue has relevance, the
issue may be closed. Remember that issues can always be re-opened if
necessary.
-[**See "Who to CC in issues"**](./onboarding-extras.md#who-to-cc-in-issues)
+[**See "Who to CC in issues"**](./doc/onboarding-extras.md#who-to-cc-in-issues)
## Accepting Modifications
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 830f2615528170..6d419aa4954fde 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,16 +60,21 @@ always welcome but API or behavioral changes to modules at stability level 3
Node.js has several bundled dependencies in the *deps/* and the *tools/*
directories that are not part of the project proper. Any changes to files
in those directories or its subdirectories should be sent to their respective
-projects. Do not send your patch to us, we cannot accept it.
+projects. Do not send a patch to Node.js. We cannot accept such patches.
In case of doubt, open an issue in the
[issue tracker](https://github.com/nodejs/node/issues/) or contact one of the
[project Collaborators](https://github.com/nodejs/node/#current-project-team-members).
Especially do so if you plan to work on something big. Nothing is more
frustrating than seeing your hard work go to waste because your vision
-does not align with the project team. Node.js has two IRC channels,
-[#Node.js](http://webchat.freenode.net/?channels=node.js) for general help and questions, and
-[#Node-dev](http://webchat.freenode.net/?channels=node-dev) for development of node core specifically.
+does not align with the project team. (Node.js has two IRC channels:
+[#Node.js](http://webchat.freenode.net/?channels=node.js) for general help and
+questions, and
+[#Node-dev](http://webchat.freenode.net/?channels=node-dev) for development of
+Node.js core specifically.
+
+For instructions on updating the version of V8 included in the *deps/*
+directory, please refer to [the Maintaining V8 in Node.js guide](https://github.com/nodejs/node/blob/master/doc/guides/maintaining-V8.md).
### Step 2: Branch
@@ -243,18 +248,85 @@ If in doubt, you can always ask for guidance in the Pull Request or on
[IRC in the #node-dev channel](https://webchat.freenode.net?channels=node-dev&uio=d4).
Feel free to post a comment in the Pull Request to ping reviewers if you are
-awaiting an answer on something.
+awaiting an answer on something. If you encounter words or acronyms that
+seem unfamiliar, check out this
+[glossary](https://sites.google.com/a/chromium.org/dev/glossary).
+Note that multiple commits often get squashed when they are landed (see the
+notes about [commit squashing](#commit-squashing)).
### Step 8: Landing
-Once your Pull Request has been reviewed and approved by at least one Node.js
-Collaborators (often by saying LGTM, or Looks Good To Me), and as long as
-there is consensus (no objections from a Collaborator), a
-Collaborator can merge the Pull Request . GitHub often shows the Pull Request as
- `Closed` at this point, but don't worry. If you look at the branch you raised
- your Pull Request against (probably `master`), you should see a commit with
- your name on it. Congratulations and thanks for your contribution!
+In order to get landed, a Pull Request needs to be reviewed and
+[approved](#getting-approvals-for-your-pull-request) by
+at least one Node.js Collaborator and pass a
+[CI (Continuous Integration) test run](#ci-testing).
+After that, as long as there are no objections
+from a Collaborator, the Pull Request can be merged. If you find your
+Pull Request waiting longer than you expect, see the
+[notes about the waiting time](#waiting-until-the-pull-request-gets-landed).
+
+When a collaborator lands your Pull Request, they will post
+a comment to the Pull Request page mentioning the commit(s) it
+landed as. GitHub often shows the Pull Request as `Closed` at this
+point, but don't worry. If you look at the branch you raised your
+Pull Request against (probably `master`), you should see a commit with
+your name on it. Congratulations and thanks for your contribution!
+
+## Additional Notes
+
+### Commit Squashing
+
+When the commits in your Pull Request get landed, they will be squashed
+into one commit per logical change, with metadata added to the commit
+message (including links to the Pull Request, links to relevant issues,
+and the names of the reviewers). The commit history of your Pull Request,
+however, will stay intact on the Pull Request page.
+
+For the size of "one logical change",
+[0b5191f](https://github.com/nodejs/node/commit/0b5191f15d0f311c804d542b67e2e922d98834f8)
+can be a good example. It touches the implementation, the documentation,
+and the tests, but is still one logical change. In general, the tests should
+always pass when each individual commit lands on the master branch.
+
+### Getting Approvals for Your Pull Request
+
+A Pull Request is approved either by saying LGTM, which stands for
+"Looks Good To Me", or by using GitHub's Approve button.
+GitHub's Pull Request review feature can be used during the process.
+For more information, check out
+[the video tutorial](https://www.youtube.com/watch?v=HW0RPaJqm4g)
+or [the official documentation](https://help.github.com/articles/reviewing-changes-in-pull-requests/).
+
+After you push new changes to your branch, you need to get
+approval for these new changes again, even if GitHub shows "Approved"
+because the reviewers have hit the buttons before.
+
+### CI Testing
+
+Every Pull Request needs to be tested
+to make sure that it works on the platforms that Node.js
+supports. This is done by running the code through the CI system.
+
+Only a Collaborator can request a CI run. Usually one of them will do it
+for you as approvals for the Pull Request come in.
+If not, you can ask a Collaborator to request a CI run.
+
+### Waiting Until the Pull Request Gets Landed
+
+A Pull Request needs to stay open for at least 48 hours (72 hours on a
+weekend) from when it is submitted, even after it gets approved and
+passes the CI. This is to make sure that everyone has a chance to
+weigh in. If the changes are trivial, collaborators may decide it
+doesn't need to wait. A Pull Request may well take longer to be
+merged in. All these precautions are important because Node.js is
+widely used, so don't be discouraged!
+
+### Check Out the Collaborator's Guide
+
+If you want to know more about the code review and the landing process,
+you can take a look at the
+[collaborator's guide](https://github.com/nodejs/node/blob/master/COLLABORATOR_GUIDE.md).
## Developer's Certificate of Origin 1.1
diff --git a/README.md b/README.md
index bdb74b5446ac40..3bc0bea7020e8b 100644
--- a/README.md
+++ b/README.md
@@ -184,6 +184,8 @@ more information about the governance of the Node.js project, see
**Rod Vagg** <rod@vagg.org>
* [shigeki](https://github.com/shigeki) -
**Shigeki Ohtsu** <ohtsu@iij.ad.jp>
+* [targos](https://github.com/targos) -
+**Michaël Zasso** <targos@protonmail.com>
* [TheAlphaNerd](https://github.com/TheAlphaNerd) -
**Myles Borins** <myles.borins@gmail.com>
* [thefourtheye](https://github.com/thefourtheye) -
@@ -251,6 +253,8 @@ more information about the governance of the Node.js project, see
**João Reis** <reis@janeasystems.com>
* [joshgav](https://github.com/joshgav) -
**Josh Gavant** <josh.gavant@outlook.com>
+* [joyeecheung](https://github.com/joyeecheung) -
+**Joyee Cheung** <joyeec9h3@gmail.com>
* [julianduque](https://github.com/julianduque) -
**Julian Duque** <julianduquej@gmail.com>
* [JungMinu](https://github.com/JungMinu) -
@@ -317,8 +321,6 @@ more information about the governance of the Node.js project, see
**Steven R Loomis** <srloomis@us.ibm.com>
* [stefanmb](https://github.com/stefanmb) -
**Stefan Budeanu** <stefan@budeanu.com>
-* [targos](https://github.com/targos) -
-**Michaël Zasso** <targos@protonmail.com>
* [tellnes](https://github.com/tellnes) -
**Christian Tellnes** <christian@tellnes.no>
* [thekemkid](https://github.com/thekemkid) -
diff --git a/WORKING_GROUPS.md b/WORKING_GROUPS.md
index 694325a0bfcf95..0367165a81a5d2 100644
--- a/WORKING_GROUPS.md
+++ b/WORKING_GROUPS.md
@@ -12,9 +12,22 @@ Groups are not formed to *begin* a set of tasks but instead are formed
once that work is already underway and the contributors
think it would benefit from being done as an autonomous project.
-If the work defined in a Working Group charter is completed the Working
-Group should be dissolved and the responsibility for governance absorbed
-back in to the CTC.
+If the work defined in a Working Group's charter is complete, the charter
+should be revoked.
+
+A Working Group's charter can be revoked either by consensus of the Working
+Group's members or by a CTC vote. Once revoked, any future work that arises
+becomes the responsibility of the CTC.
+
+## Joining a WG
+
+To find out how to join a working group, consult the GOVERNANCE.md in
+the working group's repository, or in the working group's repository.
+
+## Starting A Core Working Group
+
+The process to start a Core Working Group is identical to [creating a
+Top Level Working Group](https://github.com/nodejs/TSC/blob/master/WORKING_GROUPS.md#starting-a-wg).
## Current Working Groups
@@ -33,10 +46,6 @@ back in to the CTC.
* [Documentation](#documentation)
* [Testing](#testing)
-#### Process:
-
-* [Starting a Working Group](#starting-a-wg)
-* [Bootstrap Governance](#bootstrap-governance)
### [Website](https://github.com/nodejs/nodejs.org)
@@ -286,211 +295,3 @@ Responsibilities include:
* Working with the Build Working Group to improve continuous integration.
* Improving tooling for testing.
-## Joining a WG
-
-To find out how to join a working group, consult the GOVERNANCE.md in
-the working group's repository, or simply open an issue there.
-
-## Starting a WG
-
-A Working Group is established by first defining a charter that can be
-ratified by the TC. A charter is a *statement of purpose*, a
-*list of responsibilities* and a *list of initial membership*.
-
-A working group needs 3 initial members. These should be individuals
-already undertaking the work described in the charter.
-
-The list of responsibilities should be specific. Once established, these
-responsibilities are no longer governed by the TC and therefore should
-not be broad or subjective. The only recourse the TC has over the working
-group is to revoke the entire charter and take on the work previously
-done by the working group themselves.
-
-If the responsibilities described in the charter are currently
-undertaken by another WG then the charter will additionally have to be
-ratified by that WG.
-
-You can submit the WG charter for ratification by sending
-a Pull Request to this document, which adds it to the
-list of current Working Groups. Once ratified the list of
-members should be maintained in the Working Group's
-README.
-
-## Bootstrap Governance
-
-Once the TC ratifies a charter the WG inherits the following
-documentation for governance, contribution, conduct and an MIT
-LICENSE. The WG is free to change these documents through their own
-governance process, hence the term "bootstrap."
-
-### *[insert WG name]* Working Group
-
-The Node.js *[insert WG name]* is jointly governed by a Working Group (WG)
-that is responsible for high-level guidance of the project.
-
-The WG has final authority over this project including:
-
-* Technical direction
-* Project governance and process (including this policy)
-* Contribution policy
-* GitHub repository hosting
-* Conduct guidelines
-* Maintaining the list of additional Collaborators
-
-For the current list of WG members, see the project
-[README.md](./README.md#current-project-team-members).
-
-### Collaborators
-
-The *[insert WG name]* GitHub repository is
-maintained by the WG and additional Collaborators who are added by the
-WG on an ongoing basis.
-
-Individuals making significant and valuable contributions are made
-Collaborators and given commit-access to the project. These
-individuals are identified by the WG and their addition as
-Collaborators is discussed during the weekly WG meeting.
-
-_Note:_ If you make a significant contribution and are not considered
-for commit-access log an issue or contact a WG member directly and it
-will be brought up in the next WG meeting.
-
-Modifications of the contents of the *[insert WG repo]* repository are made on
-a collaborative basis. Anybody with a GitHub account may propose a
-modification via pull request and it will be considered by the project
-Collaborators. All pull requests must be reviewed and accepted by a
-Collaborator with sufficient expertise who is able to take full
-responsibility for the change. In the case of pull requests proposed
-by an existing Collaborator, an additional Collaborator is required
-for sign-off. Consensus should be sought if additional Collaborators
-participate and there is disagreement around a particular
-modification. See _Consensus Seeking Process_ below for further detail
-on the consensus model used for governance.
-
-Collaborators may opt to elevate significant or controversial
-modifications, or modifications that have not found consensus to the
-WG for discussion by assigning the ***WG-agenda*** tag to a pull
-request or issue. The WG should serve as the final arbiter where
-required.
-
-For the current list of Collaborators, see the project
-[README.md](./README.md#current-project-team-members).
-
-### WG Membership
-
-WG seats are not time-limited. There is no fixed size of the WG.
-However, the expected target is between 6 and 12, to ensure adequate
-coverage of important areas of expertise, balanced with the ability to
-make decisions efficiently.
-
-There is no specific set of requirements or qualifications for WG
-membership beyond these rules.
-
-The WG may add additional members to the WG by unanimous consensus.
-
-A WG member may be removed from the WG by voluntary resignation, or by
-unanimous consensus of all other WG members.
-
-Changes to WG membership should be posted in the agenda, and may be
-suggested as any other agenda item (see "WG Meetings" below).
-
-If an addition or removal is proposed during a meeting, and the full
-WG is not in attendance to participate, then the addition or removal
-is added to the agenda for the subsequent meeting. This is to ensure
-that all members are given the opportunity to participate in all
-membership decisions. If a WG member is unable to attend a meeting
-where a planned membership decision is being made, then their consent
-is assumed.
-
-No more than 1/3 of the WG members may be affiliated with the same
-employer. If removal or resignation of a WG member, or a change of
-employment by a WG member, creates a situation where more than 1/3 of
-the WG membership shares an employer, then the situation must be
-immediately remedied by the resignation or removal of one or more WG
-members affiliated with the over-represented employer(s).
-
-### WG Meetings
-
-The WG meets weekly on a Google Hangout On Air. A designated moderator
-approved by the WG runs the meeting. Each meeting should be
-published to YouTube.
-
-Items are added to the WG agenda that are considered contentious or
-are modifications of governance, contribution policy, WG membership,
-or release process.
-
-The intention of the agenda is not to approve or review all patches;
-that should happen continuously on GitHub and be handled by the larger
-group of Collaborators.
-
-Any community member or contributor can ask that something be added to
-the next meeting's agenda by logging a GitHub Issue. Any Collaborator,
-WG member or the moderator can add the item to the agenda by adding
-the ***WG-agenda*** tag to the issue.
-
-Prior to each WG meeting the moderator will share the Agenda with
-members of the WG. WG members can add any items they like to the
-agenda at the beginning of each meeting. The moderator and the WG
-cannot veto or remove items.
-
-The WG may invite persons or representatives from certain projects to
-participate in a non-voting capacity.
-
-The moderator is responsible for summarizing the discussion of each
-agenda item and sends it as a pull request after the meeting.
-
-### Consensus Seeking Process
-
-The WG follows a
-[Consensus Seeking](http://en.wikipedia.org/wiki/Consensus-seeking_decision-making)
-decision-making model.
-
-When an agenda item has appeared to reach a consensus the moderator
-will ask "Does anyone object?" as a final call for dissent from the
-consensus.
-
-If an agenda item cannot reach a consensus a WG member can call for
-either a closing vote or a vote to table the issue to the next
-meeting. The call for a vote must be seconded by a majority of the WG
-or else the discussion will continue. Simple majority wins.
-
-Note that changes to WG membership require unanimous consensus. See
-"WG Membership" above.
-
-
-## Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-* (a) The contribution was created in whole or in part by me and I
- have the right to submit it under the open source license
- indicated in the file; or
-
-* (b) The contribution is based upon previous work that, to the best
- of my knowledge, is covered under an appropriate open source
- license and I have the right under that license to submit that
- work with modifications, whether created in whole or in part
- by me, under the same open source license (unless I am
- permitted to submit under a different license), as indicated
- in the file; or
-
-* (c) The contribution was provided directly to me by some other
- person who certified (a), (b) or (c) and I have not modified
- it.
-
-* (d) I understand and agree that this project and the contribution
- are public and that a record of the contribution (including all
- personal information I submit with it, including my sign-off) is
- maintained indefinitely and may be redistributed consistent with
- this project or the open source license(s) involved.
-
-### Moderation Policy
-
-The [Node.js Moderation Policy] applies to this WG.
-
-### Code of Conduct
-
-The [Node.js Code of Conduct][] applies to this WG.
-
-[Node.js Code of Conduct]: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
-[Node.js Moderation Policy]: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
diff --git a/benchmark/README.md b/benchmark/README.md
index bbabcf4c4e9fde..aa198f2b414444 100644
--- a/benchmark/README.md
+++ b/benchmark/README.md
@@ -287,37 +287,84 @@ chunk encoding mean confidence.interval
## Creating a benchmark
All benchmarks use the `require('../common.js')` module. This contains the
-`createBenchmark(main, configs)` method which will setup your benchmark.
+`createBenchmark(main, configs[, options])` method which will setup your
+benchmark.
-The first argument `main` is the benchmark function, the second argument
-specifies the benchmark parameters. `createBenchmark` will run all possible
-combinations of these parameters, unless specified otherwise. Note that the
-configuration values can only be strings or numbers.
+The arguments of `createBenchmark` are:
-`createBenchmark` also creates a `bench` object, which is used for timing
+* `main` {Function} The benchmark function,
+ where the code running operations and controlling timers should go
+* `configs` {Object} The benchmark parameters. `createBenchmark` will run all
+ possible combinations of these parameters, unless specified otherwise.
+ Each configuration is a property with an array of possible values.
+ Note that the configuration values can only be strings or numbers.
+* `options` {Object} The benchmark options. At the moment only the `flags`
+ option for specifying command line flags is supported.
+
+`createBenchmark` returns a `bench` object, which is used for timing
the runtime of the benchmark. Run `bench.start()` after the initialization
and `bench.end(n)` when the benchmark is done. `n` is the number of operations
you performed in the benchmark.
+The benchmark script will be run twice:
+
+The first pass will configure the benchmark with the combination of
+parameters specified in `configs`, and WILL NOT run the `main` function.
+In this pass, no flags except the ones directly passed via commands
+that you run the benchmarks with will be used.
+
+In the second pass, the `main` function will be run, and the process
+will be launched with:
+
+* The flags you've passed into `createBenchmark` (the third argument)
+* The flags in the command that you run this benchmark with
+
+Beware that any code outside the `main` function will be run twice
+in different processes. This could be troublesome if the code
+outside the `main` function has side effects. In general, prefer putting
+the code inside the `main` function if it's more than just declaration.
+
```js
'use strict';
const common = require('../common.js');
const SlowBuffer = require('buffer').SlowBuffer;
-const bench = common.createBenchmark(main, {
+const configs = {
+ // Number of operations, specified here so they show up in the report.
+ // Most benchmarks just use one value for all runs.
n: [1024],
- type: ['fast', 'slow'],
- size: [16, 128, 1024]
-});
+ type: ['fast', 'slow'], // Custom configurations
+ size: [16, 128, 1024] // Custom configurations
+};
+
+const options = {
+ // Add --expose-internals if you want to require internal modules in main
+ flags: ['--zero-fill-buffers']
+};
+
+// main and configs are required, options is optional.
+const bench = common.createBenchmark(main, configs, options);
+
+// Note that any code outside main will be run twice,
+// in different processes, with different command line arguments.
function main(conf) {
+ // You will only get the flags that you have passed to createBenchmark
+ // earlier when main is run. If you want to benchmark the internal modules,
+ // require them here. For example:
+ // const URL = require('internal/url').URL
+
+ // Start the timer
bench.start();
+ // Do operations here
const BufferConstructor = conf.type === 'fast' ? Buffer : SlowBuffer;
for (let i = 0; i < conf.n; i++) {
new BufferConstructor(conf.size);
}
+
+ // End the timer, pass in the number of operations
bench.end(conf.n);
}
```
diff --git a/benchmark/_http-benchmarkers.js b/benchmark/_http-benchmarkers.js
index 5429bf386d85ac..e096efc71ba162 100644
--- a/benchmark/_http-benchmarkers.js
+++ b/benchmark/_http-benchmarkers.js
@@ -7,9 +7,9 @@ exports.PORT = process.env.PORT || 12346;
function AutocannonBenchmarker() {
this.name = 'autocannon';
- this.autocannon_exe = process.platform === 'win32'
- ? 'autocannon.cmd'
- : 'autocannon';
+ this.autocannon_exe = process.platform === 'win32' ?
+ 'autocannon.cmd' :
+ 'autocannon';
const result = child_process.spawnSync(this.autocannon_exe, ['-h']);
this.present = !(result.error && result.error.code === 'ENOENT');
}
diff --git a/benchmark/buffers/buffer-base64-decode.js b/benchmark/buffers/buffer-base64-decode.js
index 01f7f1bc91bc4a..3d00e69b90764c 100644
--- a/benchmark/buffers/buffer-base64-decode.js
+++ b/benchmark/buffers/buffer-base64-decode.js
@@ -2,15 +2,18 @@
const assert = require('assert');
const common = require('../common.js');
-const bench = common.createBenchmark(main, {});
+const bench = common.createBenchmark(main, {
+ n: [32],
+});
function main(conf) {
+ const n = +conf.n;
const s = 'abcd'.repeat(8 << 20);
s.match(/./); // Flatten string.
assert.strictEqual(s.length % 4, 0);
const b = Buffer.allocUnsafe(s.length / 4 * 3);
b.write(s, 0, s.length, 'base64');
bench.start();
- for (var i = 0; i < 32; i += 1) b.base64Write(s, 0, s.length);
- bench.end(32);
+ for (var i = 0; i < n; i += 1) b.base64Write(s, 0, s.length);
+ bench.end(n);
}
diff --git a/benchmark/buffers/buffer-base64-encode.js b/benchmark/buffers/buffer-base64-encode.js
index 930dc82b6b9ab7..f618ba21ecfdc9 100644
--- a/benchmark/buffers/buffer-base64-encode.js
+++ b/benchmark/buffers/buffer-base64-encode.js
@@ -1,16 +1,20 @@
'use strict';
var common = require('../common.js');
-var bench = common.createBenchmark(main, {});
+const bench = common.createBenchmark(main, {
+ len: [64 * 1024 * 1024],
+ n: [32]
+});
function main(conf) {
- var N = 64 * 1024 * 1024;
- var b = Buffer.allocUnsafe(N);
- var s = '';
- var i;
+ const n = +conf.n;
+ const len = +conf.len;
+ const b = Buffer.allocUnsafe(len);
+ let s = '';
+ let i;
for (i = 0; i < 256; ++i) s += String.fromCharCode(i);
- for (i = 0; i < N; i += 256) b.write(s, i, 256, 'ascii');
+ for (i = 0; i < len; i += 256) b.write(s, i, 256, 'ascii');
bench.start();
- for (i = 0; i < 32; ++i) b.toString('base64');
- bench.end(64);
+ for (i = 0; i < n; ++i) b.toString('base64');
+ bench.end(n);
}
diff --git a/benchmark/buffers/buffer-from.js b/benchmark/buffers/buffer-from.js
index c35a0f23e06958..c7889b2ec63f22 100644
--- a/benchmark/buffers/buffer-from.js
+++ b/benchmark/buffers/buffer-from.js
@@ -10,7 +10,8 @@ const bench = common.createBenchmark(main, {
'buffer',
'uint8array',
'string',
- 'string-base64'
+ 'string-base64',
+ 'object'
],
len: [10, 2048],
n: [1024]
@@ -25,6 +26,7 @@ function main(conf) {
const str = 'a'.repeat(len);
const buffer = Buffer.allocUnsafe(len);
const uint8array = new Uint8Array(len);
+ const obj = { length: null }; // Results in a new, empty Buffer
var i;
@@ -80,6 +82,13 @@ function main(conf) {
}
bench.end(n);
break;
+ case 'object':
+ bench.start();
+ for (i = 0; i < n * 1024; i++) {
+ Buffer.from(obj);
+ }
+ bench.end(n);
+ break;
default:
assert.fail(null, null, 'Should not get here');
}
diff --git a/benchmark/common.js b/benchmark/common.js
index 94f11a2be96933..9e7253504f9e7e 100644
--- a/benchmark/common.js
+++ b/benchmark/common.js
@@ -3,19 +3,29 @@
const child_process = require('child_process');
const http_benchmarkers = require('./_http-benchmarkers.js');
-exports.createBenchmark = function(fn, options) {
- return new Benchmark(fn, options);
+exports.createBenchmark = function(fn, configs, options) {
+ return new Benchmark(fn, configs, options);
};
-function Benchmark(fn, options) {
+function Benchmark(fn, configs, options) {
+ // Use the file name as the name of the benchmark
this.name = require.main.filename.slice(__dirname.length + 1);
- const parsed_args = this._parseArgs(process.argv.slice(2), options);
+ // Parse job-specific configuration from the command line arguments
+ const parsed_args = this._parseArgs(process.argv.slice(2), configs);
this.options = parsed_args.cli;
this.extra_options = parsed_args.extra;
+ // The configuration list as a queue of jobs
this.queue = this._queue(this.options);
+ // The configuration of the current job, head of the queue
this.config = this.queue[0];
-
- this._time = [0, 0]; // holds process.hrtime value
+ // Execution arguments i.e. flags used to run the jobs
+ this.flags = [];
+ if (options && options.flags) {
+ this.flags = this.flags.concat(options.flags);
+ }
+ // Holds process.hrtime value
+ this._time = [0, 0];
+ // Used to make sure a benchmark only start a timer once
this._started = false;
// this._run will use fork() to create a new process for each configuration
@@ -27,8 +37,8 @@ function Benchmark(fn, options) {
}
}
-Benchmark.prototype._parseArgs = function(argv, options) {
- const cliOptions = Object.assign({}, options);
+Benchmark.prototype._parseArgs = function(argv, configs) {
+ const cliOptions = Object.assign({}, configs);
const extraOptions = {};
// Parse configuration arguments
for (const arg of argv) {
@@ -38,9 +48,9 @@ Benchmark.prototype._parseArgs = function(argv, options) {
process.exit(1);
}
- if (options[match[1]]) {
- // Infer the type from the options object and parse accordingly
- const isNumber = typeof options[match[1]][0] === 'number';
+ if (configs[match[1]]) {
+ // Infer the type from the config object and parse accordingly
+ const isNumber = typeof configs[match[1]][0] === 'number';
const value = isNumber ? +match[2] : match[2];
cliOptions[match[1]] = [value];
} else {
@@ -138,7 +148,7 @@ Benchmark.prototype._run = function() {
const child = child_process.fork(require.main.filename, childArgs, {
env: childEnv,
- execArgv: ['--expose_internals'].concat(process.execArgv)
+ execArgv: self.flags.concat(process.execArgv)
});
child.on('message', sendResult);
child.on('close', function(code) {
@@ -185,7 +195,9 @@ function formatResult(data) {
conf += ' ' + key + '=' + JSON.stringify(data.conf[key]);
}
- return `${data.name}${conf}: ${data.rate}`;
+ const rate = Math.floor(data.rate)
+ .toString().replace(/(\d)(?=(\d\d\d)+(?!\d))/g, '$1,');
+ return `${data.name}${conf}: ${rate}`;
}
function sendResult(data) {
diff --git a/benchmark/events/ee-once.js b/benchmark/events/ee-once.js
new file mode 100644
index 00000000000000..29ea562c406549
--- /dev/null
+++ b/benchmark/events/ee-once.js
@@ -0,0 +1,20 @@
+'use strict';
+var common = require('../common.js');
+var EventEmitter = require('events').EventEmitter;
+
+var bench = common.createBenchmark(main, {n: [2e7]});
+
+function main(conf) {
+ var n = conf.n | 0;
+
+ var ee = new EventEmitter();
+
+ function listener() {}
+
+ bench.start();
+ for (var i = 0; i < n; i += 1) {
+ ee.once('dummy', listener);
+ ee.emit('dummy');
+ }
+ bench.end(n);
+}
diff --git a/benchmark/misc/freelist.js b/benchmark/misc/freelist.js
index a2732c9bc815e5..f30b814e7ea983 100644
--- a/benchmark/misc/freelist.js
+++ b/benchmark/misc/freelist.js
@@ -4,12 +4,11 @@ var common = require('../common.js');
var bench = common.createBenchmark(main, {
n: [100000]
+}, {
+ flags: ['--expose-internals']
});
function main(conf) {
- // Using internal/freelist requires node to be run with --expose_internals
- // switch. common.js will do that when calling main(), so we require
- // this module here
const FreeList = require('internal/freelist').FreeList;
var n = conf.n;
var poolSize = 1000;
diff --git a/benchmark/run.js b/benchmark/run.js
index 16e620f9a0db7b..52ce74024e1ae4 100644
--- a/benchmark/run.js
+++ b/benchmark/run.js
@@ -56,7 +56,9 @@ if (format === 'csv') {
conf = conf.replace(/"/g, '""');
console.log(`"${data.name}", "${conf}", ${data.rate}, ${data.time}`);
} else {
- console.log(`${data.name} ${conf}: ${data.rate}`);
+ const rate = Math.floor(data.rate)
+ .toString().replace(/(\d)(?=(\d\d\d)+(?!\d))/g, '$1,');
+ console.log(`${data.name} ${conf}: ${rate}`);
}
});
diff --git a/benchmark/url/whatwg-url-properties.js b/benchmark/url/whatwg-url-properties.js
new file mode 100644
index 00000000000000..a3c4d886bd3c90
--- /dev/null
+++ b/benchmark/url/whatwg-url-properties.js
@@ -0,0 +1,91 @@
+'use strict';
+
+var common = require('../common.js');
+var URL = require('url').URL;
+
+var bench = common.createBenchmark(main, {
+ url: [
+ 'http://example.com/',
+ 'https://encrypted.google.com/search?q=url&q=site:npmjs.org&hl=en',
+ 'javascript:alert("node is awesome");',
+ 'http://user:pass@foo.bar.com:21/aaa/zzz?l=24#test'
+ ],
+ prop: ['toString', 'href', 'origin', 'protocol',
+ 'username', 'password', 'host', 'hostname', 'port',
+ 'pathname', 'search', 'searchParams', 'hash'],
+ n: [1e4]
+});
+
+function setAndGet(n, url, prop, alternative) {
+ const old = url[prop];
+ bench.start();
+ for (var i = 0; i < n; i += 1) {
+ url[prop] = n % 2 === 0 ? alternative : old; // set
+ url[prop]; // get
+ }
+ bench.end(n);
+}
+
+function get(n, url, prop) {
+ bench.start();
+ for (var i = 0; i < n; i += 1) {
+ url[prop]; // get
+ }
+ bench.end(n);
+}
+
+function stringify(n, url, prop) {
+ bench.start();
+ for (var i = 0; i < n; i += 1) {
+ url.toString();
+ }
+ bench.end(n);
+}
+
+const alternatives = {
+ href: 'http://user:pass@foo.bar.com:21/aaa/zzz?l=25#test',
+ protocol: 'https:',
+ username: 'user2',
+ password: 'pass2',
+ host: 'foo.bar.net:22',
+ hostname: 'foo.bar.org',
+ port: '23',
+ pathname: '/aaa/bbb',
+ search: '?k=99',
+ hash: '#abcd'
+};
+
+function getAlternative(prop) {
+ return alternatives[prop];
+}
+
+function main(conf) {
+ const n = conf.n | 0;
+ const url = new URL(conf.url);
+ const prop = conf.prop;
+
+ switch (prop) {
+ case 'protocol':
+ case 'username':
+ case 'password':
+ case 'host':
+ case 'hostname':
+ case 'port':
+ case 'pathname':
+ case 'search':
+ case 'hash':
+ setAndGet(n, url, prop, getAlternative(prop));
+ break;
+ // TODO: move href to the first group when the setter lands.
+ case 'href':
+ case 'origin':
+ case 'searchParams':
+ get(n, url, prop);
+ break;
+ case 'toString':
+ stringify(n, url);
+ break;
+ default:
+ throw new Error('Unknown prop');
+ }
+}
diff --git a/configure b/configure
index bf937ca702a550..d926cec7d5d7ea 100755
--- a/configure
+++ b/configure
@@ -79,6 +79,17 @@ parser.add_option('--dest-cpu',
choices=valid_arch,
help='CPU architecture to build for ({0})'.format(', '.join(valid_arch)))
+parser.add_option('--cross-compiling',
+ action='store_true',
+ dest='cross_compiling',
+ default=None,
+ help='force build to be considered as cross compiled')
+parser.add_option('--no-cross-compiling',
+ action='store_false',
+ dest='cross_compiling',
+ default=None,
+ help='force build to be considered as NOT cross compiled')
+
parser.add_option('--dest-os',
action='store',
dest='dest_os',
@@ -765,7 +776,9 @@ def configure_node(o):
o['variables']['target_arch'] = target_arch
o['variables']['node_byteorder'] = sys.byteorder
- cross_compiling = target_arch != host_arch
+ cross_compiling = (options.cross_compiling
+ if options.cross_compiling is not None
+ else target_arch != host_arch)
want_snapshots = not options.without_snapshot
o['variables']['want_separate_host_toolset'] = int(
cross_compiling and want_snapshots)
@@ -988,8 +1001,8 @@ def glob_to_var(dir_base, dir_sub, patch_dir):
def configure_intl(o):
icus = [
{
- 'url': 'https://ssl.icu-project.org/files/icu4c/58.1/icu4c-58_1-src.zip',
- 'md5': 'd6476b355f66a11fbe12db1d61d90d69',
+ 'url': 'https://ssl.icu-project.org/files/icu4c/58.2/icu4c-58_2-src.zip',
+ 'md5': 'f4fca37508fc5d14390501cf17aef084',
},
]
def icu_download(path):
diff --git a/deps/icu-small/source/common/locmap.c b/deps/icu-small/source/common/locmap.c
index 0d0aac42e15c19..1dba67a092a925 100644
--- a/deps/icu-small/source/common/locmap.c
+++ b/deps/icu-small/source/common/locmap.c
@@ -1022,7 +1022,7 @@ uprv_convertToPosix(uint32_t hostid, char *posixID, int32_t posixIDCapacity, UEr
// GetLocaleInfo() maps such LCID to "ku". However, CLDR uses "ku" for
// Northern Kurdish and "ckb" for Central Kurdish. For this reason, we cannot
// use the Windows API to resolve locale ID for this specific case.
- if (hostid & 0x3FF != 0x92) {
+ if ((hostid & 0x3FF) != 0x92) {
int32_t tmpLen = 0;
char locName[157]; /* ULOC_FULLNAME_CAPACITY */
diff --git a/deps/icu-small/source/common/ucasemap.cpp b/deps/icu-small/source/common/ucasemap.cpp
index c0d56c28731d1f..0576a26ddd1c86 100644
--- a/deps/icu-small/source/common/ucasemap.cpp
+++ b/deps/icu-small/source/common/ucasemap.cpp
@@ -200,7 +200,7 @@ appendUChar(uint8_t *dest, int32_t destIndex, int32_t destCapacity, UChar c) {
return -1; // integer overflow
}
int32_t limit=destIndex+length;
- if(limit
# else
# include
diff --git a/deps/icu-small/source/i18n/scriptset.cpp b/deps/icu-small/source/i18n/scriptset.cpp
index ab7cb1e68ec449..951fe440803573 100644
--- a/deps/icu-small/source/i18n/scriptset.cpp
+++ b/deps/icu-small/source/i18n/scriptset.cpp
@@ -258,7 +258,7 @@ void ScriptSet::setScriptExtensions(UChar32 codePoint, UErrorCode& status) {
while (TRUE) {
script_count = uscript_getScriptExtensions(
- codePoint, scripts.getAlias(), FIRST_GUESS_SCRIPT_CAPACITY, &internalStatus);
+ codePoint, scripts.getAlias(), scripts.getCapacity(), &internalStatus);
if (internalStatus == U_BUFFER_OVERFLOW_ERROR) {
// Need to allocate more space
if (scripts.resize(script_count) == NULL) {
diff --git a/deps/icu-small/source/i18n/uspoof.cpp b/deps/icu-small/source/i18n/uspoof.cpp
index 3be10862fccdd9..d81b5b2149a206 100644
--- a/deps/icu-small/source/i18n/uspoof.cpp
+++ b/deps/icu-small/source/i18n/uspoof.cpp
@@ -646,13 +646,6 @@ uspoof_getSkeletonUnicodeString(const USpoofChecker *sc,
return dest;
}
- // Check that at least one of the CONFUSABLE flags is turned on. If not,
- // return an error.
- if ((This->fChecks & USPOOF_CONFUSABLE) == 0) {
- *status = U_ILLEGAL_ARGUMENT_ERROR;
- return dest;
- }
-
UnicodeString nfdId;
gNfdNormalizer->normalize(id, nfdId, *status);
diff --git a/deps/npm/.travis.yml b/deps/npm/.travis.yml
index 12b8a8add810df..4c6548d1ecd4f7 100644
--- a/deps/npm/.travis.yml
+++ b/deps/npm/.travis.yml
@@ -13,13 +13,17 @@ matrix:
env: DEPLOY_VERSION=testing COVERALLS_REPO_TOKEN="$COVERALLS_OPTIONAL_TOKEN"
script:
- "node . run tap-cover -- \"test/tap/*.js\""
- - "unset COVERALLS_REPO_TOKEN ; node . run tap -- \"test/slow/*.js\" \"test/broken-under-*/*.js\""
+ - "unset COVERALLS_REPO_TOKEN ; node . run tap -- \"test/broken-under-*/*.js\""
# previous LTS is next most important
- node_js: "4"
env: DEPLOY_VERSION=testing
# then master
- node_js: "7"
env: DEPLOY_VERSION=testing
+ # then 0.12, which is still in maintenance mode until the end of 2016 I guess?
+ # https://github.com/nodejs/LTS#lts-schedule
+ - node_js: "0.12"
+ env: DEPLOY_VERSION=testing
before_install:
# required by test/tap/registry.js
- "mkdir -p /var/run/couchdb"
@@ -29,6 +33,7 @@ cache:
directories:
- $HOME/.npm
- node_modules/.bin
+ - node_modules/.cache
- node_modules/deep-equal
- node_modules/marked
- node_modules/marked-man
@@ -45,4 +50,4 @@ install:
- "node . install --ignore-scripts"
- "make -j4 doc"
script:
- - "node . run tap -- \"test/tap/*.js\" \"test/slow/*.js\" \"test/broken-under-nyc/*.js\""
+ - "node . run tap -- \"test/tap/*.js\" \"test/broken-under-nyc/*.js\""
diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS
index 4025af9b04cca0..96d8ecf66c4b2c 100644
--- a/deps/npm/AUTHORS
+++ b/deps/npm/AUTHORS
@@ -435,3 +435,13 @@ Ionică Bizău
Alex Chesters
Robert Gay
Steven
+Tim Caswell
+Anna Henningsen
+Kim Røen
+Douglas Wilson
+Mike Engel
+baderbuddy
+Alex Jordan
+Ville Lahdenvuo
+Natalie Wolfe
+Andrew Schmadel
diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md
index bbef5af2e2ab90..fe673ef39c098e 100644
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
@@ -1,5245 +1,662 @@
-### v3.10.10 (2016-11-04)
+### v4.0.5 (2016-12-01)
+
+It's that time of year! December is upon us, which means y'all are just going to
+be doing a lot less, in general, for the next month or so. The "Xmas Chasm", as
+we like to call it, has already begun. So for those of you reading it from the
+other side: Hi! Welcome back!
+
+This week's release is a relatively small one, involving just a few bugfixes and
+dependency upgrades. The CLI team has been busy recently with scoping out
+`npm@5`, and starting to do initial spec work for in-scope stuff.
+
+#### BUGFIXES
+
+On to the actual changes!
+
+* [`9776d8f`](https://github.com/npm/npm/commit/9776d8f70a0ea8d921cbbcab7a54e52c15fc455f)
+ [#15081](https://github.com/npm/npm/pull/15081)
+ `bundledDependencies` are intended to be left untouched by the installer, as
+ much as possible -- if they're bundled, we assume that you want to be
+ particular about the contents of your bundle.
+
+ The installer used to have a corner case where existing dependencies that had
+ bundledDependencies would get clobbered by as the installer moved stuff
+ around, even though the installer already avoided moving deps that were
+ themselves bundled. This is now fixed, along with the connected crasher, and
+ your bundledDeps should be left even more intact than before!
+ ([@iarna](https://github.com/iarna))
+* [`fc61c08`](https://github.com/npm/npm/commit/fc61c082122104031ccfb2a888432c9f809a0e8b)
+ [#15082](https://github.com/npm/npm/pull/15082)
+ Initialize nodes from bundled dependencies. This should address
+ [#14427](https://github.com/npm/npm/issues/14427) and related issues, but it's
+ turned out to be a tremendously difficult issue to reproduce in a test. We
+ decided to include it even pending tests, because we found the root cause of
+ the errors.
+ ([@iarna](https://github.com/iarna))
+* [`d8471a2`](https://github.com/npm/npm/commit/d8471a294ef848fc893f60e17d6ec6695b975d16)
+ [#12811](https://github.com/npm/npm/pull/12811)
+ Consider `devDependencies` when deciding whether to hoist a package. This
+ should resolve a variety of missing dependency issues some folks were seeing
+ when `devDependencies` happened to also be dependencies of your
+ `dependencies`. This often manifested as modules going missing, or only being
+ installed, after `npm install` was called twice.
+ ([@schmod](https://github.com/schmod))
-See the discussion on [#14042](https://github.com/npm/npm/issues/14042) for
-more context on this release, which is intended to address a serious regression
-in shrinkwrap behavior in the version of the CLI currently bundled with Node.js
-6 LTS "Boron". You should never install this version directly; instead update
-to `npm@4`, which has everything in this release and more.
-
-#### REGRESSION FIX
-
-* [`9aebe98`](https://github.com/npm/npm/commit/9aebe982114ea2107f46baa1dcb11713b4aaad04)
- [#14117](https://github.com/npm/npm/pull/14117)
- Fixes a bug where installing a shrinkwrapped package would fail if the
- platform failed to install an optional dependency included in the shrinkwrap.
- ([@watilde](https://github.com/watilde))
-
-#### UPDATE SUPPORT MATRIX
-
-With the advent of the second official Node.js LTS release, Node 6.x
-'Boron', the Node.js project has now officially dropped versions 0.10
-and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never
-part of LTS, and will see no further support now that Node 7 has been
-released.) As a small team with limited resources, the npm CLI team is
-following suit and dropping those versions of Node from its CI test
-matrix.
-
-* [`c82ecfd`](https://github.com/npm/npm/commit/c82ecfdbe0b5f318a175714a8753efe4dfd3e4b3)
- [#14503](https://github.com/npm/npm/pull/14503)
- Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported.
- ([@othiym23](https://github.com/othiym23))
-
-### v3.10.9 (2016-10-06)
-
-Hi everyone! This is the last of our monthly releases. We're going to give
-an every-two-weeks schedule a try starting with our next release. We'll
-reevaluate in a quarter, but we suspect that will be what we'll stick with.
-You might be wondering _why_ we've been fiddling with the release cadence? Well,
-we've been trying to tune it to to minimize the overhead for our little team.
-
-This is ALSO the ULTIMATE release of `npm` version 3. That's right, in
-just two weeks' time (October 20th for you fans of calendar time), our dear
-`npm` will be hitting the big 4.0.
-
-**DON'T PANIC**
-
-This is gonna be a much, MUCH smaller major version than 3.x was. Maybe even
-smaller than 2.x was. I can't tell you everything that'll be in there just
-yet, but at the very least it's going to have what's in our
-[4.x milestone](https://github.com/npm/npm/pulls?q=is%3Aopen+is%3Apr+milestone%3A4.x),
-PLUS, the first steps in
-[making `prepublish` work](https://github.com/npm/npm/issues/10074) the way
-people expect it to.
-
-**NOW ABOUT THIS RELEASE**
+#### DEPENDENCY UPDATES
-This release sees a whole slew of bug fixes. Notably a bunch of lifecycle
-fixes and a really important shrinkwrap fix.
+* [`5978703`](https://github.com/npm/npm/commit/5978703da8669adae464789b1b15ee71d7f8d55d)
+ `graceful-fs@4.1.11`:
+ `EPERM` errors are Windows are now handled more gracefully. Windows users that
+ tended to see these errors due to, say, an antivirus-induced race condition,
+ should see them much more rarely, if at all.
+ ([@Kat Marchán](https://github.com/Kat Marchán))
+* [`85b0174`](https://github.com/npm/npm/commit/85b0174ba9842e8e89f3c33d009e4b4a9e877c7d)
+ `request@2.79.0`
+ ([@Kat Marchán](https://github.com/Kat Marchán))
+* [`9664d36`](https://github.com/npm/npm/commit/9664d36653503247737630440bc2ff657de965c3)
+ `tap@8.0.1`
+ ([@Kat Marchán](https://github.com/Kat Marchán))
-#### LIFECYCLE FIXES
+#### MISCELLANEOUS
-* [`d388f90`](https://github.com/npm/npm/commit/d388f90732981633b3cdb4fc7fb0fababd4e64ab)
- [#13942](https://github.com/npm/npm/pull/13942)
- Fix current working directory while running shrinkwrap lifecycle scripts.
- Previously if you ran a shrinkwrap from another lifecycle script AND
- `node_modules` existed (and if you're running `npm shrinkwrap` it probably
- should) then `npm` would run the shrinkwrap lifecycle from the
- `node_modules` folder instead of the package folder.
- ([@evocateur](https://github.com/evocateur))
+* [`f0f7b0f`](https://github.com/npm/npm/commit/f0f7b0fd025daa2b69994130345e6e8fdaaa0304)
+ [#15083](https://github.com/npm/npm/pull/15083)
+ Removed dead code.
+ ([@iarna](https://github.com/iarna))
* [`bc32afe`](https://github.com/npm/npm/commit/bc32afe4d12e3760fb5a26466dc9c26a5a2981d5) [`c8a22fe`](https://github.com/npm/npm/commit/c8a22fe5320550e09c978abe560b62ce732686f4) [`db2666d`](https://github.com/npm/npm/commit/db2666d8c078fc69d0c02c6a3de9b31be1e995e9)
+ [#15085](https://github.com/npm/npm/pull/15085)
+ Change some network tests so they can run offline.
([@iarna](https://github.com/iarna))
-* [`c3b6cdf`](https://github.com/npm/npm/commit/c3b6cdfedcdb4d9e7712be5245d9b274828d88d1)
- [#13964](https://github.com/npm/npm/pull/13964)
- Fix bug where the `uninstall` lifecycles weren't being run when you
- reinstalled/updated an existing module.
+* [`744a39b`](https://github.com/npm/npm/commit/744a39b836821b388ad8c848bd898c1d006689a9)
+ [#15085](https://github.com/npm/npm/pull/15085)
+ Make Node.js tests compatible with Windows.
([@iarna](https://github.com/iarna))
-* [`72bb89c`](https://github.com/npm/npm/commit/72bb89c1aa9811a18cbd766f3da73da76eb920c6)
- [#13344](https://github.com/npm/npm/pull/13344)
- When running lifecycles use `TMPDIR` if it's writable and fall back to the
- current working directory if not. Previously we just assumed `TMPDIR`
- wouldn't be writable (as we might have been running as `nobody` and
- `nobody` on some systems can't write to `TMPDIR`).
- ([@aaronjensen](https://github.com/aaronjensen))
-#### SHRINKWRAP GIT & TAGGED DEPENDENCY FIX
+### v4.0.3 (2016-11-17)
-* [`3b5eee0`](https://github.com/npm/npm/commit/3b5eee0d31737d1c2518ed95dcc7aaaaa93c253c)
- [#13941](https://github.com/npm/npm/pull/13941)
- Fix git and tagged dependency matching with shrinkwraps. Previously git
- and tag (ie `foo@latest`) dependencies installed from a shrinkwrap would
- always be flagged as invalid.
- ([@iarna](https://github.com/iarna))
+Hey you all, we've got a couple of bug fixes for you, a slew of
+documentation improvements and some improvements to our CI environment. I
+know we just got v4 out the door, but the CLI team is already busy planning
+v5. We'll have more for you in early December.
#### BUG FIXES
-* [`bf3bd1e`](https://github.com/npm/npm/commit/bf3bd1e4347ee2c5de08d23558c4444749178c8b)
- [#14143](https://github.com/npm/npm/pull/14143)
- Fix bug in `npm version` where `npm-shrinkwrap.json` wouldn't be updated
- if you ran `npm version` from outside of your project root.
- ([@lholmquist](https://github.com/lholmquist))
-* [`1089878`](https://github.com/npm/npm/commit/1089878f58977559414c8a9addfc69a9c68905b0)
- [#13613](https://github.com/npm/npm/pull/13613)
- Log 'skipping action' as 'verbose' instead of 'warn'. This removes a lot of
- clutter when there are links in your `node_modules`. The long term plan is
- to entirely blind `npm` to what's inside links, which will make this code
- go away entirely.
- ([@timoxley](https://github.com/timoxley))
-* [`952f1e1`](https://github.com/npm/npm/commit/952f1e109a070ab4066179f6104ba9394300e342)
- [#13999](https://github.com/npm/npm/pull/13999)
- Fix a bug where setting `bin` to `null` in your `package.json` would result
- in `npm` crashing.
- ([@IonicaBizau](https://github.com/IonicaBizau))
-* [`fcf8b11`](https://github.com/npm/npm/commit/fcf8b11fb7fcf8902f6a887c3d5f0aef2897dde0)
- [#14032](https://github.com/npm/npm/pull/14032)
- When using `npm view`, if you specified a version that didn't exist it
- would previously print `undefined` (even if you asked for JSON output). It
- now prints nothing in this situation. This brings `npm@3`'s behavior in
- line with `npm@2`.
- ([@roblg](https://github.com/roblg))
-* [`93c689f`](https://github.com/npm/npm/commit/93c689ff44c6042a2dcde7fe0d74d2264237d666)
- [#14032](https://github.com/npm/npm/pull/14032)
- When using `npm view --json` with a version range that matches multiple
- versions we now return a list of all of the metadata for all of those
- versions. Previously we picked one and only returned that. This brings
- `npm@3`'s behavior in line with `npm@2`.
- ([@roblg](https://github.com/roblg))
-* [`2411728`](https://github.com/npm/npm/commit/24117289e09c373b845150c45e4793d98fe7cf4b)
- [#14045](https://github.com/npm/npm/pull/14045)
- Fix a Windows-only bug in the `git` tests. The tests had rather particular
- ideas about what arguments would be passed to `git` and on Windows they
- got this wrong.
- ([@watilde](https://github.com/watilde))
-
-#### DOCUMENTATION & MISC
-
-* [`30772cc`](https://github.com/npm/npm/commit/30772cc5f80923bf21c003fbe53e5fed9d3a5d97)
- [#13904](https://github.com/npm/npm/pull/13904)
- Update `package.json` example to include GitHub branches.
- ([@stevokk](https://github.com/stevokk))
-* [`f66876f`](https://github.com/npm/npm/commit/f66876f75c204fb78028cf2ff7979f80355bd06c)
- [#14010](https://github.com/npm/npm/pull/14010)
- Update the GitHub issue template to reflect Apple's change in name of its
- desktop operating system.
- ([@AlexChesters](https://github.com/AlexChesters))
-
-#### DEPENDENCY UPDATES
-
-* [`b3f9bf1`](https://github.com/npm/npm/commit/b3f9bf1ada3f93e6775f5c232350030db6635d0c)
- [#13918](https://github.com/npm/npm/issues/13918)
- `graceful-fs@4.1.9`:
- Fix the _uid must be an unsigned int_ bug that's been around forever but that
- `npm` started tickling in v3.10.8.
- ([@addaleax](https://github.com/addaleax))
- Also fixes wrapper to `fs.readdir` to actually pass through (rather than
- drop) optional arguments.
- ([@isaacs](https://github.com/isaacs))
-* [`9402ead`](https://github.com/npm/npm/commit/9402ead67e3be9b431ade637fbfac86204ee96fe)
- [isaacs/node-glob#293](https://github.com/isaacs/node-glob/pull/293)
- `glob@7.1.0`:
- Add `absolute` option for `match` event.
- ([@phated](https://github.com/phated))
-* [`58b83db`](https://github.com/npm/npm/commit/58b83db327dd87bf7cb5a7d503303537718f2f30)
- `asap@2.0.5`
- ([@kriskowal](https://github.com/kriskowal))
-* [`5707e6e`](https://github.com/npm/npm/commit/5707e6e55b220439c3f83e77daf4c70d72eb46f0)
- `sorted-object@2.0.1`
- ([@domenic](https://github.com/domenic))
-* [`9d20910`](https://github.com/npm/npm/commit/9d209107ce49a7424c50459284280cd2e6e215d1)
- `request@2.75.0`
- ([@simov](https://github.com/simov))
-* [`dea4848`](https://github.com/npm/npm/commit/dea48487a9d03492edc68670d05776d32d9ee8cf)
- `path-is-inside@1.0.2`
- ([@domenic](https://github.com/domenic))
-* [`b3f3db5`](https://github.com/npm/npm/commit/b3f3db52e864d607b6d9b18920e2f58acc4b1616)
- `opener@1.4.2`
- ([@dominic](https://github.com/dominic))
-* [`6bb5f95`](https://github.com/npm/npm/commit/6bb5f953888bbaaeeb624d623c2a9746d1c243a0)
- `lockfile@1.0.2`
- ([@isaacs](https://github.com/isaacs))
-* [`13f7c0a`](https://github.com/npm/npm/commit/13f7c0a73212284b53a2d96882fc298afbf9609c)
- `config-chain@1.1.11`
- ([@dominictarr](https://github.com/dominictarr))
-
-### v3.10.8 (2016-09-08)
-
-Monthly releases are so big! Just look at all this stuff!
-
-Our quarter of monthly releases is almost over. The next one, in October, might
-very well be our last one as we move to trying something different and learning
-lessons from our little experiment.
-
-You may also want to keep an eye our for `npm@4` next month, since we're
-planning on finally releasing it then and including a (small) number of breaking
-changes we've been meaning to do for a long time. Don't worry, though: `npm@3`
-will still be around for a bit and will keep getting better and better, and is
-most likely going to be the version that `node@6` uses once it goes to LTS.
-
-As some of us have mentioned before, npm is likely to start doing more regular
-semver-major bumps, while keeping those bumps significantly smaller than the
-huge effort that was `npm@3` -- we're not very likely to do a world-shaking
-thing like that for a while, if ever.
-
-All that said, let's move on to the patches included in v3.10.8!
-
-#### SHRINKWRAP LEVEL UP
-
-The most notable part of this release is a series of commits meant to make `npm
-shrinkwrap` more consistent. By itself, shrinkwrap seems like a fairly
-straightforward thing to implement, but things get complicated when it starts
-interacting with `devDependencies`, `optionalDependencies`, and
-`bundledDependencies`. These commits address some corner cases related to these.
-
-* [`a7eca32`](https://github.com/npm/npm/commit/a7eca3246fbbcbb05434cb6677f65d14c945d74f)
- [#10073](https://github.com/npm/npm/pull/10073)
- Record if a dependency is only used as a devDependency and exclude it from the
- shrinkwrap file.
- ([@bengl](https://github.com/bengl))
-* [`1eabcd1`](https://github.com/npm/npm/commit/1eabcd16bf2590364ca20831096350073539bf3a)
- [#10073](https://github.com/npm/npm/pull/10073)
- Record if a dependency is optional to shrinkwrap.
- ([@bengl](https://github.com/bengl))
-* [`03efc89`](https://github.com/npm/npm/commit/03efc89522c99ee0fa37d8f4a99bc3b44255ef98)
- [#13692](https://github.com/npm/npm/pull/13692/)
- We were doing a weird thing where we used a `package.json` field `installable`
- to check to see if we'd checked for platform compatibility, and if not did
- so. But this was the only place that was ever done so there was no reason to
- implement it in such an obfuscated manner.
- Instead it now just directly checks and then records that its done so on the
- node object with `knownInstallable`. This is useful to know because modules
- expanded via shrinkwrap don't go through this– `inflateShrinkwrap` does not
- currently have any rollback semantics and so checking this sort of thing there
- is unhelpful.
+* [`45d40d9`](https://github.com/npm/npm/commit/45d40d96d2cd145f1e36702d6ade8cd033f7f332)
+ [`ba2adc2`](https://github.com/npm/npm/commit/ba2adc2e822d5e75021c12f13e3f74ea2edbde32)
+ [`1dc8908`](https://github.com/npm/npm/commit/1dc890807bd78a1794063688af31287ed25a2f06)
+ [`2ba19ee`](https://github.com/npm/npm/commit/2ba19ee643d612d103cdd8f288d313b00d05ee87)
+ [#14403](https://github.com/npm/npm/pull/14403)
+ Fix a bug where a scoped module could produce crashes when incorrectly
+ computing the paths related to their location. This patch reorganizes how path information
+ is passed in to eliminate the possibility of this sort of bug.
([@iarna](https://github.com/iarna))
-* [`ff87938`](https://github.com/npm/npm/commit/ff879382fda21dac7216a5f666287b3a7e74a947)
- [#11735](https://github.com/npm/npm/issues/11735)
- Running `npm install --save-dev` will now update shrinkwrap file, but only
- if there already are devDependencies in it.
- ([@szimek](https://github.com/szimek))
-* [`c00ca3a`](https://github.com/npm/npm/commit/c00ca3aef836709eeaeade91c5305bc2fbda2e8a)
- [#13394](https://github.com/npm/npm/issues/13394)
- Check installability of modules from shrinkwrap, since modules that came into
- the tree vie shrinkwrap won't already have this information recorded in
- advance.
+ ([@NatalieWolfe](https://github.com/NatalieWolfe))
+* [`1011ec6`](https://github.com/npm/npm/commit/1011ec61230288c827a1c256735c55cf03d6228f)
+ [npm/npmlog#46](https://github.com/npm/npmlog/pull/46)
+ `npmlog@4.0.1`: Fix a bug where the progress bar would still display even if
+ you passed in `--no-progress`.
([@iarna](https://github.com/iarna))
-#### INSTALLER ERROR REPORTING LEVEL UP
+#### DOCUMENTATION UPDATES
-As part of the shrinkwrap push, there were also a lot of error-reporting
-improvements. Some to add more detail to error objects, others to fix bugs and
-inconsistencies.
+* [`c3ac177`](https://github.com/npm/npm/commit/c3ac177236124c80524c5f252ba8f6670f05dcd8)
+ [#14406](https://github.com/npm/npm/pull/14406)
+ Sync up the dispute policy included with the CLI with the [current official text](https://www.npmjs.com/policies/disputes).
+ ([@mike-engel](https://github.com/mike-engel))
+* [`9c663b2`](https://github.com/npm/npm/commit/9c663b2dd8552f892dc0205330bbc73a484ecd81)
+ [#14627](https://github.com/npm/npm/pull/14627)
+ Update build status branch in README.
+ ([@cameronroe](https://github.com/cameronroe))
+* [`8a8a0a3`](https://github.com/npm/npm/commit/8a8a0a3d490fc767def208f925cdff57e16e565b)
+ [#14609](https://github.com/npm/npm/pull/14609)
+ Update examples URLs of GitHub repos where those repos have moved to new URLs.
+ ([@dougwilson](https://github.com/dougwilson))
+* [`7a6425b`](https://github.com/npm/npm/commit/7a6425bcd4decde5d4b0af8b507e98723a07c680)
+ [#14472](https://github.com/npm/npm/pull/14472)
+ Document `sign-git-tag` in
+ [npm-version(1)](https://github.com/npm/npm/blob/release-next/doc/cli/npm-version.md)'s
+ configuration section.
+ ([@strugee](https://github.com/strugee))
+* [`f3087cc`](https://github.com/npm/npm/commit/f3087cc58c903d9a70275be805ebaf0eadbcbe1b)
+ [#14546](https://github.com/npm/npm/pull/14546)
+ Add a note about the dangers of configuring npm via uppercase env vars.
+ ([@tuhoojabotti](https://github.com/tuhoojabotti))
+* [`50e51b0`](https://github.com/npm/npm/commit/50e51b04a143959048cf9e1e4c8fe15094f480b0)
+ [#14559](https://github.com/npm/npm/pull/14559)
+ Remove documentation that incorrectly stated that we check `.npmrc` permissions.
+ ([@iarna](https://github.com/iarna))
+
+##### OH UH, HELLO AGAIN NODE.JS 0.12
+
+* [`6f0c353`](https://github.com/npm/npm/commit/6f0c353e4e89b0378a4c88c829ccf9a1c5ae829d)
+ [`f78bde6`](https://github.com/npm/npm/commit/f78bde6983bdca63d5fcb9c220c87e8f75ffb70e)
+ [#14591](https://github.com/npm/npm/pull/14591)
+ Reintroduce Node.js 0.12 to our support matrix. We jumped the gun when
+ removing it. We won't drop support for it till the Node.js project does
+ so at the end of December 2016.
+ ([@othiym23](https://github.com/othiym23))
-* [`2cdd713`](https://github.com/npm/npm/commit/2cdd7132abddcc7f826a355c14348ce9a5897ffe)
- Consistently set code on `ETARGET` when fetching package metadata if no
- compatible version is found.
- ([@iarna](https://github.com/iarna))
-* [`cabcd17`](https://github.com/npm/npm/commit/cabcd173f2923cb5b77e7be0e42eea2339a24727)
- [#13692](https://github.com/npm/npm/pull/13692/)
- Include installer warning details at the `verbose` log level.
- ([@iarna](https://github.com/iarna))
-* [`95a4044`](https://github.com/npm/npm/commit/95a4044cbae93d19d0da0f3cd04ea8fa620295d9)
- [`dbb14c2`](https://github.com/npm/npm/commit/dbb14c241d982596f1cdaee251658f5716989fd2)
- [`9994383`](https://github.com/npm/npm/commit/9994383959798f80749093301ec43a8403566bb6)
- [`7417000`](https://github.com/npm/npm/commit/74170003db0c53def9b798cb6fe3fe7fc3e06482)
- [`f45f85d`](https://github.com/npm/npm/commit/f45f85dac800372d63dfa8653afccbf5bcae7295)
- [`e79cc1b`](https://github.com/npm/npm/commit/e79cc1b11440f0d122c4744d5eff98def9553f4a)
- [`146ee39`](https://github.com/npm/npm/commit/146ee394b1f7a33cf409a30b835a85d939acb438)
- [#13692](https://github.com/npm/npm/pull/13692/)
- Improve various bits of error reporting, adding more error information and
- some related refactoring.
- ([@iarna](https://github.com/iarna))
+#### TEST/CI UPDATES
-#### MISCELLANEOUS BUGS LEVEL UP
+* [`aa73d1c`](https://github.com/npm/npm/commit/aa73d1c1cc22608f95382a35b33da252addff38e)
+ [`c914e80`](https://github.com/npm/npm/commit/c914e80f5abcb16c572fe756c89cf0bcef4ff991)
+* [`58fe064`](https://github.com/npm/npm/commit/58fe064dcc80bc08c677647832f2adb4a56b538a)
+ [#14602](https://github.com/npm/npm/pull/14602)
+ When running tests with coverage, use nyc's cache. This provides an 8x speedup!
+ ([@bcoe](https://github.com/bcoe))
+* [`ba091ce`](https://github.com/npm/npm/commit/ba091ce843af5d694f4540e825b095435b3558d8)
+ [#14435](https://github.com/npm/npm/pull/14435)
+ Remove an unused zero byte `package.json` found in the test fixtures.
+ ([@baderbuddy](https://github.com/baderbuddy))
-* [`116b6c6`](https://github.com/npm/npm/commit/116b6c60a174ea0cc49e4d62717e4e26175b6534)
- [#13456](https://github.com/npm/npm/issues/13456)
- In lifecycle scripts, any `node_modules/.bin` existing in the hierarchy
- should be turned into an entry in the PATH environment variable.
- However, prior to this commit, it was splitting based on the string
- `node_modules`, rather than restricting it to only path portions like
- `/node_modules/` or `\node_modules\`. So, a path containing an entry
- like `my_node_modules` would be improperly split.
- ([@isaacs](https://github.com/isaacs))
-* [`0a28dd0`](https://github.com/npm/npm/commit/0a28dd0104e5b4a8cc0cb038bd213e6a50827fe8)
- [npm/fstream-npm#23](https://github.com/npm/fstream-npm/pull/23)
- `fstream-npm@1.2.0`:
- Always ignore `*.orig` files, which are generated by git when using `git
- mergetool`, by default.
- ([@zkat](https://github.com/zkat))
-* [`a3a2fb9`](https://github.com/npm/npm/commit/a3a2fb97adc87c2aa9b2b8957861b30efafc7ad0)
- [#13708](https://github.com/npm/npm/pull/13708)
- Always ignore `*.orig` files, which are generated by git when using `git
- mergetool`, by default.
- ([@boneskull](https://github.com/boneskull))
+#### DEPENDENCY UPDATES
-#### TOOLING LEVEL UP
+* [`442e01e`](https://github.com/npm/npm/commit/442e01e42d8a439809f6726032e3b73ac0d2b2f8)
+ `readable-stream@2.2.2`:
+ Bring in latest changes from Node.js 7.x.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`bfc4a1c`](https://github.com/npm/npm/commit/bfc4a1c0c17ef0a00dfaa09beba3389598a46535)
+ `which@1.2.12`:
+ Remove unused require.
+ ([@isaacs](https://github.com/isaacs))
+
+#### DEV DEPENDENCY UPDATES
+
+* [`7075b05`](https://github.com/npm/npm/commit/7075b054d8d2452bb53bee9b170498a48a0dc4e9)
+ `marked-man@0.1.6`
+ ([@kapouer](https://github.com/kapouer))
+* [`3e13fea`](https://github.com/npm/npm/commit/3e13fea907ee1141506a6de7d26cbc91c28fdb80)
+ `tap@8.0.0`
+ ([@isaacs](https://github.com/isaacs))
+
+### v4.0.2 (2016-11-03)
+
+Hola, amigxs. I know it's been a long time since I rapped at ya, but I
+been spending a lotta time quietly reflecting on all the things going on
+in my life. I was, like, [in Japan for a while](https://gist.github.com/othiym23/c98bd4ef5d9fb3f496835bd481ef40ae),
+and before that my swell colleagues [@zkat](https://github.com/zkat) and
+[@iarna](https://github.com/iarna) have been very capably managing the release
+process for quite a while. But I returned from Japan somewhat refreshed, very
+jetlagged, and filled with a burning urge to get `npm@4` as stable as possible
+before we push it out to the user community at large, so I decided to do this
+release myself. (Also, huge thanks to Kat and Rebecca for putting out `npm@4`
+so capably while I was on vacation! So cool to return to a major release having
+gone so well without my involvement!)
+
+That said...
+
+#### NEVER TRUST AN X.0.0 RELEASE
+
+Even though 4.0.1 came out hard on the heels of 4.0.0 with a couple
+critical fixes, we've found a couple other major issues that we want to
+see fixed before making `npm@4` into `npm@latest`. Some of these are
+arguably breaking changes on their own, so now is the time to get them
+out if we're going to do so before `npm@5`, and all of them are pretty
+significant blockers for a substantial number of users, so now is the
+best time to fix them.
+
+##### PREPUBLISHONLY WHOOPS
+
+The code running the `publish*` lifecycle events was very confusingly written.
+In fact, we didn't really figure out what it was doing until we added the new
+`prepublishOnly` event and it was running people's scripts from the wrong
+directory. We made it simpler. See the [commit
+message](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f)
+for details.
+
+Because the change is no longer running publish events when publishing prebuilt
+artifacts, it's technically a breaking / semver-major change. In the off chance
+that the new behavior breaks any of y'all's workflows, let us know, and we can
+roll some or all of this change back until `npm@5` (or forever, if that works
+better for you).
+
+* [`8b32d67`](https://github.com/npm/npm/commit/8b32d67aa277fd7e62edbed886387a855f58387f)
+ [#14502](https://github.com/npm/npm/pull/14502)
+ Simplify lifecycle invocation and fix `prepublishOnly`.
+ ([@othiym23](https://github.com/othiym23))
-* [`e1d7e6c`](https://github.com/npm/npm/commit/e1d7e6ce551cbc42026cdcadcb37ea515059c972)
- Add helper for generating test skeletons.
- ([@iarna](https://github.com/iarna))
-* [`4400b35`](https://github.com/npm/npm/commit/4400b356bca9175935edad1469c608c909bc01bf)
- Fix fixture creation and cleanup in `maketest`.
- ([@iarna](https://github.com/iarna))
+##### G'BYE NODE.JS 0.10, 0.12, and 5.X; HI THERE, NODE 7
-#### DOCUMENTATION LEVEL UP
+With the advent of the second official Node.js LTS release, Node 6.x
+'Boron', the Node.js project has now officially dropped versions 0.10
+and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never
+part of LTS, and will see no further support now that Node 7 has been
+released.) As a small team with limited resources, the npm CLI team is
+following suit and dropping those versions of Node from its CI test
+matrix.
-* [`8eb9460`](https://github.com/npm/npm/commit/8eb94601fe895b97cbcf8c6134e6b371c5371a1e)
- [#13717](https://github.com/npm/npm/pull/13717)
- Document that `npm link` will link the files specified in the `bin` field of
- `package.json` to `{prefix}/bin/{name}`.
- ([@legodude17](https://github.com/legodude17))
-* [`a66e5e9`](https://github.com/npm/npm/commit/a66e5e9c388878fe03fb29014c3b95d28bedd3c1)
- [#13682](https://github.com/npm/npm/pull/13682)
- Minor grammar fix in documentation for `npm scripts`.
- ([@Ajedi32](https://github.com/Ajedi32))
-* [`74b8043`](https://github.com/npm/npm/commit/74b80437ffdfcf8172f6ed4f39bfb021608dd9dd)
- [#13655](https://github.com/npm/npm/pull/13655)
- Document line comment syntax for `.npmrc`.
- ([@mdjasper](https://github.com/mdjasper))
-* [`b352a84`](https://github.com/npm/npm/commit/b352a84c2c7ad15e9c669af75f65cdaa964f86c0)
- [#12438](https://github.com/npm/npm/issues/12438)
- Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files
- executable directly.
- ([@mxstbr](https://github.com/mxstbr))
-* [`b82fd83`](https://github.com/npm/npm/commit/b82fd838edbfff5d2833a62f6d8ae8ea2df5a1f2)
- [#13493](https://github.com/npm/npm/pull/13493)
- Document that the user config file can itself be configured either through the
- `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line
- flag.
- ([@jasonkarns](https://github.com/jasonkarns))
-* [`8a02699`](https://github.com/npm/npm/commit/8a026992a03d90e563a97c70e90926862120693b)
- [#13911](https://github.com/npm/npm/pull/13911)
- Minor documentation reword and cleanup.
+What this means:
+
+* Your contributions will no longer block on the tests passing on 0.10 and 0.12.
+* We will no longer block dependency upgrades on working with 0.10 and 0.12.
+* Bugs filed on the npm CLI that are due to incompatibilities with 0.10
+ or 0.12 (and older versions) will be closed with a strong urging to
+ upgrade to a supported version of Node.
+* On the flip side, we'll continue to (happily!) accept patches that
+ address regressions seen when running the CLI with Node.js 0.10 and
+ 0.12.
+
+What this doesn't mean:
+
+* The CLI is going to start depending on ES2015+ features. npm continues
+ to work, in almost all cases, all the way back to Node.js 0.8, and our
+ long history of backwards compatibility is a source of pride for the
+ team.
+* We aren't concerned about the problems of users who, for whatever
+ reason, can't update to newer versions of npm. As mentioned above, we're
+ happy to take community patches intended to address regressions.
+
+We're not super interested in taking sides on what version of Node.js
+you "should" be running. We're a workflow tool, and we understand that
+you all have a diverse set of operational environments you need to be
+able to support. At the same time, we _are_ a small team, and we need
+to put some limits on what we support. Tracking what's supported by our
+runtime's own team seems most practical, so that's what we're doing.
+
+* [`ab630c9`](https://github.com/npm/npm/commit/ab630c9a7a1b40cdd4f1244be976c25ab1525907)
+ [#14503](https://github.com/npm/npm/pull/14503)
+ Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported.
([@othiym23](https://github.com/othiym23))
-
-#### DEPENDENCY LEVEL UP
-
-* [`2818fb0`](https://github.com/npm/npm/commit/2818fb0f6081d68a91f0905945ad102f26c6cf85)
- `glob@7.0.6`
- ([@isaacs](https://github.com/isaacs))
-* [`d88ec81`](https://github.com/npm/npm/commit/d88ec81ad33eb2268fcd517d35346a561bc59aff)
- `graceful-fs@4.1.6`
- ([@francescoinfante](https://github.com/francescoinfante))
-* [`4727f86`](https://github.com/npm/npm/commit/4727f8646daca7b3e3c1c95860e02acf583b9dae)
- `lodash.clonedeep@4.5.0`
- ([@jdalton](https://github.com/jdalton))
-* [`c347678`](https://github.com/npm/npm/commit/c3476780ef4483425e4ae1d095a5884b46b8db86)
- `lodash.union@4.6.0`
- ([@jdalton](https://github.com/jdalton))
-* [`530bd4d`](https://github.com/npm/npm/commit/530bd4d2ae6f704f624e4f7bf64f911f37e2b7f8)
- `lodash.uniq@4.5.0`
- ([@jdalton](https://github.com/jdalton))
-* [`483d56a`](https://github.com/npm/npm/commit/483d56ae8137eca0c0f7acd5d1c88ca6d5118a6a)
- `lodash.without@4.4.0`
- ([@jdalton](https://github.com/jdalton))
-* [`6c934df`](https://github.com/npm/npm/commit/6c934df6e74bacd0ed40767b319936837a43b586)
- `inherits@2.0.3`
- ([@isaacs](https://github.com/isaacs))
-* [`a65ed7c`](https://github.com/npm/npm/commit/a65ed7cbd3c950383a14461a4b2c87b67ef773b9)
- `npm-registry-client@7.2.1`:
- * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax))
- * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel))
- * Fixes [#13656](https://github.com/npm/npm/issues/13656).
- * Dependency updates.
- * Documentation improvements.
+* [`731ae52`](https://github.com/npm/npm/commit/731ae526fb6e9951c43d82a26ccd357b63cc56c2)
+ [#14503](https://github.com/npm/npm/pull/14503)
+ Update supported version expression.
([@othiym23](https://github.com/othiym23))
-* [`2b88d62`](https://github.com/npm/npm/commit/2b88d62e6a730716b27052c0911c094d01830a60)
- [npm/npmlog#34](https://github.com/npm/npmlog/pull/34)
- `npmlog@4.0.0`:
- Allows creating log levels that are empty strings or 0
- ([@rwaldron](https://github.com/rwaldron))
-* [`242babb`](https://github.com/npm/npm/commit/242babbd02274ee2d212ae143992c20f47ef0066)
- `once@1.4.0`
- ([@zkochan](https://github.com/zkochan))
-* [`6d8ba2b`](https://github.com/npm/npm/commit/6d8ba2b4918e2295211130af68ee8a67099139e0)
- `readable-stream@2.1.5`
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-* [`855c099`](https://github.com/npm/npm/commit/855c099482a8d93b7f0646bd7bcf8a31f81868e0)
- `retry@0.10.0`
- ([@tim-kos](https://github.com/tim-kos))
-* [`80540c5`](https://github.com/npm/npm/commit/80540c52b252615ae8a6271b3df870eabfea935e)
- `semver@5.3.0`:
- * Add `minSatisfying`
- * Add `prerelease(v)`
- ([@isaacs](https://github.com/isaacs))
-* [`8aaac52`](https://github.com/npm/npm/commit/8aaac52ffae8e689fae265712913b1e2a36b1aa6)
- `which@1.2.1`
- ([@isaacs](https://github.com/isaacs))
-* [`85108a2`](https://github.com/npm/npm/commit/85108a29108ab0a57997572dc14f87eb706890ba)
- `write-file-atomic@1.2.0`:
- Preserve chmod and chown from the overwritten file
- ([@iarna](https://github.com/iarna))
-* [`291a377`](https://github.com/npm/npm/commit/291a377f32f5073102a8ede61a27e6a9b37154c2)
- Update npm documentation to reflect documentation for `semver@5.3.0`.
- ([@zkat](https://github.com/zkat))
-
-### v3.10.7 (2016-08-11)
-
-Hi all, today's our first release coming out of the new monthly release
-cadence. See below for details. We're all recovered from conferences now
-and raring to go! We've got some pretty keen bug fixes and a bunch of
-documentation and dependency updates. It's hard to narrow it down to just a
-few, but of note are scoped packages in bundled dependencies, the
-`preinstall` lifecycle fix, the shrinkwrap and Git dependencies fix and the
-fix to a crasher involving cycles in development dependencies.
-
-#### NEW RELEASE CADENCE
-
-Releasing npm has been, for the most part, a very prominent part of our
-weekly process process. As part of our efforts to find the most effective
-ways to allocate our team's resources, we decided last month that we would
-try and slow our releases down to a monthly cadence, and see if we found
-ourselves with as much extra time and attention as we expected to have.
-Process experiments are useful for finding more effective ways to do our
-work, and we're at least going to keep doing this for a whole quarter, and
-then measure how well it worked out. It's entirely likely that we'll switch
-back to a more frequent cadence, specially if we find that the value that
-weekly cadence was providing the community is not worth sacrificing for a
-bit of extra time. Does this affect you significantly? Let us know!
-
-#### SCOPED PACKAGES IN BUNDLED DEPENDENCIES
-
-Prior to this release and
-[v2.15.10](https://github.com/npm/npm/releases/v2.15.10), npm had ignored
-scoped modules found in `bundleDependencies`.
-
-* [`29cf56d`](https://github.com/npm/npm/commit/29cf56dbae8e3dd16c24876f998051623842116a)
- [#8614](https://github.com/npm/npm/issues/8614)
- Include scoped packages in bundled dependencies.
- ([@forivall](https://github.com/forivall))
-
-#### `preinstall` LIFECYCLE IN CURRENT PROJECT
-
-* [`b7f13bc`](https://github.com/npm/npm/commit/b7f13bc80b89b025be0c53d81b90ec8f2cebfab7)
- [#13259](https://github.com/npm/npm/pull/13259)
- Run top level preinstall before installing dependencies
- ([@palmerj3](https://github.com/palmerj3))
-
-#### BETTER SHRINKWRAP WITH GIT DEPENDENCIES
-
-* [`0f7e319`](https://github.com/npm/npm/commit/0f7e3197bcec7a328b603efdffd3681bbc40f585)
- [#12718](https://github.com/npm/npm/issues/12718.)
- Update outdated git dependencies found in shrinkwraps. Previously, if the
- module version was the same then no update would be completed even if the
- committish had changed.
- ([@kossnocorp](https://github.com/kossnocorp))
-
-
-#### CYCLES IN DEVELOPMENT DEPENDENCIES NO LONGER CRASH
-
-* [`1691de6`](https://github.com/npm/npm/commit/1691de668d34cd92ab3de08bf3a06085388f2f07)
- [#13327](https://github.com/npm/npm/issues/13327)
- Fix bug where cycles found in development dependencies could result in
- infinite recursion that resulted in crashes.
- ([@iarna](https://github.com/iarna))
-
-#### IMPROVE "NOT UPDATING LINKED MODULE" WARNINGS
-
-* [`1619871`](https://github.com/npm/npm/commit/1619871ac0cc8839dc9962c78e736095976c1eb4)
- [#12893](https://github.com/npm/npm/pull/12893)
- Only warn about symlink update if version number differs
- The update-linked action outputs a warning that it needs to update the
- linked package, but can't, There is no need for the package to be updated if
- it is already at the correct version. This change does a check before
- logging the warning.
- ([@DaveEmmerson](https://github.com/DaveEmmerson))
-
-#### MORE BUG FIXES
-* [`8f8d1b3`](https://github.com/npm/npm/commit/8f8d1b33a78c79aff9de73df362abaa7f05751d2)
- [#11398](https://github.com/npm/npm/issues/11398)
- Fix bug where `package.json` files that contained a `type` property could
- cause crashes. `type` is not a `package.json` property that npm makes use
- of and having it should be (and now is) harmless.
- ([@zkat](https://github.com/zkat))
-* [`e7fa6c6`](https://github.com/npm/npm/commit/e7fa6c6a2c1de2a214479daa8c6901eebb350381)
- [#13353](https://github.com/npm/npm/issues/13353)
- Add GIT_EXEC_PATH to Git environment whitelist.
- ([@mhart](https://github.com/mhart))
-* [`c23af21`](https://github.com/npm/npm/commit/c23af21d4cedd7fedcb4168672044db76ad054a8)
- [#13626](https://github.com/npm/npm/pull/13626)
- Use HTTPS issues URL in the error message for type validation errors.
- ([@watilde](https://github.com/watilde))
+##### DISENTANGLING SCOPE
-#### INCLUDE `npm login` IN COMMAND SUMMARY
+The new `Npm-Scope` header was previously reusing the `scope`
+configuration option to pass the current scope back to your current
+registry (which, as [described
+previously](https://github.com/npm/npm/blob/release-next/CHANGELOG.md#send-extra-headers-to-registry), is meant to set up some upcoming
+registry features). It turns out that had some [seriously weird
+consequences](https://github.com/npm/npm/issues/14412) in the case where
+you were already configuring `scope` in your own environment. The CLI
+now uses separate configuration for this.
-* [`ab0c4b1`](https://github.com/npm/npm/commit/ab0c4b137b05762e75e0913038b606f087b58aa0)
- [#13581](https://github.com/npm/npm/issues/13581)
- The `login` command has long been an alias for `adduser`.
- At the same time, there is an expectation not just of that
- particular word being something to look for, but of there being
- clear symmetry with `logout`.
- So it was a bit confusing when `login` didn't show up in
- `npm help` on a technicality. This seems like an acceptable
- exception to the rule that says "no aliases in `npm help`".
+* [`39358f7`](https://github.com/npm/npm/commit/39358f732ded4aa46d86d593393a0d6bca5dc12a)
+ [#14477](https://github.com/npm/npm/pull/14477)
+ Differentiate registry scope from project scope in configuration.
([@zkat](https://github.com/zkat))
-#### DOCUMENTATION
-
-* [`e2d7e78`](https://github.com/npm/npm/commit/e2d7e7820a7875ed96e0382dc1e91b8df4e83746)
- [#13319](https://github.com/npm/npm/pull/13319)
- As Node.js 0.8 is no longer supported, remove mention of it from the README.
- ([@watilde](https://github.com/watilde))
-* [`c565d89`](https://github.com/npm/npm/commit/c565d893a38efb6006e841450503329c9e58f100)
- [#13349](https://github.com/npm/npm/pull/13349)
- Updated the scripts documentation to explain the different between `version` and `preversion`.
- ([@christophehurpeau](https://github.com/christophehurpeau))
-* [`fa8f87f`](https://github.com/npm/npm/commit/fa8f87f1ec92e543dd975156c4b184eb3e0b80cb)
- [#10167](https://github.com/npm/npm/pull/10167)
- Clarify in scope documentation that npm@2 is required for scoped packages.
- ([@danpaz](https://github.com/danpaz))
-
-#### DEPENDENCIES
-
-* [`124427e`](https://github.com/npm/npm/commit/124427eabbfd200aa145114e389e19692559ff1e)
- [#8614](https://github.com/npm/npm/issues/8614)
- `fstream-npm@1.1.1`:
- Fixes bug with inclusion of scoped bundled dependencies.
- ([@forivall](https://github.com/forivall))
-* [`7e0cdff`](https://github.com/npm/npm/commit/7e0cdff04714709f6dc056b19422d3f937502f1c)
- [#13497](https://github.com/npm/npm/pull/13497)
- `graceful-fs@4.1.5`:
- `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which
- fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed
- by recent changes to Node.js.
- ([@thefourtheye](https://github.com/thefourtheye))
-* [`9b88cb8`](https://github.com/npm/npm/commit/9b88cb89f138443f324094685f4de073f33ecef0)
- [#9984](https://github.com/npm/npm/issues/9984)
- `request@2.74.0`:
- Update request library to at least 2.73 to fix a bug where `npm install` would crash with
- _Cannot read property 'emit' of null._
-
- Update `request` dependency `tough-cookie` to `2.3.0` to
- to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130).
- Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that,
- under certain conditions involving long strings of semicolons in the
- "Set-Cookie" header, causes the event loop to block for excessive amounts of
- time.
- ([@zarenner](https://github.com/zarenner))
- ([@stash-sfdc](https://github.com/stash-sfdc))
-* [`bf78ce5`](https://github.com/npm/npm/commit/bf78ce5ef5d2d6e95177193cca5362dd27bff968)
- [#13387](https://github.com/npm/npm/issues/13387)
- `minimatch@3.0.3`:
- Handle extremely long and terrible patterns more gracefully.
- There were some magic numbers that assumed that every extglob pattern starts
- and ends with a specific number of characters in the regular expression.
- Since !(||) patterns are a little bit more complicated, this led to creating
- an invalid regular expression and throwing.
- ([@isaacs](https://github.com/isaacs))
-* [`803e538`](https://github.com/npm/npm/commit/803e538efaae4b56a764029742adcf6761e8398b)
- [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111)
- `rimraf@2.5.4`: Clarify assertions: cb is required, options are not.
- ([@isaacs](https://github.com/isaacs))
-* [`a9f84ef`](https://github.com/npm/npm/commit/a9f84ef61b4c719b646bf9cda00577ef16e3a113)
- `lodash.without@4.2.0`
- ([@jdalton](https://github.com/jdalton))
-* [`f59ff1c`](https://github.com/npm/npm/commit/f59ff1c2701f1bfd21bfdb97b4571823b614f694)
- `lodash.uniq@4.4.0`
- ([@jdalton](https://github.com/jdalton))
-* [`8cc027e`](https://github.com/npm/npm/commit/8cc027e5e81623260a49b31fe406ce483258b203)
- `lodash.union@4.5.0`
- ([@jdalton](https://github.com/jdalton))
-* [`0a6c1e4`](https://github.com/npm/npm/commit/0a6c1e4302a153fb055f495043ed33afd8324193)
- `lodash.without@4.3.0`
- ([@jdalton](https://github.com/jdalton))
-* [`4ab0181`](https://github.com/npm/npm/commit/4ab0181fca2eda18888b865ef691b83d30fb0c33)
- `lodash.clonedeep@4.4.1`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.10.6 (2016-07-07)
-
-This week we have a bunch of bug fixes for ya! A shrinkwrap regression
-introduced in 3.10.0, better lifecycle `PATH` behavior, improvements when
-working with registries other than `registry.npmjs.org` and a fix for
-hopefully the last _don't print a progress bar over my interactive thingy_
-bug.
+#### SMALLER CHANGES
-#### SHRINKWRAP AND DEV DEPENDENCIES
-
-The rewrite in 3.10.0 triggered a bug where dependencies of devDependencies
-would be included in your shrinkwrap even if you didn't request
-devDependencies.
-
-* [`2484529`](https://github.com/npm/npm/commit/2484529ab56a42e5d6f13c48006f39a596d9e327)
- [#13308](https://github.com/npm/npm/pull/13308)
- Fix bug where deps of devDependencies would be incorrectly included in
- shrinkwraps.
+* [`7f41295`](https://github.com/npm/npm/commit/7f41295775f28b958a926f9cb371cb37b05771dd)
+ [#14519](https://github.com/npm/npm/pull/14519)
+ Document that as of `npm@4.0.1`, `npm shrinkwrap` now includes `devDependencies` unless
+ instructed otherwise.
([@iarna](https://github.com/iarna))
+* [`bdc2f9e`](https://github.com/npm/npm/commit/bdc2f9e255ddf1a47fd13ec8749d17ed41638b2c)
+ [#14501](https://github.com/npm/npm/pull/14501)
+ The `ENOSELF` error message is tricky to word. It's also an error that
+ normally bites new users. Clean it up in an effort to make it easier
+ to understand what's going on.
+ ([@snopeks](https://github.com/snopeks), [@zkat](https://github.com/zkat))
-#### BETTER PATH LIFECYCLE BEHAVIOR
-
-We've been around the details on this one a few times in recent months and
-hopefully this will bring is to where we want to be.
-
-* [`81051a9`](https://github.com/npm/npm/commit/81051a90eee66a843f76eb8cccedbb1d0a5c1f47)
- [#12968](https://github.com/npm/npm/pull/12968)
- When running lifecycle scripts, only prepend directory containing the node
- binary to PATH if not already in PATH.
- ([@segrey](https://github.com/segrey))
-
-#### BETTER INTERACTIONS WITH THIRD PARTY REGISTRIES
-
-* [`071193c`](https://github.com/npm/npm/commit/071193c8e193767dd1656cb27556cb3751d77a3b)
- [#10869](https://github.com/npm/npm/pull/10869)
- If the registry returns a list of versions some of which are invalid, skip
- those when picking a version to install. This can't happen with
- registry.npmjs.org as it will normalize versions published with it, but it
- can happen with other registries.
- ([@gregersrygg](https://github.com/gregersrygg))
-
-#### ONE LAST TOO-MUCH-PROGRESS CORNER
-
-* [`1244cc1`](https://github.com/npm/npm/commit/1244cc16dc5a0536acf26816a1deeb8e221d67eb)
- [#13305](https://github.com/npm/npm/pull/13305)
- Disable progress bar in `npm edit` and `npm config edit`.
- ([@watilde](https://github.com/watilde))
-
-#### HTML DOCS IMPROVEMENTS
-
-* [`58da923`](https://github.com/npm/npm/commit/58da9234ae72a5474b997f890a1155ee9785e6f1)
- [#13225](https://github.com/npm/npm/issues/13225)
- Fix HTML character set declaration in generated HTML documentation.
- ([@KenanY](https://github.com/KenanY))
-* [`d1f0bf4`](https://github.com/npm/npm/commit/d1f0bf4303566f8690502034f82bbb449850958d)
- [#13250](https://github.com/npm/npm/pull/13250)
- Optimize png images using zopflipng.
- ([@PeterDaveHello](https://github.com/PeterDaveHello))
-
-#### DEPENDENCY UPDATES (THAT MATTER)
-
-* [`c7567e5`](https://github.com/npm/npm/commit/c7567e58618b63f97884afa104d2f560c9272dd5)
- [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9)
- `npm-user-validate@0.1.5`:
- Lower the username length limits to 214 from 576 to match `registry.npmjs.org`'s limits.
- ([@aredridel](https://github.com/aredridel))
-* [`22802c9`](https://github.com/npm/npm/commit/22802c9db3cf990c905e8f61304db9b5571d7964)
- [#isaacs/rimraf](https://github.com/npm/npm/issues/isaacs/rimraf)
- `rimraf@2.5.3`:
- Fixes EPERM errors when running `lstat` on read-only directories.
- ([@isaacs](https://github.com/isaacs))
-* [`ce6406f`](https://github.com/npm/npm/commit/ce6406f4b6c4dffbb5cd8a3c049f6663a5665522)
- `glob@7.0.5`:
- Forces the use of `minimatch` to 3.0.2, which improved handling of long and
- complicated patterns.
- ([@isaacs](https://github.com/isaacs))
-
-
-### v3.10.5 (2016-07-05)
-
-This is a fix to this week's testing release to correct the update of
-`node-gyp` which somehow got mangled.
-
-* [`ca97ce2`](https://github.com/npm/npm/commit/ca97ce2e8d8ba44c445b39ffa40daf397d5601b3)
- [#13256](https://github.com/npm/npm/issues/13256)
- Fresh reinstall of `node-gyp@3.4.0`.
- ([@zkat](https://github.com/zkat))
-
-### v3.10.4 (2016-06-30)
+#### DEPENDENCY UPGRADES
-Hey y'all! This release includes a bunch of fixes we've been working on as we
-continue on our `big-bug` push. There's still [a lot of it left to
-do](https://github.com/npm/npm/labels/big-bug), but once this is done, things
-should just generally be more stable, installs should be more reliable and
-correct, and we'll be able to move on to more future work. We'll keep doing our
-best! 🙌
+* [`a52d0f0`](https://github.com/npm/npm/commit/a52d0f0c9cf2de5caef77e12eabd7dca9e89b49c)
+ `glob@7.1.1`:
+ - Handle files without associated perms on Windows.
+ - Fix failing case with `absolute` option.
+ ([@isaacs](https://github.com/isaacs), [@phated](https://github.com/phated))
+* [`afda66d`](https://github.com/npm/npm/commit/afda66d9afcdcbae1d148f589287583c4182d124)
+ [isaacs/node-graceful-fs#97](https://github.com/isaacs/node-graceful-fs/pull/97)
+ `graceful-fs@4.1.10`: Better backoff for EPERM on Windows.
+ ([@sam-github](https://github.com/sam-github))
+* [`e0023c0`](https://github.com/npm/npm/commit/e0023c089ded9161fbcbe544f12b07e12e3e5729)
+ [npm/inflight#3](https://github.com/npm/inflight/pull/3)
+ `inflight@1.0.6`: Clean up even if / when a callback throws.
+ ([@phated](https://github.com/phated))
+* [`1d91594`](https://github.com/npm/npm/commit/1d9159440364d2fe21e8bc15e08e284aaa118347)
+ `request@2.78.0`
+ ([@othiym23](https://github.com/othiym23))
-#### RACES AS WACKY AS [REDLINE](https://en.wikipedia.org/wiki/Redline_\(2009_film\))
+### v4.0.1 (2016-10-24)
-Races are notoriously hard to squash, and tend to be some of the more common
-recurring bugs we see on the CLI. [@julianduque](https://github.com/julianduque)
-did some pretty awesome [sleuthing
-work](https://github.com/npm/npm/issues/12669) to track down a cache race and
-helpfully submitted a patch. There were some related races in the same area that
-also got fixed at around the same time, mostly affecting Windows users.
+Ayyyy~ 🌊
-* [`2a37c97`](https://github.com/npm/npm/commit/2a37c97121483db2b6f817fe85c2a5a77b76080e)
- [#12669](https://github.com/npm/npm/issues/12669)
- [#13023](https://github.com/npm/npm/pull/13023)
- The CLI is pretty aggressive about correcting permissions across the cache
- whenever it writes to it. This aggressiveness caused a couple of races where
- temporary cache files would get picked up by `fs.readdir`, and removed before
- `chownr` was called on them, causing `ENOENT` errors. While the solution might
- seem a bit hamfisted, it's actually perfectly safe and appropriate in this
- case to just ignore those resulting `ENOENT` errors.
- ([@julianduque](https://github.com/julianduque))
-* [`ea018b9`](https://github.com/npm/npm/commit/ea018b9e3856d1798d199ae3ebce4ed07eea511b)
- [#13023](https://github.com/npm/npm/pull/13023)
- If a user were to have SUDO_UID and SUDO_GID, they'd be able to get into a
- pretty weird state. This fixes that corner case.
- ([@zkat](https://github.com/zkat))
-* [`703ca3a`](https://github.com/npm/npm/commit/703ca3abbf4f1cb4dff08be32acd2142d5493482)
- [#13023](https://github.com/npm/npm/pull/13023)
- A missing `return` was causing `chownr` to be called on Windows, even though
- that's literally pointless, and causing crashes in the process, instead of
- short-circuiting. This was entirely dependent on which callback happened to be
- called first, and in some cases, the failing one would win the race. This
- should prevent this from happening in the future.
- ([@zkat](https://github.com/zkat))
-* [`69267f4`](https://github.com/npm/npm/commit/69267f4fbd1467ce576f173909ced361f8fe2a9d)
- [#13023](https://github.com/npm/npm/pull/13023)
- Added tests to verify `correct-mkdir` race patch.
- ([@zkat](https://github.com/zkat))
-* [`e5f50ea`](https://github.com/npm/npm/commit/e5f50ea9f84fe8cac6978d18f7efdf43834928e7)
- [#13023](https://github.com/npm/npm/pull/13023)
- Added tests to verify `addLocal` race patch.
- ([@zkat](https://github.com/zkat))
+So thanks to folks who were running on `npm@next`, we managed to find a few
+issues of notes in that preview version, and we're rolling out a small patch
+change to fix them. Most notably, anyone who was using a symlinked `node` binary
+(for example, if they installed Node.js through `homebrew`), was getting a very
+loud warning every time they ran scripts. Y'all should get warnings in a more
+useful way, now that we're resolving those path symlinks.
-#### SHRINKWRAP IS COMPLICATED BUT IT'S BETTER NOW
+Another fairly big change that we decided to slap into this version, since
+`npm@4.0.0` is never going to be `latest`, is to make it so `devDependencies`
+are included in `npm-shrinkwrap.json` by default -- if you do not want this, use
+`--production` with `npm shrinkwrap`.
-[@iarna](https://github.com/iarna) did some heroic hacking to refactor a bunch
-of `shrinkwrap`-related bits and fixed some resolution and pathing issues that
-were biting users. The code around that stuff got more readable/maintainable in
-the process, too!
+#### BIG FIXES/CHANGES
-* [`346bba1`](https://github.com/npm/npm/commit/346bba1e1fee9cc814b07c56f598a73be5c21686)
- [#13214](https://github.com/npm/npm/pull/13214)
- Resolve local dependencies in `npm-shrinkwrap.json` relative to the top of the
- tree.
- ([@iarna](https://github.com/iarna))
-* [`4a67fdb`](https://github.com/npm/npm/commit/4a67fdbd0f160deb6644a9c4c5b587357db04d2d)
- [#13213](https://github.com/npm/npm/pull/13213)
- If you run `npm install modulename` it should, if a `npm-shrinkwrap.json` is
- present, use the version found there. If not, it'll use the version found in
- your `package.json`, and failing *that*, use `latest`.
- This fixes a case where the first check was being bypassed because version
- resolution was being done prior to loading the shrinkwrap, and so checks to
- match the shrinkwrap version couldn't succeed.
- ([@iarna](https://github.com/iarna))
-* [`afa2133`](https://github.com/npm/npm/commit/afa2133a5d8ac4f6f44cdc6083d89ad7f946f5bb)
- [#13214](https://github.com/npm/npm/pull/13214)
- Refactor shrinkwrap specifier lookup into shared function.
- ([@iarna](https://github.com/iarna))
-* [`2820b56`](https://github.com/npm/npm/commit/2820b56a43e1cc1e12079a4c886f6c14fe8c4f10)
- [#13214](https://github.com/npm/npm/pull/13214)
- Refactor operations in `inflate-shrinkwrap.js` into separate functions for
- added clarity.
+* [`eff46dd`](https://github.com/npm/npm/commit/eff46dd498ed007bfa77ab7782040a3a828b852d)
+ [#14374](https://github.com/npm/npm/pull/14374)
+ Fully resolve the path for `node` executables in both `$PATH` and
+ `process.execPath` to avoid issues with symlinked `node`.
+ ([@addaleax](https://github.com/addaleax))
+* [`964f2d3`](https://github.com/npm/npm/commit/964f2d3a0675584267e6ece95b0115a53c6ca6a9)
+ [#14375](https://github.com/npm/npm/pull/14375)
+ Make including `devDependencies` in `npm-shrinkwrap.json` the default. This
+ should help make the transition to `npm@5` smoother in the future.
([@iarna](https://github.com/iarna))
-* [`ee5bfb3`](https://github.com/npm/npm/commit/ee5bfb3e56ee7ae582bec9f741f32b224c279947)
- Fix Windows path issue in a shrinkwrap test.
- ([@zkat](https://github.com/zkat))
-#### OTHER BUGFIXES
+#### BUGFIXES
-* [`a11a7b2`](https://github.com/npm/npm/commit/a11a7b2e7df9478ac9101b06eead4a74c41a648d)
- [#13212](https://github.com/npm/npm/pull/13212)
- Resolve local paths passed in through the command line relative to current
- directory, instead of relative to the `package.json`.
+* [`a5b0a8d`](https://github.com/npm/npm/commit/a5b0a8db561916086fc7dbd6eb2836c952a42a7e)
+ [#14400](https://github.com/npm/npm/pull/14400)
+ Recently, we've had some consistent timeout failures while running the test
+ suite under Travis. This tweak to tests should take care of those issues and
+ Travis should go back to being reliably green.
([@iarna](https://github.com/iarna))
-#### DEPENDENCY UPDATES
-
-* [`900a5b7`](https://github.com/npm/npm/commit/900a5b7f18b277786397faac05853c030263feb8)
- [#13199](https://github.com/npm/npm/pull/13199)
- [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md):
- AIX, Visual Studio 2015, and logging improvements. Oh my~!
- ([@rvagg](https://github.com/rvagg))
-
-#### DOCUMENTATION FIXES
-
-* [`c6942a7`](https://github.com/npm/npm/commit/c6942a7d6acb2b8c73206353bbec03380a056af4)
- [#13134](https://github.com/npm/npm/pull/13134)
- Fixed a few typos in `CHANGELOG.md`.
- ([@watilde](https://github.com/watilde))
-* [`e63d913`](https://github.com/npm/npm/commit/e63d913127731ece56dcd69c7c0182af21be58f8)
- [#13156](https://github.com/npm/npm/pull/13156)
- Fix old reference to `doc/install` in a source comment.
- ([@sheerun](https://github.com/sheerun))
-* [`099d23c`](https://github.com/npm/npm/commit/099d23cc8f38b524dc19a25857b2ebeca13c49d6)
- [#13113](https://github.com/npm/npm/issues/13113)
- [#13189](https://github.com/npm/npm/pull/13189)
- Fixes a link to `npm-tag(3)` that was breaking to instead point to
- `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB)
- ([@macdonst](https://github.com/macdonst))
-
-### v3.10.3 (2016-06-23)
-
-Given that we had not one, but two updates to our RC this past week, it
-should come as no surprise that this week's full release is a bit
-lighter. We have some documentation patches and a couple of bug fixes via
-dependency updates.
-
-If you haven't yet checked out last week's release,
-[v3.10.0](https://github.com/npm/npm/releases/tag/v3.10.0)
-and the two follow up releases
-[v3.10.1](https://github.com/npm/npm/releases/tag/v3.10.1)
-and
-[v3.10.2](https://github.com/npm/npm/releases/tag/v3.10.2),
-you really should do so. They're the most important releases we've had in
-quite a while, fixing a bunch of critical bugs (including an issue
-impacting publishing with Node.js 6.x) and of course, bringing in the new
-and improved progress bar.
-
-#### BUM SYMLINKS BURN NO MORE
-
-There's been a bug lurking where broken symlinks in your `node_modules`
-folder could cause all manner of mischief, from crashes to empty `npm ls`
-results. The intrepid [@watilde](https://github.com/watilde) tracked this
-down for us.
-
-This addresses the root cause of the outdated crasher we protected
-against earlier this week in
-[#13115](https://github.com/npm/npm/issues/13115).
-
-This also fixes [#9564](https://github.com/npm/npm/issues/9564), the
-problem where a bad symlink in your global modules would result in an
-empty result when you ran `npm ls -g`.
-
-This ALSO likely fixes numerous "Missing argument #1" errors. (But surely
-not all of them as that's actually just a generic arity and
-type-validation failure.)
-
-* [`ca92ac4`](https://github.com/npm/npm/commit/ca92ac455b841a708dd89262ff88d503b125d717)
- [npm/read-package-tree#6](https://github.com/npm/read-package-tree/pull/6)
- `read-package-tree@5.1.5`:
- Make bad symlinks be non-fatal errors when reading the tree off disk.
- ([@watilde](https://github.com/watilde))
-
-#### BETTER UNICODE DETECTION
-
-* [`6c3f7f0`](https://github.com/npm/npm/commit/6c3f7f043f09fc2aa19ffd3f956787635fa6f4d0)
- `has-unicode@2.0.1`:
- Fix unicode detection on a number of Linux distributions.
- ([@Darkhogg](https://github.com/Darkhogg)) ([@gagern](https://github.com/gagern))
-
-
-#### DOCUMENTATION FIXES
+#### DOC PATCHES
-* [`b9243ee`](https://github.com/npm/npm/commit/b9243ee60a3d60505c2502dc8633811b42c8aaea)
- [#13127](https://github.com/npm/npm/pull/13127)
- Remove extra backtick from `npm ls` documentation.
- ([@shvaikalesh](https://github.com/shvaikalesh))
-* [`e05c0c2`](https://github.com/npm/npm/commit/e05c0c243cc702f9c392c001f668a90b57eaeb0e)
- [iarna/has-unicode#3](https://github.com/iarna/has-unicode/pull/3)
- [iarna/has-unicode#4](https://github.com/iarna/has-unicode/pull/4)
- [#13084](https://github.com/npm/npm/pull/13084)
- Correct changelog entry for shrinkwrap lifecycle order.
+* [`c5907b2`](https://github.com/npm/npm/commit/c5907b2fc1a82ec919afe3b370ecd34d8895c7a2)
+ [#14251](https://github.com/npm/npm/pull/14251)
+ Update links to Node.js downloads. They previously pointed to 404 pages.😬
+ ([@ArtskydJ](https://github.com/ArtskydJ))
+* [`0c122f2`](https://github.com/npm/npm/commit/0c122f24ff1d4d400975edda2b7262aaaf6f7d69)
+ [#14380](https://github.com/npm/npm/pull/14380)
+ Add note and clarification on when `prepare` script is run. Make it more
+ consistent with surrounding descriptions.
([@SimenB](https://github.com/SimenB))
-* [`823994f`](https://github.com/npm/npm/commit/823994f100a0e59e1dd109e312811f971968ec75)
- [#13080](https://github.com/npm/npm/pull/13080)
- Describe using `npm pack` to see a dry run of publication results in
- the `npm publish` documentation.
- ([@laughinghan](https://github.com/laughinghan))
-
-#### DEPENDENCY UPDATES
+* [`51a62ab`](https://github.com/npm/npm/commit/51a62abd88324ba3dad18e18ca5e741f1d60883c)
+ [#14359](https://github.com/npm/npm/pull/14359)
+ Fixes typo in `npm@4` changelog.
+ ([@kimroen](https://github.com/kimroen))
+
+### v4.0.0 (2016-10-20)
+
+Welcome to `npm@4`, friends!
+
+This is our first semver major release since the release of `npm@3` just over a
+year ago. Back then, `@3` turned out to be a bit of a ground-shaking release,
+with a brand-new installer with significant structural changes to how npm set up
+your tree. This is the end of an era, in a way. `npm@4` also marks the release
+when we move *both* `npm@2` and `npm@3` into maintenance: We will no longer be
+updating those release branches with anything except critical bugfixes and
+security patches.
+
+While its predecessor had some pretty serious impaact, `npm@4` is expected to
+have a much smaller effect on your day-to-day use of npm. Over the past year,
+we've collected a handful of breaking changes that we wanted to get in which are
+only breaking under a strict semver interpretation (which we follow). Some of
+these are simple usability improvements, while others fix crashes and serious
+issues that required a major release to include.
+
+We hope this release sees you well, and you can look forward to an accelerated
+release pace now that the CLI team is done focusing on sustaining work -- our
+Windows fixing and big bugs pushes -- and we can start focusing again on
+usability, features, and performance. Keep an eye out for `npm@5` in Q1 2017,
+too: We're planning a major overhaul of `shrinkwrap` as well as various speed
+and usability fixes for that release. It's gonna be a fun ride. I promise. 😘
+
+#### BRIEF OVERVIEW OF **BREAKING** CHANGES
+
+The following breaking changes are included in this release:
+
+* `npm search` rewritten to stream results, and no longer supports sorting.
+* `npm scripts` no longer prepend the path of the node executable used to run
+ npm before running scripts. A `--scripts-prepend-node-path` option has been
+ added to configure this behavior.
+* `npat` has been removed.
+* `prepublish` has been deprecated, replaced by `prepare`. A `prepublishOnly`
+ script has been temporarily added, which will *only* run on `npm publish`.
+* `npm outdated` exits with exit code `1` if it finds any outdated packages.
+* `npm tag` has been removed after a deprecation cycle. Use `npm dist-tag`.
+* Partial shrinkwraps are no longer supported. `npm-shrinkwrap.json` is
+ considered a complete installation manifest except for `devDependencies`.
+* npm's default git branch is no longer `master`. We'll be using `latest` from
+ now on.
+
+#### SEARCH REWRITE (**BREAKING**)
+
+Let's face it -- `npm search` simply doesn't work anymore. Apart from the fact
+that it grew slower over the years, it's reached a point where we can no longer
+fit the entire registry metadata in memory, and anyone who tries to use the
+command now sees a really awful memory overflow crash from node.
+
+It's still going to be some time before the CLI, registry, and web team are able
+to overhaul `npm search` altogether, but until then, we've rewritten the
+previous `npm search` implementation to *stream* results on the fly, from both
+the search endpoint and a local cache. In absolute terms, you won't see a
+performance increase and this patch *does* come at the cost of sorting
+capabilities, but what it does do is start outputting results as it finds them.
+This should make the experience much better, overall, and we believe this is an
+acceptable band-aid until we have that search endpoint in place.
+
+Incidentally, if you want a really nice search experience, we recommend checking
+out [npms.io](http://npms.io), which includes a handy-dandy
+[`npms-cli`](https://npm.im/npms-cli) for command-line usage -- it's an npm
+search site that returns high-quality results quickly and is operated by members
+of the npm community.
+
+* [`cfd43b4`](https://github.com/npm/npm/commit/cfd43b49aed36d0e8ea6c35b07ed8b303b69be61) [`2b8057b`](https://github.com/npm/npm/commit/2b8057be2e1b51e97b1f8f38d7f58edf3ce2c145)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Stream search process end-to-end.
+ ([@zkat](https://github.com/zkat) and [@aredridel](https://github.com/aredridel))
+* [`50f4ec8`](https://github.com/npm/npm/commit/50f4ec8e8ce642aa6a58cb046b2b770ccf0029db) [`70b4bc2`](https://github.com/npm/npm/commit/70b4bc22ec8e81cd33b9448f5b45afd1a50d50ba) [`8fb470f`](https://github.com/npm/npm/commit/8fb470fe755c4ad3295cb75d7b4266f8e67f8d38) [`ac3a6e0`](https://github.com/npm/npm/commit/ac3a6e0eba61fb40099b1370c74ad1598777def4) [`bad54dd`](https://github.com/npm/npm/commit/bad54dd9f1119fe900a8d065f8537c6f1968b589) [`87d504e`](https://github.com/npm/npm/commit/87d504e0a61bccf09f5e975007d018de3a1c5f50)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Updated search-related tests.
+ ([@zkat](https://github.com/zkat))
+* [`3596de8`](https://github.com/npm/npm/commit/3596de88598c69eb5bae108703c8e74ca198b20c)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `JSONStream@1.2.1`
+ ([@zkat](https://github.com/zkat))
+* [`4b09209`](https://github.com/npm/npm/commit/4b09209bb605f547243065032a8b37772669745f)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `mississippi@1.2.0`
+ ([@zkat](https://github.com/zkat))
+* [`b650b39`](https://github.com/npm/npm/commit/b650b39d42654abb9eed1c7cd463b1c595ca2ef9)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ `sorted-union-stream@2.1.3`
+ ([@zkat](https://github.com/zkat))
+
+#### SCRIPT NODE PATH (**BREAKING**)
+
+Thanks to some great work by [@addaleax](https://github.com/addaleax), we've
+addressed a fairly tricky issue involving the node process used by `npm
+scripts`.
+
+Previously, npm would prefix the path of the node executable to the script's
+`PATH`. This had the benefit of making sure that the node process would be the
+same for both npm and `scripts` unless you had something like
+[`node-bin`](https://npm.im/node-bin) in your `node_modules`. And it turns out
+lots of people relied on this behavior being this way!
+
+It turns out that this had some unintended consequences: it broke systems like
+[`nyc`](https://npm.im/nyc), but also completely broke/defeated things like
+[`rvm`](https://rvm.io/) and
+[`virtualenv`](https://virtualenv.pypa.io/en/stable/) by often causing things
+that relied on them to fall back to the global system versions of ruby and
+python.
+
+In the face of two perfectly valid, and used alternatives, we decided that the
+second case was much more surprising for users, and that we should err on the
+side of doing what those users expect. Anna put some hard work in and managed to
+put together a patch that changes npm's behavior such that we no longer prepend
+the node executable's path *by default*, and adds a new option,
+`--scripts-prepend-node-path`, to allow users who rely on this behavior to have
+it add the node path for them.
+
+This patch also makes it so this feature is discoverable by people who might run
+into the first case above, by warning if the node executable is either missing
+or shadowed by another one in `PATH`. This warning can also be disabled with the
+`--scripts-prepend-node-path` option as needed.
+
+* [`3fb1eb3`](https://github.com/npm/npm/commit/3fb1eb3e00b5daf37f14e437d2818e9b65a43392) [`6a7d375`](https://github.com/npm/npm/commit/6a7d375d779ba5416fd5df154c6da673dd745d9d) [`378ae08`](https://github.com/npm/npm/commit/378ae08851882d6d2bc9b631b16b8c875d0b9704)
+ [#13409](https://github.com/npm/npm/pull/13409)
+ Add a `--scripts-prepend-node-path` option to configure whether npm prepends
+ the current node executable's path to `PATH`.
+ ([@addaleax](https://github.com/addaleax))
+* [`70b352c`](https://github.com/npm/npm/commit/70b352c6db41533b9a4bfaa9d91f7a2a1178f74e)
+ [#13409](https://github.com/npm/npm/pull/13409)
+ Change the default behaviour of npm to never prepending the current node
+ executable’s directory to `PATH` but printing a warning in the cases in which
+ it previously did.
+ ([@addaleax](https://github.com/addaleax))
-* [`e44d2db`](https://github.com/npm/npm/commit/e44d2db1ad0d860ca08e99c81135bd399fb733b1)
- `aproba@1.0.4`: Documentation updates and minor refactoring.
- ([@iarna](https://github.com/iarna))
+#### REMOVE `npat` (**BREAKING**)
-### v3.10.2 (2016-06-17):
+Let's be real here -- almost no one knows this feature ever existed, and it's a
+vestigial feature of the days when the ideal for npm was to distribute full
+packages that could be directly developed on, even from the registry.
-This is a quick hotfix release with two small bug fixes. First, there was
-an issue where the new progress bar would overwrite interactive prompts,
-that is, those found in `npm login` and `npm init`. Second, if the
-directory you were running `npm outdated` on was a bad link or otherwise had
-unrecoverable errors then npm would crash instead of printing the error.
+It turns out the npm community decided to go a different way: primarily
+publishing packages in a production-ready format, with no tests, build tools,
+etc. And so, we say goodbye to `npat`.
-* [`fbefb86`](https://github.com/npm/npm/commit/fbefb8675b26320b295f481b4872ce99f0180807)
- [`7779e9f`](https://github.com/npm/npm/commit/7779e9fb9430f6547532c67f2471864d62bbd5bc)
- [#13105](https://github.com/npm/npm/issues/13105)
- Disable progress bar in `adduser` and `init`.
-* [`6a33b2c`](https://github.com/npm/npm/commit/6a33b2c13f637a41e25cd0339925bc430b50358a)
- [#13115](https://github.com/npm/npm/issues/13115)
- Ensure that errors reading the package tree for `outdated` does not result
- in crashes.
+* [`e16c14a`](https://github.com/npm/npm/commit/e16c14afb6f52cb8b7adf60b2b26427f76773f2e)
+ [#14329](https://github.com/npm/npm/pull/14329)
+ Remove the npat feature.
([@iarna](https://github.com/iarna))
-### v3.10.1 (2016-06-17):
-
-There are two very important bug fixes and one long-awaited (and significant!)
-deprecation in this hotfix release. [Hold on.](http://butt.holdings/)
-
-#### *WHOA*
-
-When Node.js 6.0.0 was released, the CLI team noticed an alarming upsurge in
-bugs related to important files (like `README.md`) not being included in
-published packages. The new bugs looked much like
-[#5082](https://github.com/npm/npm/issues/5082), which had been around in one
-form or another since April, 2014. #5082 used to be a very rare (and obnoxious)
-bug that the CLI team hadn't had much luck reproducing, and we'd basically
-marked it down as a race condition that arose on machines using slow and / or
-rotating-media-based hard drives.
+#### NEW `prepare` SCRIPT. `prepublish` DEPRECATED (**BREAKING**)
-Under 6.0.0, the behavior was reliable enough to be nearly deterministic, and
-made it very difficult for publishers using `.npmignore` files in combination
-with `"files"` stanzas in `package.json` to get their packages onto the
-registry without one or more files missing from the packed tarball. The entire
-saga is contained within [the issue](https://github.com/npm/npm/issues/5082),
-but the summary is that an improvement to the performance of
-[`fs.realpath()`](https://nodejs.org/api/fs.html#fs_fs_realpath_path_options_callback)
-made it much more likely that the packing code would lose the race.
+If there's anything that really seemed to confuse users, it's that the
+`prepublish` script ran when invoking `npm install` without any arguments.
-Fixing this has proven to be very difficult, in part because the code used by
-npm to produce package tarballs is more complicated than, strictly speaking, it
-needs to be. [**@evanlucas**](https://github.com/evanlucas) contributed [a
-patch](https://github.com/npm/fstream/pull/50) that passed the tests in a
-[special test suite](https://github.com/othiym23/eliminate-5082) that I
-([**@othiym23**](https://github.com/othiym23)) created (with help from
-[**@addaleax**](https://github.com/addaleax)), but only _after_ we'd released
-the fixed version of that package did we learn that it actually made the
-problem _worse_ in other situations in npm proper. Eventually,
-[**@rvagg**](https://github.com/rvagg) put together a more durable fix that
-appears to completely address the errant behavior under Node.js 6.0.0. That's
-the patch included in this release. Everybody should chip in for redback
-insurance for Rod and his family; he's done the community a huge favor.
+Turns out many, many people really expected that it would only run on `npm
+publish`, even if it actually did what most people expected: prepare the package
+for publishing on the registry.
-Does this mean the long (2+ year) saga of #5082 is now over? At this point, I'm
-going to quote from my latest summary on the issue:
+And so, we've added a `prepare` command that runs in the exact same cases where
+`prepublish` ran, and we've begun a deprecation cycle for `prepublish` itself
+**only when run by `npm install`**, which will now include a warning any time
+you use it that way.
-> The CLI team (mostly me, with input from the rest of the team) has decided that
-> the overall complexity of the interaction between `fstream`, `fstream-ignore`,
-> `fstream-npm`, and `node-tar` has grown more convoluted than the team is
-> comfortable (maybe even capable of) supporting.
->
-> - While I believe that @rvagg's (very targeted) fix addresses _this_ issue, I
-> would be shocked if there aren't other race conditions in npm's packing
-> logic. I've already identified a couple other places in the code that are
-> most likely race conditions, even if they're harder to trigger than the
-> current one.
-> - The way that dependency bundling is integrated leads to a situation in
-> which a bunch of logic is duplicated between `fstream-npm` and
-> `lib/utils/tar.js` in npm itself, and the way `fstream`'s extension
-> mechanism works makes this difficult to clean up. This caused a nasty
-> regression ([#13088](https://github.com/npm/fstream/pull/50), see below) as
-> of ~`npm@3.8.7` where the dependencies of `bundledDependencies` were no
-> longer being included in the built package tarballs.
-> - The interaction between `.npmignore`, `.gitignore`, and `files` is hopelessly
-> complicated, scattered in many places throughout the code. We've been
-> discussing [making the ignores and includes logic clearer and more
-> predictable](https://github.com/npm/npm/wiki/Files-and-Ignores), and the
-> current code fights our efforts to clean that up.
->
-> So, our intention is still to replace `fstream`, `fstream-ignore`, and
-> `fstream-npm` with something much simpler and purpose-built. There's no real
-> reason to have a stream abstraction here when a simple recursive-descent
-> filesystem visitor and a synchronous function that can answer whether a given
-> path should be included in the packed tarball would do the job adequately.
->
-> What's not yet clear is whether we'll need to replace `node-tar` in the
-> process. `node-tar` is a very robust implementation of tar (it handles, like,
-> everything), and it also includes some very important tweaks to prevent several
-> classes of security exploits involving maliciously crafted packages. However,
-> its packing API involves passing in an `fstream` instance, so we'd either need
-> to produce something that follows enough of `fstream`'s contract for `node-tar`
-> to keep working, or swap `node-tar` out for something like `tar-stream` (and
-> then ensuring that our use of `tar-stream` is secure, which could involve
-> security patches for either npm or `tar-stream`).
+We've also added a `prepublishOnly` script which will execute **only** when `npm
+publish` is invoked. Eventually, `prepublish` will stop executing on `npm
+install`, and `prepublishOnly` will be removed, leaving `prepare` and
+`prepublish` as two distinct lifecycles.
-The testing and review of `fstream@1.0.10` that the team has done leads us to
-believe that this bug is fixed, but I'm feeling more than a little paranoid
-about fstream now, so it's important that people keep a close eye on their
-publishes for a while and let us know immediately if they notice any
-irregularities.
-
-* [`8802f6c`](https://github.com/npm/npm/commit/8802f6c152ea35cb9e5269c077c3a2f9df411afc)
- [#5082](https://github.com/npm/npm/issues/5082) `fstream@1.0.10`: Ensure that
- entries are collected after a paused stream resumes.
- ([@rvagg](https://github.com/rvagg))
-* [`c189723`](https://github.com/npm/npm/commit/c189723110497a17dac3b0596f2916deeed93ee7)
- [#5082](https://github.com/npm/npm/issues/5082) Remove the warning introduced
- in `npm@3.10.0`, because it should no longer be necessary.
+* [`9b4a227`](https://github.com/npm/npm/commit/9b4a2278cee0a410a107c8ea4d11614731e0a943) [`bc32078`](https://github.com/npm/npm/commit/bc32078fa798acef0e036414cb448645f135b570)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Add `prepare` and `prepublishOnly` lifecyle events.
([@othiym23](https://github.com/othiym23))
-
-#### *ERK*
-
-Because the interaction between `fstream`, `fstream-ignore`, `fsream-npm`, and
-`node-tar` is so complex, it's proven difficult to add support for npm features
-like `bundledDependencies` without duplicating some logic within npm's code
-base. While [fixing a completely unrelated
-bug](https://github.com/npm/npm/issues/9642), we "cleaned up" some of this
-seemingly duplicated code, and in the process removed the code that ensured
-that the dependencies of `bundledDependencies` are themselves bundled. We've
-brought that code back into the code base (without reopening #9642), and added
-a test to ensure that this regression can't recur.
-
-* [`1b6ceca`](https://github.com/npm/npm/commit/1b6ceca32fc81ca7cc7ac2eb7d11f687e6f87f26)
- [#13088](https://github.com/npm/npm/issues/13088) Partially restore npm's own
- version of the `fstream-npm` function `applyIgnores` to ensure that the
- dependencies of `bundledDependencies` are included in published packages.
- ([@iarna](https://github.com/iarna))
-
-#### GOODBYE, FAITHFUL FRIEND
-
-At NodeConf Adventure 2016 (RIP in peace, Mikeal Rogers's NodeConf!), the CLI
-team had an opportunity to talk to representatives from some of the larger
-companies that we knew were still using Node.js 0.8 in production. After asking
-them whether they were still using 0.8, we got back blank stares and questions
-like, "0.8? You mean, from four years ago?" After establishing that being able
-to run npm in their legacy environments was no longer necessary, the CLI team
-made the decision to drop support for 0.8. (Faithful observers of our [team
-meetings](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+npm+cli+team+meeting+)
-will have known this was the plan for NodeConf since the beginning of 2016.)
-
-In practice, this means only what's in the commit below: we've removed 0.8 from
-our continuous integration test matrix below, and will no longer be habitually
-testing changes under Node 0.8. We may also give ourselves permission to use
-`setImmediate()` in test code. However, since the project still supports
-Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015
-functionality will land anytime soon.
-
-Looking forward, the team's current plan is to drop support for Node.js 0.10
-when its LTS maintenance window expires in October, 2016, and 0.12 when its
-maintenance / LTS window ends at the end of 2016. We will also drop support for
-Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the
-October-December 2016 timeframe.
-
-(Confused about Node.js's LTS policy? [Don't
-be!](https://github.com/nodejs/LTS) If you look at [this
-diagram](https://github.com/nodejs/LTS/blob/ce364a94b0e0619eba570cd57be396573e1ef889/schedule.png),
-it should make all of the preceding clear.)
-
-If, in practice, this doesn't work with distribution packagers or other
-community stakeholders responsible for packaging and distributing Node.js and
-npm, please reach out to us. Aligning the npm CLI's LTS policy with Node's
-helps everybody minimize the amount of work they need to do, and since all of
-our teams are small and very busy, this is somewhere between a necessity and
-non-negotiable.
-
-* [`d6afd5f`](https://github.com/npm/npm/commit/d6afd5ffb1b19e5d94aeee666afcb8adaced58db)
- Remove 0.8 from the Node.js testing matrix, and reorder to match real-world
- priority, with comments. ([@othiym23](https://github.com/othiym23))
-
-### v3.10.0 (2016-06-16):
-
-Do we have a release for you! We have our first new lifecycle since
-`version`, a new progress bar and a bunch of bug fixes.
-[I'm](https://github.com/iarna) really excited about this release, let me
-tell you!!
-
-#### DANGER: PUBLISHING ON NODE 6.0.0
-
-Publishing and packing are buggy under Node versions greater than 6.0.0.
-Please use Node.js LTS (4.4.x) to publish packages. See
-[#5082](https://github.com/npm/npm/issues/5082) for details and current
-status.
-
-* [`4e52cef`](https://github.com/npm/npm/commit/4e52cef3d4170c8abab98149666ec599f8363233)
- [#13077](https://github.com/npm/npm/pull/13077)
- Warn when using Node 6+.
+* [`52fdefd`](https://github.com/npm/npm/commit/52fdefddb48f0c39c6e8eb4c118eb306c9436117)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Warn when running `prepublish` on `npm pack`.
([@othiym23](https://github.com/othiym23))
+* [`4c2a948`](https://github.com/npm/npm/commit/4c2a9481b564cae3df3f4643766db4b987018a7b) [`a55bd65`](https://github.com/npm/npm/commit/a55bd651284552b93f7d972a2e944f65c1aa6c35)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Added `prepublish` warnings to `npm install`.
+ ([@zkat](https://github.com/zkat))
+* [`c27412b`](https://github.com/npm/npm/commit/c27412bb9fc7b09f7707c7d9ad23128959ae1abc)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Replace `prepublish` with `prepare` in `npm help package.json` documentation.
+ ([@zkat](https://github.com/zkat))
-#### NEW LIFECYCLE SCRIPT: `shrinkwrap`
-
-* [`e8c80f2`](https://github.com/npm/npm/commit/e8c80f20bfd5d1618e85dbab41660d6f3e5ce405)
- [#10744](https://github.com/npm/npm/issues/10744)
- You can now add `preshrinkwrap`, `shrinkwrap` and `postshrinkwrap` to your `package.json`
- scripts section. They are run when you run `npm shrinkwrap` or `npm install --save` with
- an `npm-shrinkwrap.json` present in your module directory.
-
- `preshrinkwrap` and `shrinkwrap` is run prior to generating the new `npm-shrinkwrap.json`
- and `postshrinkwrap` is run after.
- ([@SimenB](https://github.com/SimenB))
-
-#### NEW PROGRESS BAR
-
-
-
-We have a new progress bar and a bunch of related improvements!
-
-##### BLOCKING BLOCKING
-
-**!!WARNING!!** As a part of this change we now explicitly set
-`process.stdout` and `process.stderr` to be _blocking_ if they are ttys,
-using [set-blocking](https://www.npmjs.com/package/set-blocking). This is
-necessary to ensure that we can fully erase the progress bar before we start
-writing other things out to the console.
-
-Prior to Node.js 6.0.0, they were already blocking on Windows, and MacOS.
-Meanwhile, on Linux they were always non-blocking but had large (64kb)
-buffers, which largely made this a non-issue there. Starting with Node.js
-6.0.0 they became non-blocking on MacOS and that caused some unexpected
-issues (see [nodejs/node#6456](https://github.com/nodejs/node/issues/6456)).
-
-If you are a Linux user, it's plausible that this might have a performance
-impact if your terminal can't keep up with output rate. If you experience
-this, we want to know! Please [file an
-issue](https://github.com/npm/npm/issues/new) at our issue tracker.
-
-##### BETTER LAYOUT
-
-Let's start by talking about what goes into the new progress bar:
-
-```
-⸨░░░░░░░░░░⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠹ loadExtraneous: verb afterAdd /Users/rebecca/.npm/null/0.0.0/package/package.json written
- ↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ ↑ ‾‾‾‾‾‾‾‾‾↑‾‾‾‾ ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
- percent complete spinner current thing we're doing most recent log line
-```
-
-The _spinner_ is intended as an activity indicator–it moves whenever
-npm sends something to its logs. It also spins at a constant speed while
-waiting on the network.
-
-The _current thing we're doing_ relates to how we track how much work has
-been done. It's the name of the unit of work we most recently started or
-completed some of. Sometimes these names are more obvious than others and
-that's something we'll look at improving over time.
+#### NO MORE PARTIAL SHRINKWRAPS (**BREAKING**)
-And finally, the _most recent log line_ is exactly that, it's the most
-recent line that you would have seen if you were running with
-`--loglevel=silly` or were watching the `npm-debug.log`. These are written
-to be useful to the npm developers above all else, so they may sometimes be
-a little cryptic.
+That's right. No more partial shrinkwraps. That means that if you have an
+`npm-shrinkwrap.json` in your project, npm will no longer install anything that
+isn't explicitly listed there, unless it's a `devDependency`. This will open
+doors to some nice optimizations and make use of `npm shrinkwrap` just generally
+smoother by removing some awful corner cases. We will also skip `devDependency`
+installation from `package.json` if you added `devDependencies` to your
+shrinkwrap by using `npm shrinkwrap --dev`.
-* [`6789978`](https://github.com/npm/npm/commit/6789978ab0713f67928177a9109fed43953ccbda)
- [#13075](https://github.com/npm/npm/pull/13075)
- `npmlog@3.1.2`: Update to the latest npmlog, which includes the new and
- improved progress bar layout.
+* [`b7dfae8`](https://github.com/npm/npm/commit/b7dfae8fd4dc0456605f7a921d20a829afd50864)
+ [#14327](https://github.com/npm/npm/pull/14327)
+ Use `readShrinkwrap` to read top level shrinkwrap. There's no reason for npm
+ to be doing its own bespoke heirloom-grade artisanal thing here.
+ ([@iarna](https://github.com/iarna))
+* [`0ae1f4b`](https://github.com/npm/npm/commit/0ae1f4b9d83af2d093974beb33f26d77fcc95bb9) [`4a54997`](https://github.com/npm/npm/commit/4a549970dc818d78b6de97728af08a1edb5ae7f0) [`f22a1ae`](https://github.com/npm/npm/commit/f22a1ae54b5d47f1a056a6e70868013ebaf66b79) [`3f61189`](https://github.com/npm/npm/commit/3f61189cb3843fee9f54288fefa95ade9cace066)
+ [#14327](https://github.com/npm/npm/pull/14327)
+ Treat shrinkwrap as canonical. That is, don't try to fill in for partial
+ shrinkwraps. Partial shrinkwraps should produce partial installs. If your
+ shrinkwrap contains NO `devDependencies` then we'll still try to install them
+ from your `package.json` instead of assuming you NEVER want `devDependencies`.
([@iarna](https://github.com/iarna))
-##### MORE PERFORMANT
-
-The underlying code for the progress bar was rewritten, in part with
-performance in mind. Previously whenever you updated the progress bar it
-would check an internal variable for how long it had been since the last
-update and if it had been long enough, it would print out what you gave it.
-With the new progress bar we do updates at a fixed interval (with
-`setInterval`) and "updating" the progress bar just updates some variables
-that will be used when the next tick of the progress bar happens. Currently
-progress bar updates happen every 50ms, although that's open to tuning.
-
-##### WIDE(R) COMPATIBILITY
-
-I spent a lot of time working our Unicode support. There were a few issues
-that plagued us:
-
-Previously one of the characters we used was _ambiguous width_ which means
-that it was possible to configure your terminal to display it as _full
-width_. If you did this, the output would be broken because we assumed it
-was a _half width_ character. We no longer use any of these characters.
-
-Previously, we defaulted to using Unicode on Windows. This isn't a safe
-assumption, however, as folks in non-US locales often use other code pages
-for their terminals. Windows doesn't provide* any facility available to
-Node.js for determining the current code page, so we no longer try to use
-Unicode on Windows.
-
-_\* The facilities it does provide are a command line tool and a windows
-system call. The former isn't satisfactory for speed reasons and the latter
-can't be accessed from a JS-only Node.js program._
+#### `npm tag` REMOVED (**BREAKING**)
-##### FOR THE FUTURE: THEMES
+* [`94255da`](https://github.com/npm/npm/commit/94255da8ffc2d9ed6a0434001a643c1ad82fa483)
+ [#14328](https://github.com/npm/npm/pull/14328)
+ Remove deprecated tag command. Folks must use the `dist-tag` command from now
+ on.
+ ([@iarna](https://github.com/iarna))
-The new version of the progress bar library supports plugable themes. Adding
-support to npm shouldn't be too difficult. The built in themes are:
+#### NON-ZERO EXIT CODE ON OUTDATED DEPENDENCIES (**BREAKING**)
-* `ASCII` – The fallback theme which is always available.
-* `colorASCII` – Inverts the color of the completed portion of the progress
- bar. The default on Windows and usually on Linux. (Color support is
- determined by looking at the `TERM` environment variable.)
-* `brailleSpinner` – A braille based spinner and other unicode enhancements. MacOS only.
-* `colorBrailleSpinner` – The default on MacOS, a combination of the above two.
+* [`40a04d8`](https://github.com/npm/npm/commit/40a04d888d10a5952d5ca4080f2f5d2339d2038a) [`e2fa18d`](https://github.com/npm/npm/commit/e2fa18d9f7904eb048db7280b40787cb2cdf87b3) [`3ee3948`](https://github.com/npm/npm/commit/3ee39488b74c7d35fbb5c14295e33b5a77578104) [`3fa25d0`](https://github.com/npm/npm/commit/3fa25d02a8ff07c42c595f84ae4821bc9ee908df)
+ [#14013](https://github.com/npm/npm/pull/14013)
+ Do `exit 1` if any outdated dependencies are found by `npm outdated`.
+ ([@watilde](https://github.com/watilde))
+* [`c81838a`](https://github.com/npm/npm/commit/c81838ae96b253f4b1ac66af619317a3a9da418e)
+ [#14013](https://github.com/npm/npm/pull/14013)
+ Log non-zero exit codes at `verbose` level -- this isn't something command
+ line tools tend to do. It's generally the shell's job to display, if at all.
+ ([@zkat](https://github.com/zkat))
-##### LESS GARBLED OUTPUT
+#### SEND EXTRA HEADERS TO REGISTRY
-As a part of landing this I've also taken the opportunity to more
-systematically disable the progress bar prior to printing to `stdout` or
-running external commands (in particular: git). This should ensure that the
-progress bar doesn't get left on screen after something else prints
-something. We also are now much more zealous about erasing the progress bar
-on exit, so if you `Ctrl-C` out of an install we'll still cleanup the
-progress bar.
+For the purposes of supporting shiny new registry features, we've started
+sending `Npm-Scope` and `Npm-In-CI` headers in outgoing requests.
-* [`63f153c`](https://github.com/npm/npm/commit/63f153c743f9354376bfb9dad42bd028a320fd1f)
- [#13075](https://github.com/npm/npm/pull/13075)
- Consistently make sure that the progress bar is hidden before we try to
- write to stdout.
+* [`846f61c`](https://github.com/npm/npm/commit/846f61c1dd4a033f77aa736ab01c27ae6724fe1c)
+ [npm/npm-registry-client#145](https://github.com/npm/npm-registry-client/pull/145)
+ `npm-registry-client@7.3.0`:
+ * Allow npm to add headers to outgoing requests.
+ * Add `Npm-In-CI` header that reports whether we're running in CI.
([@iarna](https://github.com/iarna))
-* [`8da79fa`](https://github.com/npm/npm/commit/8da79fa60de4972dca406887623d4e430d1609a1)
- [#13075](https://github.com/npm/npm/pull/13075)
- Be more methodical about disabling progress bars before running external
- commands.
+* [`6b6bb08`](https://github.com/npm/npm/commit/6b6bb08af661221224a81df8adb0b72019ca3e11)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Send `Npm-Scope` header along with requests to registry. `Npm-Scope` is set to
+ the `@scope` of the current top level project. This will allow registries to
+ implement user/scope-aware features and services.
([@iarna](https://github.com/iarna))
-
-#### REPLACE `process.nextTick` WITH `asap` ASAP
-
-* [`5873b56`](https://github.com/npm/npm/commit/5873b56cb315437dfe97e747811c0b9c297bfd38)
- [`254ad7e`](https://github.com/npm/npm/commit/254ad7e38f978b81046d242297fe8b122bfb5852)
- [#12754](https://github.com/npm/npm/issues/12754)
- Use `asap` in preference over `process.nextTick` to avoid recursion warnings.
- Under the hood `asap` uses `setImmediate` when available and falls back to
- `process.nextTick` when it's not. Versions of node that don't support
- `setImmediate` have a version of `process.nextTick` that actually behaves
- like the current `setImmediate`.
- ([@lxe](https://github.com/lxe))
-
-#### FIXES AND REFACTORING
-
-Sometimes the installer would get it into its head that it could move or
-remove things that it really shouldn't have. While the reproducers for this were
-often a bit complicated (the core reproducer involved five symlinks(!)), it turns
-out this is an easy scenario to end up in if your project has a bunch of small
-modules and you're linking them while developing them.
-
-Fixing this ended up involving doing an important and overdue rewrite of how
-the installer keeps track of (and interrogates) the relationships between
-modules. This likely fixes other related bugs, and in the coming weeks
-we'll verify and close them as we find them. There are a whole slew of
-commits related to this rewrite, and if you'd like to learn more check
-out the PR where I describe what I did in detail: [#12775](https://github.com/npm/npm/pull/12775)
-
-* [`8f3e111`](https://github.com/npm/npm/commit/8f3e111fdd2ce7824864f77b04e5206bdaf961a1)
- [`c0b0ed1`](https://github.com/npm/npm/commit/c0b0ed1e9945c01b2e68bf22af3fe4005aa4bcd4)
- [#10800](https://github.com/npm/npm/issues/10800)
- Remove install pruning stage–this was obsoleted by making the installer keep
- itself up to date as it goes along. This is NOT related to `npm prune`.
+* [`506de80`](https://github.com/npm/npm/commit/506de80dc0a0576ec2aab0ed8dc3eef3c1dabc23)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Add test to ensure `Npm-In-CI` header is being sent when CI is set in env.
([@iarna](https://github.com/iarna))
-#### MAKE OUTDATED MORE WIDELY LEGIBLE
-
-* [`21c60e9`](https://github.com/npm/npm/commit/21c60e9bb56d47da17b79681f2142b3dcf4c804b)
- [#12843](https://github.com/npm/npm/pull/12843)
- In `npm outdated, stop coloring the _Location_ and _Package Type_ columns.
- Previously they were colored dark gray, which was hard to read for some
- users.
- ([@tribou](https://github.com/tribou))
-
-#### DOCUMENTATION UPDATE
+#### BUGFIXES
-* [`eb0a72e`](https://github.com/npm/npm/commit/eb0a72eb95862c1d0d41a259d138ab601d538793)
- [#12983](https://github.com/npm/npm/pull/12983)
- Describe how to run the lifecycle scripts of dependencies. How you do
- this changed with `npm` v2.
- ([@Tapppi](https://github.com/Tapppi))
+* [`bc84012`](https://github.com/npm/npm/commit/bc84012c2c615024b08868acbd8df53a7ca8d146)
+ [#14117](https://github.com/npm/npm/pull/14117)
+ Fixes a bug where installing a shrinkwrapped package would fail if the
+ platform failed to install an optional dependency included in the shrinkwrap.
+ ([@watilde](https://github.com/watilde))
+* [`a40b32d`](https://github.com/npm/npm/commit/a40b32dc7fe18f007a672219a12d6fecef800f9d)
+ [#13519](https://github.com/npm/npm/pull/13519)
+ If a package has malformed metadata, `node.requiredBy` is sometimes missing.
+ Stop crashing when that happens.
+ ([@creationix](https://github.com/creationix))
-### DEPENDENCY UPDATES
+#### OTHER PATCHES
-* [`da743dc`](https://github.com/npm/npm/commit/da743dc2153fed8baca3dada611b188f53ab5931)
- `which@1.2.10`:
- Fix bug where unnecessary special case path handling for Windows could
- produce unexpected results on Unix systems.
- ([@isaacs](https://github.com/isaacs))
-* [`4533bd5`](https://github.com/npm/npm/commit/4533bd501d54aeedfec3884f4fd54e8c2edd6020)
- `npm-user-validate@0.1.4`:
- Validate the length of usernames.
- ([@aredridel](https://github.com/aredridel))
-* [`4a18922`](https://github.com/npm/npm/commit/4a18922e56f9dc902fbb4daa8f5fafa4a1b89376)
- `glob@7.0.4`:
- Fixes issues with Node 6 and "long or excessively symlink-looping paths".
- ([@isaacs](https://github.com/isaacs))
-* [`257fe11`](https://github.com/npm/npm/commit/257fe11052987e5cfec2abdf52392dd95a6c6ef3)
- `npm-package-arg@4.2.0`:
- Add `escapedName` to the result. It is suitable for passing through to a
- registry without further processing.
- ([@nexdrew](https://github.com/nexdrew))
-* [`dda3ca7`](https://github.com/npm/npm/commit/dda3ca70f74879106589ef29e167c8b91ef5aa4c)
- `wrappy@1.0.2`
+* [`643dae2`](https://github.com/npm/npm/commit/643dae2197c56f1c725ecc6539786bf82962d0fe)
+ [#14244](https://github.com/npm/npm/pull/14244)
+ Remove some ancient aliases that we'd rather not have around.
([@zkat](https://github.com/zkat))
-* [`25f1db5`](https://github.com/npm/npm/commit/25f1db504d0fd8c97211835f0027027fe95e0ef3)
- `readable-stream@2.1.4`
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-* [`9d64fe6`](https://github.com/npm/npm/commit/9d64fe676ebc6949c687ffb85bd93eca3137fc0d)
- `abbrev@1.0.9`
- ([@isaacs](https://github.com/isaacs))
-
-### v3.9.6 (2016-06-02):
-
-#### SMALL OUTPUT TWEAK
-
-* [`0bdc9d1`](https://github.com/npm/npm/commit/0bdc9d13b73df07e63a58470ea001fda490e5869)
- [#12879](https://github.com/npm/npm/pull/12879)
- The usage output for npm commands was somehow under the impression that
- the singular form of `aliases` is `aliase`. This has been corrected to show
- `alias` instead.
- ([@intelliot](https://github.com/intelliot))
-
-#### DOC UPDATES
-
-* [`f771b49`](https://github.com/npm/npm/commit/f771b49f5d65bbef540c231fbfcca71cacdce4db)
- [#12933](https://github.com/npm/npm/pull/12933)
- Add `config.gypi` to list of files that are always ignored in the
- `package.json` manpage.
- ([@Jokero](https://github.com/Jokero))
-
-#### DEPENDENCY UPDATES
-
-* [`61c1d9c`](https://github.com/npm/npm/commit/61c1d9cd4b2296bd41d55a5c58e35ca5f028b9bc)
- [#12926](https://github.com/npm/npm/pull/12926)
- Removed unused dependency `lodash.isarray`.
- ([@mmalecki](https://github.com/mmalecki))
-* [`168ed28`](https://github.com/npm/npm/commit/168ed2834b2c6db8bb39f81baadc0bf275807328)
- [#12926](https://github.com/npm/npm/pull/12926)
- Removed unused dependency `lodash.keys`.
- ([@mmalecki](https://github.com/mmalecki))
-
-### v3.9.5 (2016-05-27):
-
-Just a quick point release. We had an issue where I (Kat) included the
-`.nyc_output/` directory in `npm@3.9.3` and `npm@3.9.4`. The issue got reported
-right after that second release
-([`#12873`](https://github.com/npm/npm/issues/12873)), and now there's this
-small point release that's there to fix the issue sooner.
-
-* [`f96aea0`](https://github.com/npm/npm/commit/f96aea085be981cdb59bd09f16da40717426f981)
- [#12878](https://github.com/npm/npm/pull/12878)
- Ignore `.nyc_output` to avoid an accidental publish or commit filled with
- code coverage data.
- ([@TheAlphaNerd](https://github.com/TheAlphaNerd))
-
-### v3.9.4 (2016-05-26):
-
-Hey all! It's that time again!
-
-This week continues our current `big-bug` squashing push, although there's none
-that are ready to release quite yet -- we're working on it!
-
-It's also worth noting that we're entering the main part of conference season,
-so you can probably expect a bit of a dev slowdown as a lot of us wombats attend
-or speak at the various conferences. Remember [npm.camp](npm.camp) is happening
-in 2 months and the lineup is looking pretty great! Tickets are still on sale.
-Come hang out with us! WOO FUN! 🎉😸
-
-#### BUGFIX
-
-* [`cac0038`](https://github.com/npm/npm/commit/cac0038868b18295f9f299e762e20034f32a3e11)
- [#12845](https://github.com/npm/npm/pull/12845)
- Progress bar during tarball packing now prints `pack:packagename` instead of
- `pack:[object Object]`.
+* [`bdeac3e`](https://github.com/npm/npm/commit/bdeac3e0fb226e4777d4be5cd3c3bec8231c8044)
+ [#14230](https://github.com/npm/npm/pull/14230)
+ Detect unsupported Node.js versions and warn about it. Also error on really
+ old versions where we know we can't work.
([@iarna](https://github.com/iarna))
#### DOC UPDATES
-* [`0b81622`](https://github.com/npm/npm/commit/0b816225c743c9203db5d92fb4dd3a9293833298)
- [#12840](https://github.com/npm/npm/pull/12840)
- Remove sexualized language from comment in code.
- ([@geek](https://github.com/geek))
-* [`d6dff24`](https://github.com/npm/npm/commit/d6dff2481cb587c392f22afb893ac3136371a64c)
- [#12802](https://github.com/npm/npm/pull/12802)
- Small grammar fix in `cli/npm.md`.
- ([@andresilveira](https://github.com/andresilveira))
-* [`cb38e0f`](https://github.com/npm/npm/commit/cb38e0fff82a6c1c110026b95b07a8c32e27ec01)
- [#12782](https://github.com/npm/npm/pull/12782)
- Documents that `NOTICE` files started getting included after
- [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17).
- ([@SimenB](https://github.com/SimenB))
-* [`70a3ae4`](https://github.com/npm/npm/commit/70a3ae4d4ec76b3ec51f00bf5261f1147829f9fe)
- [#12776](https://github.com/npm/npm/pull/12776)
- `npm run-script` used to have a `` argument that allowed you to target
- specific packages' scripts. This was removed as one of the breaking changes
- for `npm@2`.
- This patch removes a mention of that argument, which really doesn't exist
- anymore.
- ([@fibo](https://github.com/fibo))
-
-#### DEP UPDATES
-
-* [`4a4470d`](https://github.com/npm/npm/commit/4a4470ddd1d9b0b62cb94f3bff5ab6b8e6db527a)
- `aproba@1.0.3`
+* [`9ca18ad`](https://github.com/npm/npm/commit/9ca18ada7cc1c10b2d32bbb59d5a99dd1c743109)
+ [#13746](https://github.com/npm/npm/pull/13746)
+ Updated docs for `npm search` options.
+ ([@zkat](https://github.com/zkat))
+* [`e02a47f`](https://github.com/npm/npm/commit/e02a47f9698ff082488dc2b1738afabb0912793e)
+ Move the `npm@3` changelog into the archived changelogs directory.
+ ([@zkat](https://github.com/zkat))
+* [`c12bbf8`](https://github.com/npm/npm/commit/c12bbf8c5a5dff24a191b66ac638f552bfb76601)
+ [#14290](https://github.com/npm/npm/pull/14290)
+ Document prepublish-on-install deprecation.
+ ([@othiym23](https://github.com/othiym23))
+* [`c246a75`](https://github.com/npm/npm/commit/c246a75ac8697f4ca11d316b7e7db5f24af7972b)
+ [#14129](https://github.com/npm/npm/pull/14129)
+ Document headers added by npm to outgoing registry requests.
([@iarna](https://github.com/iarna))
-#### TEST IMPROVEMENTS
-
-So it turns out, `t.comment` in `tap` is actually pretty nice!
-There's also a couple other test improvements by Rebecca landing here.
-
-* [`9fd04dd`](https://github.com/npm/npm/commit/9fd04dd6be493465d7ac5f14dd9328e66069c1bf)
- [#12851](https://github.com/npm/npm/pull/12851)
- Rewrite `shrinkwrap-prod-dependency-also` test to use `common.npm`
- ([@iarna](https://github.com/iarna))
-* [`3bc4a8e`](https://github.com/npm/npm/commit/3bc4a8ee58cb0e0adc84b4f135330f2b1e20d992)
- [#12851](https://github.com/npm/npm/pull/12851)
- Clean up `rm-linked` test.
- ([@iarna](https://github.com/iarna))
-* [`bf7f7f2`](https://github.com/npm/npm/commit/bf7f7f273a794f7573bbbc84b1c216fdcd9e0ef9)
- [#12851](https://github.com/npm/npm/pull/12851)
- Clean up `outdated-symlink` test.
- ([@iarna](https://github.com/iarna))
-* [`ca0baa4`](https://github.com/npm/npm/commit/ca0baa4dac85b1df4e26ef0c73d39314ca6858ca)
- [#12851](https://github.com/npm/npm/pull/12851)
- Improve diagnostics for `shrinkwrap-scoped-auth` test.
- ([@iarna](https://github.com/iarna))
-* [`fbec9fd`](https://github.com/npm/npm/commit/fbec9fd5bb0abce589120d14c1f2b03b58cecce1)
- [#12851](https://github.com/npm/npm/pull/12851)
- Rewrite `shrinkwrap-dev-dependency` test to use `common.npm`.
- ([@iarna](https://github.com/iarna))
-
-### v3.9.3 (2016-05-19):
-
-This week continues our `big-bug` squashing adventure! Things are churning along
-nicely, and we've gotten a lot of fantastic contributions from the community.
-Please keep it up!
-
-A quick note on last week's release: We had a small `npm shrinkwrap`-related
-crasher in `npm@3.9.1`, so once this release goes out, `v3.9.2` is going to be
-`npm@latest`. Please update if you ended up in with that previous version!
-
-Remember we have a weekly team meeting, and you can [suggest agenda items in the
-GitHub issue](https://github.com/npm/npm/issues/12761). Keep an eye out for the
-`#npmweekly` tag on Twitter, too, and join the conversation! We'll do our best
-to address questions y'all send us. ✌
-
-#### FIXES
-
-* [`42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d)
- [#12685](https://github.com/npm/npm/pull/12685)
- When using `npm ls ` without a semver specifier, `npm ls` would skip
- any packages in your tree that matched by name, but had a prerelease version
- in their `package.json`. This patch fixes it so `npm ls` does a simple name
- match unless you use the `npm ls @` format.
- ([@zkat](https://github.com/zkat))
-* [`c698ae6`](https://github.com/npm/npm/commit/c698ae666afc92fbc0fcba3c082cfa9b34a4420d)
- [#12685](https://github.com/npm/npm/pull/12685)
- Added some tests for more basic `npm ls` functionality.
- ([@zkat](https://github.com/zkat))
-
-### NOTABLE DEPENDENCY UPDATES
-
-* [`3a6fe23`](https://github.com/npm/npm/commit/3a6fe2373c45e80a1f28aaf176d552f6f97cf131)
- [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17)
- `fstream-npm@1.1.0`:
- `fstream-npm` always includes NOTICE files now.
- ([@kemitchell](https://github.com/kemitchell))
-* [`df04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd)
- [#10013](https://github.com/npm/npm/issues/10013)
- `read-package-tree@5.1.4`:
- Fixes an issue where `npm install` would fail if your `node_modules` was
- symlinked.
- ([@iarna](https://github.com/iarna))
-* [`584676f`](https://github.com/npm/npm/commit/584676f85eaebcb9d6c4d70d2ad320be8a8d6a74)
- [npm/init-package-json#62](https://github.com/npm/init-package-json/pull/62)
- `init-package-json@1.9.4`:
- Stop using `package` for a variable, which defeats some bundlers and linters.
- ([@adius](https://github.com/adius))
-* [`935a7e3`](https://github.com/npm/npm/commit/935a7e359535e13924934811b77924cbad82619a)
- `readable-stream@2.1.3`:
- Node 6 build and buffer-related updates.
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-
-#### OTHER DEPENDENCY UPDATES
-
-* [`4c4609e`](https://github.com/npm/npm/commit/4c4609ea49e77303f9d72af6757620e6b3a9a6a9)
- `inflight@1.0.5`
- ([@zkat](https://github.com/zkat))
-* [`7a3030d`](https://github.com/npm/npm/commit/7a3030d3d44ea2136425f72950ba22e6efd441d9)
- `hosted-git-info@2.1.5`
- ([@zkat](https://github.com/zkat))
-* [`5ed4b58`](https://github.com/npm/npm/commit/5ed4b58409eeb134bca1c96252682fd7600d9906)
- `which@1.2.9`
- ([@isaacs](https://github.com/isaacs))
-
-### v3.9.2 (2016-05-17)
-
-This is a quick patch release. The previous release, 3.9.1, introduced a
-bug where npm would crash given a combination of specific package tree on
-disk and a shrinkwrap.
-
-* [`cde367f`](https://github.com/npm/npm/commit/cde367fbb6eebc5db68a44b12a5c7bea158d70db)
- [#12724](https://github.com/npm/npm/issues/12724)
- Fix crasher when inflating shrinkwraps with packages on disk that were
- installed by older npm versions.
- ([@iarna](https://github.com/iarna))
-
-### v3.9.1 (2016-05-12)
-
-HI all! We have bug fixes to a couple of the hairy corners of `npm`, in the
-form of shrinkwraps and bundled dependencies. Plus some documentation improvements
-and our lodash deps bot a bump.
-
-This is our first week really focused on getting the
-[big bugs](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label:big-bug)
-list down. Our work from this week will be landing next week, and I can't
-wait to tell you about that! (It's about symlinks!)
-
-#### SHRINKWRAP FIX
-
-* [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f)
- [#12372](https://github.com/npm/npm/issues/12372)
- Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install`
- would not get up the updated package. This corrects that.
- ([@misterbyrne](https://github.com/misterbyrne))
-
-#### BUNDLED DEPENDENCIES FIX
-
-* [`d0c6d19`](https://github.com/npm/npm/commit/d0c6d194471be8ce3e7b41b744b24f63dd1a3f6f)
- [#12476](https://github.com/npm/npm/pull/12476)
- Protects against a crasher when a bundled dep is missing a package.json.
- ([@dflupu](https://github.com/dflupu))
-
-#### DOCS IMPROVEMENTS
-
-* [`6699aa5`](https://github.com/npm/npm/commit/6699aa53c0a729cfc921ac1d8107c320e5a5ac95)
- [#12585](https://github.com/npm/npm/pull/12585)
- Document that engineStrict is quite gone. Not "deprecated" so much as "extirpated".
- ([@othiym23](https://github.com/othiym23))
-* [`7a41a84`](https://github.com/npm/npm/commit/7a41a84b655be3204d2e80848278a510e42c80e7)
- [#12636](https://github.com/npm/npm/pull/12636)
- Improve `npm-scripts` documentation regarding when `node-gyp` is used.
- ([@reconbot](https://github.com/reconbot))
-* [`4c4b4ba`](https://github.com/npm/npm/commit/4c4b4badf09b9b50cdca85314429a0111bb35cb1)
- [#12586](https://github.com/npm/npm/pull/12586)
- Correct `package.json` documentation as to when `node-gyp rebuild` called.
- This now matches https://docs.npmjs.com/misc/scripts#default-values
- ([@reconbot](https://github.com/reconbot))
-
-#### DEPENDENCY UPDATES
-
-* [`cfa797f`](https://github.com/npm/npm/commit/cfa797fedd34696d45b61e3ae0398407afece880)
- `lodash._baseuniq@4.6.0`
- ([@jdalton](https://github.com/jdalton))
-* [`ab6f180`](https://github.com/npm/npm/commit/ab6f1801971b513f9294b4b8902034ab402af02d)
- `lodash.keys@4.0.7`
- ([@jdalton](https://github.com/jdalton))
-* [`4b8d8b6`](https://github.com/npm/npm/commit/4b8d8b63e760a8aa03e8bffa974495dfafbfcb06)
- `lodash.union@4.4.0`
- ([@jdalton](https://github.com/jdalton))
-* [`46099d3`](https://github.com/npm/npm/commit/46099d34542760098e5d13c7468a405a724ca407)
- `lodash.uniq@4.3.0`
- ([@jdalton](https://github.com/jdalton))
-* [`fff89c6`](https://github.com/npm/npm/commit/fff89c6826c86e9e789adcc9c398385539306042)
- `lodash.without@4.2.0`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.9.0 (2016-05-05)
-
-Wow! This is a big release week! We've completed the fixes that let the
-test suite pass on Windows, plus more general bug fixes we found while
-fixing things on Windows. Plus a warning to help folks work around a common
-footgun. PLUS an improvement to how npm works with long cache timeouts.
-
-#### INFINITE CACHE A LITTLE BETTER
-
-* [`111ae3e`](https://github.com/npm/npm/commit/111ae3ec366ece7ebcf5988f5bc2a7cd70737dfe)
- [#8581](https://github.com/npm/npm/issues/8581)
- When a package is fetched from the cache which cannot satisfy the version
- requirements, an attempt to fetch it from the network is made. This is
- helpful for folks using high values for `--cache-min` who are willing to
- accept possibly not-the-most-recent modules in return for less network
- traffic.
- ([@Zirak](https://github.com/Zirak))
-
-#### WARNING: FOOTGUN
-
-* [`60b9a05`](https://github.com/npm/npm/commit/60b9a051aa46b8892fe63b3681839a6fd6642bfd)
- [#12475](https://github.com/npm/npm/pull/12475)
- Options can only start with ASCII dashes. Ordinarily this isn't a problem
- but many web documentation tools "helpfully" convert `--` into an emdash
- (–), or `-` into an endash (–). If you copy and paste from this documentation
- your commands won't work the way you expect. This adds a warning that tries
- to be a little more descriptive about why your command is failing.
- ([@iarna](https://github.com/iarna))
-
-#### WINDOWS CI
-
-We have [Windows CI](https://ci.appveyor.com/project/npm/npm) setup now! We still have to
-tweak it a little bit around paths to the git binaries, but it's otherwise ready!
-
-* [`bb5d6cb`](https://github.com/npm/npm/commit/bb5d6cbf46b2609243d3b384caadd196e665a797)
- [#11444](https://github.com/npm/npm/pull/11444)
- Add AppVeyor to CI matrix.
- ([@othiym23](https://github.com/othiym23))
-
-#### COVERAGE DATA
-
-Not only do our tests produce coverage reports after they run now, we also
-automatically [update Coveralls](https://coveralls.io/github/npm/npm) with
-results from [Travis CI](travis-ci.org/npm/npm) runs.
-
-* [`044cbab`](https://github.com/npm/npm/commit/044cbab0d49adeeb0d9310c64fee6c9759cc7428)
- [#11444](https://github.com/npm/npm/pull/11444)
- Enable coverage reporting for every test run.
- ([@othiym23](https://github.com/othiym23))
-
-#### EVERYONE BUGS
-
-* [`37c6a51`](https://github.com/npm/npm/commit/37c6a51c71b0feec8f639b3199a8a9172e58deec)
- [#12150](https://github.com/npm/npm/pull/12150)
- Ensure that 'npm cache ls' outputs real filenames. Previously it would
- sometimes double up the package name in the path it printed.
- ([@isaacs](https://github.com/isaacs))
-* [`d3ce0b2`](https://github.com/npm/npm/commit/d3ce0b253eb519375071aee29db4ee129dbcdf5c)
- [#11444](https://github.com/npm/npm/pull/11444)
- Fix unbuilding bins for scoped modules.
- ([@iarna](https://github.com/iarna))
-* [`e928a30`](https://github.com/npm/npm/commit/e928a30947477a09245f54e9381f46b97bee32d5)
- [#11444](https://github.com/npm/npm/pull/11444)
- Make handling of local modules (eg `npm install /path/to/my/module`) more
- consistent when saved to a `package.json`. There were bugs previously where
- it wouldn't consistently resolve relative paths in the same way.
- ([@iarna](https://github.com/iarna))
-* [`b820ed4`](https://github.com/npm/npm/commit/b820ed4fc04e21577fa66f7c9482b5ab002e7985)
- [#11444](https://github.com/npm/npm/pull/11444)
- Under certain circumstances the paths produced for linking, either
- relative or absolute, would end up basing off the wrong virtual cwd.
- This resulted in failures for `npm link` in this situations.
- ([@iarna](https://github.com/iarna))
-
-#### WINDOWS BUGS
-
-* [`7380425`](https://github.com/npm/npm/commit/7380425d810fb8bfc69405a9cbbdec19978a7bee)
- [#11444](https://github.com/npm/npm/pull/11444)
- Scoped module names were not being correctly inferred from the path on Windows.
- ([@zkat](https://github.com/zkat))
-* [`91fc24f`](https://github.com/npm/npm/commit/91fc24f2763c2e0591093099ffc866c735f27fde)
- [#11444](https://github.com/npm/npm/pull/11444)
- Explore with a command to run didn't work properly in Windows– it would pop open a new
- cmd window and leave it there.
- ([@iarna](https://github.com/iarna))
-
-#### WINDOWS REFACTORING
-
-* [`f07e643`](https://github.com/npm/npm/commit/f07e6430d4ca02f811138f6140a8bad927607a1f)
- [#11444](https://github.com/npm/npm/pull/11444)
- Move exec path escaping out to its own function. This turns out to be
- tricky to get right because how you escape commands to run on Windows via
- cmd is different then how you escape them at other times. Specifically,
- you HAVE to quote each directory segment that has a quote in it, that is:
- `C:\"Program Files"\MyApp\MyApp.exe` By contrast, if that were an argument
- to a command being run, you CAN'T DO quote it that way, instead you have
- to wrap the entire path in quotes, like so: `"C:\Program
- Files\MyApp\MyApp.exe"`.
- ([@iarna](https://github.com/iarna))
-* [`2e01d29`](https://github.com/npm/npm/commit/2e01d299f8244134b1aa040cab1b59c72c9df4da)
- [#11444](https://github.com/npm/npm/pull/11444)
- Create a single function for detecting if we're running on Windows (and
- using a Windows shell like cmd) and use this instead of doing it one-off
- all over the place.
- ([@iarna](https://github.com/iarna))
-
-#### FIX WINDOWS TESTS
-
-As I said before, our tests are passing on Windows! 🎉
-
-* [`ef0dd74`](https://github.com/npm/npm/commit/ef0dd74583be25c72343ed07d1127e4d0cc02df9)
- [#11444](https://github.com/npm/npm/pull/11444)
- The fruits of many weeks of labor, fix our tests to pass on Windows.
- ([@zkat](https://github.com/zkat))
- ([@iarna](https://github.com/iarna))
-
-#### DEPENDENCY UPDATES
-
-* [`8fccda8`](https://github.com/npm/npm/commit/8fccda8587209659c469ab55c608b0e2d7533530)
- [#11444](https://github.com/npm/npm/pull/11444)
- `normalize-git-url@3.0.2`:
- Fix file URLs on Windows.
- ([@zkat](https://github.com/zkat))
-* [`f53a154`](https://github.com/npm/npm/commit/f53a154df8e0696623e6a71f33e0a7c11a7555aa)
- `readable-stream@2.1.2`:
- When readable-stream is disabled, reuse result of `require('stream')`
- instead of calling it every time.
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-* [`02841cf`](https://github.com/npm/npm/commit/02841cfb81d6ba86f691ab43d9bbdac29aec27e7)
- [#11444](https://github.com/npm/npm/pull/11444)
- `realize-package-specifier@3.0.2`:
- Resolve local package paths relative to package root, not cwd.
- ([@zkat](https://github.com/zkat))
- ([@iarna](https://github.com/iarna))
-* [`247c1c5`](https://github.com/npm/npm/commit/247c1c5ae08c882c9232ca605731039168bae6ed)
- [#11444](https://github.com/npm/npm/pull/11444)
- `npm-package-arg@4.1.1`:
- Fix Windows file URIs with leading slashes.
- ([@zkat](https://github.com/zkat))
-* [`365c72b`](https://github.com/npm/npm/commit/365c72bc3ecd9e45f9649725dd635d5625219d8c)
- `which@1.2.8`
- ([@isaacs](https://github.com/isaacs))
-* [`e568caa`](https://github.com/npm/npm/commit/e568caabb8390a924ce1cfa51fc914ee6c1637a2)
- `graceful-fs@4.1.4`
- ([@isaacs](https://github.com/isaacs))
-* [`304b974`](https://github.com/npm/npm/commit/304b97434959a58f84383bcccc0357c51a4eb39a)
- [#11444](https://github.com/npm/npm/pull/11444)
- `standard@6.0.8`
- ([@feross](https://github.com/feross))
-
-### v3.8.9 (2016-04-28)
-
-Our biggest news this week is that we got the
-[Windows test suite passing](https://github.com/npm/npm/pull/11444)!
-It'll take a little longer to get it passing in our
-[Windows CI](https://ci.appveyor.com/project/npm/npm/) but that's coming
-soon too.
-
-That means we'll be shifting gears away from tests to fixing
-[Big Bugs™](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label%3Abig-bug) again.
-Join us at our [team meeting](https://github.com/npm/npm/issues/12517) next
-Tuesday to learn more about that.
-
-#### BUG FIXES AND REFACTORING
-
-* [`60da618`](https://github.com/npm/npm/commit/60da61862885fa904afba7d121860b4282a5b0df)
- [#12347](https://github.com/npm/npm/issues/12347)
- Fix a bug that could result in shrinkwraps missing the `resolved` field, which is
- necessary in producing a fully reproducible build.
- ([@sminnee](https://github.com/sminnee))
-* [`8597ba4`](https://github.com/npm/npm/commit/8597ba432e91245a1000953b612eb01308178bad)
- [#12009](https://github.com/npm/npm/issues/12009)
- Fix a bug in `npm view versions` that resulted in bad output if you
- didn't also pass in `--json`.
- ([@watilde](https://github.com/watilde))
-* [`20125f1`](https://github.com/npm/npm/commit/20125f19b96fd05af63f8c0bd243ffb25780279a)
- [`a53feac`](https://github.com/npm/npm/commit/a53feac2647f7dc4245f1700dfbdd1aba8745672)
- [`6cfbae4`](https://github.com/npm/npm/commit/6cfbae403abc3cf690565b09569f71cdd41a8372)
- [#12485](https://github.com/npm/npm/pull/12485)
- Refactor how the help summaries for commands are produced, such that we only have
- one list of command aliases.
- ([@watilde](https://github.com/watilde))
-* [`2ae210c`](https://github.com/npm/npm/commit/2ae210c76ab6fd15fcf15dc1808b01ca0b94fc9e)
- `read-package-json@2.0.4`:
- Fix a crash we discovered while fixing up the Windows test suite where if
- you had a file in your `node_modules` it would cause a crash on Windows
- (but not MacOS/Linux).
-
- This makes the error code you get on Windows match that from MacOS/Linux
- if you try to read a `package.json` from a path that includes a file, not
- a folder.
- ([@zkat](https://github.com/zkat))
-
-### v3.8.8 (2016-04-21)
-
-Hi all! Long time no see! We've been heads-down working through getting
-[our test suite passing on Windows](https://github.com/npm/npm/pull/11444).
-Did you know that we have
-[Windows CI](https://ci.appveyor.com/project/npm/npm) now running over at
-Appveyor? In the meantime, we've got a bunch of dependency updates, some
-nice documentation improvements and error messages when your `package.json`
-contains invalid JSON. (Yeah, I thought we did that last one before too!)
-
-#### BAD JSON IS BAD
-
-* [`769e620`](https://github.com/npm/npm/commit/769e6200722d8060b6769e47354032c51cfa85a1)
- [#12406](https://github.com/npm/npm/pull/12406)
- Failing to parse the top level `package.json` should be an error.
- ([@watilde](https://github.com/watilde))
-
-#### DOCUMENTATION
-
-* [`7d64301`](https://github.com/npm/npm/commit/7d643018af5051c920cc73f17bfe32b7ff86e108)
- [#12415](https://github.com/npm/npm/pull/12415)
- Clarify that when configuring client-side certificates for authenticating
- to non-npm registries that `cert` and `key` are not filesystem paths and should
- actually include the certificate and key data.
- ([@rvedotrc](https://github.com/rvedotrc))
-* [`f8539b8`](https://github.com/npm/npm/commit/f8539b8c986e81771ccc8ced7e716718423d3187)
- [#12324](https://github.com/npm/npm/pull/12324)
- Describe how `npm run` sets `NODE` and `PATH` in more detail.
- Note that `npm run` changes `PATH` to include the current node
- interpreter’s directory.
- ([@addaleax](https://github.com/addaleax))
-* [`2b57606`](https://github.com/npm/npm/commit/2b57606852a2c2a03e4c4b7dcda85b807619c2cf)
- [#11461](https://github.com/npm/npm/pull/11461)
- Clarify the documentation for the package.json homepage field.
- ([@stevemao](https://github.com/stevemao))
-
-#### TESTS
-
-* [`b5a0fbb`](https://github.com/npm/npm/commit/b5a0fbb9e1a2c4fb003dd748264571aa6e3c9e70)
- [#12329](https://github.com/npm/npm/pull/12329)
- Fix progress config testing to ignore local user configs.
- Previously, _any_ local setting would cause the tests to fail as
- they were trying to test what the default values for the progress
- bar would be in different environments and any explicit setting
- overrides those defaults.
- ([@iarna](https://github.com/iarna))
-* [`3d195bc`](https://github.com/npm/npm/commit/3d195bc0a72b40df02a5c56e4f3be44152e8222b)
- The lifecycle-signal test could crash on v0.8 due to its use of `Number.parseInt`, which
- isn't available in that version of node. Fortunately `global.parseInt` _is_, so
- we just use that instead.
- ([@iarna](https://github.com/iarna))
-
-#### DEPENDENCY UPDATES
-
-* [`05a28e3`](https://github.com/npm/npm/commit/05a28e38586082ac4bbf26ee6f863cc8d07054d6)
- `npm-package-arg@4.1.1`:
- Under some circumstances `file://` URLs on Windows were not handled correctly.
-
- Also, stop converting local module/tarballs into full paths in this
- module. We do already do that in `realize-package-specifier`, which is
- more appropriate as it knows what package we're installing relative to.
- ([@zkat](https://github.com/zkat))
-* [`ada2e93`](https://github.com/npm/npm/commit/ada2e93e8b276000150a9aa93fff69ec366e03d6)
- `realize-package-specifier@3.0.3`:
- Require the new `npm-package-arg`, plus fix a case where specifiers that were
- maybe a tag, maybe a local filename were resolved differently than those that were
- definitely a local filename.
- ([@zkat](https://github.com/zkat)) ([@iarna](https://github.com/iarna))
-* [`adc515b`](https://github.com/npm/npm/commit/adc515b22775871386cd62390079fb4bf8e1714a)
- `fs-vacuum@1.2.9`:
- A fix for AIX where a non-empty directory can cause `fs.rmDir` to fail with `EEXIST` instead of `ENOTEMPTY`
- and three new tests
- ([@richardlau](https://github.com/richardlau))
-
- Code cleanup, CI & dependency updates.
- ([@othiym23](https://github.com/othiym23))
-* [`ef53a46`](https://github.com/npm/npm/commit/ef53a46906ce872a4541b605dd42a563cc26e614)
- `tap@5.7.1`
- ([@isaacs](https://github.com/isaacs))
-* [`df1f2e4`](https://github.com/npm/npm/commit/df1f2e4838b4d7ea2ea2321a95ae868c0ec0a520)
- `request@2.72.0`:
- Fix crashes when response headers indicate gzipped content but the body is
- empty.
- Add support for the deflate content encoding.
- ([@simov](https://github.com/simov))
-* [`776c599`](https://github.com/npm/npm/commit/776c599b204632aca9d29fd92ea5c4f099fdea9f)
- `readable-stream@2.1.0`:
- Adds READABLE_STREAM env var that, if set to `disable`, will make
- `readable-stream` use the local native node streams instead.
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-* [`10d6d55`](https://github.com/npm/npm/commit/10d6d5547354fcf50e930c7932ba4d63c0b6009c)
- `normalize-git-url@3.0.2`:
- Add support `git+file://` type URLs.
- ([@zkat](https://github.com/zkat))
-* [`75017ae`](https://github.com/npm/npm/commit/75017aeecec69a1efd546df908aa5befc4467f36)
- `lodash.union@4.3.0`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.8.7 (2016-04-07)
-
-#### IMPROVED DIAGNOSTICS
-
-* [`38cf79f`](https://github.com/npm/npm/commit/38cf79ffa564ef5cb6677b476e06d0e45351592a)
- [#12083](https://github.com/npm/npm/pull/12083)
- If you `ignore-scripts` to disable lifecycles, this makes npm report when it skips running
- a script.
- ([@bfred-it](https://github.com/bfred-it))
-
-#### IMPROVE AUTO-INCLUDES
-
-* [`c615182`](https://github.com/npm/npm/commit/c615182c8b47e418338eb1317b99bb66987cda54)
- [#11995](https://github.com/npm/npm/pull/11995)
- There were bugs where modules whose names matched the special files that npm always
- includes would be included, for example, the `history` package was always included.
-
- With `npm@3` such extraneously bundled modules would not be ordinarily
- used, as things in `node_modules` in packages are ignored entirely if the
- package isn't marked as bundling modules.
-
- Because of this `npm@3` behavior, the `files-and-ignores` test failed to catch this as
- it was testing _install output_ not what got packed. That has also been fixed.
- ([@glenjamin](https://github.com/glenjamin))
-
-#### DOCUMENTATION UPDATES
-
-* [`823d9df`](https://github.com/npm/npm/commit/823d9dfa91d7086a26620f007aee4e3cd77b6153)
- [#12107](https://github.com/npm/npm/pull/12107)
- In the command summary for `adduser` mention that `login` is an alias.
- ([@gnerkus](https://github.com/gnerkus))
-* [`7aaf47e`](https://github.com/npm/npm/commit/7aaf47e124c45dde72c961638b770ee535fb2776)
- [#12244](https://github.com/npm/npm/pull/12244)
- Update the README to suggest npm@3 for Windows users. Also add a reference to
- [Microsoft's npm upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade).
- ([@felixrieseberg](https://github.com/felixrieseberg))
-
-#### DEPENDENCY UPDATES
-
-* [`486bbc0`](https://github.com/npm/npm/commit/486bbc0e1b101f847e890e6f1925dc8cb253cf3e)
- `request@2.70.0`
- ([@simov](https://github.com/simov))
-* [`b1aff34`](https://github.com/npm/npm/commit/b1aff346fc41f13e3306b437e1831942aacf2f54)
- `lodash.keys@4.0.6`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.8.6 (2016-03-31)
-
-Heeeeeey y'all.
-
-Kat here! Rebecca's been schmoozing with folks at [Microsoft
-Build](https://build.microsoft.com/), so I'm doing the `npm@3` release this
-week.
-
-Speaking of Build, it looks like Microsoft is doing some bash thing. This might
-be really good news for our Windows users once it rolls around. We're keeping an
-eye out and feeling hopeful. 🙆
-
-As far as the release goes: We're really happy to be getting more and more
-community contributions! Keep it up! We really appreciate folks trying to help
-us, and we'll do our best to help point you in the right direction. Even things
-like documentation are a huge help. And remember -- you get socks for it, too!
-
-#### FIXES
-
-* [`f8fb4d8`](https://github.com/npm/npm/commit/f8fb4d83923810eb78d075bd200a9376c64c3e3a)
- [#12079](https://github.com/npm/npm/pull/12079)
- Back in `npm@3.2.2` we included [a patch that made it so `npm install pkg` was
- basically `npm install pkg@latest` instead of
- `pkg@*`](https://github.com/npm/npm/pull/9170)
- This is probably what most users expected, but it also ended up [breaking `npm
- deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided
- for a package. In that case, we were using `*` to mean "deprecate all
- versions" and relying on the `pkg` -> `pkg@*` conversion.
- This patch fixes `npm deprecate pkg` to work as it used to by special casing
- that particular command's behavior.
- ([@polm](https://github.com/polm))
-* [`458f773`](https://github.com/npm/npm/commit/458f7734f3376aba0b6ff16d34a25892f7717e40)
- [#12146](https://github.com/npm/npm/pull/12146)
- Adds `make doc-clean` to `prepublish` script, to clear out previously built
- docs before publishing a new npm version
- ([@watilde](https://github.com/watilde))
-* [`f0d1521`](https://github.com/npm/npm/commit/f0d1521038e956b2197673f36c464684293ce99d)
- [#12146](https://github.com/npm/npm/pull/12146)
- Adds `doc-clean` phony target to `make publish`.
- ([@watilde](https://github.com/watilde))
-
-#### DOC UPDATES
-
-* [`ea92ffc`](https://github.com/npm/npm/commit/ea92ffc9dd2a063896353fc52c104e85ec061360)
- [#12147](https://github.com/npm/npm/pull/12147)
- Document that the current behavior of `engines` is just to warn if the node
- platform is incompatible.
- ([@reconbot](https://github.com/reconbot))
-* [`cd1ba44`](https://github.com/npm/npm/commit/cd1ba4423b3ca889c741141b95b0d9472b9f71ea)
- [#12143](https://github.com/npm/npm/pull/12143)
- Remove `npm faq` command, since the [FAQ was
- removed](https://github.com/npm/npm/pull/10547).
- ([@watilde](https://github.com/watilde))
-* [`50a12cb`](https://github.com/npm/npm/commit/50a12cb1f5f158af78d6962ad20ff0a98bc18f18)
- [#12143](https://github.com/npm/npm/pull/12143)
- Remove references to the FAQ from the docs, since [it was
- removed](https://github.com/npm/npm/pull/10547).
- ([@watilde](https://github.com/watilde))
-* [`60051c2`](https://github.com/npm/npm/commit/60051c25e2ab80c667137dfcd04b242eea25980e)
- [#12093](https://github.com/npm/npm/pull/12093)
- Update `bugs` url in `package.json` to use the `https` URL for Github.
- ([@watilde](https://github.com/watilde))
-* [`af30c37`](https://github.com/npm/npm/commit/af30c374ef22ed1a1c71b14fced7c4b8350e4e82)
- [#12075](https://github.com/npm/npm/pull/12075)
- Add the `--ignore-scripts` flag to the `npm install` docs.
- ([@paulirish](https://github.com/paulirish))
-* [`632b214`](https://github.com/npm/npm/commit/632b214b2f2450e844410792e5947e46844612ff)
- [#12063](https://github.com/npm/npm/pull/12063)
- Various minor fixes to the html docs homepage.
- ([@watilde](https://github.com/watilde))
-
-#### DEP BUMPS
-
-* [`3da0171`](https://github.com/npm/npm/commit/3da01716a0e41d6b5adee2b4fc70fcaf08c0eb24)
- `lodash.without@4.1.2`
- ([@jdalton](https://github.com/jdalton))
-* [`69ccf6d`](https://github.com/npm/npm/commit/69ccf6dd4caf95cd0628054307487cae1885acd0)
- `lodash.uniq@4.2.1`
- ([@jdalton](https://github.com/jdalton))
-* [`b50c41a`](https://github.com/npm/npm/commit/b50c41a9930dc5353a23c5ae2ff87bb99e11d482)
- `lodash.union@4.2.1`
- ([@jdalton](https://github.com/jdalton))
-* [`59c1ad7`](https://github.com/npm/npm/commit/59c1ad7b6f243d07618ed5703bd11d787732fc57)
- `lodash.clonedeep@4.3.2`
- ([@jdalton](https://github.com/jdalton))
-* [`2b4f797`](https://github.com/npm/npm/commit/2b4f797dba8e7a1376c8335b7223e82d02cd8243)
- `lodash._baseuniq@4.5.1`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.8.5 (2016-03-24)
-
-Like my esteemed colleague [@zkat](https://github.com/zkat) said in this
-week's [LTS release notes](https://github.com/npm/npm/releases/tag/v2.15.2),
-this week is another small release but we are continuing to work on our
-[Windows efforts](https://github.com/npm/npm/pull/11444).
-
-You may also be interested in reading the [LTS process and
-policy](https://github.com/npm/npm/wiki/LTS) that
-[@othiym23](https://github.com/othiym23) put together recently. If you have any
-feedback, we would love to hear.
-
-#### DOCTOR IT HURTS WHEN LINK TO MY LINK
-
-Well then, don't do that.
-
-* [`0d4a0b1`](https://github.com/npm/npm/commit/0d4a0b1)
- [#11442](https://github.com/npm/npm/pull/11442)
- Fail if the user asks us to make a link from a module back on to itself.
- ([@antialias](https://github.com/antialias))
-
-#### ERR MODULE LIST TOO LONG
-
-* [`b271ed2`](https://github.com/npm/npm/commit/b271ed2)
- [#11983](https://github.com/npm/npm/issues/11983)
- Exit early if no arguments were provided to search instead of trying to display all the modules,
- running out of memory, and then crashing.
- ([@SimenB](https://github.com/SimenB))
-
-#### ELIMINATE UNUSED MODULE
-
-* [`b8c7cd7`](https://github.com/npm/npm/commit/b8c7cd7)
- [#12000](https://github.com/npm/npm/pull/12000)
- Stop depending on [`async-some`](https://npmjs.com/package/async-some) as it's no
- longer used in npm.
- ([@watilde](https://github.com/watilde))
-
-#### DOCUMENTATION IMPROVEMENTS
-
-* [`fdd6b28`](https://github.com/npm/npm/commit/fdd6b28)
- [#11884](https://github.com/npm/npm/pull/11884)
- Include `node_modules` in the list of files and directories that npm won't
- include in packages ordinarily. (Modules listed in `bundledDependencies` and things
- that those modules rely on, ARE included of course.)
- ([@Jameskmonger](https://github.com/Jameskmonger))
-* [`aac15eb`](https://github.com/npm/npm/commit/aac15eb)
- [#12006](https://github.com/npm/npm/pull/12006)
- Fix typo in npm-orgs documentation, where teams docs went to access docs and vice versa.
- ([@yaelz](https://github.com/yaelz))
-
-#### FEWER NETWORK TESTS
-
-* [`3e41360`](https://github.com/npm/npm/commit/3e41360)
- [#11987](https://github.com/npm/npm/pull/11987)
- Fix test that was inappropriately hitting the network
- ([@yodeyer](https://github.com/yodeyer))
-
-### v3.8.4 (2016-03-24)
-
-Was erroneously released with just a changelog typo correction and was
-otherwise the same as 3.8.3.
-
-### v3.8.3 (2016-03-17):
-
-#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE
-
-This release includes [the fix for a
-vulnerability](https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29)
-that could cause the unintentional leakage of bearer tokens.
-
-Here are details on this vulnerability and how it affects you.
-
-##### DETAILS
-
-Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests
-from the npm’s command-line interface. A design flaw meant that the CLI was
-sending these bearer tokens with _every_ request made by logged-in users,
-regardless of the destination of their request. (The bearers only should have
-been included for requests made against a registry or registries used for the
-current install.)
-
-An attacker could exploit this flaw by setting up an HTTP server that could
-collect authentication information, then use this authentication information to
-impersonate the users whose tokens they collected. This impersonation would
-allow them to do anything the compromised users could do, including publishing
-new versions of packages.
-
-With the fixes we’ve released, the CLI will only send bearer tokens with
-requests made against a registry.
-
-##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS
-
-If you believe that your bearer token may have been leaked, [invalidate your
-current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun
-`npm login` to generate new tokens. Keep in mind that this may cause continuous
-integration builds in services like Travis to break, in which case you’ll need
-to update the tokens in your CI server’s configuration.
-
-##### WILL THIS BREAK MY CURRENT SETUP?
-
-Maybe.
-
-npm’s CLI team believes that the fix won’t break any existing registry setups.
-Due to the large number of registry software suites out in the wild, though,
-it’s possible our change will be breaking in some cases.
-
-If so, please [file an issue](https://github.com/npm/npm/issues/new) describing
-the software you’re using and how it broke. Our team will work with you to
-mitigate the breakage.
-
-##### CREDIT & THANKS
-
-Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James
-Taylor for reporting this vulnerability to npm.
-
-#### PERFORMANCE IMPROVEMENTS
-
-The updated [`are-we-there-yet`](https://npmjs.com/package/are-we-there-yet)
-changes how it tracks how complete things are to be much more efficient.
-The summary is that `are-we-there-yet` was refactored to remove an expensive
-tree walk.
-
-The result for you should be faster installs when working with very large trees.
-
-Previously `are-we-there-yet` computed this when you asked by passing the request down
-its tree of progress indicators, totaling up the results. In doing so, it had to walk the
-entire tree of progress indicators.
-
-By contrast, `are-we-there-yet` now updates a running total when a change
-is made, bubbling that up the tree from whatever branch made progress. This
-bubbling was already going on so there was nearly no cost associated with taking advantage of it.
-
-* [`32f2bd0`](https://github.com/npm/npm/commit/32f2bd0e26116db253e619d67c4feae1de3ad2c2)
- `npmlog@2.0.3`:
- Bring in substantial performance improvements from `are-we-there-yet`.
- ([@iarna](https://github.com/iarna))
-
-#### DUCT TAPE FOR BUGS
-
-* [`473d324`](https://github.com/npm/npm/commit/473d3244a8ddfd6b260d0aa0d395b119d595bf97)
- [#11947](https://github.com/npm/npm/pull/11947)
- Guard against bugs that could cause the installer to crash with errors like:
-
- ```
- TypeError: Cannot read property 'target' of null
- ```
-
- This doesn't fix the bugs, but it does at least make the installer less
- likely to explode.
- ([@thefourtheye](https://github.com/thefourtheye))
-
-#### DOC FIXES
-
-* [`ffa428a`](https://github.com/npm/npm/commit/ffa428a4eee482aa620819bc8df994a76fad7b0c)
- [#11880](https://github.com/npm/npm/pull/11880)
- Fix typo in `npm install` documentation.
- ([@watilde](https://github.com/watilde))
-
-#### DEPENDENCY UPDATES
-
-* [`7537fe1`](https://github.com/npm/npm/commit/7537fe1748c27e6f1144b279b256cd3376d5c41c)
- `sorted-object@2.0.0`:
- Create objects with `{}` instead of `Object.create(null)` to make the results
- strictly equal to what, say, parsed JSON would provide.
- ([@domenic](https://github.com/domenic))
-* [`8defb0f`](https://github.com/npm/npm/commit/8defb0f7b3ebdbe15c9ef5036052c10eda7e3161)
- `readable-stream@2.0.6`:
- Fix sync write issue on 0.10.
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-
-#### TEST FIXES FOR THE SELF TESTS
-
-* [`c3edeab`](https://github.com/npm/npm/commit/c3edeabece4400308264e7cf4bc4448bd2729f55)
- [#11912](https://github.com/npm/npm/pull/11912)
- Change the self installation test to do its work in `/tmp`.
- Previously this was installing into a temp subdir in `test/tap`, which
- wouldn't catch the case where a module was installed in the local
- `node_modules` folder but not in dependencies, as node would look up
- the tree and use the copy from the version of npm being tested.
- ([@iarna](https://github.com/iarna))
-
-### v3.8.2 (2016-03-10):
-
-#### HAVING TROUBLE INSTALLING C MODULES ON ANDROID?
-
-This release includes an updated `node-gyp` with fixes for Android.
-
-* [`634ecba`](https://github.com/npm/npm/commit/634ecba320fb5a3287e8b7debfd8b931827b9e19)
- `node-gyp@3.3.1`:
- Fix bug in builds for Android.
- ([@bnoordhuis](https://github.com/bnoordhuis))
-
-#### NPM LOGOUT CLEANS UP BETTER
-
-* [`460ed21`](https://github.com/npm/npm/commit/460ed217876ac78d21477c288f1c06563fb770b4)
- [#10529](https://github.com/npm/npm/issues/10529)
- If you ran `npm logout` with a scope, while we did invalidate your auth
- token, we weren't removing the auth token from your config file. This patch causes
- the auth token to be removed.
- ([@wyze](https://github.com/wyze))
-
-#### HELP MORE HELPFUL
-
-* [`d1d0233`](https://github.com/npm/npm/commit/d1d02335d297da2734b538de44d8967bdcd354cf)
- [#11003](https://github.com/npm/npm/issues/11003)
- Update help to only show command names and their shortcuts. Previously
- some typo corrections were shown, along with various alternate
- spellings.
- ([@watilde](https://github.com/watilde))
-* [`47928cd`](https://github.com/npm/npm/commit/47928cd6264e1d6d0ef67435b71c66d01bea664a)
- [#11003](https://github.com/npm/npm/issues/11003)
- Remove "verison" typo from the help listing.
- ([@doug-wade](https://github.com/doug-wade))
-
-#### MORE COMPLETE CONFIG LISTINGS
-
-* [`cf5fd40`](https://github.com/npm/npm/commit/cf5fd401494d96325d74a8bb8c326aa0045a714c)
- [#11472](https://github.com/npm/npm/issues/11472)
- Make `npm config list` include the per-project `.npmrc` in the output.
- ([@mjomble](https://github.com/mjomble))
-
-#### DEPTH LIMITED PARSEABLE DEP LISTINGS
-
-* [`611070f`](https://github.com/npm/npm/commit/611070f0f7a1e185c75cadae46179194084b398f)
- [#11495](https://github.com/npm/npm/issues/11495)
- Made `npm ls --parseable` honor the `--depth=#` option.
- ([@zacdoe](https://github.com/zacdoe))
-
-#### PROGRESS FOR THE (NON) UNICODE REVOLUTION
-
-* [`ff90382`](https://github.com/npm/npm/commit/ff9038227a1976b5e936442716d9877f43c6c9b4)
- [#11781](https://github.com/npm/npm/issues/11781)
- Make the progress bars honor the unicode option.
- ([@watilde](https://github.com/watilde))
-
-#### `npm view --json`, NOW ACTUALLY JSON
-
-* [`24ab70a`](https://github.com/npm/npm/commit/24ab70a4ccfeaa005b80252da313bb589510668e)
- [#11808](https://github.com/npm/npm/issues/11808)
- Make `npm view` produce valid JSON when requested with `--json`.
- Previously `npm view` produced some sort of weird hybrid output, with multiple
- JSON docs.
- ([@doug-wade](https://github.com/doug-wade))
-
-#### DOCUMENTATION CHANGES
-
-* [`6fb0499`](https://github.com/npm/npm/commit/6fb0499bea868fdc637656d210c94f051481ecd4)
- [#11726](https://github.com/npm/npm/issues/11726)
- Previously we patched the `npm update` docs to suggest using `--depth
- Infinity` instead of `--depth 9999`, but that was a mistake. We forgot
- that `npm outdated` (on which `npm update` is built) has a special
- case where it treats `Infinity` as `0`. This reverts that patch.
- ([@GriffinSchneider](https://github.com/GriffinSchneider))
-* [`f0bf684`](https://github.com/npm/npm/commit/f0bf684a87ea5eea03432a17f38678fed4960d43)
- [#11748](https://github.com/npm/npm/pull/11748)
- Document all of the various aliases for commands in the documentation
- for those commands.
- ([@watilde](https://github.com/watilde))
-* [`fe04443`](https://github.com/npm/npm/commit/fe04443d8988e2e41bd4047078e06a26d05d380d)
- [#10968](https://github.com/npm/npm/issues/10968)
- The `npm-scope` document notes that scopes have been available on the
- public registry for a while. This adds that you'll need `npm@2` or later
- to use them.
- ([@doug-wade](https://github.com/doug-wade))
-* [`3db37a5`](https://github.com/npm/npm/commit/3db37a52b2b2e3193ef250ad2cf96dfd2def2777)
- [#11820](https://github.com/npm/npm/pull/11820)
- The command `npm link` should be linking package from local folder to
- global, and `npm link package-name` should be from global to local. The
- description in the documentation was reversed and this fixes that.
- ([@rhgb](https://github.com/rhgb))
-
-#### GLOB FOR THE GLOB THRONE
-
-* [`be55882`](https://github.com/npm/npm/commit/be55882dc4ee5ce0777b4badc9141dab5bf5be4d)
- `glob@7.0.3`:
- Fix a race condition and some windows edge cases.
- ([@isaacs](https://github.com/isaacs))
-
-### v3.8.1 (2016-03-03):
-
-This week the install summary got better, killing your npm process now
-also kills the scripts it was running and a rarely used search flag got
-documented.
-
-Our improvements on the test suite on Windows are beginning to pick up
-steam, you can follow along by
-[watching the PR](https://github.com/npm/npm/pull/11444).
-
-#### BETTER INSTALL SUMMARIES
-
-* [`e40d457`](https://github.com/npm/npm/commit/e40d4572cc98db06757df5b8bb6b7dbd0546d3d7)
- [#11699](https://github.com/npm/npm/issues/11699)
- Ensure that flags like `--production` passed to install don't result in
- the summary at the end being incorrectly filtered. That summary is
- produced by the same code as `npm ls` and therefore responds to flags
- the same way it does. This is undesirable when it's an install summary,
- however, as we don't want it to filter anything.
-
- This fixes an issue where `npm install --production ` would
- result in npm exiting with an error code. The `--production` flag would
- make `npm ls` filter out `` as it wasn't saved to the
- `package.json` and thus wasn't a production dependency. The install
- report is limited to show just the modules installed, so with that
- filtered out nothing is available. With nothing available `npm ls`
- would set `npm` to exit with an error code.
- ([@ixalon](https://github.com/ixalon))
-* [`99337b4`](https://github.com/npm/npm/commit/99337b469163a4b211b9c6ff1aa9712ae0d601d2)
- [#11600](https://github.com/npm/npm/pull/11600)
- Make the report of installed modules really only show those modules
- that were installed. Previously it selected which modules from your
- tree to display based on `name@version` which worked great when your
- tree was deduped but would list things it hadn't touched when there
- were duplicates.
- ([@iarna](https://github.com/iarna))
-
-#### SCRIPTS BETTER FOLLOW THE LEADER
-
-* [`5454347`](https://github.com/npm/npm/commit/545434766eb3681d3f40b745f9f3187ed63f310a)
- [#10868](https://github.com/npm/npm/pull/10868)
- When running a lifecycle script, say through `npm start`, killing npm
- wouldn't forward that on to the children. It does now.
- ([@daniel-pedersen](https://github.com/daniel-pedersen))
-
-#### SEARCHING SPECIFIC REGISTRIES
-
-* [`6020447`](https://github.com/npm/npm/commit/60204479f76458a9864aa530cda2b3333f95c2b0)
- [#11490](https://github.com/npm/npm/pull/11490)
- Add docs for using the `--registry` flag with search.
- ([@plumlee](https://github.com/plumlee))
-
-#### LODASH UPDATES
-
-* [`bb14204`](https://github.com/npm/npm/commit/bb14204183dad620a6650452a26cdc64111f8136)
- `lodash.without@4.1.1`
- ([@jdalton](https://github.com/jdalton))
-* [`0089059`](https://github.com/npm/npm/commit/0089059c562aee9ad0398e55d2c12c68a6150e79)
- `lodash.keys@4.0.5`
- ([@jdalton](https://github.com/jdalton))
-* [`6ee1de4`](https://github.com/npm/npm/commit/6ee1de4474d9683a1f7023067d440780eeb10311)
- `lodash.clonedeep@4.3.1`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.8.0 (2016-02-25):
-
-This week brings a quality of life improvement for some Windows users, and
-an important knob to be tuned for folks experiencing network problems.
-
-#### LIMIT CONCURRENT REQUESTS
-
-We've long known that `npm`'s tendency to try to request all your
-dependencies simultaneously upset some network hardware (particular,
-consumer grade routers & proxies of all sorts). One of the reasons that we're
-planning to write our own npm specific version of `request` is to be able to
-more easily control this sort of thing.
-
-But fortunately, you don't have to wait for that.
-[@misterbyrne](https://github.com/misterbyrne) took a look at our existing
-code and realized it could be added painlessly TODAY. The new default
-maximum is `50`, instead of `Infinity`. If you're having network issues you
-can try setting that value down to something lower (if you do, please let us
-know... the default is subject to tuning).
-
-* [`910f9ac`](https://github.com/npm/npm/commit/910f9accf398466b8497952bee9f566ab50ade8c)
- [`f7be667`](https://github.com/npm/npm/commit/f7be667548a132ec190ac9d60a31885a7b4fe2b3)
- Add a new config option, `maxsockets` and `npm-registry-client@7.1.0` to
- take advantage of it.
- ([@misterbyrne](https://github.com/misterbyrne))
-
-#### WINDOWS GIT BASH
-
-We think it's pretty keen too, we were making it really hard to actually
-upgrade if you were using it. NO MORE!
-
-* [`d60351c`](https://github.com/npm/npm/commit/d60351ccae87d71a5f5eac73e3085c6290b52a69)
- [#11524](https://github.com/npm/npm/issues/11524)
- Prefer locally installed npm in Git Bash -- previous behavior was to use
- the global one. This was done previously for other shells, but not for Git
- Bash.
- ([@destroyerofbuilds](https://github.com/destroyerofbuilds))
-
-#### DOCUMENTATION IMPROVEMENTS
-
-* [`b63de3c`](https://github.com/npm/npm/commit/b63de3c97c4c27078944249a4d5bbe1c502c23bc)
- [#11636](https://github.com/npm/npm/issues/11636)
- Document `--save-bundle` option in main install page.
- ([@datyayu](https://github.com/datyayu))
-* [`3d26453`](https://github.com/npm/npm/commit/3d264532d6d9df60420e985334aebb53c668d32b)
- [#11644](https://github.com/npm/npm/pull/11644)
- Add `directories.test` to the `package.json` documentation.
- ([@lewiscowper](https://github.com/lewiscowper))
-* [`b64d124`](https://github.com/npm/npm/commit/b64d12432fdad344199b678d700306340d3607eb)
- [#11441](https://github.com/npm/npm/pull/11441)
- Add a link in documentation to the contribution guidelines.
- ([@watilde](https://github.com/watilde))
-* [`82fc548`](https://github.com/npm/npm/commit/82fc548b0e2abbdc4f7968c20b118c30cca79a24)
- [#11441](https://github.com/npm/npm/pull/11441/commits)
- Remove mentions of the long defunct Google group.
- ([@watilde](https://github.com/watilde))
-* [`c6ad091`](https://github.com/npm/npm/commit/c6ad09131af2e2766d6034257a8fcaa294184121)
- [#11474](https://github.com/npm/npm/pull/11474)
- Correct invalid JSON in npm-update docs.
- ([@robludwig](https://github.com/robludwig))
-* [`4906c90`](https://github.com/npm/npm/commit/4906c90ed2668adf59ebee759c7ebb811aa46e57)
- Expand on the documentation for `bundlededDependencies`, explaining what they are
- and when you might want to use them.
- ([@gnerkus](https://github.com/gnerkus))
-
-#### DEPENDENCY UPDATES
-
-* [`93cdc25`](https://github.com/npm/npm/commit/93cdc25432b71cbc9c25c54ae316770e18f4b01e)
- `strip-ansi@3.0.1`:
- Non-user visible tests & maintainer doc updates.
- ([@jbnicolai](https://github.com/jbnicolai))
-* [`3b2ccef`](https://github.com/npm/npm/commit/3b2ccef30dc2038b99ba93cd1404a1d01dac8790)
- `lodash.keys@4.0.4`
- ([@jdalton](https://github.com/jdalton))
-* [`30e9eb9`](https://github.com/npm/npm/commit/30e9eb97397a8f85081d328ea9aa54c2a7852613)
- `lodash._baseuniq@4.5.0`
- ([@jdalton](https://github.com/jdalton))
-
-
-### v3.7.5 (2016-02-22):
-
-A quick fixup release because when I updated glob, I missed the subdep copies of itself
-that it installed deeper in the tree. =/
-
-This only effected people trying to update to `3.7.4` from `npm@2` or `npm@1`. Updates from
-`npm@3` worked fine (as it fixes up the missing subdeps during installation).
-
-#### OH MY GLOB
-
-* [`63fa704`](https://github.com/npm/npm/commit/63fa7044569127e6e29510dc499a865189806076)
- [#11633](https://github.com/npm/npm/issues/11633)
- When updating the top level `npm` to `glob@7`, the subdeps that
- still depended on `glob@6` got new versions installed but they
- weren't added to the commit. This adds them back in.
- ([@iarna](https://github.com/iarna))
-
-### v3.7.4 (2016-02-18):
-
-I'm ([@iarna](https://github.com/iarna)) back from vacation in the frozen
-wastes of Maine! This release sees a couple of bug fixes, some
-documentation updates, a bunch of dependency updates and improvements to our
-test suite.
-
-#### FIXES FOR `update`, FIXES FOR `ls`
-
-* [`53cdb96`](https://github.com/npm/npm/commit/53cdb96634fc329378b4ea4e767ba9987986a76e)
- [#11362](https://github.com/npm/npm/issues/11362)
- Make `npm update` stop trying to update linked packages.
- ([@rhendric](https://github.com/rhendric))
-* [`8d90d25`](https://github.com/npm/npm/commit/8d90d25b3da086843ce43911329c9572bd109078)
- [#11559](https://github.com/npm/npm/issues/11559)
- Only list runtime dependencies when doing `npm ls --production`.
- ([@yibn2008](https://github.com/yibn2008))
-
-#### @wyze, DOCUMENTATION HERO OF THE PEOPLE, GETS THEIR OWN HEADER
-
-* [`b78b301`](https://github.com/npm/npm/commit/b78b30171038ab737eff0b070281277e35af25b4)
- [#11416](https://github.com/npm/npm/pull/11416)
- Logout docs were using a section copy-pasted from the adduser docs.
- ([@wyze](https://github.com/wyze))
-* [`649e28f`](https://github.com/npm/npm/commit/649e28f50aa323e75202eeedb824434535a0a4a0)
- [#11414](https://github.com/npm/npm/pull/11414)
- Add colon for consistency.
- ([@wyze](https://github.com/wyze))
-
-#### WHITTLING AWAY AT PATH LENGTHS
-
-So for all of you who don't know -- Node.js does, in fact, support long Windows
-paths. Unfortunately, depending on the tool and the Windows version, a lot of
-external tooling does not. This means, for example, that some (all?) versions of
-Windows Explorer *can literally never delete npm from their system entirely
-because of deeply-nested npm dependencies*. Which is pretty gnarly.
-
-Incidentally, if you run into that in particularly, you can use
-[rimraf](npm.im/rimraf) to remove such files 💁.
-
-The latest victim of this issue was the Node.js CI setup for testing on Windows,
-which uses some tooling or another that croaks on the usual path length limit
-for that OS: 255 characters.
-
-This isn't ordinarily an issue with `npm@3` as it produces mostly flat
-trees, but you may be surprised to learn that `npm`'s own distribution isn't
-flat, due to needing to be compatible with `npm@1.2`, which ships with
-`node@0.8`!
-
-We've taken another baby step towards alleviating this in this release by
-updating a couple of dependencies that were preventing `npmlog` from deduping,
-and then doing a dedupe on that and `gauge`. Hopefully it helps.
-
-* [`f3c32bc`](https://github.com/npm/npm/commit/f3c32bc3127301741d2fa3a26be6f5f127a35908)
- [#11528](https://github.com/npm/npm/pull/11528)
- `node-gyp@3.3.0`:
- Update to a more recent version that uses a version of npmlog compatible
- with npm itself. Also adds: AIX support, new `gyp`, `--cafile` command
- line option, and allows configuration of Node.js and io.js mirrors.
- ([@rvagg](https://github.com/rvagg))
-
-#### INTERNAL TEST IMPROVEMENTS
-
-The `npm` core team's time recently has been sunk into `npm`'s many years of
-tech debt. Specifically, we've been working on improving the test suite.
-This isn't user visible, but in future should mean a more stable, easier to
-contribute to `npm`. Ordinarily we don't report these kinds of changes in
-the change log, but I thought I might share this week as this chunk is
-bigger than usual.
-
-* [`07f020a`](https://github.com/npm/npm/commit/07f020a09e94ae393c67526985444e128ef6f83c)
- [#11292](https://github.com/npm/npm/pull/11292)
- `tacks@1.0.9`:
- Add a package that provides a tool to generate fixtures from folders and, relatedly,
- a module that an create and tear down filesystem fixtures easily.
- ([@iarna](https://github.com/iarna))
-* [`0837346`](https://github.com/npm/npm/commit/083734631f9b11b17c08bca8ba8cb736a7b1e3fb)
- [#11292](https://github.com/npm/npm/pull/11292)
- Remove all the relatively cryptic legacy tests and creates new tap tests
- that check the same functionality. The *legacy* tests were tests that
- were originally a shell script that was ported to javascript early in
- `npm`'s history.
- ([@iarna](https://github.com/iarna))
- ([@zkat](https://github.com/zkat))
-* [`5a701e7`](https://github.com/npm/npm/commit/5a701e71a0130787fb98450f9de92117b4ef88e1)
- [#11292](https://github.com/npm/npm/pull/11292)
- Test that we don't leak auth info into the environment.
- ([@zkat](https://github.com/zkat))
-* [`502d7d0`](https://github.com/npm/npm/commit/502d7d0628f08b09d8d13538ebccc63de8b3edf5)
- [#11292](https://github.com/npm/npm/pull/11292)
- Test that env vars properly passed into scripts.
- ([@zkat](https://github.com/zkat))
-* [`420f267`](https://github.com/npm/npm/commit/420f2672ee8c909f18bee10b1fc7d4ad91cf328b)
- [#11292](https://github.com/npm/npm/pull/11292)
- Test that npm's distribution binary is complete and can be installed and used.
- ([@iarna](https://github.com/iarna))
-* [`b7e99be`](https://github.com/npm/npm/commit/b7e99be1b1086f2d6098c653c1e20791269c9177)
- [#11292](https://github.com/npm/npm/pull/11292)
- Test that the `package.json` `files` section and `.npmignore` do what
- they're supposed to.
- ([@zkat](https://github.com/zkat))
-
-#### DEPENDENCY UPDATES
-
-* [`4611098`](https://github.com/npm/npm/commit/4611098fd8c65d61a0645deb05bf38c81300ffca)
- `rimraf@2.5.2`:
- Use `glob@7.0.0`.
- ([@isaacs](https://github.com/isaacs))
-* [`41b2772`](https://github.com/npm/npm/commit/41b2772cb83627f3b5b926cf81e150e7148cb124)
- `glob@7.0.0`:
- Raise error if `options.cwd` is specified, and not a directory.
- ([@isaacs](https://github.com/isaacs))
-* [`c14e74a`](https://github.com/npm/npm/commit/c14e74ab5d17c764f3aa37123a9632fa965f8760)
- `gauge@1.2.7`: Update to newer lodash versions, for a smaller tree.
- ([@iarna](https://github.com/iarna))
-* [`d629363`](https://github.com/npm/npm/commit/d6293630ddc25bfa26d19b6be4fd2685976d7358)
- `lodash.without@4.1.0`
- ([@jdalton](https://github.com/jdalton))
-* [`3ea4c80`](https://github.com/npm/npm/commit/3ea4c8049ca8df9f64426b1db8a29b9579950134)
- `lodash.uniq@4.2.0`
- ([@jdalton](https://github.com/jdalton))
-* [`8ddcc8d`](https://github.com/npm/npm/commit/8ddcc8deb554660a3f7f474fae9758c967d94552)
- `lodash.union@4.2.0`
- ([@jdalton](https://github.com/jdalton))
-* [`2b656a6`](https://github.com/npm/npm/commit/2b656a672d351f32ee2af24dcee528356dcd64f4)
- `lodash.keys@4.0.3`
- ([@jdalton](https://github.com/jdalton))
-* [`ac171f8`](https://github.com/npm/npm/commit/ac171f8f0318a7dd3c515f3b83502dfa9e87adb8)
- `lodash.isarguments@3.0.7`
- ([@jdalton](https://github.com/jdalton))
-* [`bcccd90`](https://github.com/npm/npm/commit/bcccd9057b75d800c799ab15f00924f700415d3e)
- `lodash.clonedeep@4.3.0`
- ([@jdalton](https://github.com/jdalton))
-* [`8165bca`](https://github.com/npm/npm/commit/8165bca537d86305a3d08f080f86223a26615aa8)
- `lodash._baseuniq@4.4.0`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.7.3 (2016-02-11):
-
-Hey all! We've got a pretty small release this week -- just documentation
-updates and a couple of dependencies. This release also includes a particular
-dependency upgrade that makes it so we're exclusively using the latest version
-of `graceful-fs`, which'll make it so things keep working with future Node.js
-releases.
-
-A certain internal Node.js API was deprecated and slated for future removal from
-Node Core. This API was critical for versions of `graceful-fs@<4`, before a
-different approach was used to achieve similar ends. By upgrading this library,
-and making sure all our dependencies are also updated, we've ensured npm will
-continue to work once the API is finally removed. Older versions of npm, on the
-other hand, will simply not work on future versions of Node.js.
-
-#### DEPENDENCY UPGRADES
-
-* [`29536f4`](https://github.com/npm/npm/commit/29536f42da6c06091c9acbc8952f72daa8a9412c)
- `cmd-shim@2.0.2`:
- Final straggler using `graceful-fs@<4`.
- ([@ForbesLindesay](https://github.com/ForbesLindesay))
-* [`5f59e74`](https://github.com/npm/npm/commit/5f59e748ef4c066756bb204a452cecd0543c7a2f)
- `lodash.uniq@4.1.0`
- ([@jdalton](https://github.com/jdalton))
-* [`987cabe`](https://github.com/npm/npm/commit/987cabe8a18abcb5a685685958bf74c7258a979c)
- `lodash.union@4.1.0`
- ([@jdalton](https://github.com/jdalton))
-* [`5c641f0`](https://github.com/npm/npm/commit/5c641f05fdc153c6bb06a89c46fe2a345ce413db)
- `lodash.clonedeep@4.1.0`
- ([@jdalton](https://github.com/jdalton))
-
-#### EVERYONE GETTING SOCKS LIKE IT'S OPRAH'S SHOW
-
-* [`9ea5658`](https://github.com/npm/npm/commit/9ea56582ca4d0991dbed44f992c88f08a643cb4b)
- [#11410](https://github.com/npm/npm/pull/11410)
- Fixed a small spelling error in `npm-config.md`.
- ([@pra85](https://github.com/pra85))
-* [`2a11e56`](https://github.com/npm/npm/commit/2a11e562a14bce18b6ddca6c20d17f97b6a8ec2f)
- [#11403](https://github.com/npm/npm/pull/11403)
- Removes `--depth Infinity` warning from documentation -- this operation should
- actually be totally safe as of `npm@3`. (The warning remains for `npm@2`.)
- ([@Aourin](https://github.com/Aourin))
-* [`42a4727`](https://github.com/npm/npm/commit/42a4727bfb1e21c890b8e2babda55e06ac2bda29)
- [#11391](https://github.com/npm/npm/pull/11391)
- Fixed versions of `shrinkwrap.json` in examples in documentation for `npm
- shrinkwrap`, which did not quite match up.
- ([@xcatliu](https://github.com/xcatliu))
-
-### v3.7.2 (2016-02-04):
-
-This week, the CLI team has been busy working on rewriting tests to support
-getting coverage reports going and running all of our tests on Windows.
-Meanwhile, we've got a bunch of dependency updates and one or two other
-things.
-
-#### TESTS WENT INTO HIDING
-
-Last week we took a patch from [@substack](https://github.com/substack) to
-stop the installer from reordering arrays in an installed module's
-`package.json`... but somehow I dropped the test when I was rebasing.
-
-* [`21b9271`](https://github.com/npm/npm/commit/21b927182514a0ff6d9f34480bfc39f72e3e9f8c)
- [#10063](https://github.com/npm/npm/issues/10063)
- Restore test that verifies that we don't re-order arrays in a module's
- `package.json` on install.
- ([@substack](https://github.com/substack))
-
-#### DOCUMENTATION FIXES
-
-* [`c67521d`](https://github.com/npm/npm/commit/c67521dc6c1e41d39d02c74105e41442851d23bb)
- [#11348](https://github.com/npm/npm/pull/11348)
- Improve the documentation around which files are ALWAYS included in published packages
- and which are ALWAYS excluded.
- ([@jscissr](https://github.com/jscissr))
-* [`7ef6793`](https://github.com/npm/npm/commit/7ef6793cd191cc8d88340f7e1ce9c9e3d6f0b2f4)
- [#11348](https://github.com/npm/npm/pull/11348)
- The release date on the 3.7.0 changelog entry was wrong. I honestly don't
- know how I keep doing this. =D
- ([@rafek](https://github.com/rafek))
-
-#### DEPENDENCY UPDATES
-
-* [`8a3c80c`](https://github.com/npm/npm/commit/8a3c80c4fd3d82fe937f30bc7cbd3dee51a8a893)
- `graceful-fs@4.1.3`:
- Fix a bug where close wasn't getting made graceful.
- ([@isaacs](https://github.com/isaacs))
-
-`lodash` saw updates across most of its modules this week with browser
-campatibility fixes that don't really impact us.
-
-* [`2df342b`](https://github.com/npm/npm/commit/2df342bf30efa99b98016acc8a5dc03e00b58b9c)
- `lodash.without@4.0.2`
- ([@jdalton](https://github.com/jdalton))
-* [`86aa91d`](https://github.com/npm/npm/commit/86aa91dce60f6b6a92bb3ba2bf6e6be1f6afc750)
- `lodash.uniq@4.0.2`
- ([@jdalton](https://github.com/jdalton))
-* [`0a94bf6`](https://github.com/npm/npm/commit/0a94bf6af0ebd38d080f92257e0cd9bae40b31ff)
- `lodash.union@4.0.2`
- ([@jdalton](https://github.com/jdalton))
-* [`b4c9582`](https://github.com/npm/npm/commit/b4c9582b4ef5991f3d155e0c6142ed1c631860af)
- `lodash.isarguments@3.0.6`
- ([@jdalton](https://github.com/jdalton))
-* [`efe766c`](https://github.com/npm/npm/commit/efe766c63c0948a4ae4c0d12f2b834629ab86e92)
- `lodash.keys@4.0.2`: Minor code cleanup and the above.
- ([@jdalton](https://github.com/jdalton))
-* [`36abb24`](https://github.com/npm/npm/commit/36abb24ef31017adbf325e7f833d5d4b0f03f5d4)
- `lodash.clonedeep@4.0.4`:
- Add support for cloning prototype objects and the above.
- ([@jdalton](https://github.com/jdalton))
-
-### v3.7.1 (2016-02-01):
-
-Super quick Monday patch on last week's release.
-
-If you ever wondered why we release things to the `npm@next` tag for a week
-before promoting them to `npm@latest`, this is it!
-
-#### RELEASE TRAIN VINDICATED (again)
-
-* [`adcaf04`](adcaf047811dcc475ab1984fc93fe34540fc03d7)
- [#11349](https://github.com/npm/npm/issues/11349)
- Revert last weeks change to use JSON clone instead of `lodash.cloneDeep`.
- ([@iarna](https://github.com/iarna))
-
-### v3.7.0 (2016-01-29):
-
-Hi all! This week brings us some important performance improvements,
-support for git submodules(!) and a bunch of bug fixes.
-
-#### PERFORMANCE
-
-`gauge`, the module responsible for drawing `npm`'s progress bars, had an
-embarrassing bug in its debounce implementation that resulted in it, on many
-systems, actually being _slower_ than if it hadn't been debouncing. This was
-due to it destroying and then creating a timer object any time it got an
-update while waiting on its minimum update period to elapse. This only was
-a measurable slowdown when sending thousands of updates a second, but
-unfortunately parts of `npm`'s logging do exactly that. This has been patched
-to eliminate that churn, and our testing shows the progress bar as being
-eliminated as a source of slow down.
-
-Meanwhile, `are-we-there-yet` is the module that tracks just how complete
-our big asynchronous install process is. [@STRML](https://github.com/STRML)
-spent some time auditing its source and made a few smaller performance
-improvements to it. Most impactful was eliminating a bizarre bit of code
-that was both binding to AND closing over the current object. I don't have
-any explanation for how that crept in. =D
-
-* [`c680fa9`](https://github.com/npm/npm/commit/c680fa9f8135759eb5512f4b86e47fa265733f79)
- `npmlog@2.0.2`: New `are-we-there-yet` with performance patches from
- [@STRML](https://github.com/STRML). New `gauge` with timer churn
- performance patch.
- ([@iarna](https://github.com/iarna))
-
-We were also using `lodash`'s `cloneDeep` on `package.json` data which is
-definitely overkill, seeing as `package.json` data has all the restrictions
-of being `json`. The fix for this is just swapping that out for something
-that does a pair of `JSON.stringify`/`JSON.parse`, which is distinctly more
-speedy.
-
-* [`1d1ea7e`](https://github.com/npm/npm/commit/1d1ea7eeb958034878eb6573149aeecc686888d3)
- [#11306](https://github.com/npm/npm/pull/11306)
- Use JSON clone instead of `lodash.cloneDeep`.
- ([@STRML](https://github.com/STRML))
-
-#### NEW FEATURE: GIT SUBMODULE SUPPORT
-
-Long, long requested– the referenced issue is from 2011– we're finally
-getting rudimentary git submodule support.
-
-* [`39dea9c`](https://github.com/npm/npm/commit/39dea9ca4216c6ea628f5ca47d2b34a4b251a1ed)
- [#1876](https://github.com/npm/npm/issues/1876)
- Add support for git submodules in git remotes. This is a fairly simple
- approach, which does not leverage the git caching mechanism to cache
- submodules. It also doesn't provide a means to disable automatic
- initialization, e.g. via a setting in the `.gitmodules` file.
- ([@gagern](https://github.com/gagern))
-
-#### ROBUSTNESS
-
-* [`5dec02a`](https://github.com/npm/npm/commit/5dec02a3d0e82202c021e27aff9d006283fdc25a)
- [#10347](https://github.com/npm/npm/issues/10347)
- There is an obscure feature that lets you monkey-patch npm when it starts
- up. If the module being required with this feature failed, it would
- previously just make `npm` error out– this reduces that to a warning.
- ([@evanlucas](https://github.com/evanlucas))
-
-#### BUG FIXES
-
-* [`9ab8b8d`](https://github.com/npm/npm/commit/9ab8b8d047792612ae7f9a6079745d51d5283a53)
- [#10820](https://github.com/npm/npm/issues/10820)
- Fix a bug with `npm ls` where if you asked for ONLY production dependencies in output
- it would exclude dependencies that were BOTH production AND development dependencies.
- ([@davidvgalbraith](https://github.com/davidvgalbraith))
-* [`6803fed`](https://github.com/npm/npm/commit/6803fedadb8f9b36cd85f7338ecf75d1d183c833)
- [#8982](https://github.com/npm/npm/issues/8982)
- Fix a bug where, under some circumstances, if you had a path that
- contained the name of a package being installed somewhere in it, `npm`
- would incorrectly refuse to run lifecycle scripts.
- ([@elvanja](https://github.com/elvanja))
-* [`3eae40b`](https://github.com/npm/npm/commit/3eae40b7a681aa067dfe4fea8c9a76da5b508b48)
- [#9253](https://github.com/npm/npm/issues/9253)
- Fix a bug where, when running lifecycle scripts, if the Node.js binary you ran
- `npm` with wasn't in your `PATH`, `npm` wouldn't use it to run your scripts.
- ([@segrey](https://github.com/segrey))
-* [`61daa6a`](https://github.com/npm/npm/commit/61daa6ae8cbc041d3a0d8a6f8f268b47dd8176eb)
- [#11014](https://github.com/npm/npm/issues/11014)
- Fix a bug where running `rimraf node_modules/` followed by `npm
- rm --save ` would fail. `npm` now correctly removes the module
- from your `package.json` even though it doesn't exist on disk.
- ([@davidvgalbraith](https://github.com/davidvgalbraith))
-* [`a605586`](https://github.com/npm/npm/commit/a605586df134ee97c95f89c4b4bd6bc73f7aa439)
- [#9679](https://github.com/npm/npm/issues/9679)
- Fix a bug where `npm install --save git+https://…` would save a `https://`
- url to your `package.json` which was a problem because `npm` wouldn't then
- know that it was a git repo.
- ([@gagern](https://github.com/gagern))
-* [`bbdc700`](https://github.com/npm/npm/commit/bbdc70024467c365cc4e06b8410947c04b6f145b)
- [#10063](https://github.com/npm/npm/issues/10063)
- Fix a bug where `npm` would change the order of array properties in the
- `package.json` files of dependencies. `npm` adds a bunch of stuff to
- `package.json` files in your `node_modules` folder for debugging and
- bookkeeping purposes. As a part of this process it sorts the object to
- reduce file churn when it does updates. This fixes a bug where the arrays
- in the object were also getting sorted. This wasn't a problem for
- properties that `npm` itself maintains, but _is_ a problem for properties
- used by other packages.
- ([@substack](https://github.com/substack))
-
-#### DOCS IMPROVEMENTS
-
-* [`2609a29`](https://github.com/npm/npm/commit/2609a2950704f577ac888668e81ba514568fab44)
- [#11273](https://github.com/npm/npm/pull/11273)
- Include an example of viewing package version history in the `npm view` documentation.
- ([@vedatmahir](https://github.com/vedatmahir))
-* [`719ea9c`](https://github.com/npm/npm/commit/719ea9c45a5c3233f3afde043b89824aad2df0a7)
- [#11272](https://github.com/npm/npm/pull/11272)
- Fix typographical issue in `npm update` documentation.
- ([@jonathanp](https://github.com/jonathanp))
-* [`cb9df5a`](https://github.com/npm/npm/commit/cb9df5a37091e06071d8704b629e7ebaa41c37fe)
- [#11215](https://github.com/npm/npm/pull/11215)
- Do not call `SEE LICENSE IN ` an _SPDX expression_, as it's not.
- ([@kemitchell](https://github.com/kemitchell))
-* [`f427934`](https://github.com/npm/npm/commit/f4279346c368da4bca09385f773e8eed1d389e5e)
- [#11196](https://github.com/npm/npm/pull/11196)
- Correct the `package.json` examples in the `npm update` documentation to actually be
- valid JSON and not just JavaScript object literals.
- ([@s100](https://github.com/s100))
-
-#### DEPENDENCY UPDATES
-
-* [`a7b2407`](https://github.com/npm/npm/commit/a7b24074cb59a1ab17c0d8eff1498047e6a123e5)
- `retry@0.9.0`: New features and interface agnostic refactoring.
- ([@tim-kos](https://github.com/tim-kos))
-* [`220fc77`](https://github.com/npm/npm/commit/220fc7702ae3e5d601dfefd3e95c14e9b32327de)
- `request@2.69.0`:
- A bunch of small bug fixes and module updates.
- ([@simov](https://github.com/simov))
-* [`9e5c84f`](https://github.com/npm/npm/commit/9e5c84f1903748897e54f8ff099729ff744eab0f)
- `which@1.2.4`:
- Update `isexe` and fix bug in `pathExt`, in which files without extensions
- would sometimes be preferred to files with extensions on Windows, even though
- those without extensions aren't executable.
- `pathExt` is a list of extensions that are considered executable (exe, cmd,
- bat, com on Windows).
- ([@isaacs](https://github.com/isaacs))
-* [`375b9c4`](https://github.com/npm/npm/commit/375b9c42fe0c6de47ac2f92527354b2ea79b7968)
- `rimraf@2.5.1`: Minor doc formatting fixes.
- ([@isaacs](https://github.com/isaacs))
-* [`ef1971e`](https://github.com/npm/npm/commit/ef1971e6270c2bc72e6392b51a8b84f52708f7e7)
- `lodash.clonedeep@4.0.2`:
- Misc minor code cleanup. No functional changes.
- ([@jdalton](https://github.com/jdalton))
-
-### v3.6.0 (2016-01-20):
-
-Hi all! This is a bigger release, in part 'cause we didn't have one last
-week. The most important thing you need to know is that when `npm@3.6.0` replaces
-`npm@3.5.4` as `next`, `npm@3.5.4` WILL NOT be moved on to `latest`. This is due to
-a packaging error that tickles bugs in some earlier releases and makes upgrades to it
-from those versions break the install.
-
-#### NEW FEATURES‼
-
-* [`ff504d4`](https://github.com/npm/npm/commit/ff504d449ea1fa996cbb02c8078964643c51e5f6)
- [#8752](https://github.com/npm/npm/issues/8752)
- In `npm outdated`, report symlinked packages as having a wanted & latest
- version of `linked`.
- ([@halhenke](https://github.com/halhenke))
-* [`f44d8c9`](https://github.com/npm/npm/commit/f44d8c9a3940f7041f8136f8754a54b13f1f9d60)
- [#10775](https://github.com/npm/npm/issues/10775)
- Add a success message to `adduser` / `login`.
- ([@ekmartin](https://github.com/ekmartin))
-* [`3109303`](https://github.com/npm/npm/commit/310930395c9bf1577cf085b9742210bfc71bb019)
- [#10043](https://github.com/npm/npm/pull/10043)
- Warn if you try to use `npm run x` if you don't have a `node_modules` folder, since
- whatever you're trying to do _probably_ won't work.
- ([@timkrins](https://github.com/timkrins))
-
-* [`9ed2849`](https://github.com/npm/npm/commit/9ed2849cd7e8cc97111dca42a940905284afe55d)
- [`e9f1ad8`](https://github.com/npm/npm/commit/e9f1ad88ce58ecd111811e11afa52ac19fc8696e)
- [`f10d300`](https://github.com/npm/npm/commit/f10d300e5effa7a5756c8d461eef284c283a41d1)
- [`8b593d8`](https://github.com/npm/npm/commit/8b593d8d187d6ac85d2a59cbe647afb5516c1b94)
- [#10717](https://github.com/npm/npm/pull/10717)
- `npm version` can now take a `from-git` argument, which instructs `npm` to read the
- version from git and update your `package.json` to what it finds. This is in contrast
- to its normal use where `npm` _tells_ git about your new version.
- ([@ekmartin](https://github.com/ekmartin))
-
-#### 3.5.4 WAS NOT SO GREAT
-
-The `npm@3.5.4` package was missing some dependencies. Specifically, `glob`
-and `has-unicode` had major release updates which meant that subdeps that
-relied on older major versions couldn't use the npm supplied versions any
-more, and so they needed their own copies.
-
-This went undetected because the actions necessary to run the tests (which
-check for this sort of thing) resolved the missing modules.
-
-Further, it didn't have symptoms when upgrading from _most_ versions of npm.
-Unfortunately, some versions had bugs that were tickled by this and resulted
-in broken upgrades, most notably, `npm@3.3.12`, the version that's been in
-Node.js 5.
-
-* [`1d3325c`](https://github.com/npm/npm/commit/1d3325c040621a4792db80fb232f4994b9d5c5f2)
- [`02611c6`](https://github.com/npm/npm/commit/02611c673a4d2bbe8fcef8d48407768da31c90d2)
- [`39d5fea`](https://github.com/npm/npm/commit/39d5feadefdde38d75a18f23343bc6ec37153638)
- [`7d0e830`](https://github.com/npm/npm/commit/7d0e830f26c73b9d9277b29949227ba9cca27fd9)
- [#11129](https://github.com/npm/npm/pull/11129)
- Update the underlying dependencies to allow use for the new versions of
- `glob` and `has-unicode`.
- ([@iarna](https://github.com/iarna))
-
-#### WHEN MISSING PATHS ARE OK
-
-* [`bb638fa`](https://github.com/npm/npm/commit/bb638fa4f48d24d2c9935861d5d751c5621eea49)
- [#11212](https://github.com/npm/npm/pull/11212)
- When trying to determine if a file was controlled by npm before going to
- remove it, we check to see if it is inside any of a list of paths that npm
- considers to be under its control. Not all of those paths always exist
- (and that's ok!) Previously we were calling it a failure to match if ANY
- of them didn't exist. We now only do so if NONE of them exist. If some
- do, then we do our usual checks on them.
-
- This showed up as an error where you would see something like:
- ```
- npm warn gentlyRm not removing /path/to/thing as it wasn't installed by /path/to/other/thing
- ```
- But it totally was installed by it.
- ([@iarna](https://github.com/iarna))
-
-#### BETTER NODE PRE-RELEASE SUPPORT
-
-Historically, if you used a pre-release version of Node.js, you would get
-dozens and dozens of warnings when EVERY engine check failed across all of
-your modules, because `>= 0.10.0` doesn't match prereleases.
-
-You might find this stream of redundent warnings undesirable. I do.
-
-We've moved this into a SINGLE warning you'll get about using a pre-release
-version of Node.js and now suppress those other warnings.
-
-* [`6952f79`](https://github.com/npm/npm/commit/6952f7981e451a2d599a4f513573af208bdfe103)
- [#11212](https://github.com/npm/npm/pull/11212)
- Engine check warnings are now issued along with any other warnings about
- your tree, instead of emitting in the middle of your install (and then
- disappearing behind the giant tree of stuff installed).
- ([@iarna](https://github.com/iarna))
-* [`ee2ebe9`](https://github.com/npm/npm/commit/ee2ebe96fb3d105787835b72085bbd2eee66a629)
- [#11212](https://github.com/npm/npm/pull/11212)
- Suppress engine verification warnings about pre-release versions of Node.js.
- ([@iarna](https://github.com/iarna))
-* [`135b7e0`](https://github.com/npm/npm/commit/135b7e078311e8b4e2c8e2b662eed9ba6c2e2537)
- [#11212](https://github.com/npm/npm/pull/11212)
- Explicitly warn, in only one place, if you are using a pre-release version
- of Node.js.
- ([@iarna](https://github.com/iarna))
-
-#### BUG FIXES
-
-* [`ea331c8`](https://github.com/npm/npm/commit/ea331c82157c65f7643cd4b49fd24031c84bf601)
- [#10938](https://github.com/npm/npm/issues/10938)
- When removing a package, sometimes the `node_modules/.bin` wouldn't be
- cleaned up entirely. This would result in package folders that contained
- only a `node_modules/.bin` directory. In turn, this would result in `npm
- ls` and other tools complaining about these broken directories.
- To fix this, the `unbuild` step now explicitly deletes the
- `node_modules/.bin` folder as its final step.
- ([@chrisirhc](https://github.com/chrisirhc))
-* [`00720db`](https://github.com/npm/npm/commit/00720db2c326cf8f968c662444a4575ae8c3020a)
- [#11158](https://github.com/npm/npm/pull/11158)
- On Windows, the `node-gyp` wrapper would fail if your path to `node-gyp`
- contained spaces. This fixes that problem by quoting use of that path.
- ([@orangemocha](https://github.com/orangemocha))
-* [`69ac933`](https://github.com/npm/npm/commit/69ac9333506752bf2e5af70b3b3e03c6181de3e7)
- [#11142](https://github.com/npm/npm/pull/11142)
- Fix a race condition when making directories in the cache, which could
- lead to `ENOENT` failures.
- ([@Jimbly](https://github.com/Jimbly))
-* [`e982858`](https://github.com/npm/npm/commit/e982858d9bed65cede9cbb12df9216a4bb9e6fc9)
- [#9696](https://github.com/npm/npm/issues/9696)
- When replacing the `package.json` in the cache you sometimes see `EPERM` errors on
- Windows that you wouldn't on Unix-like operating systems. This ignores those errors
- and allows Windows to continue. Longer term, we'll be adding something to retry
- these errors, but ultimately fail if there really is an ongoing permissions issue.
- ([@orangemocha](https://github.com/orangemocha))
-
-#### DOC CHANGES
-
-* [`3666081`](https://github.com/npm/npm/commit/3666081abd02184ba97a7cdb6ae238085d640b4b)
- [#11188](https://github.com/npm/npm/pull/11188)
- Add brief description to publish documentation of what's included in
- published tarballs.
- ([@beaugunderson](https://github.com/beaugunderson))
-* [`b463e34`](https://github.com/npm/npm/commit/b463e3424b296cfc4bd384fc8bfe0e2329649164)
- [#11150](https://github.com/npm/npm/pull/11150)
- In npm update docs, advise use of `--depth Infinity` instead of `--depth
- 9999`.
- ([@halhenke](https://github.com/halhenke))
-* [`382e71a`](https://github.com/npm/npm/commit/382e71a7ee5d1ca3dba55c1e753d529eb8ae6895)
- [#11128](https://github.com/npm/npm/pull/11128)
- In the `package.json` docs, make the reference to the "Local Paths" section
- a link to it as well.
- ([@orangejulius](https://github.com/orangejulius))
-* [`5277e7f`](https://github.com/npm/npm/commit/5277e7f236e8cb40d7f4a1054506f2d3d159716e)
- [#11090](https://github.com/npm/npm/pull/11090)
- Fix the 3.5.4 release date in CHANGELOG.md.
- ([@ashleygwilliams](https://github.com/ashleygwilliams))
-* [`e6d238a`](https://github.com/npm/npm/commit/e6d238a3d90beeb0af23fa75a9b5e50671d6e4c5)
- [#11130](https://github.com/npm/npm/pull/11130)
- Eliminate the "using npm programmatically" section from the README. The
- documentation for this was removed a while ago and is unsupported.
- ([@ljharb](https://github.com/ljharb))
-
-#### DEPENDENCY UPDATES
-
-* [`b0dde5c`](https://github.com/npm/npm/commit/b0dde5c3407b58d78969d3da01af2629fcba1c73)
- `config-chain@1.1.10`: Update tests for most recent version of `ini`.
- ([@dominictarr](https://github.com/dominictarr))
-* [`c62f414`](https://github.com/npm/npm/commit/c62f414534971761a48ce3cbc3e25214fb09e494)
- `glob@6.0.4`: Eliminated use of `util._extend`.
- ([@isaacs](https://github.com/isaacs))
-* [`98a6779`](https://github.com/npm/npm/commit/98a67797978ed7ce534e16b705d3a2a9ca0e6cc1)
- `lodash.clonedeep@4.0.1`: Bug fixes, including the non-linear performance
- that was biting npm a while back.
- ([@jdalton](https://github.com/jdalton))
-* [`0e8c4ce`](https://github.com/npm/npm/commit/0e8c4cebddaefbf5eca0abaad512db266c6722c9)
- `lodash.without@4.0.1`
- ([@jdalton](https://github.com/jdalton))
-* [`1fd19f5`](https://github.com/npm/npm/commit/1fd19f57a3551d7d30a6b8a9ce967ef50e0ff0ba)
- `lodash.uniq@4.0.1`
- ([@jdalton](https://github.com/jdalton))
-* [`b7486c5`](https://github.com/npm/npm/commit/b7486c550f3391f733d1e1907652be95fddf4368)
- `lodash.union@4.0.1`
- ([@jdalton](https://github.com/jdalton))
-* [`54bb591`](https://github.com/npm/npm/commit/54bb5911e18f8fb86eb94159f34b13f0c0aa2e30)
- `lodash.keys@4.0.0`
- ([@jdalton](https://github.com/jdalton))
-* [`26f7a7a`](https://github.com/npm/npm/commit/26f7a7aaae0575a85deba2241ee69b433dd1ba98)
- `lodash.isarray@4.0.0`
- ([@jdalton](https://github.com/jdalton))
-* [`ed38bd3`](https://github.com/npm/npm/commit/ed38bd3baf544dfc0630fd321d279f137700bd4d)
- `lodash.isarguments@3.0.5`
- ([@jdalton](https://github.com/jdalton))
-
-### v3.5.4 (2016-01-07):
-
-I hope you all had fantastic winter holidays, if it's winter where you are
-and if there are holidays‼ We went a few weeks without releases because
-staff was taking time away from work here and there. A new year has come
-and we're back now, and refreshed and ready to dig in!
-
-This week brings us a bunch of documentation improvements and some module
-updates. The core team's focus continues to be on improving tests,
-particularly with Windows, so there's not too much to call out here.
-
-#### DOCUMENTATION IMPROVEMENTS
-
-* [`6b0031e`](https://github.com/npm/npm/commit/6b0031e28c0b10fb2622fdadde41f5cd294348e8)
- [#11044](https://github.com/npm/npm/pull/11044)
- Correct documentation regarding the defaults for the `color` config option.
- ([@scottaddie](https://github.com/scottaddie))
-* [`c6ce69e`](https://github.com/npm/npm/commit/c6ce69eaed7f17b5f1876ac13ecfae3d14a72f24)
- [#10990](https://github.com/npm/npm/pull/10990)
- Drop mentions in documentation of `process.installPrefix`, as it hasn't
- been a thing since Node.js 0.6 and we don't support that.
- ([@jeffmcmahan](https://github.com/jeffmcmahan))
-* [`dee92d1`](https://github.com/npm/npm/commit/dee92d1f78608a10becf57aae86d5d495f2272bd)
- [#11037](https://github.com/npm/npm/pull/11037)
- Clarify the documentation on the max length of the `name` property in
- `package.json` files.
- ([@scottaddie](https://github.com/scottaddie))
-* [`4b9d7bb`](https://github.com/npm/npm/commit/4b9d7bb1a4fc3f1edcf563379abfd2273af10881)
- [#10787](https://github.com/npm/npm/pull/10787)
- Make the formatting in the documentation for `npm dist-tag` more
- consistent with other docs.
- ([@cvrebert](https://github.com/cvrebert))
-* [`7f77a80`](https://github.com/npm/npm/commit/7f77a80d561ee4b2b8c0aba1226fe89dfe339bcd)
- [#10787](https://github.com/npm/npm/pull/10787)
- Add documentation to the `npm dist-tag` docs that explains in greater
- detail how `latest` is different than other tags. Further, improve the
- documentation with better examples. Add a discussion of common practice
- for using dist tags to manage alpha's and beta's.
- ([@cvrebert](https://github.com/cvrebert))
-* [`6db58dd`](https://github.com/npm/npm/commit/6db58dd0d7719c4675a239d43164edc066842b14)
- [`2ee6371`](https://github.com/npm/npm/commit/2ee6371911bd3a4d566c5d7bc8734facc60cb27c)
- [#10788](https://github.com/npm/npm/pull/10788)
- [#10789](https://github.com/npm/npm/pull/10789)
- Improve documentation cross referencing.
- ([@cvrebert](https://github.com/cvrebert))
-* [`7ba629a`](https://github.com/npm/npm/commit/7ba629a2ad3eaf736529e053b533cabe3a0d7123)
- [#10790](https://github.com/npm/npm/pull/10790)
- Document more clearly that `npm install foo` means `npm install
- foo@latest`.
- ([@cvrebert](https://github.com/cvrebert))
-
-#### A FEW MODULE UPDATES
-
-* [`fc2e8d5`](https://github.com/npm/npm/commit/fc2e8d58a91728cb06936eea686efaa4fdec3f06)
- `glob@6.0.3`: Remove deprecated features and fix a bunch of bugs.
- ([@isaacs](https://github.com/isaacs))
-* [`5b820c4`](https://github.com/npm/npm/commit/5b820c4e17c907fa8c23771c0cd8e74dd5fdaa51)
- `has-unicode@2.0.0`: Change the default on Windows to be false, as
- international Windows installs often install to non-unicode codepages and
- there's no way to detect this short of a system call or a call to a
- command line program.
- ([@iarna](https://github.com/iarna))
-* [`238fe84`](https://github.com/npm/npm/commit/238fe84ac61297f1d71701d80368afaa40463305)
- `which@1.2.1`: Fixed bugs with uid/gid checks and with quoted Windows PATH
- parts.
- ([@isaacs](https://github.com/isaacs))
-* [`5e510e1`](https://github.com/npm/npm/commit/5e510e13d022a22d58742b126482d3b38a14cc83)
- `rimraf@2.5.0`: Add ability to disable glob support / pass in options.
- ([@isaacs](https://github.com/isaacs))
-* [`7558215`](https://github.com/npm/npm/commit/755821569466b7be0883f4b0573eeb83c24109eb)
- `readable-stream@2.0.5`: Minor performance improvements.
- ([@calvinmetcalf](https://github.com/calvinmetcalf))
-* [`64e8499`](https://github.com/npm/npm/commit/64e84992c812a73d590be443c09a6977d0ae9040)
- `fs-write-stream-atomic@1.0.8`: Rewrite to use modern streams even on 0.8
- plus a bunch of tests.
- ([@iarna](https://github.com/iarna))
-* [`74d92a0`](https://github.com/npm/npm/commit/74d92a08d72ce3603244de4bb3e3706d2b928cef)
- `columnify@1.5.4`: Some bug fixes around large inputs.
- ([@timoxley](https://github.com/timoxley))
-
-#### FIX NPM'S TESTS ON 0.8
-
-This doesn't impact you as a user of npm, and ordinarily that means we
-wouldn't call it out here, but if you've ever wanted to contribute, having
-that green travis badge makes it a lot easier to do so with confidence!
-
-* [`b14cdbb`](https://github.com/npm/npm/commit/b14cdbb6002b04bfbefaff70cc45810c20d5a366)
- [#10872](https://github.com/npm/npm/pull/10872)
- Rewrite tests using nock to use other alternatives.
- ([@zkat](https://github.com/zkat))
-* [`59ed01a`](https://github.com/npm/npm/commit/59ed01a8ea7960b1467aed52164fc36a03c77770)
- [#10872](https://github.com/npm/npm/pull/10872)
- Work around Node.js 0.8 http back-pressure bug.
-
- 0.8 http streams have a bug, where if they're paused with data in their
- buffers when the socket closes, they call `end` before emptying those
- buffers, which results in the entire pipeline ending and thus the point
- that applied backpressure never being able to trigger a `resume`.
-
- We work around this by piping into a pass through stream that has
- unlimited buffering. The pass through stream is from readable-stream and
- is thus a current streams3 implementation that is free of these bugs even
- on 0.8.
- ([@iarna](https://github.com/iarna))
-
-### v3.5.3 (2015-12-10):
-
-Did you know that Bob Ross reached the rank of master sergeant in the US Air
-Force before becoming perhaps the most soothing painter of all time?
-
-#### TWO HAPPY LITTLE BUG FIXES
-
-* [`71c9590`](https://github.com/npm/npm/commit/71c9590be61b6a7b7fa8b6dc19baa588cda26a27)
- [#10505](https://github.com/npm/npm/issues/10505) `npm ls --json --depth=0`
- now respects the depth parameter, when it is zero and when it is not zero.
- ([@MarkReeder](https://github.com/MarkReeder))
-* [`954fa67`](https://github.com/npm/npm/commit/954fa67f1ca3739992abd244e217a0aaf8465660)
- [#9099](https://github.com/npm/npm/issues/9099) I had always thought you
- could run `npm version` from subdirectories in your project, which is great,
- because now you can. I guess I was just ahead of my time.
- ([@ekmartin](https://github.com/ekmartin))
-
-#### NOW PAINT IN SOME NICE DOCS CHANGES
-
-* [`b88c37c`](https://github.com/npm/npm/commit/b88c37c1cced40e9e41402cc54a5efc3c33cd13e)
- [#10546](https://github.com/npm/npm/issues/10546) Goodbye, FAQ! You were
- cheeky and fun until you weren't! Don't worry: npm still loves everyone,
- especially you! ([@ashleygwilliams](https://github.com/ashleygwilliams))
-* [`2d3afe9`](https://github.com/npm/npm/commit/2d3afe9644ba69681a36721e79c45d27def71939)
- [#10570](https://github.com/npm/npm/issues/10570) Update documentation URLs
- to be HTTPS everywhere sensible. No HTTP shall be spared!
- ([@rsp](https://github.com/rsp))
-* [`6abd0e0`](https://github.com/npm/npm/commit/6abd0e0626d0f642ce0dae0e128ced80433f15a1)
- [#10650](https://github.com/npm/npm/issues/10650) Correctly note that there
- are two lifecycle scripts run by an install phase in an example, instead of
- three. ([@eymengunay](https://github.com/eymengunay))
-* [`a5e8df5`](https://github.com/npm/npm/commit/a5e8df53b8d6d75398cb6a55a44dcf374b0f1661)
- [#10687](https://github.com/npm/npm/issues/10687) `npm outdated`'s output can
- be a little puzzling sometimes. I've attempted to make it clearer, with some
- examples, of what's going on with "wanted" and "latest" in more cases.
- ([@othiym23](https://github.com/othiym23))
-* [`8f52833`](https://github.com/npm/npm/commit/8f52833f5d15c4f94467234607d40e75198af1aa)
- [#10700](https://github.com/npm/npm/issues/10700) Hey, do you remember when
- `search.npmjs.org` was a thing? I think I do? The last time I used it was in
- like 2012, and it's gone now, so remove it from the docs.
- ([@gagern](https://github.com/gagern))
-* [`b6a53b8`](https://github.com/npm/npm/commit/b6a53b889c948053dcbf6d7aab9ad1cd4226dc32)
- [npm/docs#477](https://github.com/npm/docs/issues/477) Continue to airbrush
- the CLI API docs out of history. ([@verpixelt](https://github.com/verpixelt))
-* [`b835b72`](https://github.com/npm/npm/commit/b835b72d1dd23b0a17321a85d8d395322d18005d)
- `semver@5.1.0`: Include BNF for SemVer expression grammar (which is also now
- included in `npm help semver`). ([@isaacs](https://github.com/isaacs))
-
-#### LAND YOUR DEPENDENCY UPGRADES IN PAIRS SO EVERYONE HAS A FRIEND
-
-* [`95e99fa`](https://github.com/npm/npm/commit/95e99faadcdc85a16210dd79c0e7d83add1b9f3e)
- `request@2.67.0` ([@simov](https://github.com/simov))
-* [`b49199a`](https://github.com/npm/npm/commit/b49199ac96dfb1afe5719286621a318576dd69ae)
- [isaacs/rimraf#89](https://github.com/isaacs/rimraf/pull/89) `rimraf@2.4.4`
- ([@zerok](https://github.com/zerok))
-* [`6632418`](https://github.com/npm/npm/commit/66324189a734a1665e1b78a06ba44089d9c3a11c)
- [npm/nopt#51](https://github.com/npm/nopt/pull/51) `nopt@3.0.6`
- ([@wbecker](https://github.com/wbecker))
-* [`f0a3b3e`](https://github.com/npm/npm/commit/f0a3b3e0dbbdaf11ec55dccd59cc21bfa05f9240)
- [isaacs/once#7](https://github.com/isaacs/once/pull/7) `once@1.3.3`
- ([@floatdrop](https://github.com/floatdrop))
-
-### v3.5.2 (2015-12-03):
-
-Weeeelcome to another npm release! The short version is that we fixed
-some `ENOENT` and some modules that resulted in modules going missing. We
-also eliminated the use of MD5 in our code base to help folks using
-Node.js in FIPS mode. And we fixed a bad URL in our license file.
-
-#### FIX URL IN LICENSE
-
-The license incorrectly identified the registry URL as
-`registry.npmjs.com` and this has been corrected to `registry.npmjs.org`.
-
-* [`cb6d81b`](https://github.com/npm/npm/commit/cb6d81bd611f68c6126a90127a9dfe5604d46c8c)
- [#10685](https://github.com/npm/npm/pull/10685)
- Fix npm public registry URL in notices.
- ([@kemitchell](https://github.com/kemitchell))
-
-#### ENOENT? MORE LIKE ENOMOREBUGS
-
-The headliner this week was uncovered by the fixes to bundled dependency
-handling over the past few releases. What had been a frustratingly
-intermittent and hard to reproduce bug became something that happened
-every time in Travis. This fixes another whole bunch of errors where you
-would, while running an install have it crash with an `ENOENT` on
-`rename`, or the install would finish but some modules would be
-mysteriously missing and you'd have to install a second time.
-
-What's going on was a bit involved, so bear with me:
-
-`npm@3` generates a list of actions to take against the tree on disk.
-With the exception of lifecycle scripts, it expects these all to be able
-to act independently without interfering with each other.
-
-This means, for instance, that one should be able to upgrade `b` in
-`a→b→c` without having npm reinstall `c`.
-
-That works fine by the way.
-
-But it also means that the move action should be able to move `b` in
-`a→b→c@1.0.1` to `a→d→b→c@1.0.2` without moving or removing `c@1.0.1` and
-while leaving `c@1.0.2` in place if it was already installed.
-
-That is, the `move` action moves an individual node, replacing itself
-with an empty spot if it had children. This is not, as it might first
-appear, something where you move an entire branch to another location on
-the tree.
-
-When moving `b` we already took care to leave `c@1.0.1` in place so that
-other moves (or removes) could handle it, but we were stomping on the
-destination and so `c@1.0.2` was being removed.
-
-* [`f4385d8`](https://github.com/npm/npm/commit/f4385d8e7678349e75c80fae8a1f8f366f197937)
- [#10655](https://github.com/npm/npm/pull/10655)
- Preserve destination `node_modules` when moving.
- ([@iarna](https://github.com/iarna))
-
-There was also a bug with `remove` where it was pruning the entire tree
-at the remove point, prior to running moves and adds.
-
-This was fine most of the time, but if we were moving one of the deps out
-from inside it, kaboom.
-
-* [`19c626d`](https://github.com/npm/npm/commit/19c626d69888f0cdc6e960254b3fdf523ec4b52c)
- [#10655](https://github.com/npm/npm/pull/10655)
- Get rid of the remove commit phase– we could have it prune _just_ the
- module being removed, but that isn't gaining us anything.
- ([@iarna](https://github.com/iarna))
-
-After all that, we shouldn't be upgrading the `add` of a bundled package
-to a `move`. Moves save us from having to extract the package, but with a
-bundled dependency it's included in another package already so that
-doesn't gain us anything.
-
-* [`641a93b`](https://github.com/npm/npm/commit/641a93bd66a6aa4edf2d6167344b50d1a2afb593)
- [#10655](https://github.com/npm/npm/pull/10655)
- Don't convert adds to moves with bundled deps.
- ([@iarna](https://github.com/iarna))
-
-While I was in there, I also took some time to improve diagnostics to
-make this sort of thing easier to track down in the future:
-
-* [`a04ec04`](https://github.com/npm/npm/commit/a04ec04804e562b511cd31afe89c8ba94aa37ff2)
- [#10655](https://github.com/npm/ npm/pull/10655)
- Wrap rename so errors have stack traces.
- ([@iarna](https://github.com/iarna))
-* [`8ea142f`](https://github.com/npm/npm/commit/8ea142f896a2764290ca5472442b27b047ab7a1a)
- [#10655](https://github.com/npm/npm/pull/10655)
- Add silly logging so function is debuggable
- ([@iarna](https://github.com/iarna))
-
-#### NO MORE MD5
-
-We updated modules that had been using MD5 for non-security purposes.
-While this is perfectly safe, if you compile Node in FIPS-compliance mode
-it will explode if you try to use MD5. We've replaced MD5 with Murmur,
-which conveys our intent better and is faster to boot.
-
-* [`f068b26`](https://github.com/npm/npm/commit/f068b2661a8d0269c184867e003cd08cb6c56cf2)
- [#10629](https://github.com/npm/npm/issues/10629)
- `unique-filename@1.1.0`
- ([@iarna](https://github.com/iarna))
-* [`dba1b24`](https://github.com/npm/npm/commit/dba1b2402aaa2beceec798d3bd22d00650e01069)
- [#10629](https://github.com/npm/npm/issues/10629)
- `write-file-atomic@1.1.4`
- ([@othiym23](https://github.com/othiym23))
-* [`8347a30`](https://github.com/npm/npm/commit/8347a308ef0d2cf0f58f96bba3635af642ec611f)
- [#10629](https://github.com/npm/npm/issues/10629)
- `fs-write-stream-atomic@1.0.5`
- ([@othiym23](https://github.com/othiym23))
-
-#### DEPENDENCY UPDATES
-
-* [`9e2a2bb`](https://github.com/npm/npm/commit/9e2a2bb5bc71a0ab3b3637e8eec212aa22d5c99f)
- [nodejs/node-gyp#831](https://github.com/nodejs/node-gyp/pull/831)
- `node-gyp@3.2.1`:
- Improved \*BSD support.
- ([@bnoordhuis](https://github.com/bnoordhuis))
-
-### v3.5.1 (2015-11-25):
-
-#### THE npm CLI !== THE npm REGISTRY !== npm, INC.
-
-npm-the-CLI is licensed under the terms of the [Artistic License
-2.0](https://github.com/npm/npm/blob/8d79c1a39dae908f27eaa37ff6b23515d505ef29/LICENSE),
-which is a liberal open-source license that allows you to take this code and do
-pretty much whatever you like with it (that is, of course, not legal language,
-and if you're doing anything with npm that leaves you in doubt about your legal
-rights, please seek the review of qualified counsel, which is to say, not
-members of the CLI team, none of whom have passed the bar, to my knowledge). At
-the same time the primary registry the CLI uses when looking up and downloading
-packages is a commercial service run by npm, Inc., and it has its own [Terms of
-Use](https://www.npmjs.com/policies/terms).
-
-Aside from clarifying the terms of use (and trying to make sure they're more
-widely known), the only recent changes to npm's licenses have been making the
-split between the CLI and registry clearer. You are still free to do whatever
-you like with the CLI's source, and you are free to view, download, and publish
-packages to and from `registry.npmjs.org`, but now the existing terms under
-which you can do so are more clearly documented. Aside from the two commits
-below, see also [the release notes for
-`npm@3.4.1`](https://github.com/npm/npm/releases/tag/v3.4.1), which is where
-the split between the CLI's code and the terms of use for the registry was
-first made more clear.
-
-* [`35a5dd5`](https://github.com/npm/npm/commit/35a5dd5abbfeec4f98a2b4534ec4ef5d16760581)
- [#10532](https://github.com/npm/npm/issues/10532) Clarify that
- `registry.npmjs.org` is the default, but that you're free to use the npm CLI
- with whatever registry you wish. ([@kemitchell](https://github.com/kemitchell))
-* [`fa6b013`](https://github.com/npm/npm/commit/fa6b0136a0e4a19d8979b2013622e5ff3f0446f8)
- [#10532](https://github.com/npm/npm/issues/10532) Having semi-duplicate
- release information in `README.md` was confusing and potentially inaccurate,
- so remove it. ([@kemitchell](https://github.com/kemitchell))
-
-#### EASE UP ON WINDOWS BASH USERS
-
-It turns out that a fair number of us use bash on Windows (through MINGW or
-bundled with Git, plz – Cygwin is still a bridge too far, for both npm and
-Node.js). [@jakub-g](https://github.com/jakub-g) did us all a favor and relaxed
-the check for npm completion to support MINGW bash. Thanks, Jakub!
-
-* [`09498e4`](https://github.com/npm/npm/commit/09498e45c5c9e683f092ab1372670f81db4762b6)
- [#10156](https://github.com/npm/npm/issues/10156) completion: enable on
- Windows in git bash ([@jakub-g](https://github.com/jakub-g))
-
-#### THE ONGOING SAGA OF BUNDLED DEPENDENCIES
-
-`npm@3.5.0` fixed up a serious issue with how `npm@3.4.1` (and potentially
-`npm@3.4.0` and `npm@3.3.12`) handled the case in which dependencies bundled
-into a package tarball are handled improperly when one or more of their own
-dependencies are older than what's latest on the registry. Unfortunately, in
-fixing that (quite severe) regression (see [`npm@3.5.0`'s release notes' for
-details](https://github.com/npm/npm/releases/tag/v3.5.0)), we introduced a new
-(small, and fortunately cosmetic) issue where npm superfluously warns you about
-bundled dependencies being stale. We have now fixed that, and hope that we
-haven't introduced any _other_ regressions in the process. :D
-
-* [`20824a7`](https://github.com/npm/npm/commit/20824a75bf7639fb0951a588e3c017a370ae6ec2)
- [#10501](https://github.com/npm/npm/issues/10501) Only warn about replacing
- bundled dependencies when actually doing so. ([@iarna](https://github.com/iarna))
-
-#### MAKE NODE-GYP A LITTLE BLUER
-
-* [`1d14d88`](https://github.com/npm/npm/commit/1d14d882c3b5af0a7fee46e8e0e343d07e4c38cb)
- `node-gyp@3.2.0`: Support AIX, use `which` to find Python, updated to a newer
- version of `gyp`, and more! ([@bnoordhuis](https://github.com/bnoordhuis))
-
-#### A BOUNTEOUS THANKSGIVING CORNUCOPIA OF DOC TWEAKS
-
-These are great! Keep them coming! Sorry for letting them pile up so deep,
-everybody. Also, a belated Thanksgiving to our Canadian friends, and a happy
-Thanksgiving to all our friends in the USA.
-
-* [`4659f1c`](https://github.com/npm/npm/commit/4659f1c5ad617c46a5e89b48abf0b1c4e6f04307)
- [#10244](https://github.com/npm/npm/issues/10244) In `npm@3`, `npm dedupe`
- doesn't take any arguments, so update documentation to reflect that.
- ([@bengotow](https://github.com/bengotow))
-* [`625a7ee`](https://github.com/npm/npm/commit/625a7ee6b4391e90cb28a95f20a73fd794e1eebe)
- [#10250](https://github.com/npm/npm/issues/10250) Correct order of `org:team`
- in `npm team` documentation. ([@louislarry](https://github.com/louislarry))
-* [`bea7f87`](https://github.com/npm/npm/commit/bea7f87399d784e3a6d3393afcca658a61a40d77)
- [#10371](https://github.com/npm/npm/issues/10371) Remove broken / duplicate
- link to tag. ([@WickyNilliams](https://github.com/WickyNilliams))
-* [`0a25e29`](https://github.com/npm/npm/commit/0a25e2956e9ddd4065d6bd929559321afc512fde)
- [#10419](https://github.com/npm/npm/issues/10419) Remove references to
- nonexistent `npm-rm(1)` documentation. ([@KenanY](https://github.com/KenanY))
-* [`19b94e1`](https://github.com/npm/npm/commit/19b94e1e6781fe2f98ada0a3f49a1bda25e3e32d)
- [#10474](https://github.com/npm/npm/issues/10474) Clarify that install finds
- dependencies in `package.json`. ([@sleekweasel](https://github.com/sleekweasel))
-* [`b25efc8`](https://github.com/npm/npm/commit/b25efc88067c843ffdda86ea0f50f95d136a638e)
- [#9948](https://github.com/npm/npm/issues/9948) Encourage users to file an
- issue, rather than emailing authors. ([@trodrigues](https://github.com/trodrigues))
-* [`24f4ced`](https://github.com/npm/npm/commit/24f4cedc83b10061f26362bf2f005ab935e0cbfe)
- [#10497](https://github.com/npm/npm/issues/10497) Clarify what a package is
- slightly. ([@aredridel](https://github.com/aredridel))
-* [`e8168d4`](https://github.com/npm/npm/commit/e8168d40caae00b2914ea09dbe4bd1b09ba3dcd5)
- [#10539](https://github.com/npm/npm/issues/10539) Remove an extra, spuriously
- capitalized letter. ([@alexlukin-softgrad](https://github.com/alexlukin-softgrad))
-
-### v3.5.0 (2015-11-19):
-
-#### TEEN ORCS AT THE GATES
-
-This week heralds the general release of the primary npm registry's [new
-support for private packages for
-organizations](http://blog.npmjs.org/post/133542170540/private-packages-for-organizations).
-For many potential users, it's the missing piece needed to make it easy for you
-to move your organization's private work onto npm. And now it's here! The
-functionality to support it has been in place in the CLI for a while now,
-thanks to [@zkat](https://github.com/zkat)'s hard work.
-
-During our final testing before the release, our ace support team member
-[@snopeks](https://github.com/snopeks) noticed that there had been some drift
-between the CLI team's implementation and what npm was actually preparing to
-ship. In the interests of everyone having a smooth experience with this
-_extremely useful_ new feature, we quickly made a few changes to square up the
-CLI and the web site experiences.
-
-* [`d7fb92d`](https://github.com/npm/npm/commit/d7fb92d1c53ba5196ad6dd2101a06792a4c0412b)
- [#9327](https://github.com/npm/npm/issues/9327) `npm access` no longer has
- problems when run in a directory that doesn't contain a `package.json`.
- ([@othiym23](https://github.com/othiym23))
-* [`17df3b5`](https://github.com/npm/npm/commit/17df3b5d5dffb2e9c223b9cfa2d5fd78c39492a4)
- [npm/npm-registry-client#126](https://github.com/npm/npm-registry-client/issues/126)
- `npm-registry-client@7.0.8`: Allow the CLI to grant, revoke, and list
- permissions on unscoped (public) packages on the primary registry.
- ([@othiym23](https://github.com/othiym23))
-
-#### NON-OPTIONAL INSTALLS, DEFINITELY NON-OPTIONAL
-
-* [`180263b`](https://github.com/npm/npm/commit/180263b)
- [#10465](https://github.com/npm/npm/pull/10465)
- When a non-optional dep fails, we check to see if it's only required by
- ONLY optional dependencies. If it is, we make it fail all the deps in
- that chain (and roll them back). If it isn't then we give an error.
-
- We do this by walking up through all of our ancestors until we either hit an
- optional dependency or the top of the tree. If we hit the top, we know to
- give the error.
-
- If you installed a module by hand but didn't `--save` it, your module
- won't have the top of the tree as an anscestor and so this code was
- failing to abort the install with an error
-
- This updates the logic so that hitting the top OR a module that was
- requested by the user will trigger the error message.
- ([@iarna](https://github.com/iarna))
-
-* [`b726a0e`](https://github.com/npm/npm/commit/b726a0e)
- [#9204](https://github.com/npm/npm/issues/9204)
- Ideally we would like warnings about your install to come AFTER the
- output from your compile steps or the giant tree of installed modules.
-
- To that end, we've moved warnings about failed optional deps to the show
- after your install completes.
- ([@iarna](https://github.com/iarna))
-
-#### OVERRIDING BUNDLING
-
-* [`aed71fb`](https://github.com/npm/npm/commit/aed71fb)
- [#10482](https://github.com/npm/npm/issues/10482)
- We've been in our bundled modules code a lot lately, and our last go at
- this introduced a new bug, where if you had a module `a` that bundled
- a module `b`, which in turn required `c`, and the version of `c` that
- got bundled wasn't compatible with `b`'s `package.json`, we would then
- install a compatible version of `c`, but also erase `b` at the same time.
-
- This fixes that. It also reworks our bundled module support to be much
- closer to being in line with how we handle non-bundled modules and we're
- hopeful this will reduce any future errors around them. The new structure
- is hopefully much easier to reason about anyway.
- ([@iarna](https://github.com/iarna))
-
-#### A BRIEF NOTE ON NPM'S BACKWARDS COMPATIBILITY
-
-We don't often have much to say about the changes we make to our internal
-testing and tooling, but I'm going to take this opportunity to reiterate that
-npm tries hard to maintain compatibility with a wide variety of Node versions.
-As this change shows, we want to ensure that npm works the same across:
-
-* Node.js 0.8
-* Node.js 0.10
-* Node.js 0.12
-* the latest io.js release
-* Node.js 4 LTS
-* Node.js 5
-
-Contributors who send us pull requests often notice that it's very rare that
-our tests pass across all of those versions (ironically, almost entirely due to
-the packages we use for testing instead of any issues within npm itself). We're
-currently beginning an effort, lasting the rest of 2015, to clean up our test
-suite, and not only get it passing on all of the above versions of Node.js, but
-working solidly on Windows as well. This is a compounding form of technical
-debt that we're finally paying down, and our hope is that cleaning up the tests
-will produce a more robust CLI that's a lot easier to write patches for.
-
-* [`791ec6b`](https://github.com/npm/npm/commit/791ec6b1bac0d1df59f5ebb4ccd16a29a5dc73f0)
- [#10233](https://github.com/npm/npm/issues/10233) Update Node.js versions
- that Travis uses to test npm. ([@iarna](https://github.com/iarna))
-
-#### 0.8 + npm <1.4 COMPATIBLE? SURE WHY NOT
-
-Hey, you found the feature we added!
-
-* [`231c58a`](https://github.com/npm/npm/commit/231c58a)
- [#10337](https://github.com/npm/npm/pull/10337)
- Add two new flags, first `--legacy-bundling` which installs your
- dependencies such that if you bundle those dependencies, npm versions
- prior to `1.4` can still install them. This eliminates all automatic
- deduping.
-
- Second, `--global-style` which will install modules in your `node_modules`
- folder with the same layout as global modules. Only your direct
- dependencies will show in `node_modules` and everything they depend on
- will be flattened in their `node_modules` folders. This obviously will
- elminate some deduping.
- ([@iarna](https://github.com/iarna))
-
-#### TYPOS IN THE LICENSE, OH MY
-
-* [`8d79c1a`](https://github.com/npm/npm/commit/8d79c1a39dae908f27eaa37ff6b23515d505ef29)
- [#10478](https://github.com/npm/npm/issues/10478) Correct two typos in npm's
- LICENSE. ([@jorrit](https://github.com/jorrit))
-
-### v3.4.1 (2015-11-12):
-
-#### ASK FOR NOTHING, GET LATEST
-
-When you run `npm install foo`, you probably expect that you'll get the
-`latest` version of `foo`, whatever that is. And good news! That's what
-this change makes it do.
-
-We _think_ this is what everyone wants, but if this causes problems for
-you, we want to know! If it proves problematic for people we will consider
-reverting it (preferrably before this becomes `npm@latest`).
-
-Previously, when you ran `npm install foo` we would act as if you typed
-`npm install foo@*`. Now, like any range-type specifier, in addition to
-matching the range, it would also have to be `<=` the value of the
-`latest` dist-tag. Further, it would exclude prerelease versions from the
-list of versions considered for a match.
-
-This worked as expected most of the time, unless your `latest` was a
-prerelease version, in which case that version wouldn't be used, to
-everyone's surprise. Worse, if all your versions were prerelease versions
-it would just refuse to install anything. (We fixed that in
-[`npm@3.2.2`](https://github.com/npm/npm/releases/tag/v3.2.2) with
-[`e4a38080`](https://github.com/npm/npm/commit/e4a38080).)
-
-* [`1e834c2`](https://github.com/npm/npm/commit/1e834c2)
- [#10189](https://github.com/npm/npm/issues/10189)
- `npm-package-arg@4.1.0` Change the default version from `*` to `latest`.
- ([@zkat](https://github.com/zkat))
-
-#### BUGS
-
-* [`bec4a84`](https://github.com/npm/npm/commit/bec4a84)
- [#10338](https://github.com/npm/npm/pull/10338)
- Failed installs could result in more rollback (removal of just installed
- packages) than we intended. This bug was first introduced by
- [`83975520`](https://github.com/npm/npm/commit/83975520).
- ([@iarna](https://github.com/iarna))
-* [`06c732f`](https://github.com/npm/npm/commit/06c732f)
- [#10338](https://github.com/npm/npm/pull/10338)
- Updating a module could result in the module stealing some of its
- dependencies from the top level, potentially breaking other modules or
- resulting in many redundent installations. This bug was first introduced
- by [`971fd47a`](https://github.com/npm/npm/commit/971fd47a).
- ([@iarna](https://github.com/iarna))
-* [`5653366`](https://github.com/npm/npm/commit/5653366)
- [#9980](https://github.com/npm/npm/issues/9980)
- npm, when removing a module, would refuse to remove the symlinked
- binaries if the module itself was symlinked as well. npm goes to some
- effort to ensure that it doesn't remove things that aren't is, and this
- code was being too conservative. This code has been rewritten to be
- easier to follow and to be unit-testable.
- ([@iarna](https://github.com/iarna))
-
-#### LICENSE CLARIFICATION
-
-* [`80acf20`](https://github.com/npm/npm/commit/80acf20)
- [#10326](https://github.com/npm/npm/pull/10326)
- Update npm's licensing to more completely cover all of the various
- things that are npm.
- ([@kemitchell](https://github.com/kemitchell))
-
-#### CLOSER TO GREEN TRAVIS
-
-* [`fc12da9`](https://github.com/npm/npm/commit/fc12da9)
- [#10232](https://github.com/npm/npm/pull/10232)
- `nock@1.9.0`
- Downgrade nock to a version that doesn't depend on streams2 in core so
- that more of our tests can pass in 0.8.
- ([@iarna](https://github.com/iarna))
-
-### v3.4.0 (2015-11-05):
-
-#### A NEW FEATURE
-
-This was a group effort, with [@isaacs](https://github.com/isaacs)
-dropping the implementation in back in August. Then, a few days ago,
-[@ashleygwilliams](https://github.com/ashleygwilliams) wrote up docs and
-just today [@othiym23](https://github.com/othiym23) wrote a test.
-
-It's a handy shortcut to update a dependency and then make sure tests
-still pass.
-
-This new command:
-
-```
-npm install-test x
-```
-
-is the equivalent of running:
-
-```
-npm install x && npm test
-```
-
-* [`1ac3e08`](https://github.com/npm/npm/commit/1ac3e08)
- [`bcb04f6`](https://github.com/npm/npm/commit/bcb04f6)
- [`b6c17dd`](https://github.com/npm/npm/commit/b6c17dd)
- [#9443](https://github.com/npm/npm/pull/9443)
- Add `npm install-test` command, alias `npm it`.
- ([@isaacs](https://github.com/isaacs),
- [@ashleygwilliams](https://github.com/ashleygwilliams),
- [@othiym23](https://github.com/othiym23))
-
-#### BUG FIXES VIA DEPENDENCY UPDATES
-
-* [`31c0080`](https://github.com/npm/npm/commit/31c0080)
- [#8640](https://github.com/npm/npm/issues/8640)
- [npm/normalize-package-data#69](https://github.com/npm/normalize-package-data/pull/69)
- `normalize-package-data@2.3.5`:
- Fix a bug where if you didn't specify the name of a scoped module's
- binary, it would install it such that it was impossible to call it.
- ([@iarna](https://github.com/iarna))
-* [`02b37bc`](https://github.com/npm/npm/commit/02b37bc)
- [npm/fstream-npm#14](https://github.com/npm/fstream-npm/pull/14)
- `fstream-npm@1.0.7`:
- Only filter `config.gypi` when it's in the build directory.
- ([@mscdex](https://github.com/mscdex))
-* [`accb9d2`](https://github.com/npm/npm/commit/accb9d2)
- [npm/fstream-npm#15](https://github.com/npm/fstream-npm/pull/15)
- `fstream-npm@1.0.6`:
- Stop including directories that happened to have names matching whitelisted
- npm files in npm module tarballs. The most common cause was that if you had
- a README directory then everything in it would be included if wanted it
- or not.
- ([@taion](https://github.com/taion))
-
-#### DOCUMENTATION FIXES
-
-* [`7cf6366`](https://github.com/npm/npm/commit/7cf6366)
- [#10036](https://github.com/npm/npm/pull/10036)
- Fix typo / over-abbreviation.
- ([@ifdattic](https://github.com/ifdattic))
-* [`d0ad8f4`](https://github.com/npm/npm/commit/d0ad8f4)
- [#10176](https://github.com/npm/npm/pull/10176)
- Fix broken link, scopes => scope.
- ([@ashleygwilliams](https://github.com/ashleygwilliams))
-* [`d623783`](https://github.com/npm/npm/commit/d623783)
- [#9460](https://github.com/npm/npm/issue/9460)
- Specifying the default command run by "npm start" and the
- fact that you can pass it arguments.
- ([@JuanCaicedo](https://github.com/JuanCaicedo))
-
-#### DEPENDENCY UPDATES FOR THEIR OWN SAKE
-
-* [`0a4c29e`](https://github.com/npm/npm/commit/0a4c29e)
- [npm/npmlog#19](https://github.com/npm/npmlog/pull/19)
- `npmlog@2.0.0`: Make it possible to emit log messages with `error` as the
- prefix.
- ([@bengl](https://github.com/bengl))
-* [`9463ce9`](https://github.com/npm/npm/commit/9463ce9)
- `read-package-json@2.0.2`:
- Minor cleanups.
- ([@KenanY](https://github.com/KenanY))
-
-### v3.3.12 (2015-11-02):
-
-Hi, a little hot-fix release for a bug introduced in 3.3.11. The ENOENT fix
-last week ([`f0e2088`](https://github.com/npm/npm/commit/f0e2088)) broke
-upgrades of modules that have bundled dependencies (like `npm`, augh!)
-
-* [`aedf7cf`](https://github.com/npm/npm/commit/aedf7cf)
- [#10192](//github.com/npm/npm/pull/10192)
- If a bundled module is going to be replacing a module that's currently on
- disk (for instance, when you upgrade a module that includes bundled
- dependencies) we want to select the version from the bundle in preference
- over the one that was there previously.
- ([@iarna](https://github.com/iarna))
-
-### v3.3.11 (2015-10-29):
-
-This is a dependency update week, so that means no PRs from our lovely
-users. Look for those next week. As it happens, the dependencies updated
-were just devdeps, so nothing for you all to worry about.
-
-But the bug fixes, oh geez, I tracked down some really long standing stuff
-this week!! The headliner is those intermittent `ENOENT` errors that no one
-could reproduce consistently? I think they're nailed! But also pretty
-important, the bug where `hapi` would install w/ a dep missing? Squashed!
-
-#### EEEEEEENOENT
-
-* [`f0e2088`](https://github.com/npm/npm/commit/f0e2088)
- [#10026](https://github.com/npm/npm/issues/10026)
- Eliminate some, if not many, of the `ENOENT` errors `npm@3` has seen over
- the past few months. This was happening when npm would, in its own mind,
- correct a bundled dependency, due to a `package.json` specifying an
- incompatible version. Then, when npm extracted the bundled version, what
- was on disk didn't match its mind and… well, when it tried to act on what
- was in its mind, we got an `ENOENT` because it didn't actually exist on
- disk.
- ([@iarna](https://github.com/iarna))
-
-#### PARTIAL SHRINKWRAPS, NO LONGER A BAD DAY
-
-* [`712fd9c`](https://github.com/npm/npm/commit/712fd9c)
- [#10153](https://github.com/npm/npm/pull/10153)
- Imagine that you have a module, let's call it `fun-time`, and it depends
- on two dependencies, `need-fun@1` and `need-time`. Further, `need-time`
- requires `need-fun@2`. So after install the logical tree will look like
- this:
-
- ```
- fun-time
- ├── need-fun@1
- └── need-time
- └── need-fun@2
- ```
-
- Now, the `fun-time` author also distributes a shrinkwrap, but it only includes
- the `need-fun@1` in it.
-
- Resolving dependencies would look something like this:
-
- 1. Require `need-fun@1`: Use version from shrinkwrap (ignoring version)
- 2. Require `need-time`: User version in package.json
- 1. Require `need-fun@2`: Use version from shrinkwrap, which oh hey, is
- already installed at the top level, so no further action is needed.
-
- Which results in this tree:
-
- ```
- fun-time
- ├── need-fun@1
- └── need-time
- ```
-
- We're ignoring the version check on things specified in the shrinkwrap
- so that you can override the version that will be installed. This is
- because you may want to use a different version than is specified
- by your dependencies' dependencies' `package.json` files.
-
- To fix this, we now only allow overrides of a dependency version when
- that dependency is a child (in the tree) of the thing that requires it.
- This means that when we're looking for `need-fun@2` we'll see `need-fun@1`
- and reject it because, although it's from a shrinkwrap, it's parent is
- `fun-time` and the package doing the requiring is `need-time`.
-
- ([@iarna](https://github.com/iarna))
-
-#### STRING `package.bin` AND NON-NPMJS REGISTRIES
-
-* [`3de1463`](https://github.com/npm/npm/commit/3de1463)
- [#9187](https://github.com/npm/npm/issues/9187)
- If you were using a module with the `bin` field in your `package.json` set
- to a string on a non-npmjs registry then npm would crash, due to the our
- expectation that the `bin` field would be an object. We now pass all
- `package.json` data through a routine that normalizes the format,
- including the `bin` field. (This is the same routine that your
- `package.json` is passed through when read off of disk or sent to the
- registry for publication.) Doing this also ensures that older modules on
- npm's own registry will be treated exactly the same as new ones. (In the
- past we weren't always super careful about scrubbing `package.json` data
- on publish. And even when we were, those rules have subtly changed over
- time.)
- ([@iarna](https://github.com/iarna))
-
-### v3.3.10 (2015-10-22):
-
-Hey you all! Welcome to a busy bug fix and PR week. We've got changes
-to how `npm install` replaces dependencies during updates, improvements
-to shrinkwrap behavior, and all sorts of doc updates.
-
-In other news, `npm@3` landed in node master in preparation for `node@5`
-with [`41923c0`](https://github.com/nodejs/node/commit/41923c0).
-
-#### UPDATED DEPS NOW MAKE MORE SENSE
-
-* [`971fd47`](https://github.com/npm/npm/commit/971fd47)
- [#9929](https://github.com/npm/npm/pull/9929)
- Make the tree more consistent by doing updates in place. This means
- that trees after a dependency version update will more often look
- the same as after a fresh install.
- ([@iarna](https://github.com/iarna))
-
-#### SHRINKWRAP + DEV DEPS NOW RESPECTED
-
-* [`eb28a8c`](https://github.com/npm/npm/commit/eb28a8c)
- [#9647](https://github.com/npm/npm/issues/9647)
- If a shrinkwrap already has dev deps, don't throw them away when
- someone later runs `npm install --save`.
- ([@iarna](https://github.com/iarna))
-
-#### FANTASTIC DOCUMENTATION UPDATES
-
-* [`291162c`](https://github.com/npm/npm/commit/291162c)
- [#10021](https://github.com/npm/npm/pull/10021)
- Improve wording in the FAQ to be more empathetic and less jokey.
- ([@TaMe3971](https://github.com/TaMe3971))
-* [`9a28c54`](https://github.com/npm/npm/commit/9a28c54)
- [#10020](https://github.com/npm/npm/pull/10020)
- Document the command to see the list of config defaults in the section
- on config defaults.
- ([@lady3bean](https://github.com/lady3bean))
-* [`8770b0a`](https://github.com/npm/npm/commit/8770b0a)
- [#7600](https://github.com/npm/npm/issues/7600)
- Add shortcuts to all command documentation.
- ([@RichardLitt](https://github.com/RichardLitt))
-* [`e9b7d0d`](https://github.com/npm/npm/commit/e9b7d0d)
- [#9950](https://github.com/npm/npm/pull/9950)
- On errors that can be caused by outdated node & npm, suggest updating
- as a part of the error message.
- ([@ForbesLindesay](https://github.com/ForbesLindesay))
-
-#### NEW STANDARD HAS ALWAYS BEEN STANDARD
-
-* [`40c1b0f`](https://github.com/npm/npm/commit/40c1b0f)
- [#9954](https://github.com/npm/npm/pull/9954)
- Update to `standard@5` and reformat the source to work with it.
- ([@cbas](https://github.com/cbas))
-
-### v3.3.9 (2015-10-15):
-
-This week sees a few small changes ready to land:
-
-#### TRAVIS NODE 0.8 BUILDS REJOICE
-
-* [`25a234b`](https://github.com/npm/npm/commit/25a234b)
- [#9668](https://github.com/npm/npm/issues/9668)
- Install `npm@3`'s bundled dependencies with `npm@2`, so that the ancient npm
- that ships with node 0.8 can install `npm@3` directly.
- ([@othiym23](https://github.com/othiym23))
-
-#### SMALL ERROR MESSAGE IMPROVEMENT
-
-* [`a332f61`](https://github.com/npm/npm/commit/a332f61)
- [#9927](https://github.com/npm/npm/pull/9927)
- Update error messages where we report a list of versions that you could
- have installed to show this as a comma separated list instead of as JSON.
- ([@iarna](https://github.com/iarna))
-
-#### DEPENDENCY UPDATES
-
-* [`4cd74b0`](https://github.com/npm/npm/commit/4cd74b0)
- `nock@2.15.0`
- ([@pgte](https://github.com/pgte))
-* [`9360976`](https://github.com/npm/npm/commit/9360976)
- `tap@2.1.1`
- ([@isaacs](https://github.com/isaacs))
-* [`1ead0a4`](https://github.com/npm/npm/commit/1ead0a4)
- `which@1.2.0`
- ([@isaacs](https://github.com/isaacs))
-* [`759f88a`](https://github.com/npm/npm/commit/759f88a)
- `has-unicode@1.0.1`
- ([@iarna](https://github.com/iarna))
-
-### v3.3.8 (2015-10-12):
-
-This is a small update release, we're reverting
-[`22a3af0`](https://github.com/npm/npm/commit/22a3af0) from last week's
-release, as it is resulting in crashes. We'll revisit this PR during this
-week.
-
-* [`ddde1d5`](https://github.com/npm/npm/commit/ddde1d5)
- Revert "lifecycle: Swap out custom logic with add-to-path module"
- ([@iarna](https://github.com/iarna))
-
-### v3.3.7 (2015-10-08):
-
-So, as Kat mentioned in last week's 2.x release, we're now swapping weeks
-between accepting PRs and doing dependency updates, in an effort to keep
-release management work from taking over our lives. This week is a PR week,
-so we've got a bunch of goodies for you.
-
-Relatedly, this week means 3.3.6 is now `latest` and it is WAY faster than
-previous 3.x releases. Give it or this a look!
-
-#### OPTIONAL DEPS, MORE OPTIONAL
-
-* [`2289234`](https://github.com/npm/npm/commit/2289234)
- [#9643](https://github.com/npm/npm/issues/9643)
- [#9664](https://github.com/npm/npm/issues/9664)
- `npm@3` was triggering `npm@2`'s build mechanics when it was linking bin files
- into the tree. This was originally intended to trigger rebuilds of
- bundled modules, but `npm@3`'s flat module structure confused it. This
- caused two seemingly unrelated issues. First, failing optional
- dependencies could under some circumstances (if they were built during
- this phase) trigger a full build failure. And second, rebuilds were being
- triggered of already installed modules, again, in some circumstances.
- Both of these are fixed by disabling the `npm@2` mechanics and adding a
- special rebuild phase for the initial installation of bundled modules.
- ([@iarna](https://github.com/iarna))
-
-#### BAD NAME, NO CRASH
-
-* [`b78fec9`](https://github.com/npm/npm/commit/b78fec9)
- [#9766](https://github.com/npm/npm/issues/9766)
- Refactor all attempts to read the module name or package name to go via a
- single function, with appropriate guards unusual circumstances where they
- aren't where we expect them. This ultimately will ensure we don't see any
- more recurrences of the `localeCompare` error and related crashers.
- ([@iarna](https://github.com/iarna))
-
-#### MISCELLANEOUS BUG FIXES
-
-* [`22a3af0`](https://github.com/npm/npm/commit/22a3af0)
- [#9553](https://github.com/npm/npm/pull/9553)
- Factor the lifecycle code to manage paths out into its own module and use that.
- ([@kentcdodds](https://github.com/kentcdodds))
-* [`6a29fe3`](https://github.com/npm/npm/commit/6a29fe3)
- [#9677](https://github.com/npm/npm/pull/9677)
- Start testing our stuff in node 4 on travis
- ([@fscherwi](https://github.com/fscherwi))
-* [`508c6a4`](https://github.com/npm/npm/commit/508c6a4)
- [#9669](https://github.com/npm/npm/issues/9669)
- Make `recalculateMetadata` more resilient to unexpectedly bogus dependency specifiers.
- ([@tmct](https://github.com/tmct))
-* [`3c44763`](https://github.com/npm/npm/commit/3c44763)
- [#9643](https://github.com/npm/npm/issues/9463)
- Update `install --only` to ignore the `NODE_ENV` var and _just_ use the only
- value, if specified.
- ([@watilde](https://github.com/watilde))
-* [`87336c3`](https://github.com/npm/npm/commit/87336c3)
- [#9879](https://github.com/npm/npm/pull/9879)
- `npm@3`'s shrinkwrap was refusing to shrinkwrap if an optional dependency
- was missing– patch it to allow this.
- ([@mantoni](https://github.com/mantoni))
-
-#### DOCUMENTATION UPDATES
-
-* [`82659fd`](https://github.com/npm/npm/commit/82659fd)
- [#9208](https://github.com/npm/npm/issues/9208)
- Correct the npm style guide around quote usage
- ([@aaroncrows](https://github.com/aaroncrows))
-* [`a69c83a`](https://github.com/npm/npm/commit/a69c83a)
- [#9645](https://github.com/npm/npm/pull/9645)
- Fix spelling error in README
- ([@dkoleary88](https://github.com/dkoleary88))
-* [`f2cf054`](https://github.com/npm/npm/commit/f2cf054)
- [#9714](https://github.com/npm/npm/pull/9714)
- Fix typos in our documentation
- ([@reggi](https://github.com/reggi))
-* [`7224bef`](https://github.com/npm/npm/commit/7224bef)
- [#9759](https://github.com/npm/npm/pull/9759)
- Fix typo in npm-team docs
- ([@zkat](https://github.com/zkat))
-* [`7e6e007`](https://github.com/npm/npm/commit/7e6e007)
- [#9820](https://github.com/npm/npm/pull/9820)
- Correct documentation as to `binding.gyp`
- ([@KenanY](https://github.com/KenanY))
-
-### v3.3.6 (2015-09-30):
-
-I have the most exciting news for you this week. YOU HAVE NO IDEA. Well,
-ok, maybe you do if you follow my twitter.
-
-Performance just got 5 bazillion times better (under some circumstances,
-ymmv, etc). So– my test scenario is our very own website. In `npm@2`, on my
-macbook running `npm ls` takes about 5 seconds. Personally it's more than
-I'd like, but it's entire workable. In `npm@3` it has been taking _50_ seconds,
-which is appalling. But after doing some work on Monday isolating the performance
-issues I've been able to reduce `npm@3`'s run time back down to 5 seconds.
-
-Other scenarios were even worse, there was one that until now in `npm@3` that
-took almost 6 minutes, and has been reduced to 14 seconds.
-
-* [`7bc0d4c`](https://github.com/npm/npm/commit/7bc0d4c)
- [`cf42217`](https://github.com/npm/npm/commit/cf42217)
- [#8826](https://github.com/npm/npm/issues/8826)
- Stop using deepclone on super big datastructures. Avoid cloning
- all-together even when that means mutating things, when possible.
- Otherwise use a custom written tree-copying function that understands
- the underlying datastructure well enough to only copy what we absolutely
- need to.
- ([@iarna](https://github.com/iarna))
-
-In other news, look for us this Friday and Saturday at the amazing
-[Open Source and Feelings](https://osfeels.com) conference, where something like a
-third of the company will be attending.
-
-#### And finally a dependency update
-
-* [`a6a4437`](https://github.com/npm/npm/commit/a6a4437)
- `glob@5.0.15`
- ([@isaacs](https://github.com/isaacs))
-
-#### And some subdep updates
-
-* [`cc5e6a0`](https://github.com/npm/npm/commit/cc5e6a0)
- `hoek@2.16.3`
- ([@nlf](https://github.com/nlf))
-* [`912a516`](https://github.com/npm/npm/commit/912a516)
- `boom@2.9.0`
- ([@arb](https://github.com/arb))
-* [`63944e9`](https://github.com/npm/npm/commit/63944e9)
- `bluebird@2.10.1`
- ([@petkaantonov](https://github.com/petkaantonov))
-* [`ef16003`](https://github.com/npm/npm/commit/ef16003)
- `mime-types@2.1.7` & `mime-db@1.19.0`
- ([@dougwilson](https://github.com/dougwilson))
-* [`2b8c0dd`](https://github.com/npm/npm/commit/2b8c0dd)
- `request@2.64.0`
- ([@simov](https://github.com/simov))
-* [`8139124`](https://github.com/npm/npm/commit/8139124)
- `brace-expansion@1.1.1`
- ([@juliangruber](https://github.com/juliangruber))
-
-### v3.3.5 (2015-09-24):
-
-Some of you all may not be aware, but npm is ALSO a company. I tell you this
-'cause npm-the-company had an all-staff get together this week, flying in
-our remote folks from around the world. That was great, but it also
-basically eliminated normal work on Monday and Tuesday.
-
-Still, we've got a couple of really important bug fixes this week. Plus a
-lil bit from the [now LTS 2.x branch](https://github.com/npm/npm/releases/tag/v2.14.6).
-
-#### ATTENTION WINDOWS USERS
-
-If you previously updated to npm 3 and you try to update again, you may get
-an error messaging telling you that npm won't install npm into itself. Until you
-are at 3.3.5 or greater, you can get around this with `npm install -f -g npm`.
-
-* [`bef06f5`](https://github.com/npm/npm/commit/bef06f5)
- [#9741](https://github.com/npm/npm/pull/9741) Uh... so... er... it
- seems that since `npm@3.2.0` on Windows with a default configuration, it's
- been impossible to update npm. Well, that's not actually true, there's a
- work around (see above), but it shouldn't be complaining in the first
- place.
- ([@iarna](https://github.com/iarna))
-
-#### STACK OVERFLOWS ON PUBLISH
-
-* [`330b496`](https://github.com/npm/npm/commit/330b496)
- [#9667](https://github.com/npm/npm/pull/9667)
- We were keeping track of metadata about your project while packing the
- tree in a way that resulted in this data being written to packed tar files
- headers. When this metadata included cycles, it resulted in the the tar
- file entering an infinite recursive loop and eventually crashing with a
- stack overflow.
-
- I've patched this by keeping track of your metadata by closing over the
- variables in question instead, and I've further restricted gathering and
- tracking the metadata to times when it's actually needed. (Which is only
- if you need bundled modules.)
- ([@iarna](https://github.com/iarna))
-
-#### LESS CRASHY ERROR MESSAGES ON BAD PACKAGES
-
-* [`829921f`](https://github.com/npm/npm/commit/829921f)
- [#9741](https://github.com/npm/npm/pull/9741)
- Packages with invalid names or versions were crashing the installer. These
- are now captured and warned as was originally intended.
- ([@iarna](https://github.com/iarna))
-
-#### ONE DEPENDENCY UPDATE
-
-* [`963295c`](https://github.com/npm/npm/commit/963295c)
- `npm-install-checks@2.0.1`
- ([@iarna](https://github.com/iarna))
-
-#### AND ONE SUBDEPENDENCY
-
-* [`448737d`](https://github.com/npm/npm/commit/448737d)
- `request@2.63.0`
- ([@simov](https://github.com/simov))
-
-### v3.3.4 (2015-09-17):
-
-This is a relatively quiet release, bringing a few bug fixes and
-some module updates, plus via the
-[2.14.5 release](https://github.com/npm/npm/releases/tag/v2.14.5)
-some forward compatibility fixes with versions of Node that
-aren't yet released.
-
-#### NO BETA NOTICE THIS TIME!!
-
-But, EXCITING NEWS FRIENDS, this week marks the exit of `npm@3`
-from beta. This means that the week of this release,
-[v3.3.3](https://github.com/npm/npm/releases/tag/v3.3.3) will
-become `latest` and this version (v3.3.4) will become `next`!!
-
-#### CRUFT FOR THE CRUFT GODS
-
-What I call "cruft", by which I mean, files sitting around in
-your `node_modules` folder, will no longer produce warnings in
-`npm ls` nor during `npm install`. This brings `npm@3`'s behavior
-in line with `npm@2`.
-
-* [`a127801`](https://github.com/npm/npm/commit/a127801)
- [#9285](https://github.com/npm/npm/pull/9586)
- Stop warning about cruft in module directories.
- ([@iarna](https://github.com/iarna))
-
-#### BETTER ERROR MESSAGE
-
-* [`95ee92c`](https://github.com/npm/npm/commit/95ee92c)
- [#9433](https://github.com/npm/npm/issues/9433)
- Give better error messages for invalid URLs in the dependecy
- list.
- ([@jamietre](https://github.com/jamietre))
-
-#### MODULE UPDATES
-
-* [`ebb92ca`](https://github.com/npm/npm/commit/ebb92ca)
- `retry@0.8.0` ([@tim-kos](https://github.com/tim-kos))
-* [`55f1285`](https://github.com/npm/npm/commit/55f1285)
- `normalize-package-data@2.3.4` ([@zkat](https://github.com/zkat))
-* [`6d4ebff`](https://github.com/npm/npm/commit/6d4ebff)
- `sha@2.0.1` ([@ForbesLindesay](https://github.com/ForbesLindesay))
-* [`09a9c7a`](https://github.com/npm/npm/commit/09a9c7a)
- `semver@5.0.3` ([@isaacs](https://github.com/isaacs))
-* [`745000f`](https://github.com/npm/npm/commit/745000f)
- `node-gyp@3.0.3` ([@rvagg](https://github.com/rvagg))
-
-#### SUB DEP MODULE UPDATES
-
-* [`578ca25`](https://github.com/npm/npm/commit/578ca25)
- `request@2.62.0` ([@simov](https://github.com/simov))
-* [`1d8996e`](https://github.com/npm/npm/commit/1d8996e)
- `jju@1.2.1` ([@rlidwka](https://github.com/rlidwka))
-* [`6da1ba4`](https://github.com/npm/npm/commit/6da1ba4)
- `hoek@2.16.2` ([@nlf](https://github.com/nlf))
-
-### v3.3.3 (2015-09-10):
-
-This short week brought us brings us a few small bug fixes, a
-doc change and a whole lotta dependency updates.
-
-Plus, as usual, this includes a forward port of everything in
-[`npm@2.14.4`](https://github.com/npm/npm/releases/tag/v2.14.4).
-
-#### BETA BUT NOT FOREVER
-
-**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until
-we're confident that it's stable and have assessed the effect of
-the breaking changes on the community. During that time we will
-still be doing `npm@2` releases, with `npm@2` tagged as `latest`
-and `next`. We'll _also_ be publishing new releases of `npm@3`
-as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`.
-We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant
-bugs remaining. So do us a solid and deploy it in non-critical
-CI environments and for day-to-day use, but maybe don't use it
-for production maintenance or frontline continuous deployment
-just yet.
-
-#### REMOVE INSTALLED BINARIES ON WINDOWS
-
-So waaaay back at the start of August, I fixed a bug with
-[#9198](https://github.com/npm/npm/pull/9198). That fix made it
-so that if you had two modules installed that both installed the
-same binary (eg `gulp` & `gulp-cli`), that removing one wouldn't
-remove the binary if it was owned by the other.
-
-It did this by doing some hocus-pocus that, turns out, was
-Unix-specific, so on Windows it just threw up its hands and
-stopped removing installed binaries at all. Not great.
-
-So today we're fixing that– it let us maintain the same safety
-that we added in #9198, but ALSO works with Windows.
-
-* [`25fbaed`](https://github.com/npm/npm/commit/25fbaed)
- [#9394](https://github.com/npm/npm/issues/9394)
- Treat cmd-shims the same way we treat symlinks
- ([@iarna](https://github.com/iarna))
-
-#### API DOCUMENTATION HAS BEEN SACRIFICED THE API GOD
-
-The documentation of the internal APIs of npm is going away,
-because it would lead people into thinking they should integrate
-with npm by using it. Please don't do that! In the future, we'd
-like to give you a suite of stand alone modules that provide
-better, more stand alone APIs for your applications to build on.
-But for now, call the npm binary with `process.exec` or
-`process.spawn` instead.
-
-* [`2fb60bf`](https://github.com/npm/npm/commit/2fb60bf)
- Remove misleading API documentation
- ([@othiym23](https://github.com/othiym23))
-
-#### ALLOW `npm link` ON WINDOWS W/ PRERELEASE VERSIONS OF NODE
-
-We never meant to have this be a restriction in the first place
-and it was only just discovered with the recent node 4.0.0
-release candidate.
-
-* [`6665e54`](https://github.com/npm/npm/commit/6665e54)
- [#9505](https://github.com/npm/npm/pull/9505)
- Allow npm link to run on Windows with prerelease versions of
- node
- ([@jon-hall](https://github.com/jon-hall))
-
-#### graceful-fs update
-
-We're updating all of npm's deps to use the most recent
-`graceful-fs`. This turns out to be important for future not yet
-released versions of node, because older versions monkey-patch
-`fs` in ways that will break in the future. Plus it ALSO makes
-use of `process.binding` which is an internal API that npm
-definitely shouldn't have been using. We're not done yet, but
-this is the bulk of them.
-
-* [`e7bc98e`](https://github.com/npm/npm/commit/e7bc98e)
- `write-file-atomic@1.1.3`
- ([@iarna](https://github.com/iarna))
-* [`7417600`](https://github.com/npm/npm/commit/7417600)
- `tar@2.2.1`
- ([@zkat](https://github.com/zkat))
-* [`e4e9d40`](https://github.com/npm/npm/commit/e4e9d40)
- `read-package-json@2.0.1`
- ([@zkat](https://github.com/zkat))
-* [`481611d`](https://github.com/npm/npm/commit/481611d)
- `read-installed@4.0.3`
- ([@zkat](https://github.com/zkat))
-* [`0dabbda`](https://github.com/npm/npm/commit/0dabbda)
- `npm-registry-client@7.0.4`
- ([@zkat](https://github.com/zkat))
-* [`c075a91`](https://github.com/npm/npm/commit/c075a91)
- `fstream@1.0.8`
- ([@zkat](https://github.com/zkat))
-* [`2e4341a`](https://github.com/npm/npm/commit/2e4341a)
- `fs-write-stream-atomic@1.0.4`
- ([@zkat](https://github.com/zkat))
-* [`18ad16e`](https://github.com/npm/npm/commit/18ad16e)
- `fs-vacuum@1.2.7`
- ([@zkat](https://github.com/zkat))
-
-#### DEPENDENCY UPDATES
-
-* [`9d6666b`](https://github.com/npm/npm/commit/9d6666b)
- `node-gyp@3.0.1`
- ([@rvagg](https://github.com/rvagg))
-* [`349c4df`](https://github.com/npm/npm/commit/349c4df)
- `retry@0.7.0`
- ([@tim-kos](https://github.com/tim-kos))
-* [`f507551`](https://github.com/npm/npm/commit/f507551)
- `which@1.1.2`
- ([@isaacs](https://github.com/isaacs))
-* [`e5b6743`](https://github.com/npm/npm/commit/e5b6743)
- `nopt@3.0.4`
- ([@zkat](https://github.com/zkat))
-
-#### THE DEPENDENCIES OF OUR DEPENDENCIES ARE OUR DEPENDENCIES UPDATES
-
-* [`316382d`](https://github.com/npm/npm/commit/316382d)
- `mime-types@2.1.6` & `mime-db@1.18.0`
-* [`64b741e`](https://github.com/npm/npm/commit/64b741e)
- `spdx-correct@1.0.1`
-* [`fff62ac`](https://github.com/npm/npm/commit/fff62ac)
- `process-nextick-args@1.0.3`
-* [`9d6488c`](https://github.com/npm/npm/commit/9d6488c)
- `cryptiles@2.0.5`
-* [`1912012`](https://github.com/npm/npm/commit/1912012)
- `bluebird@2.10.0`
-* [`4d09402`](https://github.com/npm/npm/commit/4d09402)
- `readdir-scoped-modules@1.0.2`
-
-### v3.3.2 (2015-09-04):
-
-#### PLEASE HOLD FOR THE NEXT AVAILABLE MAINTAINER
-
-This is a tiny little maintenance release, both to update dependencies and to
-keep `npm@3` up to date with changes made to `npm@2`.
-[@othiym23](https://github.com/othiym23) is putting out this release (again) as
-his esteemed colleague [@iarna](https://github.com/iarna) finishes relocating
-herself, her family, and her sizable anime collection all the way across North
-America. It contains [all the goodies in
-`npm@2.14.3`](https://github.com/npm/npm/releases/tag/v2.14.3) and one other
-dependency update.
-
-#### BETA WARNINGS FOR FUN AND PROFIT
-
-**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
-confident that it's stable and have assessed the effect of the breaking
-changes on the community. During that time we will still be doing `npm@2`
-releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
-publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
-alongside those versions until we're ready to switch everyone over to
-`npm@3`. We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant bugs
-remaining. So do us a solid and deploy it in non-critical CI environments
-and for day-to-day use, but maybe don't use it for production maintenance or
-frontline continuous deployment just yet.
-
-That said, it's getting there! It will be leaving beta very soon!
-
-#### ONE OTHER DEPENDENCY UPDATE
-
-* [`bb5de34`](https://github.com/npm/npm/commit/bb5de3493531228df0bd3f0742d5493c826be6dd)
- `is-my-json-valid@2.12.2`: Upgrade to a new, modernized version of
- `json-pointer`. ([@mafintosh](https://github.com/mafintosh))
-
-### v3.3.1 (2015-08-27):
-
-Hi all, this `npm@3` update brings you another round of bug fixes. The
-headliner here is that `npm update` works again. We're running down the
-clock on blocker 3.x issues! Shortly after that hits zero we'll be
-promoting 3.x to latest!!
-
-And of course, we have changes that were brought forward from 2.x. Check out
-the release notes for
-[2.14.1](https://github.com/npm/npm/releases/tag/v2.14.1) and
-[2.14.2](https://github.com/npm/npm/releases/tag/v2.14.2).
-
-#### BETA WARNINGS FOR FUN AND PROFIT
-
-**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
-confident that it's stable and have assessed the effect of the breaking
-changes on the community. During that time we will still be doing `npm@2`
-releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
-publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
-alongside those versions until we're ready to switch everyone over to
-`npm@3`. We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant bugs
-remaining. So do us a solid and deploy it in non-critical CI environments
-and for day-to-day use, but maybe don't use it for production maintenance or
-frontline continuous deployment just yet.
-
-#### NPM UPDATE, NOW AGAIN YOUR FRIEND
-
-* [`f130a00`](https://github.com/npm/npm/commit/f130a00)
- [#9095](https://github.com/npm/npm/issues/9095)
- `npm update` once again works! Previously, after selecting packages
- to update, it would then pick the wrong location to run the install
- from. ([@iarna](https://github.com/iarna))
-
-#### MORE VERBOSING FOR YOUR VERBOSE LIFECYCLES
-
-* [`d088b7d`](https://github.com/npm/npm/commit/d088b7d)
- [#9227](https://github.com/npm/npm/pull/9227)
- Add some additional logging at the verbose and silly levels
- when running lifecycle scripts. Hopefully this will make
- debugging issues with them a bit easier!
- ([@saper](https://github.com/saper))
-
-#### AND SOME OTHER BUG FIXES…
-
-* [`f4a5784`](https://github.com/npm/npm/commit/f4a5784)
- [#9308](https://github.com/npm/npm/issues/9308)
- Make fetching metadata for local modules faster! This ALSO means
- that doing things like running `npm repo` won't build your
- module and maybe run `prepublish`.
- ([@iarna](https://github.com/iarna))
-
-* [`4468c92`](https://github.com/npm/npm/commit/4468c92)
- [#9205](https://github.com/npm/npm/issues/9205)
- Fix a bug where local modules would sometimes not resolve relative
- links using the correct base path.
- ([@iarna](https://github.com/iarna))
-
-* [`d395a6b`](https://github.com/npm/npm/commit/d395a6b)
- [#8995](https://github.com/npm/npm/issues/8995)
- Certain combinations of packages could result in different install orders for their
- initial installation than for reinstalls run on the same folder.
- ([@iarna](https://github.com/iarna))
-
-* [`d119ea6`](https://github.com/npm/npm/commit/d119ea6)
- [#9113](https://github.com/npm/npm/issues/9113)
- Make extraneous packages _always_ up in `npm ls`. Previously, if an
- extraneous package had a dependency that depended back on the original
- package this would result in the package not showing up in `ls`.
- ([@iarna](https://github.com/iarna))
-
-* [`02420dc`](https://github.com/npm/npm/commit/02420dc)
- [#9113](https://github.com/npm/npm/issues/9113)
- Stop warning about missing top level package.json files. Errors in said
- files will still be reported.
- ([@iarna](https://github.com/iarna))
-
-#### SOME DEP UPDATES
-
-* [`1ed1364`](https://github.com/npm/npm/commit/1ed1364) `rimraf@2.4.3`
- ([@isaacs](https://github.com/isaacs)) Added EPERM to delay/retry loop
-* [`e7b8315`](https://github.com/npm/npm/commit/e7b8315) `read@1.0.7`
- Smaller distribution package, better metadata
- ([@isaacs](https://github.com/isaacs))
-
-#### SOME DEPS OF DEPS UPDATES
-
-* [`b273bcc`](https://github.com/npm/npm/commit/b273bcc) `mime-types@2.1.5`
-* [`df6e225`](https://github.com/npm/npm/commit/df6e225) `mime-db@1.17.0`
-* [`785f2ad`](https://github.com/npm/npm/commit/785f2ad) `is-my-json-valid@2.12.1`
-* [`88170dd`](https://github.com/npm/npm/commit/88170dd) `form-data@1.0.0-rc3`
-* [`af5357b`](https://github.com/npm/npm/commit/af5357b) `request@2.61.0`
-* [`337f96a`](https://github.com/npm/npm/commit/337f96a) `chalk@1.1.1`
-* [`3dfd74d`](https://github.com/npm/npm/commit/3dfd74d) `async@1.4.2`
-
-### v3.3.0 (2015-08-13):
-
-This is a pretty EXCITING week. But I may be a little excitable– or
-possibly sleep deprived, it's sometimes hard to tell them apart. =D So
-[Kat](https://github.com/zkat) really went the extra mile this week and got
-the client side support for teams and orgs out in this week's 2.x release.
-You can't use that just yet, 'cause we have to turn on some server side
-stuff too, but this way it'll be there for you all the moment we do! Check
-out the details over in the [2.14.0 release
-notes](https://github.com/npm/npm/releases/tag/v2.14.0)!
-
-But we over here in 3.x ALSO got a new feature this week, check out the new
-`--only` and `--also` flags for better control over when dev and production
-dependencies are used by various npm commands.
-
-That, and some important bug fixes round out this week. Enjoy everyone!
-
-#### NEVER SHALL NOT BETA THE BETA
-
-**_THIS IS BETA SOFTWARE_**. EXCITING NEW BETA WARNING!!! Ok, I fibbed,
-EXACTLY THE SAME BETA WARNINGS: `npm@3` will remain in beta until we're
-confident that it's stable and have assessed the effect of the breaking
-changes on the community. During that time we will still be doing `npm@2`
-releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
-publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
-alongside those versions until we're ready to switch everyone over to
-`npm@3`. We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant bugs
-remaining. So do us a solid and deploy it in non-critical CI environments
-and for day-to-day use, but maybe don't use it for production maintenance or
-frontline continuous deployment just yet.
-
-#### ONLY ALSO DEV
-
-Hey we've got a SUPER cool new feature for you all, thanks to the fantastic
-work of [@davglass](https://github.com/davglass) and
-[@bengl](https://github.com/bengl) we have `--only=prod`,
-`--only=dev`, `--also=prod` and `--also=dev` options. These apply in
-various ways to: `npm install`, `npm ls`, `npm outdated` and `npm update`.
-
-So for instance:
-
-```
-npm install --only=dev
-```
-
-Only installs dev dependencies. By contrast:
-
-```
-npm install --only=prod
-```
-
-Will only install prod dependencies and is very similar to `--production`
-but differs in that it doesn't set the environment variables that
-`--production` does.
-
-The related new flag, `--also` is most useful with things like:
-
-```
-npm shrinkwrap --also=dev
-```
-
-As shrinkwraps don't include dev deps by default. This replaces passing in
-`--dev` in that scenario.
-
-And that leads into the fact that this deprecates `--dev` as its semantics
-across commands were inconsistent and confusing.
-
-* [`3ab1eea`](https://github.com/npm/npm/commit/3ab1eea)
- [#9024](https://github.com/npm/npm/pull/9024)
- Add support for `--only`, `--also` and deprecate `--dev`
- ([@bengl](https://github.com/bengl))
-
-#### DON'T TOUCH! THAT'S NOT YOUR BIN
-
-* [`b31812e`](https://github.com/npm/npm/commit/b31812e)
- [#8996](https://github.com/npm/npm/pull/8996)
- When removing a module that has bin files, if one that we're going to
- remove is a symlink to a DIFFERENT module, leave it alone. This only happens
- when you have two modules that try to provide the same bin.
- ([@iarna](https://github.com/iarna))
-
-#### THERE'S AN END IN SIGHT
-
-* [`d2178a9`](https://github.com/npm/npm/commit/d2178a9)
- [#9223](https://github.com/npm/npm/pull/9223)
- Close a bunch of infinite loops that could show up with symlink cycles in your dependencies.
- ([@iarna](https://github.com/iarna))
-
-#### OOPS DIDN'T MEAN TO FIX THAT
-
-Well, not _just_ yet. This was scheduled for next week, but it snuck into
-2.x this week.
-
-* [`139dd92`](https://github.com/npm/npm/commit/139dd92)
- [#8716](https://github.com/npm/npm/pull/8716)
- `npm init` will now only pick up the modules you install, not everything
- else that got flattened with them.
- ([@iarna](https://github.com/iarna))
-
-### v3.2.2 (2015-08-08):
-
-Lot's of lovely bug fixes for `npm@3`. I'm also suuuuper excited that I
-think we have a handle on stack explosions that effect a small portion of
-our users. We also have some tantalizing clues as to where some low hanging
-fruit may be for performance issues.
-
-And of course, in addition to the `npm@3` specific bug fixes, there are some
-great one's coming in from `npm@2`! [@othiym23](https://github.com/othiym23)
-put together that release this week– check out its
-[release notes](https://github.com/npm/npm/releases/tag/v2.13.4) for the deets.
-
-#### AS ALWAYS STILL BETA
-
-**_THIS IS BETA SOFTWARE_**. Just like the airline safety announcements,
-we're not taking this plane off till we finish telling you: `npm@3` will
-remain in beta until we're confident that it's stable and have assessed the
-effect of the breaking changes on the community. During that time we will
-still be doing `npm@2` releases, with `npm@2` tagged as `latest` and `next`.
-We'll _also_ be publishing new releases of `npm@3` as `npm@v3.x-next` and
-`npm@v3.x-latest` alongside those versions until we're ready to switch
-everyone over to `npm@3`. We need your help to find and fix its remaining
-bugs. It's a significant rewrite, so we are _sure_ there still significant
-bugs remaining. So do us a solid and deploy it in non-critical CI
-environments and for day-to-day use, but maybe don't use it for production
-maintenance or frontline continuous deployment just yet.
-
-#### BUG FIXES
-
-* [`a8c8a13`](https://github.com/npm/npm/commit/a8c8a13)
- [#9050](https://github.com/npm/npm/issues/9050)
- Resolve peer deps relative to the parent of the requirer
- ([@iarna](http://github.com/iarna))
-* [`05f0226`](https://github.com/npm/npm/commit/05f0226)
- [#9077](https://github.com/npm/npm/issues/9077)
- Fix crash when saving `git+ssh` urls
- ([@iarna](http://github.com/iarna))
-* [`e4a3808`](https://github.com/npm/npm/commit/e4a3808)
- [#8951](https://github.com/npm/npm/issues/8951)
- Extend our patch to allow `*` to match something when a package only has
- prerelease versions to everything and not just the cache.
- ([@iarna](http://github.com/iarna))
-* [`d135abf`](https://github.com/npm/npm/commit/d135abf)
- [#8871](https://github.com/npm/npm/issues/8871)
- Don't warn about a missing `package.json` or missing fields in the global
- install directory.
- ([@iarna](http://github.com/iarna))
-
-#### DEP VERSION BUMPS
-
-* [`990ee4f`](https://github.com/npm/npm/commit/990ee4f)
- `path-is-inside@1.0.1` ([@domenic](https://github.com/domenic))
-* [`1f71ec0`](https://github.com/npm/npm/commit/1f71ec0)
- `lodash.clonedeep@3.0.2` ([@jdalton](https://github.com/jdalton))
-* [`a091354`](https://github.com/npm/npm/commit/a091354)
- `marked@0.3.5` ([@chjj](https://github.com/chjj))
-* [`fc51f28`](https://github.com/npm/npm/commit/fc51f28)
- `tap@1.3.2` ([@isaacs](https://github.com/isaacs))
-* [`3569ec0`](https://github.com/npm/npm/commit/3569ec0)
- `nock@2.10.0` ([@pgte](https://github.com/pgte))
-* [`ad5f6fd`](https://github.com/npm/npm/commit/ad5f6fd)
- `npm-registry-mock@1.0.1` ([@isaacs](https://github.com/isaacs))
-
-### v3.2.1 (2015-07-31):
-
-#### AN EXTRA QUIET RELEASE
-
-A bunch of stuff got deferred for various reasons, which just means more
-branches to land next week!
-
-Don't forget to check out [Kat's 2.x release](https://github.com/npm/npm/releases/tag/v2.13.4) for other quiet goodies.
-
-#### AS ALWAYS STILL BETA
-
-**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
-you can't be excused. `npm@3` will remain in beta until we're confident
-that it's stable and have assessed the effect of the breaking changes on the
-community. During that time we will still be doing `npm@2` releases, with
-`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
-releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`. We need your
-help to find and fix its remaining bugs. It's a significant rewrite, so we
-are _sure_ there still significant bugs remaining. So do us a solid and
-deploy it in non-critical CI environments and for day-to-day use, but maybe
-don't use it for production maintenance or frontline continuous deployment
-just yet.
-
-
-#### MAKING OUR TESTS TEST THE THING THEY TEST
-
-* [`6e53c3d`](https://github.com/npm/npm/commit/6e53c3d)
- [#8985](https://github.com/npm/npm/pull/8985)
- Many thanks to @bengl for noticing that one of our tests wasn't testing
- what it claimed it was testing! ([@bengl](https://github.com/bengl))
-
-#### MY PACKAGE.JSON WAS ALREADY IN THE RIGHT ORDER
-
-* [`eb2c7aa`](https://github.com/npm/npm/commit/d00d0f)
- [#9068](https://github.com/npm/npm/pull/9079)
- Stop sorting keys in the `package.json` that we haven't edited. Many
- thanks to [@Qix-](https://github.com/Qix-) for bringing this up and
- providing a first pass at a patch for this.
- ([@iarna](https://github.com/iarna))
-
-#### DEV DEP UPDATE
-
-* [`555f60c`](https://github.com/npm/npm/commit/555f60c) `marked@0.3.4`
-
-### v3.2.0 (2015-07-24):
-
-#### MORE CONFIG, BETTER WINDOWS AND A BUG FIX
-
-This is a smallish release with a new config option and some bug fixes. And
-lots of module updates.
-
-#### BETA BETAS ON
-
-**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
-you can't be excused. `npm@3` will remain in beta until we're confident
-that it's stable and have assessed the effect of the breaking changes on the
-community. During that time we will still be doing `npm@2` releases, with
-`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
-releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`. We need your
-help to find and fix its remaining bugs. It's a significant rewrite, so we
-are _sure_ there still significant bugs remaining. So do us a solid and
-deploy it in non-critical CI environments and for day-to-day use, but maybe
-don't use it for production maintenance or frontline continuous deployment
-just yet.
-
-
-#### NEW CONFIGS, LESS PROGRESS
-
-* [`423d8f7`](https://github.com/npm/npm/commit/423d8f7)
- [#8704](https://github.com/npm/npm/issues/8704)
- Add the ability to disable the new progress bar with `--no-progress`
- ([@iarna](https://github.com/iarna))
-
-#### AND BUG FIXES
-
-* [`b3ee452`](https://github.com/npm/npm/commit/b3ee452)
- [#9038](https://github.com/npm/npm/pull/9038)
- We previously disabled the use of the new `fs.access` API on Windows, but
- the bug we were seeing is fixed in `io.js@1.5.0` so we now use `fs.access`
- if you're using that version or greater.
- ([@iarna](https://github.com/iarna))
-
-* [`b181fa3`](https://github.com/npm/npm/commit/b181fa3)
- [#8921](https://github.com/npm/npm/issues/8921)
- [#8637](https://github.com/npm/npm/issues/8637)
- Rejigger how we validate modules for install. This allow is to fix
- a problem where arch/os checking wasn't being done at all.
- It also made it easy to add back in a check that declines to
- install a module in itself unless you force it.
- ([@iarna](https://github.com/iarna))
-
-#### AND A WHOLE BUNCH OF SUBDEP VERSIONS
-
-These are all development dependencies and semver-compatible subdep
-upgrades, so they should not have visible impact on users.
-
-* [`6b3f6d9`](https://github.com/npm/npm/commit/6b3f6d9) `standard@4.3.3`
-* [`f4e22e5`](https://github.com/npm/npm/commit/f4e22e5) `readable-stream@2.0.2` (inside concat-stream)
-* [`f130bfc`](https://github.com/npm/npm/commit/f130bfc) `minimatch@2.0.10` (inside node-gyp's copy of glob)
-* [`36c6a0d`](https://github.com/npm/npm/commit/36c6a0d) `caseless@0.11.0`
-* [`80df59c`](https://github.com/npm/npm/commit/80df59c) `chalk@1.1.0`
-* [`ea935d9`](https://github.com/npm/npm/commit/ea935d9) `bluebird@2.9.34`
-* [`3588a0c`](https://github.com/npm/npm/commit/3588a0c) `extend@3.0.0`
-* [`c6a8450`](https://github.com/npm/npm/commit/c6a8450) `form-data@1.0.0-rc2`
-* [`a04925b`](https://github.com/npm/npm/commit/a04925b) `har-validator@1.8.0`
-* [`ee7c095`](https://github.com/npm/npm/commit/ee7c095) `has-ansi@2.0.0`
-* [`944fc34`](https://github.com/npm/npm/commit/944fc34) `hawk@3.1.0`
-* [`783dc7b`](https://github.com/npm/npm/commit/783dc7b) `lodash._basecallback@3.3.1`
-* [`acef0fe`](https://github.com/npm/npm/commit/acef0fe) `lodash._baseclone@3.3.0`
-* [`dfe959a`](https://github.com/npm/npm/commit/dfe959a) `lodash._basedifference@3.0.3`
-* [`a03bc76`](https://github.com/npm/npm/commit/a03bc76) `lodash._baseflatten@3.1.4`
-* [`8a07d50`](https://github.com/npm/npm/commit/8a07d50) `lodash._basetostring@3.0.1`
-* [`7785e3f`](https://github.com/npm/npm/commit/7785e3f) `lodash._baseuniq@3.0.3`
-* [`826fb35`](https://github.com/npm/npm/commit/826fb35) `lodash._createcache@3.1.2`
-* [`76030b3`](https://github.com/npm/npm/commit/76030b3) `lodash._createpadding@3.6.1`
-* [`1a49ec6`](https://github.com/npm/npm/commit/1a49ec6) `lodash._getnative@3.9.1`
-* [`eebe47f`](https://github.com/npm/npm/commit/eebe47f) `lodash.isarguments@3.0.4`
-* [`09994d4`](https://github.com/npm/npm/commit/09994d4) `lodash.isarray@3.0.4`
-* [`b6f8dbf`](https://github.com/npm/npm/commit/b6f8dbf) `lodash.keys@3.1.2`
-* [`c67dd6b`](https://github.com/npm/npm/commit/c67dd6b) `lodash.pad@3.1.1`
-* [`4add042`](https://github.com/npm/npm/commit/4add042) `lodash.repeat@3.0.1`
-* [`e04993c`](https://github.com/npm/npm/commit/e04993c) `lru-cache@2.6.5`
-* [`2ed7da4`](https://github.com/npm/npm/commit/2ed7da4) `mime-db@1.15.0`
-* [`ae08244`](https://github.com/npm/npm/commit/ae08244) `mime-types@2.1.3`
-* [`e71410e`](https://github.com/npm/npm/commit/e71410e) `os-homedir@1.0.1`
-* [`67c13e0`](https://github.com/npm/npm/commit/67c13e0) `process-nextick-args@1.0.2`
-* [`12ee041`](https://github.com/npm/npm/commit/12ee041) `qs@4.0.0`
-* [`15564a6`](https://github.com/npm/npm/commit/15564a6) `spdx-license-ids@1.0.2`
-* [`8733bff`](https://github.com/npm/npm/commit/8733bff) `supports-color@2.0.0`
-* [`230943c`](https://github.com/npm/npm/commit/230943c) `tunnel-agent@0.4.1`
-* [`26a4653`](https://github.com/npm/npm/commit/26a4653) `ansi-styles@2.1.0`
-* [`3d27081`](https://github.com/npm/npm/commit/3d27081) `bl@1.0.0`
-* [`9efa110`](https://github.com/npm/npm/commit/9efa110) `async@1.4.0`
-
-#### MERGED FORWARD
-
-* As usual, we've ported all the `npm@2` goodies in this week's
- [v2.13.3](https://github.com/npm/npm/releases/tag/v2.13.3)
- release.
-
-### v3.1.3 (2015-07-17):
-
-Rebecca: So Kat, I hear this week's other release uses a dialog between us to
-explain what changed?
-
-Kat: Well, you could say that…
-
-Rebecca: I would! This week I fixed more `npm@3` bugs!
-
-Kat: That sounds familiar.
-
-Rebecca: Eheheheh, well, before we look at those, a word from our sponsor…
-
-#### BETA IS AS BETA DOES
-
-**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
-you can't be excused. `npm@3` will remain in beta until we're confident
-that it's stable and have assessed the effect of the breaking changes on the
-community. During that time we will still be doing `npm@2` releases, with
-`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
-releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`. We need your
-help to find and fix its remaining bugs. It's a significant rewrite, so we
-are _sure_ there still significant bugs remaining. So do us a solid and
-deploy it in non-critical CI environments and for day-to-day use, but maybe
-don't use it for production maintenance or frontline continuous deployment
-just yet.
-
-Rebecca: Ok, enough of the dialoguing, that's Kat's schtick. But do remember
-kids, betas hide in dark hallways waiting to break your stuff, stuff like…
-
-#### SO MANY LINKS YOU COULD MAKE A CHAIN
-
-* [`6d69ec9`](https://github.com/npm/npm/6d69ec9)
- [#8967](https://github.com/npm/npm/issues/8967)
- Removing a module linked into your globals would result in having
- all of its subdeps removed. Since the npm release process does
- exactly this, it burned me -every- -single- -week-. =D
- While we're here, we also removed extraneous warns that used to
- spill out when you'd remove a symlink.
- ([@iarna](https://github.com/iarna))
-
-* [`fdb360f`](https://github.com/npm/npm/fdb360f)
- [#8874](https://github.com/npm/npm/issues/8874)
- Linking scoped modules was failing outright, but this fixes that
- and updates our tests so we don't do it again.
- ([@iarna](https://github.com/iarna))
-
-#### WE'LL TRY NOT TO CRACK YOUR WINDOWS
-
-* [`9fafb18`](https://github.com/npm/npm/9fafb18)
- [#8701](https://github.com/npm/npm/issues/8701)
- `npm@3` introduced permissions checks that run before it actually tries to
- do something. This saves you from having an install fail half way
- through. We did this using the shiny new `fs.access` function available
- in `node 0.12` and `io.js`, with fallback options for older nodes. Unfortunately
- the way we implemented the fallback caused racey problems for Windows systems.
- This fixes that by ensuring we only ever run any one check on a directory once.
- BUT it turns out there are bugs in `fs.access` on Windows. So this ALSO just disables
- the use of `fs.access` on Windows entirely until that settles out.
- ([@iarna](https://github.com/iarna))
-
-#### ZOOM ZOOM, DEP UPDATES
-
-* [`5656baa`](https://github.com/npm/npm/5656baa)
- `gauge@1.2.2`: Better handle terminal resizes while printing the progress bar
- ([@iarna](https://github.com/iarna))
-
-#### MERGED FORWARD
-
-* Check out Kat's [super-fresh release notes for v2.13.2](https://github.com/npm/npm/releases/tag/v2.13.2)
- and see all the changes we ported from `npm@2`.
-
-### v3.1.2
-
-#### SO VERY BETA RELEASE
-
-So, `v3.1.1` managed to actually break installing local modules. And then
-immediately after I drove to an island for the weekend. 😁 So let's get
-this fixed outside the usual release train!
-
-Fortunately it didn't break installing _global_ modules and so you could
-swap it out for another version at least.
-
-#### DISCLAIMER MEANS WHAT IT SAYS
-
-**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
-you can't be excused. `npm@3` will remain in beta until we're confident
-that it's stable and have assessed the effect of the breaking changes on the
-community. During that time we will still be doing `npm@2` releases, with
-`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
-releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`. We need your
-help to find and fix its remaining bugs. It's a significant rewrite, so we
-are _sure_ there still significant bugs remaining. So do us a solid and
-deploy it in non-critical CI environments and for day-to-day use, but maybe
-don't use it for production maintenance or frontline continuous deployment
-just yet.
-
-#### THIS IS IT, THE REASON
-
-* [`f5e19df`](https://github.com/npm/npm/commit/f5e19df)
- [#8893](https://github.com/npm/npm/issues/8893)
- Fix crash when installing local modules introduced by the fix for
- [#8608](https://github.com/npm/npm/issues/8608)
- ([@iarna](https://github.com/iarna)
-
-### v3.1.1
-
-#### RED EYE RELEASE
-
-Rebecca's up too late writing tests, so you can have `npm@3` bug fixes! Lots
-of great new issues from you all! ❤️️ Keep it up!
-
-#### YUP STILL BETA, PLEASE PAY ATTENTION
-
-**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
-you can't be excused. `npm@3` will remain in beta until we're confident
-that it's stable and have assessed the effect of the breaking changes on the
-community. During that time we will still be doing `npm@2` releases, with
-`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
-releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
-versions until we're ready to switch everyone over to `npm@3`. We need your
-help to find and fix its remaining bugs. It's a significant rewrite, so we
-are _sure_ there still significant bugs remaining. So do us a solid and
-deploy it in non-critical CI environments and for day-to-day use, but maybe
-don't use it for production maintenance or frontline continuous deployment
-just yet.
-
-#### BOOGS
-
-* [`9badfd6`](https://github.com/npm/npm/commit/9babfd63f19f2d80b2d2624e0963b0bdb0d76ef4)
- [#8608](https://github.com/npm/npm/issues/8608)
- Make global installs and uninstalls MUCH faster by only reading the directories of
- modules referred to by arguments.
- ([@iarna](https://github.com/iarna)
-* [`075a5f0`](https://github.com/npm/npm/commit/075a5f046ab6837f489b08d44cb601e9fdb369b7)
- [#8660](https://github.com/npm/npm/issues/8660)
- Failed optional deps would still result in the optional deps own
- dependencies being installed. We now find them and fail them out of the
- tree.
- ([@iarna](https://github.com/iarna)
-* [`c9fbbb5`](https://github.com/npm/npm/commit/c9fbbb540083396ea58fd179d81131d959d8e049)
- [#8863](https://github.com/npm/npm/issues/8863)
- The "no compatible version found" error message was including only the
- version requested, not the name of the package we wanted. Ooops!
- ([@iarna](https://github.com/iarna)
-* [`32e6bbd`](https://github.com/npm/npm/commit/32e6bbd21744dcbe8c0720ab53f60caa7f2a0588)
- [#8806](https://github.com/npm/npm/issues/8806)
- The "uninstall" lifecycle was being run after all of a module's dependencies has been
- removed. This reverses that order-- this means "uninstall" lifecycles can make use
- of the package's dependencies.
- ([@iarna](https://github.com/iarna)
-
-#### MERGED FORWARD
-
-* Check out the [v2.13.1 release notes](https://github.com/npm/npm/releases/tag/v2.13.1)
- and see all the changes we ported from `npm@2`.
-
-### v3.1.0 (2015-07-02):
-
-This has been a brief week of bug fixes, plus some fun stuff merged forward
-from this weeks 2.x release. See the
-[2.13.0 release notes](https://github.com/npm/npm/releases/tag/v2.13.0)
-for details on that.
-
-You all have been AWESOME with
-[all](https://github.com/npm/npm/milestones/3.x)
-[the](https://github.com/npm/npm/milestones/3.2.0)
-`npm@3` bug reports! Thank you and keep up the great work!
-
-#### NEW PLACE, SAME CODE
-
-Remember how last week we said `npm@3` would go to `3.0-next` and latest
-tags? Yeaaah, no, please use `npm@v3.x-next` and `npm@v3.x-latest` going forward.
-
-I dunno why we said "suuure, we'll never do a feature release till we're out
-of beta" when we're still forward porting `npm@2.x` features. `¯\_(ツ)_/¯`
-
-If you do accidentally use the old tag names, I'll be maintaining them
-for a few releases, but they won't be around forever.
-
-#### YUP STILL BETA, PLEASE PAY ATTENTION
-
-**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
-confident that it's stable and have assessed the effect of the breaking
-changes on the community. During that time we will still be doing `npm@2`
-releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
-publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
-alongside those versions until we're ready to switch everyone over to
-`npm@3`. We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant bugs
-remaining. So do us a solid and deploy it in non-critical CI environments
-and for day-to-day use, but maybe don't use it for production maintenance
-or frontline continuous deployment just yet.
-
-#### BUGS ON THE WINDOWS
-
- * [`0030ade`](https://github.com/npm/npm/commit/0030ade)
- [#8685](https://github.com/npm/npm/issues/8685)
- Windows would hang when trying to clone git repos
- ([@euprogramador](https://github.com/npm/npm/pull/8777))
- * [`b259bcc`](https://github.com/npm/npm/commit/b259bcc)
- [#8786](https://github.com/npm/npm/pull/8786)
- Windows permissions checks would cause installations to fail under some
- circumstances. We're disabling the checks entirely for this release.
- I'm hoping to check back with this next week to get a Windows friendly
- fix in.
- ([@iarna](https://github.com/iarna))
-
-#### SO MANY BUGS SQUASHED, JUST CALL US RAID
-
- * [`0848698`](https://github.com/npm/npm/commit/0848698)
- [#8686](https://github.com/npm/npm/pull/8686)
- Stop leaving progress bar cruft on the screen during publication
- ([@ajcrites](https://github.com/ajcrites))
- * [`57c3cea`](https://github.com/npm/npm/commit/57c3cea)
- [#8695](https://github.com/npm/npm/pull/8695)
- Remote packages with shrinkwraps made npm cause node + iojs to explode
- and catch fire. NO MORE.
- ([@iarna](https://github.com/iarna))
- * [`2875ba3`](https://github.com/npm/npm/commit/2875ba3)
- [#8723](https://github.com/npm/npm/pull/8723)
- I uh, told you that engineStrict checking had gone away last week.
- TURNS OUT I LIED. So this is making that actually be true.
- ([@iarna](https://github.com/iarna))
- * [`28064e5`](https://github.com/npm/npm/commit/28064e5)
- [#3358](https://github.com/npm/npm/issues/3358)
- Consistently allow Unicode BOMs at the start of package.json files.
- Previously this was allowed some of time, like when you were installing
- modules, but not others, like running npm version or installing w/
- `--save`.
- ([@iarna](https://github.com/iarna))
- * [`3cb6ad2`](https://github.com/npm/npm/commit/3cb6ad2)
- [#8736](https://github.com/npm/npm/issues/8766)
- `npm@3` wasn't running the "install" lifecycle in your current (toplevel)
- module. This broke modules that relied on C compilation. BOO.
- ([@iarna](https://github.com/iarna))
- * [`68da583`](https://github.com/npm/npm/commit/68da583)
- [#8766](https://github.com/npm/npm/issues/8766)
- To my great shame, `npm link package` wasn't working AT ALL if you
- didn't have `package` already installed.
- ([@iarna](https://github.com/iarna))
- * [`edd7448`](https://github.com/npm/npm/commit/edd7448)
- `read-package-tree@5.0.0`: This update makes read-package-tree not explode
- when there's bad data in your node_modules folder. `npm@2` silently
- ignores this sort of thing.
- ([@iarna](https://github.com/iarna))
- * [`0bb08c8`](https://github.com/npm/npm/commit/0bb08c8)
- [#8778](https://github.com/npm/npm/pull/8778)
- RELATEDLY, we now show any errors from your node_modules folder after
- your installation completes as warnings. We're also reporting these in
- `npm ls` now.
- ([@iarna](https://github.com/iarna))
- * [`6c248ff`](https://github.com/npm/npm/commit/6c248ff)
- [#8779](https://github.com/npm/npm/pull/8779)
- Hey, you know how we used to complain if your `package.json` was
- missing stuff? Well guess what, we are again. I know, I know, you can
- thank me later.
- ([@iarna](https://github.com/iarna))
- * [`d6f7c98`](https://github.com/npm/npm/commit/d6f7c98)
- So, when we were rolling back after errors we had untested code that
- tried to undo moves. Being untested it turns out it was very broken.
- I've removed it until we have time to do this right.
- ([@iarna](https://github.com/iarna))
-
-#### NEW VERSION
-
-Just the one. Others came in via the 2.x release. Do check out its
-changelog, immediately following this message.
-
- * [`4e602c5`](https://github.com/npm/npm/commit/4e602c5) `lodash@3.2.2`
-
-### v3.0.0 (2015-06-25):
-
-Wow, it's finally here! This has been a long time coming. We are all
-delighted and proud to be getting this out into the world, and are looking
-forward to working with the npm user community to get it production-ready
-as quickly as possible.
-
-`npm@3` constitutes a nearly complete rewrite of npm's installer to be
-easier to maintain, and to bring a bunch of valuable new features and
-design improvements to you all.
-
-[@othiym23](https://github.com/othiym23) and
-[@isaacs](https://github.com/isaacs) have been
-[talking about the changes](http://blog.npmjs.org/post/91303926460/npm-cli-roadmap-a-periodic-update)
-in this release for well over a year, and it's been the primary focus of
-[@iarna](https://github.com/iarna) since she joined the team.
-
-Given that this is a near-total rewrite, all changes listed here are
-[@iarna](https://github.com/iarna)'s work unless otherwise specified.
-
-#### NO, REALLY, READ THIS PARAGRAPH. IT'S THE IMPORTANT ONE.
-
-**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
-confident that it's stable and have assessed the effect of the breaking
-changes on the community. During that time we will still be doing `npm@2`
-releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
-publishing new releases of `npm@3` as `npm@3.0-next` and `npm@3.0-latest`
-alongside those versions until we're ready to switch everyone over to
-`npm@3`. We need your help to find and fix its remaining bugs. It's a
-significant rewrite, so we are _sure_ there still significant bugs
-remaining. So do us a solid and deploy it in non-critical CI environments
-and for day-to-day use, but maybe don't use it for production maintenance
-or frontline continuous deployment just yet.
-
-#### BREAKING CHANGES
-
-##### `peerDependencies`
-
-`grunt`, `gulp`, and `broccoli` plugin maintainers take note! You will be
-affected by this change!
-
-* [#6930](https://github.com/npm/npm/issues/6930)
- ([#6565](https://github.com/npm/npm/issues/6565))
- `peerDependencies` no longer cause _anything_ to be implicitly installed.
- Instead, npm will now warn if a packages `peerDependencies` are missing,
- but it's up to the consumer of the module (i.e. you) to ensure the peers
- get installed / are included in `package.json` as direct `dependencies`
- or `devDependencies` of your package.
-* [#3803](https://github.com/npm/npm/issues/3803)
- npm also no longer checks `peerDependencies` until after it has fully
- resolved the tree.
-
-This shifts the responsibility for fulfilling peer dependencies from library
-/ framework / plugin maintainers to application authors, and is intended to
-get users out of the dependency hell caused by conflicting `peerDependency`
-constraints. npm's job is to keep you _out_ of dependency hell, not put you
-in it.
-
-##### `engineStrict`
-
-* [#6931](https://github.com/npm/npm/issues/6931) The rarely-used
- `package.json` option `engineStrict` has been deprecated for several
- months, producing warnings when it was used. Starting with `npm@3`, the
- value of the field is ignored, and engine violations will only produce
- warnings. If you, as a user, want strict `engines` field enforcement,
- just run `npm config set engine-strict true`.
-
-As with the peer dependencies change, this is about shifting control from
-module authors to application authors. It turns out `engineStrict` was very
-difficult to understand even harder to use correctly, and more often than
-not just made modules using it difficult to deploy.
-
-##### `npm view`
-
-* [`77f1aec`](https://github.com/npm/npm/commit/77f1aec) With `npm view` (aka
- `npm info`), always return arrays for versions, maintainers, etc. Previously
- npm would return a plain value if there was only one, and multiple values if
- there were more. ([@KenanY](https://github.com/KenanY))
-
-#### KNOWN BUGS
-
-Again, this is a _**BETA RELEASE**_, so not everything is working just yet.
-Here are the issues that we already know about. If you run into something
-that isn't on this list,
-[let us know](https://github.com/npm/npm/issues/new)!
-
-* [#8575](https://github.com/npm/npm/issues/8575)
- Circular deps will never be removed by the prune-on-uninstall code.
-* [#8588](https://github.com/npm/npm/issues/8588)
- Local deps where the dep name and the name in the package.json differ
- don't result in an error.
-* [#8637](https://github.com/npm/npm/issues/8637)
- Modules can install themselves as direct dependencies. `npm@2` declined to
- do this.
-* [#8660](https://github.com/npm/npm/issues/8660)
- Dependencies of failed optional dependencies aren't rolled back when the
- optional dependency is, and then are reported as extraneous thereafter.
-
-#### NEW FEATURES
-
-##### The multi-stage installer!
-
-* [#5919](https://github.com/npm/npm/issues/5919)
- Previously the installer had a set of steps it executed for each package
- and it would immediately start executing them as soon as it decided to
- act on a package.
-
- But now it executes each of those steps at the same time for all
- packages, waiting for all of one stage to complete before moving on. This
- eliminates many race conditions and makes the code easier to reason
- about.
-
-This fixes, for instance:
-
-* [#6926](https://github.com/npm/npm/issues/6926)
- ([#5001](https://github.com/npm/npm/issues/5001),
- [#6170](https://github.com/npm/npm/issues/6170))
- `install` and `postinstall` lifecycle scripts now only execute `after`
- all the module with the script's dependencies are installed.
-
-##### Install: it looks different!
-
-You'll now get a tree much like the one produced by `npm ls` that
-highlights in orange the packages that were installed. Similarly, any
-removed packages will have their names prefixed by a `-`.
-
-Also, `npm outdated` used to include the name of the module in the
-`Location` field:
-
-```
-Package Current Wanted Latest Location
-deep-equal MISSING 1.0.0 1.0.0 deep-equal
-glob 4.5.3 4.5.3 5.0.10 rimraf > glob
-```
-
-Now it shows the module that required it as the final point in the
-`Location` field:
-
-```
-Package Current Wanted Latest Location
-deep-equal MISSING 1.0.0 1.0.0 npm
-glob 4.5.3 4.5.3 5.0.10 npm > rimraf
-```
-
-Previously the `Location` field was telling you where the module was on
-disk. Now it tells you what requires the module. When more than one thing
-requires the module you'll see it listed once for each thing requiring it.
-
-##### Install: it works different!
-
-* [#6928](https://github.com/npm/npm/issues/6928)
- ([#2931](https://github.com/npm/npm/issues/2931)
- [#2950](https://github.com/npm/npm/issues/2950))
- `npm install` when you have an `npm-shrinkwrap.json` will ensure you have
- the modules specified in it are installed in exactly the shape specified
- no matter what you had when you started.
-* [#6913](https://github.com/npm/npm/issues/6913)
- ([#1341](https://github.com/npm/npm/issues/1341)
- [#3124](https://github.com/npm/npm/issues/3124)
- [#4956](https://github.com/npm/npm/issues/4956)
- [#6349](https://github.com/npm/npm/issues/6349)
- [#5465](https://github.com/npm/npm/issues/5465))
- `npm install` when some of your dependencies are missing sub-dependencies
- will result in those sub-dependencies being installed. That is, `npm
- install` now knows how to fix broken installs, most of the time.
-* [#5465](https://github.com/npm/npm/issues/5465)
- If you directly `npm install` a module that's already a subdep of
- something else and your new version is incompatible, it will now install
- the previous version nested in the things that need it.
-* [`a2b50cf`](https://github.com/npm/npm/commit/a2b50cf)
- [#5693](https://github.com/npm/npm/issues/5693)
- When installing a new module, if it's mentioned in your
- `npm-shrinkwrap.json` or your `package.json` use the version specifier
- from there if you didn't specify one yourself.
-
-##### Flat, flat, flat!
-
-Your dependencies will now be installed *maximally flat*. Insofar as is
-possible, all of your dependencies, and their dependencies, and THEIR
-dependencies will be installed in your project's `node_modules` folder with no
-nesting. You'll only see modules nested underneath one another when two (or
-more) modules have conflicting dependencies.
-
-* [#3697](https://github.com/npm/npm/issues/3697)
- This will hopefully eliminate most cases where Windows users ended up
- with paths that were too long for Explorer and other standard tools to
- deal with.
-* [#6912](https://github.com/npm/npm/issues/6912)
- ([#4761](https://github.com/npm/npm/issues/4761)
- [#4037](https://github.com/npm/npm/issues/4037))
- This also means that your installs will be deduped from the start.
-* [#5827](https://github.com/npm/npm/issues/5827)
- This deduping even extends to git deps.
-* [#6936](https://github.com/npm/npm/issues/6936)
- ([#5698](https://github.com/npm/npm/issues/5698))
- Various commands are dedupe aware now.
-
-This has some implications for the behavior of other commands:
-
-* `npm uninstall` removes any dependencies of the module that you specified
- that aren't required by any other module. Previously, it would only
- remove those that happened to be installed under it, resulting in left
- over cruft if you'd ever deduped.
-* `npm ls` now shows you your dependency tree organized around what
- requires what, rather than where those modules are on disk.
-* [#6937](https://github.com/npm/npm/issues/6937)
- `npm dedupe` now flattens the tree in addition to deduping.
-
-And bundling of dependencies when packing or publishing changes too:
-
-* [#2442](https://github.com/npm/npm/issues/2442)
- bundledDependencies no longer requires that you specify deduped sub deps.
- npm can now see that a dependency is required by something bundled and
- automatically include it. To put that another way, bundledDependencies
- should ONLY include things that you included in dependencies,
- optionalDependencies or devDependencies.
-* [#5437](https://github.com/npm/npm/issues/5437)
- When bundling a dependency that's both a `devDependency` and the child of
- a regular `dependency`, npm bundles the child dependency.
-
-As a demonstration of our confidence in our own work, npm's own
-dependencies are now flattened, deduped, and bundled in the `npm@3` style.
-This means that `npm@3` can't be packed or published by `npm@2`, which is
-something to be aware of if you're hacking on npm.
-
-##### Shrinkwraps: they are a-changin'!
-
-First of all, they should be idempotent now
-([#5779](https://github.com/npm/npm/issues/5779)). No more differences
-because the first time you install (without `npm-shrinkwrap.json`) and the
-second time (with `npm-shrinkwrap.json`).
-
-* [#6781](https://github.com/npm/npm/issues/6781)
- Second, if you save your changes to `package.json` and you have
- `npm-shrinkwrap.json`, then it will be updated as well. This applies to
- all of the commands that update your tree:
- * `npm install --save`
- * `npm update --save`
- * `npm dedupe --save` ([#6410](https://github.com/npm/npm/issues/6410))
- * `npm uninstall --save`
-* [#4944](https://github.com/npm/npm/issues/4944)
- ([#5161](https://github.com/npm/npm/issues/5161)
- [#5448](https://github.com/npm/npm/issues/5448))
- Third, because `node_modules` folders are now deduped and flat,
- shrinkwrap has to also be smart enough to handle this.
-
-And finally, enjoy this shrinkwrap bug fix:
-
-* [#3675](https://github.com/npm/npm/issues/3675)
- When shrinkwrapping a dependency that's both a `devDependency` and the
- child of a regular `dependency`, npm now correctly includes the child.
-
-##### The Age of Progress (Bars)!
-
-* [#6911](https://github.com/npm/npm/issues/6911)
- ([#1257](https://github.com/npm/npm/issues/1257)
- [#5340](https://github.com/npm/npm/issues/5340)
- [#6420](https://github.com/npm/npm/issues/6420))
- The spinner is gone (yay? boo? will you miss it?), and in its place npm
- has _progress bars_, so you actually have some sense of how long installs
- will take. It's provided in Unicode and non-Unicode variants, and Unicode
- support is automatically detected from your environment.
-
-#### TINY JEWELS
-
-The bottom is where we usually hide the less interesting bits of each
-release, but each of these are small but incredibly useful bits of this
-release, and very much worth checking out:
-
-* [`9ebe312`](https://github.com/npm/npm/commit/9ebe312)
- Build system maintainers, rejoice: npm does a better job of cleaning up
- after itself in your temporary folder.
-* [#6942](https://github.com/npm/npm/issues/6942)
- Check for permissions issues prior to actually trying to install
- anything.
-* Emit warnings at the end of the installation when possible, so that
- they'll be on your screen when npm stops.
-* [#3505](https://github.com/npm/npm/issues/3505)
- `npm --dry-run`: You can now ask that npm only report what it _would have
- done_ with the new `--dry-run` flag. This can be passed to any of the
- commands that change your `node_modules` folder: `install`, `uninstall`,
- `update` and `dedupe`.
-* [`81b46fb`](https://github.com/npm/npm/commit/81b46fb)
- npm now knows the correct URLs for `npm bugs` and `npm repo` for
- repositories hosted on Bitbucket and GitLab, just like it does for GitHub
- (and GitHub support now extends to projects hosted as gists as well as
- traditional repositories).
-* [`5be4008a`](https://github.com/npm/npm/commit/5be4008a09730cfa3891d9f145e4ec7f2accd144)
- npm has been cleaned up to pass the [`standard`](http://npm.im/standard)
- style checker. Forrest and Rebecca both feel this makes it easier to read
- and understand the code, and should also make it easier for new
- contributors to put merge-ready patches.
- ([@othiym23](https://github.com/othiym23))
-
-#### ZARRO BOOGS
+#### DEPENDENCIES
-* [`6401643`](https://github.com/npm/npm/commit/6401643)
- Make sure the global install directory exists before installing to it.
- ([@thefourtheye](https://github.com/thefourtheye))
-* [#6158](https://github.com/npm/npm/issues/6158)
- When we remove modules we do so inside-out running unbuild for each one.
-* [`960a765`](https://github.com/npm/npm/commit/960a765)
- The short usage information for each subcommand has been brought in sync
- with the documentation. ([@smikes](https://github.com/smikes))
+* [`cb20c73`](https://github.com/npm/npm/commit/cb20c7373a32daaccba2c1ad32d0b7e1fc01a681)
+ [#13953](https://github.com/npm/npm/pull/13953)
+ `signal-exit@3.0.1`
+ ([@benjamincoe](https://github.com/benjamincoe))
diff --git a/deps/npm/README.md b/deps/npm/README.md
index 671dd387403bad..eedf76b6b100ef 100644
--- a/deps/npm/README.md
+++ b/deps/npm/README.md
@@ -1,6 +1,6 @@
npm(1) -- a JavaScript package manager
==============================
-[](https://travis-ci.org/npm/npm)
+[](https://travis-ci.org/npm/npm)
## SYNOPSIS
This is just enough info to get you up and running.
@@ -27,15 +27,15 @@ terms of use for the default public registry are available at
## Super Easy Install
-npm is bundled with [node](http://nodejs.org/download/).
+npm is bundled with [node](https://nodejs.org/en/download/).
### Windows Computers
-[Get the MSI](http://nodejs.org/download/). npm is in it.
+[Get the MSI](https://nodejs.org/en/download/). npm is in it.
### Apple Macintosh Computers
-[Get the pkg](http://nodejs.org/download/). npm is in it.
+[Get the pkg](https://nodejs.org/en/download/). npm is in it.
### Other Sorts of Unices
@@ -156,7 +156,7 @@ When you find issues, please report them:
Be sure to include *all* of the output from the npm command that didn't work
as expected. The `npm-debug.log` file is also helpful to provide.
-You can also look for isaacs in #node.js on irc://irc.freenode.net. He
+You can also look for isaacs in #node.js on irc://irc.freenode.net. She
will no doubt tell you to put the output in a gist or email.
## SEE ALSO
diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
index 55fa054d66601e..8c8fa8031efe3b 100755
--- a/deps/npm/bin/npm-cli.js
+++ b/deps/npm/bin/npm-cli.js
@@ -16,11 +16,15 @@
process.title = 'npm'
+ var unsupported = require('../lib/utils/unsupported.js')
+ unsupported.checkForBrokenNode()
+
var log = require('npmlog')
log.pause() // will be unpaused when config is loaded.
-
log.info('it worked if it ends with', 'ok')
+ unsupported.checkForUnsupportedNode()
+
var path = require('path')
var npm = require('../lib/npm.js')
var npmconf = require('../lib/config/core.js')
diff --git a/deps/npm/changelogs/CHANGELOG-3.md b/deps/npm/changelogs/CHANGELOG-3.md
new file mode 100644
index 00000000000000..bbef5af2e2ab90
--- /dev/null
+++ b/deps/npm/changelogs/CHANGELOG-3.md
@@ -0,0 +1,5245 @@
+### v3.10.10 (2016-11-04)
+
+See the discussion on [#14042](https://github.com/npm/npm/issues/14042) for
+more context on this release, which is intended to address a serious regression
+in shrinkwrap behavior in the version of the CLI currently bundled with Node.js
+6 LTS "Boron". You should never install this version directly; instead update
+to `npm@4`, which has everything in this release and more.
+
+#### REGRESSION FIX
+
+* [`9aebe98`](https://github.com/npm/npm/commit/9aebe982114ea2107f46baa1dcb11713b4aaad04)
+ [#14117](https://github.com/npm/npm/pull/14117)
+ Fixes a bug where installing a shrinkwrapped package would fail if the
+ platform failed to install an optional dependency included in the shrinkwrap.
+ ([@watilde](https://github.com/watilde))
+
+#### UPDATE SUPPORT MATRIX
+
+With the advent of the second official Node.js LTS release, Node 6.x
+'Boron', the Node.js project has now officially dropped versions 0.10
+and 0.12 out of the maintenance phase of LTS. (Also, Node 5 was never
+part of LTS, and will see no further support now that Node 7 has been
+released.) As a small team with limited resources, the npm CLI team is
+following suit and dropping those versions of Node from its CI test
+matrix.
+
+* [`c82ecfd`](https://github.com/npm/npm/commit/c82ecfdbe0b5f318a175714a8753efe4dfd3e4b3)
+ [#14503](https://github.com/npm/npm/pull/14503)
+ Node 6 is LTS; 5.x, 0.10, and 0.12 are unsupported.
+ ([@othiym23](https://github.com/othiym23))
+
+### v3.10.9 (2016-10-06)
+
+Hi everyone! This is the last of our monthly releases. We're going to give
+an every-two-weeks schedule a try starting with our next release. We'll
+reevaluate in a quarter, but we suspect that will be what we'll stick with.
+You might be wondering _why_ we've been fiddling with the release cadence? Well,
+we've been trying to tune it to to minimize the overhead for our little team.
+
+This is ALSO the ULTIMATE release of `npm` version 3. That's right, in
+just two weeks' time (October 20th for you fans of calendar time), our dear
+`npm` will be hitting the big 4.0.
+
+**DON'T PANIC**
+
+This is gonna be a much, MUCH smaller major version than 3.x was. Maybe even
+smaller than 2.x was. I can't tell you everything that'll be in there just
+yet, but at the very least it's going to have what's in our
+[4.x milestone](https://github.com/npm/npm/pulls?q=is%3Aopen+is%3Apr+milestone%3A4.x),
+PLUS, the first steps in
+[making `prepublish` work](https://github.com/npm/npm/issues/10074) the way
+people expect it to.
+
+**NOW ABOUT THIS RELEASE**
+
+This release sees a whole slew of bug fixes. Notably a bunch of lifecycle
+fixes and a really important shrinkwrap fix.
+
+#### LIFECYCLE FIXES
+
+* [`d388f90`](https://github.com/npm/npm/commit/d388f90732981633b3cdb4fc7fb0fababd4e64ab)
+ [#13942](https://github.com/npm/npm/pull/13942)
+ Fix current working directory while running shrinkwrap lifecycle scripts.
+ Previously if you ran a shrinkwrap from another lifecycle script AND
+ `node_modules` existed (and if you're running `npm shrinkwrap` it probably
+ should) then `npm` would run the shrinkwrap lifecycle from the
+ `node_modules` folder instead of the package folder.
+ ([@evocateur](https://github.com/evocateur))
+ ([@iarna](https://github.com/iarna))
+* [`c3b6cdf`](https://github.com/npm/npm/commit/c3b6cdfedcdb4d9e7712be5245d9b274828d88d1)
+ [#13964](https://github.com/npm/npm/pull/13964)
+ Fix bug where the `uninstall` lifecycles weren't being run when you
+ reinstalled/updated an existing module.
+ ([@iarna](https://github.com/iarna))
+* [`72bb89c`](https://github.com/npm/npm/commit/72bb89c1aa9811a18cbd766f3da73da76eb920c6)
+ [#13344](https://github.com/npm/npm/pull/13344)
+ When running lifecycles use `TMPDIR` if it's writable and fall back to the
+ current working directory if not. Previously we just assumed `TMPDIR`
+ wouldn't be writable (as we might have been running as `nobody` and
+ `nobody` on some systems can't write to `TMPDIR`).
+ ([@aaronjensen](https://github.com/aaronjensen))
+
+#### SHRINKWRAP GIT & TAGGED DEPENDENCY FIX
+
+* [`3b5eee0`](https://github.com/npm/npm/commit/3b5eee0d31737d1c2518ed95dcc7aaaaa93c253c)
+ [#13941](https://github.com/npm/npm/pull/13941)
+ Fix git and tagged dependency matching with shrinkwraps. Previously git
+ and tag (ie `foo@latest`) dependencies installed from a shrinkwrap would
+ always be flagged as invalid.
+ ([@iarna](https://github.com/iarna))
+
+#### BUG FIXES
+
+* [`bf3bd1e`](https://github.com/npm/npm/commit/bf3bd1e4347ee2c5de08d23558c4444749178c8b)
+ [#14143](https://github.com/npm/npm/pull/14143)
+ Fix bug in `npm version` where `npm-shrinkwrap.json` wouldn't be updated
+ if you ran `npm version` from outside of your project root.
+ ([@lholmquist](https://github.com/lholmquist))
+* [`1089878`](https://github.com/npm/npm/commit/1089878f58977559414c8a9addfc69a9c68905b0)
+ [#13613](https://github.com/npm/npm/pull/13613)
+ Log 'skipping action' as 'verbose' instead of 'warn'. This removes a lot of
+ clutter when there are links in your `node_modules`. The long term plan is
+ to entirely blind `npm` to what's inside links, which will make this code
+ go away entirely.
+ ([@timoxley](https://github.com/timoxley))
+* [`952f1e1`](https://github.com/npm/npm/commit/952f1e109a070ab4066179f6104ba9394300e342)
+ [#13999](https://github.com/npm/npm/pull/13999)
+ Fix a bug where setting `bin` to `null` in your `package.json` would result
+ in `npm` crashing.
+ ([@IonicaBizau](https://github.com/IonicaBizau))
+* [`fcf8b11`](https://github.com/npm/npm/commit/fcf8b11fb7fcf8902f6a887c3d5f0aef2897dde0)
+ [#14032](https://github.com/npm/npm/pull/14032)
+ When using `npm view`, if you specified a version that didn't exist it
+ would previously print `undefined` (even if you asked for JSON output). It
+ now prints nothing in this situation. This brings `npm@3`'s behavior in
+ line with `npm@2`.
+ ([@roblg](https://github.com/roblg))
+* [`93c689f`](https://github.com/npm/npm/commit/93c689ff44c6042a2dcde7fe0d74d2264237d666)
+ [#14032](https://github.com/npm/npm/pull/14032)
+ When using `npm view --json` with a version range that matches multiple
+ versions we now return a list of all of the metadata for all of those
+ versions. Previously we picked one and only returned that. This brings
+ `npm@3`'s behavior in line with `npm@2`.
+ ([@roblg](https://github.com/roblg))
+* [`2411728`](https://github.com/npm/npm/commit/24117289e09c373b845150c45e4793d98fe7cf4b)
+ [#14045](https://github.com/npm/npm/pull/14045)
+ Fix a Windows-only bug in the `git` tests. The tests had rather particular
+ ideas about what arguments would be passed to `git` and on Windows they
+ got this wrong.
+ ([@watilde](https://github.com/watilde))
+
+#### DOCUMENTATION & MISC
+
+* [`30772cc`](https://github.com/npm/npm/commit/30772cc5f80923bf21c003fbe53e5fed9d3a5d97)
+ [#13904](https://github.com/npm/npm/pull/13904)
+ Update `package.json` example to include GitHub branches.
+ ([@stevokk](https://github.com/stevokk))
+* [`f66876f`](https://github.com/npm/npm/commit/f66876f75c204fb78028cf2ff7979f80355bd06c)
+ [#14010](https://github.com/npm/npm/pull/14010)
+ Update the GitHub issue template to reflect Apple's change in name of its
+ desktop operating system.
+ ([@AlexChesters](https://github.com/AlexChesters))
+
+#### DEPENDENCY UPDATES
+
+* [`b3f9bf1`](https://github.com/npm/npm/commit/b3f9bf1ada3f93e6775f5c232350030db6635d0c)
+ [#13918](https://github.com/npm/npm/issues/13918)
+ `graceful-fs@4.1.9`:
+ Fix the _uid must be an unsigned int_ bug that's been around forever but that
+ `npm` started tickling in v3.10.8.
+ ([@addaleax](https://github.com/addaleax))
+ Also fixes wrapper to `fs.readdir` to actually pass through (rather than
+ drop) optional arguments.
+ ([@isaacs](https://github.com/isaacs))
+* [`9402ead`](https://github.com/npm/npm/commit/9402ead67e3be9b431ade637fbfac86204ee96fe)
+ [isaacs/node-glob#293](https://github.com/isaacs/node-glob/pull/293)
+ `glob@7.1.0`:
+ Add `absolute` option for `match` event.
+ ([@phated](https://github.com/phated))
+* [`58b83db`](https://github.com/npm/npm/commit/58b83db327dd87bf7cb5a7d503303537718f2f30)
+ `asap@2.0.5`
+ ([@kriskowal](https://github.com/kriskowal))
+* [`5707e6e`](https://github.com/npm/npm/commit/5707e6e55b220439c3f83e77daf4c70d72eb46f0)
+ `sorted-object@2.0.1`
+ ([@domenic](https://github.com/domenic))
+* [`9d20910`](https://github.com/npm/npm/commit/9d209107ce49a7424c50459284280cd2e6e215d1)
+ `request@2.75.0`
+ ([@simov](https://github.com/simov))
+* [`dea4848`](https://github.com/npm/npm/commit/dea48487a9d03492edc68670d05776d32d9ee8cf)
+ `path-is-inside@1.0.2`
+ ([@domenic](https://github.com/domenic))
+* [`b3f3db5`](https://github.com/npm/npm/commit/b3f3db52e864d607b6d9b18920e2f58acc4b1616)
+ `opener@1.4.2`
+ ([@dominic](https://github.com/dominic))
+* [`6bb5f95`](https://github.com/npm/npm/commit/6bb5f953888bbaaeeb624d623c2a9746d1c243a0)
+ `lockfile@1.0.2`
+ ([@isaacs](https://github.com/isaacs))
+* [`13f7c0a`](https://github.com/npm/npm/commit/13f7c0a73212284b53a2d96882fc298afbf9609c)
+ `config-chain@1.1.11`
+ ([@dominictarr](https://github.com/dominictarr))
+
+### v3.10.8 (2016-09-08)
+
+Monthly releases are so big! Just look at all this stuff!
+
+Our quarter of monthly releases is almost over. The next one, in October, might
+very well be our last one as we move to trying something different and learning
+lessons from our little experiment.
+
+You may also want to keep an eye our for `npm@4` next month, since we're
+planning on finally releasing it then and including a (small) number of breaking
+changes we've been meaning to do for a long time. Don't worry, though: `npm@3`
+will still be around for a bit and will keep getting better and better, and is
+most likely going to be the version that `node@6` uses once it goes to LTS.
+
+As some of us have mentioned before, npm is likely to start doing more regular
+semver-major bumps, while keeping those bumps significantly smaller than the
+huge effort that was `npm@3` -- we're not very likely to do a world-shaking
+thing like that for a while, if ever.
+
+All that said, let's move on to the patches included in v3.10.8!
+
+#### SHRINKWRAP LEVEL UP
+
+The most notable part of this release is a series of commits meant to make `npm
+shrinkwrap` more consistent. By itself, shrinkwrap seems like a fairly
+straightforward thing to implement, but things get complicated when it starts
+interacting with `devDependencies`, `optionalDependencies`, and
+`bundledDependencies`. These commits address some corner cases related to these.
+
+* [`a7eca32`](https://github.com/npm/npm/commit/a7eca3246fbbcbb05434cb6677f65d14c945d74f)
+ [#10073](https://github.com/npm/npm/pull/10073)
+ Record if a dependency is only used as a devDependency and exclude it from the
+ shrinkwrap file.
+ ([@bengl](https://github.com/bengl))
+* [`1eabcd1`](https://github.com/npm/npm/commit/1eabcd16bf2590364ca20831096350073539bf3a)
+ [#10073](https://github.com/npm/npm/pull/10073)
+ Record if a dependency is optional to shrinkwrap.
+ ([@bengl](https://github.com/bengl))
+* [`03efc89`](https://github.com/npm/npm/commit/03efc89522c99ee0fa37d8f4a99bc3b44255ef98)
+ [#13692](https://github.com/npm/npm/pull/13692/)
+ We were doing a weird thing where we used a `package.json` field `installable`
+ to check to see if we'd checked for platform compatibility, and if not did
+ so. But this was the only place that was ever done so there was no reason to
+ implement it in such an obfuscated manner.
+ Instead it now just directly checks and then records that its done so on the
+ node object with `knownInstallable`. This is useful to know because modules
+ expanded via shrinkwrap don't go through this– `inflateShrinkwrap` does not
+ currently have any rollback semantics and so checking this sort of thing there
+ is unhelpful.
+ ([@iarna](https://github.com/iarna))
+* [`ff87938`](https://github.com/npm/npm/commit/ff879382fda21dac7216a5f666287b3a7e74a947)
+ [#11735](https://github.com/npm/npm/issues/11735)
+ Running `npm install --save-dev` will now update shrinkwrap file, but only
+ if there already are devDependencies in it.
+ ([@szimek](https://github.com/szimek))
+* [`c00ca3a`](https://github.com/npm/npm/commit/c00ca3aef836709eeaeade91c5305bc2fbda2e8a)
+ [#13394](https://github.com/npm/npm/issues/13394)
+ Check installability of modules from shrinkwrap, since modules that came into
+ the tree vie shrinkwrap won't already have this information recorded in
+ advance.
+ ([@iarna](https://github.com/iarna))
+
+#### INSTALLER ERROR REPORTING LEVEL UP
+
+As part of the shrinkwrap push, there were also a lot of error-reporting
+improvements. Some to add more detail to error objects, others to fix bugs and
+inconsistencies.
+
+* [`2cdd713`](https://github.com/npm/npm/commit/2cdd7132abddcc7f826a355c14348ce9a5897ffe)
+ Consistently set code on `ETARGET` when fetching package metadata if no
+ compatible version is found.
+ ([@iarna](https://github.com/iarna))
+* [`cabcd17`](https://github.com/npm/npm/commit/cabcd173f2923cb5b77e7be0e42eea2339a24727)
+ [#13692](https://github.com/npm/npm/pull/13692/)
+ Include installer warning details at the `verbose` log level.
+ ([@iarna](https://github.com/iarna))
+* [`95a4044`](https://github.com/npm/npm/commit/95a4044cbae93d19d0da0f3cd04ea8fa620295d9)
+ [`dbb14c2`](https://github.com/npm/npm/commit/dbb14c241d982596f1cdaee251658f5716989fd2)
+ [`9994383`](https://github.com/npm/npm/commit/9994383959798f80749093301ec43a8403566bb6)
+ [`7417000`](https://github.com/npm/npm/commit/74170003db0c53def9b798cb6fe3fe7fc3e06482)
+ [`f45f85d`](https://github.com/npm/npm/commit/f45f85dac800372d63dfa8653afccbf5bcae7295)
+ [`e79cc1b`](https://github.com/npm/npm/commit/e79cc1b11440f0d122c4744d5eff98def9553f4a)
+ [`146ee39`](https://github.com/npm/npm/commit/146ee394b1f7a33cf409a30b835a85d939acb438)
+ [#13692](https://github.com/npm/npm/pull/13692/)
+ Improve various bits of error reporting, adding more error information and
+ some related refactoring.
+ ([@iarna](https://github.com/iarna))
+
+#### MISCELLANEOUS BUGS LEVEL UP
+
+* [`116b6c6`](https://github.com/npm/npm/commit/116b6c60a174ea0cc49e4d62717e4e26175b6534)
+ [#13456](https://github.com/npm/npm/issues/13456)
+ In lifecycle scripts, any `node_modules/.bin` existing in the hierarchy
+ should be turned into an entry in the PATH environment variable.
+ However, prior to this commit, it was splitting based on the string
+ `node_modules`, rather than restricting it to only path portions like
+ `/node_modules/` or `\node_modules\`. So, a path containing an entry
+ like `my_node_modules` would be improperly split.
+ ([@isaacs](https://github.com/isaacs))
+* [`0a28dd0`](https://github.com/npm/npm/commit/0a28dd0104e5b4a8cc0cb038bd213e6a50827fe8)
+ [npm/fstream-npm#23](https://github.com/npm/fstream-npm/pull/23)
+ `fstream-npm@1.2.0`:
+ Always ignore `*.orig` files, which are generated by git when using `git
+ mergetool`, by default.
+ ([@zkat](https://github.com/zkat))
+* [`a3a2fb9`](https://github.com/npm/npm/commit/a3a2fb97adc87c2aa9b2b8957861b30efafc7ad0)
+ [#13708](https://github.com/npm/npm/pull/13708)
+ Always ignore `*.orig` files, which are generated by git when using `git
+ mergetool`, by default.
+ ([@boneskull](https://github.com/boneskull))
+
+#### TOOLING LEVEL UP
+
+* [`e1d7e6c`](https://github.com/npm/npm/commit/e1d7e6ce551cbc42026cdcadcb37ea515059c972)
+ Add helper for generating test skeletons.
+ ([@iarna](https://github.com/iarna))
+* [`4400b35`](https://github.com/npm/npm/commit/4400b356bca9175935edad1469c608c909bc01bf)
+ Fix fixture creation and cleanup in `maketest`.
+ ([@iarna](https://github.com/iarna))
+
+#### DOCUMENTATION LEVEL UP
+
+* [`8eb9460`](https://github.com/npm/npm/commit/8eb94601fe895b97cbcf8c6134e6b371c5371a1e)
+ [#13717](https://github.com/npm/npm/pull/13717)
+ Document that `npm link` will link the files specified in the `bin` field of
+ `package.json` to `{prefix}/bin/{name}`.
+ ([@legodude17](https://github.com/legodude17))
+* [`a66e5e9`](https://github.com/npm/npm/commit/a66e5e9c388878fe03fb29014c3b95d28bedd3c1)
+ [#13682](https://github.com/npm/npm/pull/13682)
+ Minor grammar fix in documentation for `npm scripts`.
+ ([@Ajedi32](https://github.com/Ajedi32))
+* [`74b8043`](https://github.com/npm/npm/commit/74b80437ffdfcf8172f6ed4f39bfb021608dd9dd)
+ [#13655](https://github.com/npm/npm/pull/13655)
+ Document line comment syntax for `.npmrc`.
+ ([@mdjasper](https://github.com/mdjasper))
+* [`b352a84`](https://github.com/npm/npm/commit/b352a84c2c7ad15e9c669af75f65cdaa964f86c0)
+ [#12438](https://github.com/npm/npm/issues/12438)
+ Remind folks to use `#!/usr/bin/env node` in their `bin` scripts to make files
+ executable directly.
+ ([@mxstbr](https://github.com/mxstbr))
+* [`b82fd83`](https://github.com/npm/npm/commit/b82fd838edbfff5d2833a62f6d8ae8ea2df5a1f2)
+ [#13493](https://github.com/npm/npm/pull/13493)
+ Document that the user config file can itself be configured either through the
+ `$NPM_CONFIG_USERCONFIG` environment variable, or `--userconfig` command line
+ flag.
+ ([@jasonkarns](https://github.com/jasonkarns))
+* [`8a02699`](https://github.com/npm/npm/commit/8a026992a03d90e563a97c70e90926862120693b)
+ [#13911](https://github.com/npm/npm/pull/13911)
+ Minor documentation reword and cleanup.
+ ([@othiym23](https://github.com/othiym23))
+
+#### DEPENDENCY LEVEL UP
+
+* [`2818fb0`](https://github.com/npm/npm/commit/2818fb0f6081d68a91f0905945ad102f26c6cf85)
+ `glob@7.0.6`
+ ([@isaacs](https://github.com/isaacs))
+* [`d88ec81`](https://github.com/npm/npm/commit/d88ec81ad33eb2268fcd517d35346a561bc59aff)
+ `graceful-fs@4.1.6`
+ ([@francescoinfante](https://github.com/francescoinfante))
+* [`4727f86`](https://github.com/npm/npm/commit/4727f8646daca7b3e3c1c95860e02acf583b9dae)
+ `lodash.clonedeep@4.5.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`c347678`](https://github.com/npm/npm/commit/c3476780ef4483425e4ae1d095a5884b46b8db86)
+ `lodash.union@4.6.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`530bd4d`](https://github.com/npm/npm/commit/530bd4d2ae6f704f624e4f7bf64f911f37e2b7f8)
+ `lodash.uniq@4.5.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`483d56a`](https://github.com/npm/npm/commit/483d56ae8137eca0c0f7acd5d1c88ca6d5118a6a)
+ `lodash.without@4.4.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`6c934df`](https://github.com/npm/npm/commit/6c934df6e74bacd0ed40767b319936837a43b586)
+ `inherits@2.0.3`
+ ([@isaacs](https://github.com/isaacs))
+* [`a65ed7c`](https://github.com/npm/npm/commit/a65ed7cbd3c950383a14461a4b2c87b67ef773b9)
+ `npm-registry-client@7.2.1`:
+ * [npm/npm-registry-client#142](https://github.com/npm/npm-registry-client/pull/142) Fix `EventEmitter` warning spam from error handlers on socket. ([@addaleax](https://github.com/addaleax))
+ * [npm/npm-registry-client#131](https://github.com/npm/npm-registry-client/pull/131) Adds support for streaming request bodies. ([@aredridel](https://github.com/aredridel))
+ * Fixes [#13656](https://github.com/npm/npm/issues/13656).
+ * Dependency updates.
+ * Documentation improvements.
+ ([@othiym23](https://github.com/othiym23))
+* [`2b88d62`](https://github.com/npm/npm/commit/2b88d62e6a730716b27052c0911c094d01830a60)
+ [npm/npmlog#34](https://github.com/npm/npmlog/pull/34)
+ `npmlog@4.0.0`:
+ Allows creating log levels that are empty strings or 0
+ ([@rwaldron](https://github.com/rwaldron))
+* [`242babb`](https://github.com/npm/npm/commit/242babbd02274ee2d212ae143992c20f47ef0066)
+ `once@1.4.0`
+ ([@zkochan](https://github.com/zkochan))
+* [`6d8ba2b`](https://github.com/npm/npm/commit/6d8ba2b4918e2295211130af68ee8a67099139e0)
+ `readable-stream@2.1.5`
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`855c099`](https://github.com/npm/npm/commit/855c099482a8d93b7f0646bd7bcf8a31f81868e0)
+ `retry@0.10.0`
+ ([@tim-kos](https://github.com/tim-kos))
+* [`80540c5`](https://github.com/npm/npm/commit/80540c52b252615ae8a6271b3df870eabfea935e)
+ `semver@5.3.0`:
+ * Add `minSatisfying`
+ * Add `prerelease(v)`
+ ([@isaacs](https://github.com/isaacs))
+* [`8aaac52`](https://github.com/npm/npm/commit/8aaac52ffae8e689fae265712913b1e2a36b1aa6)
+ `which@1.2.1`
+ ([@isaacs](https://github.com/isaacs))
+* [`85108a2`](https://github.com/npm/npm/commit/85108a29108ab0a57997572dc14f87eb706890ba)
+ `write-file-atomic@1.2.0`:
+ Preserve chmod and chown from the overwritten file
+ ([@iarna](https://github.com/iarna))
+* [`291a377`](https://github.com/npm/npm/commit/291a377f32f5073102a8ede61a27e6a9b37154c2)
+ Update npm documentation to reflect documentation for `semver@5.3.0`.
+ ([@zkat](https://github.com/zkat))
+
+### v3.10.7 (2016-08-11)
+
+Hi all, today's our first release coming out of the new monthly release
+cadence. See below for details. We're all recovered from conferences now
+and raring to go! We've got some pretty keen bug fixes and a bunch of
+documentation and dependency updates. It's hard to narrow it down to just a
+few, but of note are scoped packages in bundled dependencies, the
+`preinstall` lifecycle fix, the shrinkwrap and Git dependencies fix and the
+fix to a crasher involving cycles in development dependencies.
+
+#### NEW RELEASE CADENCE
+
+Releasing npm has been, for the most part, a very prominent part of our
+weekly process process. As part of our efforts to find the most effective
+ways to allocate our team's resources, we decided last month that we would
+try and slow our releases down to a monthly cadence, and see if we found
+ourselves with as much extra time and attention as we expected to have.
+Process experiments are useful for finding more effective ways to do our
+work, and we're at least going to keep doing this for a whole quarter, and
+then measure how well it worked out. It's entirely likely that we'll switch
+back to a more frequent cadence, specially if we find that the value that
+weekly cadence was providing the community is not worth sacrificing for a
+bit of extra time. Does this affect you significantly? Let us know!
+
+#### SCOPED PACKAGES IN BUNDLED DEPENDENCIES
+
+Prior to this release and
+[v2.15.10](https://github.com/npm/npm/releases/v2.15.10), npm had ignored
+scoped modules found in `bundleDependencies`.
+
+* [`29cf56d`](https://github.com/npm/npm/commit/29cf56dbae8e3dd16c24876f998051623842116a)
+ [#8614](https://github.com/npm/npm/issues/8614)
+ Include scoped packages in bundled dependencies.
+ ([@forivall](https://github.com/forivall))
+
+#### `preinstall` LIFECYCLE IN CURRENT PROJECT
+
+* [`b7f13bc`](https://github.com/npm/npm/commit/b7f13bc80b89b025be0c53d81b90ec8f2cebfab7)
+ [#13259](https://github.com/npm/npm/pull/13259)
+ Run top level preinstall before installing dependencies
+ ([@palmerj3](https://github.com/palmerj3))
+
+#### BETTER SHRINKWRAP WITH GIT DEPENDENCIES
+
+* [`0f7e319`](https://github.com/npm/npm/commit/0f7e3197bcec7a328b603efdffd3681bbc40f585)
+ [#12718](https://github.com/npm/npm/issues/12718.)
+ Update outdated git dependencies found in shrinkwraps. Previously, if the
+ module version was the same then no update would be completed even if the
+ committish had changed.
+ ([@kossnocorp](https://github.com/kossnocorp))
+
+
+#### CYCLES IN DEVELOPMENT DEPENDENCIES NO LONGER CRASH
+
+* [`1691de6`](https://github.com/npm/npm/commit/1691de668d34cd92ab3de08bf3a06085388f2f07)
+ [#13327](https://github.com/npm/npm/issues/13327)
+ Fix bug where cycles found in development dependencies could result in
+ infinite recursion that resulted in crashes.
+ ([@iarna](https://github.com/iarna))
+
+#### IMPROVE "NOT UPDATING LINKED MODULE" WARNINGS
+
+* [`1619871`](https://github.com/npm/npm/commit/1619871ac0cc8839dc9962c78e736095976c1eb4)
+ [#12893](https://github.com/npm/npm/pull/12893)
+ Only warn about symlink update if version number differs
+ The update-linked action outputs a warning that it needs to update the
+ linked package, but can't, There is no need for the package to be updated if
+ it is already at the correct version. This change does a check before
+ logging the warning.
+ ([@DaveEmmerson](https://github.com/DaveEmmerson))
+
+#### MORE BUG FIXES
+
+* [`8f8d1b3`](https://github.com/npm/npm/commit/8f8d1b33a78c79aff9de73df362abaa7f05751d2)
+ [#11398](https://github.com/npm/npm/issues/11398)
+ Fix bug where `package.json` files that contained a `type` property could
+ cause crashes. `type` is not a `package.json` property that npm makes use
+ of and having it should be (and now is) harmless.
+ ([@zkat](https://github.com/zkat))
+* [`e7fa6c6`](https://github.com/npm/npm/commit/e7fa6c6a2c1de2a214479daa8c6901eebb350381)
+ [#13353](https://github.com/npm/npm/issues/13353)
+ Add GIT_EXEC_PATH to Git environment whitelist.
+ ([@mhart](https://github.com/mhart))
+* [`c23af21`](https://github.com/npm/npm/commit/c23af21d4cedd7fedcb4168672044db76ad054a8)
+ [#13626](https://github.com/npm/npm/pull/13626)
+ Use HTTPS issues URL in the error message for type validation errors.
+ ([@watilde](https://github.com/watilde))
+
+#### INCLUDE `npm login` IN COMMAND SUMMARY
+
+* [`ab0c4b1`](https://github.com/npm/npm/commit/ab0c4b137b05762e75e0913038b606f087b58aa0)
+ [#13581](https://github.com/npm/npm/issues/13581)
+ The `login` command has long been an alias for `adduser`.
+ At the same time, there is an expectation not just of that
+ particular word being something to look for, but of there being
+ clear symmetry with `logout`.
+ So it was a bit confusing when `login` didn't show up in
+ `npm help` on a technicality. This seems like an acceptable
+ exception to the rule that says "no aliases in `npm help`".
+ ([@zkat](https://github.com/zkat))
+
+#### DOCUMENTATION
+
+* [`e2d7e78`](https://github.com/npm/npm/commit/e2d7e7820a7875ed96e0382dc1e91b8df4e83746)
+ [#13319](https://github.com/npm/npm/pull/13319)
+ As Node.js 0.8 is no longer supported, remove mention of it from the README.
+ ([@watilde](https://github.com/watilde))
+* [`c565d89`](https://github.com/npm/npm/commit/c565d893a38efb6006e841450503329c9e58f100)
+ [#13349](https://github.com/npm/npm/pull/13349)
+ Updated the scripts documentation to explain the different between `version` and `preversion`.
+ ([@christophehurpeau](https://github.com/christophehurpeau))
+* [`fa8f87f`](https://github.com/npm/npm/commit/fa8f87f1ec92e543dd975156c4b184eb3e0b80cb)
+ [#10167](https://github.com/npm/npm/pull/10167)
+ Clarify in scope documentation that npm@2 is required for scoped packages.
+ ([@danpaz](https://github.com/danpaz))
+
+#### DEPENDENCIES
+
+* [`124427e`](https://github.com/npm/npm/commit/124427eabbfd200aa145114e389e19692559ff1e)
+ [#8614](https://github.com/npm/npm/issues/8614)
+ `fstream-npm@1.1.1`:
+ Fixes bug with inclusion of scoped bundled dependencies.
+ ([@forivall](https://github.com/forivall))
+* [`7e0cdff`](https://github.com/npm/npm/commit/7e0cdff04714709f6dc056b19422d3f937502f1c)
+ [#13497](https://github.com/npm/npm/pull/13497)
+ `graceful-fs@4.1.5`:
+ `graceful-fs` had a [bug fix](https://github.com/isaacs/node-graceful-fs/pull/71) which
+ fixes a problem ([nodejs/node#7846](https://github.com/nodejs/node/pull/7846)) exposed
+ by recent changes to Node.js.
+ ([@thefourtheye](https://github.com/thefourtheye))
+* [`9b88cb8`](https://github.com/npm/npm/commit/9b88cb89f138443f324094685f4de073f33ecef0)
+ [#9984](https://github.com/npm/npm/issues/9984)
+ `request@2.74.0`:
+ Update request library to at least 2.73 to fix a bug where `npm install` would crash with
+ _Cannot read property 'emit' of null._
+
+ Update `request` dependency `tough-cookie` to `2.3.0` to
+ to address [https://nodesecurity.io/advisories/130](https://nodesecurity.io/advisories/130).
+ Versions 0.9.7 through 2.2.2 contain a vulnerable regular expression that,
+ under certain conditions involving long strings of semicolons in the
+ "Set-Cookie" header, causes the event loop to block for excessive amounts of
+ time.
+ ([@zarenner](https://github.com/zarenner))
+ ([@stash-sfdc](https://github.com/stash-sfdc))
+* [`bf78ce5`](https://github.com/npm/npm/commit/bf78ce5ef5d2d6e95177193cca5362dd27bff968)
+ [#13387](https://github.com/npm/npm/issues/13387)
+ `minimatch@3.0.3`:
+ Handle extremely long and terrible patterns more gracefully.
+ There were some magic numbers that assumed that every extglob pattern starts
+ and ends with a specific number of characters in the regular expression.
+ Since !(||) patterns are a little bit more complicated, this led to creating
+ an invalid regular expression and throwing.
+ ([@isaacs](https://github.com/isaacs))
+* [`803e538`](https://github.com/npm/npm/commit/803e538efaae4b56a764029742adcf6761e8398b)
+ [isaacs/rimraf#111](https://github.com/isaacs/rimraf/issues/111)
+ `rimraf@2.5.4`: Clarify assertions: cb is required, options are not.
+ ([@isaacs](https://github.com/isaacs))
+* [`a9f84ef`](https://github.com/npm/npm/commit/a9f84ef61b4c719b646bf9cda00577ef16e3a113)
+ `lodash.without@4.2.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`f59ff1c`](https://github.com/npm/npm/commit/f59ff1c2701f1bfd21bfdb97b4571823b614f694)
+ `lodash.uniq@4.4.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`8cc027e`](https://github.com/npm/npm/commit/8cc027e5e81623260a49b31fe406ce483258b203)
+ `lodash.union@4.5.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`0a6c1e4`](https://github.com/npm/npm/commit/0a6c1e4302a153fb055f495043ed33afd8324193)
+ `lodash.without@4.3.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`4ab0181`](https://github.com/npm/npm/commit/4ab0181fca2eda18888b865ef691b83d30fb0c33)
+ `lodash.clonedeep@4.4.1`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.10.6 (2016-07-07)
+
+This week we have a bunch of bug fixes for ya! A shrinkwrap regression
+introduced in 3.10.0, better lifecycle `PATH` behavior, improvements when
+working with registries other than `registry.npmjs.org` and a fix for
+hopefully the last _don't print a progress bar over my interactive thingy_
+bug.
+
+#### SHRINKWRAP AND DEV DEPENDENCIES
+
+The rewrite in 3.10.0 triggered a bug where dependencies of devDependencies
+would be included in your shrinkwrap even if you didn't request
+devDependencies.
+
+* [`2484529`](https://github.com/npm/npm/commit/2484529ab56a42e5d6f13c48006f39a596d9e327)
+ [#13308](https://github.com/npm/npm/pull/13308)
+ Fix bug where deps of devDependencies would be incorrectly included in
+ shrinkwraps.
+ ([@iarna](https://github.com/iarna))
+
+#### BETTER PATH LIFECYCLE BEHAVIOR
+
+We've been around the details on this one a few times in recent months and
+hopefully this will bring is to where we want to be.
+
+* [`81051a9`](https://github.com/npm/npm/commit/81051a90eee66a843f76eb8cccedbb1d0a5c1f47)
+ [#12968](https://github.com/npm/npm/pull/12968)
+ When running lifecycle scripts, only prepend directory containing the node
+ binary to PATH if not already in PATH.
+ ([@segrey](https://github.com/segrey))
+
+#### BETTER INTERACTIONS WITH THIRD PARTY REGISTRIES
+
+* [`071193c`](https://github.com/npm/npm/commit/071193c8e193767dd1656cb27556cb3751d77a3b)
+ [#10869](https://github.com/npm/npm/pull/10869)
+ If the registry returns a list of versions some of which are invalid, skip
+ those when picking a version to install. This can't happen with
+ registry.npmjs.org as it will normalize versions published with it, but it
+ can happen with other registries.
+ ([@gregersrygg](https://github.com/gregersrygg))
+
+#### ONE LAST TOO-MUCH-PROGRESS CORNER
+
+* [`1244cc1`](https://github.com/npm/npm/commit/1244cc16dc5a0536acf26816a1deeb8e221d67eb)
+ [#13305](https://github.com/npm/npm/pull/13305)
+ Disable progress bar in `npm edit` and `npm config edit`.
+ ([@watilde](https://github.com/watilde))
+
+#### HTML DOCS IMPROVEMENTS
+
+* [`58da923`](https://github.com/npm/npm/commit/58da9234ae72a5474b997f890a1155ee9785e6f1)
+ [#13225](https://github.com/npm/npm/issues/13225)
+ Fix HTML character set declaration in generated HTML documentation.
+ ([@KenanY](https://github.com/KenanY))
+* [`d1f0bf4`](https://github.com/npm/npm/commit/d1f0bf4303566f8690502034f82bbb449850958d)
+ [#13250](https://github.com/npm/npm/pull/13250)
+ Optimize png images using zopflipng.
+ ([@PeterDaveHello](https://github.com/PeterDaveHello))
+
+#### DEPENDENCY UPDATES (THAT MATTER)
+
+* [`c7567e5`](https://github.com/npm/npm/commit/c7567e58618b63f97884afa104d2f560c9272dd5)
+ [npm/npm-user-validate#9](https://github.com/npm/npm-user-validate/pull/9)
+ `npm-user-validate@0.1.5`:
+ Lower the username length limits to 214 from 576 to match `registry.npmjs.org`'s limits.
+ ([@aredridel](https://github.com/aredridel))
+* [`22802c9`](https://github.com/npm/npm/commit/22802c9db3cf990c905e8f61304db9b5571d7964)
+ [#isaacs/rimraf](https://github.com/npm/npm/issues/isaacs/rimraf)
+ `rimraf@2.5.3`:
+ Fixes EPERM errors when running `lstat` on read-only directories.
+ ([@isaacs](https://github.com/isaacs))
+* [`ce6406f`](https://github.com/npm/npm/commit/ce6406f4b6c4dffbb5cd8a3c049f6663a5665522)
+ `glob@7.0.5`:
+ Forces the use of `minimatch` to 3.0.2, which improved handling of long and
+ complicated patterns.
+ ([@isaacs](https://github.com/isaacs))
+
+
+### v3.10.5 (2016-07-05)
+
+This is a fix to this week's testing release to correct the update of
+`node-gyp` which somehow got mangled.
+
+* [`ca97ce2`](https://github.com/npm/npm/commit/ca97ce2e8d8ba44c445b39ffa40daf397d5601b3)
+ [#13256](https://github.com/npm/npm/issues/13256)
+ Fresh reinstall of `node-gyp@3.4.0`.
+ ([@zkat](https://github.com/zkat))
+
+### v3.10.4 (2016-06-30)
+
+Hey y'all! This release includes a bunch of fixes we've been working on as we
+continue on our `big-bug` push. There's still [a lot of it left to
+do](https://github.com/npm/npm/labels/big-bug), but once this is done, things
+should just generally be more stable, installs should be more reliable and
+correct, and we'll be able to move on to more future work. We'll keep doing our
+best! 🙌
+
+#### RACES AS WACKY AS [REDLINE](https://en.wikipedia.org/wiki/Redline_\(2009_film\))
+
+Races are notoriously hard to squash, and tend to be some of the more common
+recurring bugs we see on the CLI. [@julianduque](https://github.com/julianduque)
+did some pretty awesome [sleuthing
+work](https://github.com/npm/npm/issues/12669) to track down a cache race and
+helpfully submitted a patch. There were some related races in the same area that
+also got fixed at around the same time, mostly affecting Windows users.
+
+* [`2a37c97`](https://github.com/npm/npm/commit/2a37c97121483db2b6f817fe85c2a5a77b76080e)
+ [#12669](https://github.com/npm/npm/issues/12669)
+ [#13023](https://github.com/npm/npm/pull/13023)
+ The CLI is pretty aggressive about correcting permissions across the cache
+ whenever it writes to it. This aggressiveness caused a couple of races where
+ temporary cache files would get picked up by `fs.readdir`, and removed before
+ `chownr` was called on them, causing `ENOENT` errors. While the solution might
+ seem a bit hamfisted, it's actually perfectly safe and appropriate in this
+ case to just ignore those resulting `ENOENT` errors.
+ ([@julianduque](https://github.com/julianduque))
+* [`ea018b9`](https://github.com/npm/npm/commit/ea018b9e3856d1798d199ae3ebce4ed07eea511b)
+ [#13023](https://github.com/npm/npm/pull/13023)
+ If a user were to have SUDO_UID and SUDO_GID, they'd be able to get into a
+ pretty weird state. This fixes that corner case.
+ ([@zkat](https://github.com/zkat))
+* [`703ca3a`](https://github.com/npm/npm/commit/703ca3abbf4f1cb4dff08be32acd2142d5493482)
+ [#13023](https://github.com/npm/npm/pull/13023)
+ A missing `return` was causing `chownr` to be called on Windows, even though
+ that's literally pointless, and causing crashes in the process, instead of
+ short-circuiting. This was entirely dependent on which callback happened to be
+ called first, and in some cases, the failing one would win the race. This
+ should prevent this from happening in the future.
+ ([@zkat](https://github.com/zkat))
+* [`69267f4`](https://github.com/npm/npm/commit/69267f4fbd1467ce576f173909ced361f8fe2a9d)
+ [#13023](https://github.com/npm/npm/pull/13023)
+ Added tests to verify `correct-mkdir` race patch.
+ ([@zkat](https://github.com/zkat))
+* [`e5f50ea`](https://github.com/npm/npm/commit/e5f50ea9f84fe8cac6978d18f7efdf43834928e7)
+ [#13023](https://github.com/npm/npm/pull/13023)
+ Added tests to verify `addLocal` race patch.
+ ([@zkat](https://github.com/zkat))
+
+#### SHRINKWRAP IS COMPLICATED BUT IT'S BETTER NOW
+
+[@iarna](https://github.com/iarna) did some heroic hacking to refactor a bunch
+of `shrinkwrap`-related bits and fixed some resolution and pathing issues that
+were biting users. The code around that stuff got more readable/maintainable in
+the process, too!
+
+* [`346bba1`](https://github.com/npm/npm/commit/346bba1e1fee9cc814b07c56f598a73be5c21686)
+ [#13214](https://github.com/npm/npm/pull/13214)
+ Resolve local dependencies in `npm-shrinkwrap.json` relative to the top of the
+ tree.
+ ([@iarna](https://github.com/iarna))
+* [`4a67fdb`](https://github.com/npm/npm/commit/4a67fdbd0f160deb6644a9c4c5b587357db04d2d)
+ [#13213](https://github.com/npm/npm/pull/13213)
+ If you run `npm install modulename` it should, if a `npm-shrinkwrap.json` is
+ present, use the version found there. If not, it'll use the version found in
+ your `package.json`, and failing *that*, use `latest`.
+ This fixes a case where the first check was being bypassed because version
+ resolution was being done prior to loading the shrinkwrap, and so checks to
+ match the shrinkwrap version couldn't succeed.
+ ([@iarna](https://github.com/iarna))
+* [`afa2133`](https://github.com/npm/npm/commit/afa2133a5d8ac4f6f44cdc6083d89ad7f946f5bb)
+ [#13214](https://github.com/npm/npm/pull/13214)
+ Refactor shrinkwrap specifier lookup into shared function.
+ ([@iarna](https://github.com/iarna))
+* [`2820b56`](https://github.com/npm/npm/commit/2820b56a43e1cc1e12079a4c886f6c14fe8c4f10)
+ [#13214](https://github.com/npm/npm/pull/13214)
+ Refactor operations in `inflate-shrinkwrap.js` into separate functions for
+ added clarity.
+ ([@iarna](https://github.com/iarna))
+* [`ee5bfb3`](https://github.com/npm/npm/commit/ee5bfb3e56ee7ae582bec9f741f32b224c279947)
+ Fix Windows path issue in a shrinkwrap test.
+ ([@zkat](https://github.com/zkat))
+
+#### OTHER BUGFIXES
+
+* [`a11a7b2`](https://github.com/npm/npm/commit/a11a7b2e7df9478ac9101b06eead4a74c41a648d)
+ [#13212](https://github.com/npm/npm/pull/13212)
+ Resolve local paths passed in through the command line relative to current
+ directory, instead of relative to the `package.json`.
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`900a5b7`](https://github.com/npm/npm/commit/900a5b7f18b277786397faac05853c030263feb8)
+ [#13199](https://github.com/npm/npm/pull/13199)
+ [`node-gyp@3.4.0`](https://github.com/nodejs/node-gyp/blob/master/CHANGELOG.md):
+ AIX, Visual Studio 2015, and logging improvements. Oh my~!
+ ([@rvagg](https://github.com/rvagg))
+
+#### DOCUMENTATION FIXES
+
+* [`c6942a7`](https://github.com/npm/npm/commit/c6942a7d6acb2b8c73206353bbec03380a056af4)
+ [#13134](https://github.com/npm/npm/pull/13134)
+ Fixed a few typos in `CHANGELOG.md`.
+ ([@watilde](https://github.com/watilde))
+* [`e63d913`](https://github.com/npm/npm/commit/e63d913127731ece56dcd69c7c0182af21be58f8)
+ [#13156](https://github.com/npm/npm/pull/13156)
+ Fix old reference to `doc/install` in a source comment.
+ ([@sheerun](https://github.com/sheerun))
+* [`099d23c`](https://github.com/npm/npm/commit/099d23cc8f38b524dc19a25857b2ebeca13c49d6)
+ [#13113](https://github.com/npm/npm/issues/13113)
+ [#13189](https://github.com/npm/npm/pull/13189)
+ Fixes a link to `npm-tag(3)` that was breaking to instead point to
+ `npm-dist-tag(1)`, as reported by [@SimenB](https://github.com/SimenB)
+ ([@macdonst](https://github.com/macdonst))
+
+### v3.10.3 (2016-06-23)
+
+Given that we had not one, but two updates to our RC this past week, it
+should come as no surprise that this week's full release is a bit
+lighter. We have some documentation patches and a couple of bug fixes via
+dependency updates.
+
+If you haven't yet checked out last week's release,
+[v3.10.0](https://github.com/npm/npm/releases/tag/v3.10.0)
+and the two follow up releases
+[v3.10.1](https://github.com/npm/npm/releases/tag/v3.10.1)
+and
+[v3.10.2](https://github.com/npm/npm/releases/tag/v3.10.2),
+you really should do so. They're the most important releases we've had in
+quite a while, fixing a bunch of critical bugs (including an issue
+impacting publishing with Node.js 6.x) and of course, bringing in the new
+and improved progress bar.
+
+#### BUM SYMLINKS BURN NO MORE
+
+There's been a bug lurking where broken symlinks in your `node_modules`
+folder could cause all manner of mischief, from crashes to empty `npm ls`
+results. The intrepid [@watilde](https://github.com/watilde) tracked this
+down for us.
+
+This addresses the root cause of the outdated crasher we protected
+against earlier this week in
+[#13115](https://github.com/npm/npm/issues/13115).
+
+This also fixes [#9564](https://github.com/npm/npm/issues/9564), the
+problem where a bad symlink in your global modules would result in an
+empty result when you ran `npm ls -g`.
+
+This ALSO likely fixes numerous "Missing argument #1" errors. (But surely
+not all of them as that's actually just a generic arity and
+type-validation failure.)
+
+* [`ca92ac4`](https://github.com/npm/npm/commit/ca92ac455b841a708dd89262ff88d503b125d717)
+ [npm/read-package-tree#6](https://github.com/npm/read-package-tree/pull/6)
+ `read-package-tree@5.1.5`:
+ Make bad symlinks be non-fatal errors when reading the tree off disk.
+ ([@watilde](https://github.com/watilde))
+
+#### BETTER UNICODE DETECTION
+
+* [`6c3f7f0`](https://github.com/npm/npm/commit/6c3f7f043f09fc2aa19ffd3f956787635fa6f4d0)
+ `has-unicode@2.0.1`:
+ Fix unicode detection on a number of Linux distributions.
+ ([@Darkhogg](https://github.com/Darkhogg)) ([@gagern](https://github.com/gagern))
+
+
+#### DOCUMENTATION FIXES
+
+* [`b9243ee`](https://github.com/npm/npm/commit/b9243ee60a3d60505c2502dc8633811b42c8aaea)
+ [#13127](https://github.com/npm/npm/pull/13127)
+ Remove extra backtick from `npm ls` documentation.
+ ([@shvaikalesh](https://github.com/shvaikalesh))
+* [`e05c0c2`](https://github.com/npm/npm/commit/e05c0c243cc702f9c392c001f668a90b57eaeb0e)
+ [iarna/has-unicode#3](https://github.com/iarna/has-unicode/pull/3)
+ [iarna/has-unicode#4](https://github.com/iarna/has-unicode/pull/4)
+ [#13084](https://github.com/npm/npm/pull/13084)
+ Correct changelog entry for shrinkwrap lifecycle order.
+ ([@SimenB](https://github.com/SimenB))
+* [`823994f`](https://github.com/npm/npm/commit/823994f100a0e59e1dd109e312811f971968ec75)
+ [#13080](https://github.com/npm/npm/pull/13080)
+ Describe using `npm pack` to see a dry run of publication results in
+ the `npm publish` documentation.
+ ([@laughinghan](https://github.com/laughinghan))
+
+#### DEPENDENCY UPDATES
+
+* [`e44d2db`](https://github.com/npm/npm/commit/e44d2db1ad0d860ca08e99c81135bd399fb733b1)
+ `aproba@1.0.4`: Documentation updates and minor refactoring.
+ ([@iarna](https://github.com/iarna))
+
+### v3.10.2 (2016-06-17):
+
+This is a quick hotfix release with two small bug fixes. First, there was
+an issue where the new progress bar would overwrite interactive prompts,
+that is, those found in `npm login` and `npm init`. Second, if the
+directory you were running `npm outdated` on was a bad link or otherwise had
+unrecoverable errors then npm would crash instead of printing the error.
+
+* [`fbefb86`](https://github.com/npm/npm/commit/fbefb8675b26320b295f481b4872ce99f0180807)
+ [`7779e9f`](https://github.com/npm/npm/commit/7779e9fb9430f6547532c67f2471864d62bbd5bc)
+ [#13105](https://github.com/npm/npm/issues/13105)
+ Disable progress bar in `adduser` and `init`.
+* [`6a33b2c`](https://github.com/npm/npm/commit/6a33b2c13f637a41e25cd0339925bc430b50358a)
+ [#13115](https://github.com/npm/npm/issues/13115)
+ Ensure that errors reading the package tree for `outdated` does not result
+ in crashes.
+ ([@iarna](https://github.com/iarna))
+
+### v3.10.1 (2016-06-17):
+
+There are two very important bug fixes and one long-awaited (and significant!)
+deprecation in this hotfix release. [Hold on.](http://butt.holdings/)
+
+#### *WHOA*
+
+When Node.js 6.0.0 was released, the CLI team noticed an alarming upsurge in
+bugs related to important files (like `README.md`) not being included in
+published packages. The new bugs looked much like
+[#5082](https://github.com/npm/npm/issues/5082), which had been around in one
+form or another since April, 2014. #5082 used to be a very rare (and obnoxious)
+bug that the CLI team hadn't had much luck reproducing, and we'd basically
+marked it down as a race condition that arose on machines using slow and / or
+rotating-media-based hard drives.
+
+Under 6.0.0, the behavior was reliable enough to be nearly deterministic, and
+made it very difficult for publishers using `.npmignore` files in combination
+with `"files"` stanzas in `package.json` to get their packages onto the
+registry without one or more files missing from the packed tarball. The entire
+saga is contained within [the issue](https://github.com/npm/npm/issues/5082),
+but the summary is that an improvement to the performance of
+[`fs.realpath()`](https://nodejs.org/api/fs.html#fs_fs_realpath_path_options_callback)
+made it much more likely that the packing code would lose the race.
+
+Fixing this has proven to be very difficult, in part because the code used by
+npm to produce package tarballs is more complicated than, strictly speaking, it
+needs to be. [**@evanlucas**](https://github.com/evanlucas) contributed [a
+patch](https://github.com/npm/fstream/pull/50) that passed the tests in a
+[special test suite](https://github.com/othiym23/eliminate-5082) that I
+([**@othiym23**](https://github.com/othiym23)) created (with help from
+[**@addaleax**](https://github.com/addaleax)), but only _after_ we'd released
+the fixed version of that package did we learn that it actually made the
+problem _worse_ in other situations in npm proper. Eventually,
+[**@rvagg**](https://github.com/rvagg) put together a more durable fix that
+appears to completely address the errant behavior under Node.js 6.0.0. That's
+the patch included in this release. Everybody should chip in for redback
+insurance for Rod and his family; he's done the community a huge favor.
+
+Does this mean the long (2+ year) saga of #5082 is now over? At this point, I'm
+going to quote from my latest summary on the issue:
+
+> The CLI team (mostly me, with input from the rest of the team) has decided that
+> the overall complexity of the interaction between `fstream`, `fstream-ignore`,
+> `fstream-npm`, and `node-tar` has grown more convoluted than the team is
+> comfortable (maybe even capable of) supporting.
+>
+> - While I believe that @rvagg's (very targeted) fix addresses _this_ issue, I
+> would be shocked if there aren't other race conditions in npm's packing
+> logic. I've already identified a couple other places in the code that are
+> most likely race conditions, even if they're harder to trigger than the
+> current one.
+> - The way that dependency bundling is integrated leads to a situation in
+> which a bunch of logic is duplicated between `fstream-npm` and
+> `lib/utils/tar.js` in npm itself, and the way `fstream`'s extension
+> mechanism works makes this difficult to clean up. This caused a nasty
+> regression ([#13088](https://github.com/npm/fstream/pull/50), see below) as
+> of ~`npm@3.8.7` where the dependencies of `bundledDependencies` were no
+> longer being included in the built package tarballs.
+> - The interaction between `.npmignore`, `.gitignore`, and `files` is hopelessly
+> complicated, scattered in many places throughout the code. We've been
+> discussing [making the ignores and includes logic clearer and more
+> predictable](https://github.com/npm/npm/wiki/Files-and-Ignores), and the
+> current code fights our efforts to clean that up.
+>
+> So, our intention is still to replace `fstream`, `fstream-ignore`, and
+> `fstream-npm` with something much simpler and purpose-built. There's no real
+> reason to have a stream abstraction here when a simple recursive-descent
+> filesystem visitor and a synchronous function that can answer whether a given
+> path should be included in the packed tarball would do the job adequately.
+>
+> What's not yet clear is whether we'll need to replace `node-tar` in the
+> process. `node-tar` is a very robust implementation of tar (it handles, like,
+> everything), and it also includes some very important tweaks to prevent several
+> classes of security exploits involving maliciously crafted packages. However,
+> its packing API involves passing in an `fstream` instance, so we'd either need
+> to produce something that follows enough of `fstream`'s contract for `node-tar`
+> to keep working, or swap `node-tar` out for something like `tar-stream` (and
+> then ensuring that our use of `tar-stream` is secure, which could involve
+> security patches for either npm or `tar-stream`).
+
+The testing and review of `fstream@1.0.10` that the team has done leads us to
+believe that this bug is fixed, but I'm feeling more than a little paranoid
+about fstream now, so it's important that people keep a close eye on their
+publishes for a while and let us know immediately if they notice any
+irregularities.
+
+* [`8802f6c`](https://github.com/npm/npm/commit/8802f6c152ea35cb9e5269c077c3a2f9df411afc)
+ [#5082](https://github.com/npm/npm/issues/5082) `fstream@1.0.10`: Ensure that
+ entries are collected after a paused stream resumes.
+ ([@rvagg](https://github.com/rvagg))
+* [`c189723`](https://github.com/npm/npm/commit/c189723110497a17dac3b0596f2916deeed93ee7)
+ [#5082](https://github.com/npm/npm/issues/5082) Remove the warning introduced
+ in `npm@3.10.0`, because it should no longer be necessary.
+ ([@othiym23](https://github.com/othiym23))
+
+#### *ERK*
+
+Because the interaction between `fstream`, `fstream-ignore`, `fsream-npm`, and
+`node-tar` is so complex, it's proven difficult to add support for npm features
+like `bundledDependencies` without duplicating some logic within npm's code
+base. While [fixing a completely unrelated
+bug](https://github.com/npm/npm/issues/9642), we "cleaned up" some of this
+seemingly duplicated code, and in the process removed the code that ensured
+that the dependencies of `bundledDependencies` are themselves bundled. We've
+brought that code back into the code base (without reopening #9642), and added
+a test to ensure that this regression can't recur.
+
+* [`1b6ceca`](https://github.com/npm/npm/commit/1b6ceca32fc81ca7cc7ac2eb7d11f687e6f87f26)
+ [#13088](https://github.com/npm/npm/issues/13088) Partially restore npm's own
+ version of the `fstream-npm` function `applyIgnores` to ensure that the
+ dependencies of `bundledDependencies` are included in published packages.
+ ([@iarna](https://github.com/iarna))
+
+#### GOODBYE, FAITHFUL FRIEND
+
+At NodeConf Adventure 2016 (RIP in peace, Mikeal Rogers's NodeConf!), the CLI
+team had an opportunity to talk to representatives from some of the larger
+companies that we knew were still using Node.js 0.8 in production. After asking
+them whether they were still using 0.8, we got back blank stares and questions
+like, "0.8? You mean, from four years ago?" After establishing that being able
+to run npm in their legacy environments was no longer necessary, the CLI team
+made the decision to drop support for 0.8. (Faithful observers of our [team
+meetings](https://github.com/npm/npm/issues?utf8=%E2%9C%93&q=is%3Aissue+npm+cli+team+meeting+)
+will have known this was the plan for NodeConf since the beginning of 2016.)
+
+In practice, this means only what's in the commit below: we've removed 0.8 from
+our continuous integration test matrix below, and will no longer be habitually
+testing changes under Node 0.8. We may also give ourselves permission to use
+`setImmediate()` in test code. However, since the project still supports
+Node.js 0.10 and 0.12, it's unlikely that patches that rely on ES 2015
+functionality will land anytime soon.
+
+Looking forward, the team's current plan is to drop support for Node.js 0.10
+when its LTS maintenance window expires in October, 2016, and 0.12 when its
+maintenance / LTS window ends at the end of 2016. We will also drop support for
+Node.js 5.x when Node.js 6 becomes LTS and Node.js 7 is released, also in the
+October-December 2016 timeframe.
+
+(Confused about Node.js's LTS policy? [Don't
+be!](https://github.com/nodejs/LTS) If you look at [this
+diagram](https://github.com/nodejs/LTS/blob/ce364a94b0e0619eba570cd57be396573e1ef889/schedule.png),
+it should make all of the preceding clear.)
+
+If, in practice, this doesn't work with distribution packagers or other
+community stakeholders responsible for packaging and distributing Node.js and
+npm, please reach out to us. Aligning the npm CLI's LTS policy with Node's
+helps everybody minimize the amount of work they need to do, and since all of
+our teams are small and very busy, this is somewhere between a necessity and
+non-negotiable.
+
+* [`d6afd5f`](https://github.com/npm/npm/commit/d6afd5ffb1b19e5d94aeee666afcb8adaced58db)
+ Remove 0.8 from the Node.js testing matrix, and reorder to match real-world
+ priority, with comments. ([@othiym23](https://github.com/othiym23))
+
+### v3.10.0 (2016-06-16):
+
+Do we have a release for you! We have our first new lifecycle since
+`version`, a new progress bar and a bunch of bug fixes.
+[I'm](https://github.com/iarna) really excited about this release, let me
+tell you!!
+
+#### DANGER: PUBLISHING ON NODE 6.0.0
+
+Publishing and packing are buggy under Node versions greater than 6.0.0.
+Please use Node.js LTS (4.4.x) to publish packages. See
+[#5082](https://github.com/npm/npm/issues/5082) for details and current
+status.
+
+* [`4e52cef`](https://github.com/npm/npm/commit/4e52cef3d4170c8abab98149666ec599f8363233)
+ [#13077](https://github.com/npm/npm/pull/13077)
+ Warn when using Node 6+.
+ ([@othiym23](https://github.com/othiym23))
+
+#### NEW LIFECYCLE SCRIPT: `shrinkwrap`
+
+* [`e8c80f2`](https://github.com/npm/npm/commit/e8c80f20bfd5d1618e85dbab41660d6f3e5ce405)
+ [#10744](https://github.com/npm/npm/issues/10744)
+ You can now add `preshrinkwrap`, `shrinkwrap` and `postshrinkwrap` to your `package.json`
+ scripts section. They are run when you run `npm shrinkwrap` or `npm install --save` with
+ an `npm-shrinkwrap.json` present in your module directory.
+
+ `preshrinkwrap` and `shrinkwrap` is run prior to generating the new `npm-shrinkwrap.json`
+ and `postshrinkwrap` is run after.
+ ([@SimenB](https://github.com/SimenB))
+
+#### NEW PROGRESS BAR
+
+
+
+We have a new progress bar and a bunch of related improvements!
+
+##### BLOCKING BLOCKING
+
+**!!WARNING!!** As a part of this change we now explicitly set
+`process.stdout` and `process.stderr` to be _blocking_ if they are ttys,
+using [set-blocking](https://www.npmjs.com/package/set-blocking). This is
+necessary to ensure that we can fully erase the progress bar before we start
+writing other things out to the console.
+
+Prior to Node.js 6.0.0, they were already blocking on Windows, and MacOS.
+Meanwhile, on Linux they were always non-blocking but had large (64kb)
+buffers, which largely made this a non-issue there. Starting with Node.js
+6.0.0 they became non-blocking on MacOS and that caused some unexpected
+issues (see [nodejs/node#6456](https://github.com/nodejs/node/issues/6456)).
+
+If you are a Linux user, it's plausible that this might have a performance
+impact if your terminal can't keep up with output rate. If you experience
+this, we want to know! Please [file an
+issue](https://github.com/npm/npm/issues/new) at our issue tracker.
+
+##### BETTER LAYOUT
+
+Let's start by talking about what goes into the new progress bar:
+
+```
+⸨░░░░░░░░░░⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠹ loadExtraneous: verb afterAdd /Users/rebecca/.npm/null/0.0.0/package/package.json written
+ ↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ ↑ ‾‾‾‾‾‾‾‾‾↑‾‾‾‾ ‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾↑‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
+ percent complete spinner current thing we're doing most recent log line
+```
+
+The _spinner_ is intended as an activity indicator–it moves whenever
+npm sends something to its logs. It also spins at a constant speed while
+waiting on the network.
+
+The _current thing we're doing_ relates to how we track how much work has
+been done. It's the name of the unit of work we most recently started or
+completed some of. Sometimes these names are more obvious than others and
+that's something we'll look at improving over time.
+
+And finally, the _most recent log line_ is exactly that, it's the most
+recent line that you would have seen if you were running with
+`--loglevel=silly` or were watching the `npm-debug.log`. These are written
+to be useful to the npm developers above all else, so they may sometimes be
+a little cryptic.
+
+* [`6789978`](https://github.com/npm/npm/commit/6789978ab0713f67928177a9109fed43953ccbda)
+ [#13075](https://github.com/npm/npm/pull/13075)
+ `npmlog@3.1.2`: Update to the latest npmlog, which includes the new and
+ improved progress bar layout.
+ ([@iarna](https://github.com/iarna))
+
+##### MORE PERFORMANT
+
+The underlying code for the progress bar was rewritten, in part with
+performance in mind. Previously whenever you updated the progress bar it
+would check an internal variable for how long it had been since the last
+update and if it had been long enough, it would print out what you gave it.
+With the new progress bar we do updates at a fixed interval (with
+`setInterval`) and "updating" the progress bar just updates some variables
+that will be used when the next tick of the progress bar happens. Currently
+progress bar updates happen every 50ms, although that's open to tuning.
+
+##### WIDE(R) COMPATIBILITY
+
+I spent a lot of time working our Unicode support. There were a few issues
+that plagued us:
+
+Previously one of the characters we used was _ambiguous width_ which means
+that it was possible to configure your terminal to display it as _full
+width_. If you did this, the output would be broken because we assumed it
+was a _half width_ character. We no longer use any of these characters.
+
+Previously, we defaulted to using Unicode on Windows. This isn't a safe
+assumption, however, as folks in non-US locales often use other code pages
+for their terminals. Windows doesn't provide* any facility available to
+Node.js for determining the current code page, so we no longer try to use
+Unicode on Windows.
+
+_\* The facilities it does provide are a command line tool and a windows
+system call. The former isn't satisfactory for speed reasons and the latter
+can't be accessed from a JS-only Node.js program._
+
+##### FOR THE FUTURE: THEMES
+
+The new version of the progress bar library supports plugable themes. Adding
+support to npm shouldn't be too difficult. The built in themes are:
+
+* `ASCII` – The fallback theme which is always available.
+* `colorASCII` – Inverts the color of the completed portion of the progress
+ bar. The default on Windows and usually on Linux. (Color support is
+ determined by looking at the `TERM` environment variable.)
+* `brailleSpinner` – A braille based spinner and other unicode enhancements. MacOS only.
+* `colorBrailleSpinner` – The default on MacOS, a combination of the above two.
+
+##### LESS GARBLED OUTPUT
+
+As a part of landing this I've also taken the opportunity to more
+systematically disable the progress bar prior to printing to `stdout` or
+running external commands (in particular: git). This should ensure that the
+progress bar doesn't get left on screen after something else prints
+something. We also are now much more zealous about erasing the progress bar
+on exit, so if you `Ctrl-C` out of an install we'll still cleanup the
+progress bar.
+
+* [`63f153c`](https://github.com/npm/npm/commit/63f153c743f9354376bfb9dad42bd028a320fd1f)
+ [#13075](https://github.com/npm/npm/pull/13075)
+ Consistently make sure that the progress bar is hidden before we try to
+ write to stdout.
+ ([@iarna](https://github.com/iarna))
+* [`8da79fa`](https://github.com/npm/npm/commit/8da79fa60de4972dca406887623d4e430d1609a1)
+ [#13075](https://github.com/npm/npm/pull/13075)
+ Be more methodical about disabling progress bars before running external
+ commands.
+ ([@iarna](https://github.com/iarna))
+
+#### REPLACE `process.nextTick` WITH `asap` ASAP
+
+* [`5873b56`](https://github.com/npm/npm/commit/5873b56cb315437dfe97e747811c0b9c297bfd38)
+ [`254ad7e`](https://github.com/npm/npm/commit/254ad7e38f978b81046d242297fe8b122bfb5852)
+ [#12754](https://github.com/npm/npm/issues/12754)
+ Use `asap` in preference over `process.nextTick` to avoid recursion warnings.
+ Under the hood `asap` uses `setImmediate` when available and falls back to
+ `process.nextTick` when it's not. Versions of node that don't support
+ `setImmediate` have a version of `process.nextTick` that actually behaves
+ like the current `setImmediate`.
+ ([@lxe](https://github.com/lxe))
+
+#### FIXES AND REFACTORING
+
+Sometimes the installer would get it into its head that it could move or
+remove things that it really shouldn't have. While the reproducers for this were
+often a bit complicated (the core reproducer involved five symlinks(!)), it turns
+out this is an easy scenario to end up in if your project has a bunch of small
+modules and you're linking them while developing them.
+
+Fixing this ended up involving doing an important and overdue rewrite of how
+the installer keeps track of (and interrogates) the relationships between
+modules. This likely fixes other related bugs, and in the coming weeks
+we'll verify and close them as we find them. There are a whole slew of
+commits related to this rewrite, and if you'd like to learn more check
+out the PR where I describe what I did in detail: [#12775](https://github.com/npm/npm/pull/12775)
+
+* [`8f3e111`](https://github.com/npm/npm/commit/8f3e111fdd2ce7824864f77b04e5206bdaf961a1)
+ [`c0b0ed1`](https://github.com/npm/npm/commit/c0b0ed1e9945c01b2e68bf22af3fe4005aa4bcd4)
+ [#10800](https://github.com/npm/npm/issues/10800)
+ Remove install pruning stage–this was obsoleted by making the installer keep
+ itself up to date as it goes along. This is NOT related to `npm prune`.
+ ([@iarna](https://github.com/iarna))
+
+#### MAKE OUTDATED MORE WIDELY LEGIBLE
+
+* [`21c60e9`](https://github.com/npm/npm/commit/21c60e9bb56d47da17b79681f2142b3dcf4c804b)
+ [#12843](https://github.com/npm/npm/pull/12843)
+ In `npm outdated, stop coloring the _Location_ and _Package Type_ columns.
+ Previously they were colored dark gray, which was hard to read for some
+ users.
+ ([@tribou](https://github.com/tribou))
+
+#### DOCUMENTATION UPDATE
+
+* [`eb0a72e`](https://github.com/npm/npm/commit/eb0a72eb95862c1d0d41a259d138ab601d538793)
+ [#12983](https://github.com/npm/npm/pull/12983)
+ Describe how to run the lifecycle scripts of dependencies. How you do
+ this changed with `npm` v2.
+ ([@Tapppi](https://github.com/Tapppi))
+
+### DEPENDENCY UPDATES
+
+* [`da743dc`](https://github.com/npm/npm/commit/da743dc2153fed8baca3dada611b188f53ab5931)
+ `which@1.2.10`:
+ Fix bug where unnecessary special case path handling for Windows could
+ produce unexpected results on Unix systems.
+ ([@isaacs](https://github.com/isaacs))
+* [`4533bd5`](https://github.com/npm/npm/commit/4533bd501d54aeedfec3884f4fd54e8c2edd6020)
+ `npm-user-validate@0.1.4`:
+ Validate the length of usernames.
+ ([@aredridel](https://github.com/aredridel))
+* [`4a18922`](https://github.com/npm/npm/commit/4a18922e56f9dc902fbb4daa8f5fafa4a1b89376)
+ `glob@7.0.4`:
+ Fixes issues with Node 6 and "long or excessively symlink-looping paths".
+ ([@isaacs](https://github.com/isaacs))
+* [`257fe11`](https://github.com/npm/npm/commit/257fe11052987e5cfec2abdf52392dd95a6c6ef3)
+ `npm-package-arg@4.2.0`:
+ Add `escapedName` to the result. It is suitable for passing through to a
+ registry without further processing.
+ ([@nexdrew](https://github.com/nexdrew))
+* [`dda3ca7`](https://github.com/npm/npm/commit/dda3ca70f74879106589ef29e167c8b91ef5aa4c)
+ `wrappy@1.0.2`
+ ([@zkat](https://github.com/zkat))
+* [`25f1db5`](https://github.com/npm/npm/commit/25f1db504d0fd8c97211835f0027027fe95e0ef3)
+ `readable-stream@2.1.4`
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`9d64fe6`](https://github.com/npm/npm/commit/9d64fe676ebc6949c687ffb85bd93eca3137fc0d)
+ `abbrev@1.0.9`
+ ([@isaacs](https://github.com/isaacs))
+
+### v3.9.6 (2016-06-02):
+
+#### SMALL OUTPUT TWEAK
+
+* [`0bdc9d1`](https://github.com/npm/npm/commit/0bdc9d13b73df07e63a58470ea001fda490e5869)
+ [#12879](https://github.com/npm/npm/pull/12879)
+ The usage output for npm commands was somehow under the impression that
+ the singular form of `aliases` is `aliase`. This has been corrected to show
+ `alias` instead.
+ ([@intelliot](https://github.com/intelliot))
+
+#### DOC UPDATES
+
+* [`f771b49`](https://github.com/npm/npm/commit/f771b49f5d65bbef540c231fbfcca71cacdce4db)
+ [#12933](https://github.com/npm/npm/pull/12933)
+ Add `config.gypi` to list of files that are always ignored in the
+ `package.json` manpage.
+ ([@Jokero](https://github.com/Jokero))
+
+#### DEPENDENCY UPDATES
+
+* [`61c1d9c`](https://github.com/npm/npm/commit/61c1d9cd4b2296bd41d55a5c58e35ca5f028b9bc)
+ [#12926](https://github.com/npm/npm/pull/12926)
+ Removed unused dependency `lodash.isarray`.
+ ([@mmalecki](https://github.com/mmalecki))
+* [`168ed28`](https://github.com/npm/npm/commit/168ed2834b2c6db8bb39f81baadc0bf275807328)
+ [#12926](https://github.com/npm/npm/pull/12926)
+ Removed unused dependency `lodash.keys`.
+ ([@mmalecki](https://github.com/mmalecki))
+
+### v3.9.5 (2016-05-27):
+
+Just a quick point release. We had an issue where I (Kat) included the
+`.nyc_output/` directory in `npm@3.9.3` and `npm@3.9.4`. The issue got reported
+right after that second release
+([`#12873`](https://github.com/npm/npm/issues/12873)), and now there's this
+small point release that's there to fix the issue sooner.
+
+* [`f96aea0`](https://github.com/npm/npm/commit/f96aea085be981cdb59bd09f16da40717426f981)
+ [#12878](https://github.com/npm/npm/pull/12878)
+ Ignore `.nyc_output` to avoid an accidental publish or commit filled with
+ code coverage data.
+ ([@TheAlphaNerd](https://github.com/TheAlphaNerd))
+
+### v3.9.4 (2016-05-26):
+
+Hey all! It's that time again!
+
+This week continues our current `big-bug` squashing push, although there's none
+that are ready to release quite yet -- we're working on it!
+
+It's also worth noting that we're entering the main part of conference season,
+so you can probably expect a bit of a dev slowdown as a lot of us wombats attend
+or speak at the various conferences. Remember [npm.camp](npm.camp) is happening
+in 2 months and the lineup is looking pretty great! Tickets are still on sale.
+Come hang out with us! WOO FUN! 🎉😸
+
+#### BUGFIX
+
+* [`cac0038`](https://github.com/npm/npm/commit/cac0038868b18295f9f299e762e20034f32a3e11)
+ [#12845](https://github.com/npm/npm/pull/12845)
+ Progress bar during tarball packing now prints `pack:packagename` instead of
+ `pack:[object Object]`.
+ ([@iarna](https://github.com/iarna))
+
+#### DOC UPDATES
+
+* [`0b81622`](https://github.com/npm/npm/commit/0b816225c743c9203db5d92fb4dd3a9293833298)
+ [#12840](https://github.com/npm/npm/pull/12840)
+ Remove sexualized language from comment in code.
+ ([@geek](https://github.com/geek))
+* [`d6dff24`](https://github.com/npm/npm/commit/d6dff2481cb587c392f22afb893ac3136371a64c)
+ [#12802](https://github.com/npm/npm/pull/12802)
+ Small grammar fix in `cli/npm.md`.
+ ([@andresilveira](https://github.com/andresilveira))
+* [`cb38e0f`](https://github.com/npm/npm/commit/cb38e0fff82a6c1c110026b95b07a8c32e27ec01)
+ [#12782](https://github.com/npm/npm/pull/12782)
+ Documents that `NOTICE` files started getting included after
+ [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17).
+ ([@SimenB](https://github.com/SimenB))
+* [`70a3ae4`](https://github.com/npm/npm/commit/70a3ae4d4ec76b3ec51f00bf5261f1147829f9fe)
+ [#12776](https://github.com/npm/npm/pull/12776)
+ `npm run-script` used to have a `` argument that allowed you to target
+ specific packages' scripts. This was removed as one of the breaking changes
+ for `npm@2`.
+ This patch removes a mention of that argument, which really doesn't exist
+ anymore.
+ ([@fibo](https://github.com/fibo))
+
+#### DEP UPDATES
+
+* [`4a4470d`](https://github.com/npm/npm/commit/4a4470ddd1d9b0b62cb94f3bff5ab6b8e6db527a)
+ `aproba@1.0.3`
+ ([@iarna](https://github.com/iarna))
+
+#### TEST IMPROVEMENTS
+
+So it turns out, `t.comment` in `tap` is actually pretty nice!
+There's also a couple other test improvements by Rebecca landing here.
+
+* [`9fd04dd`](https://github.com/npm/npm/commit/9fd04dd6be493465d7ac5f14dd9328e66069c1bf)
+ [#12851](https://github.com/npm/npm/pull/12851)
+ Rewrite `shrinkwrap-prod-dependency-also` test to use `common.npm`
+ ([@iarna](https://github.com/iarna))
+* [`3bc4a8e`](https://github.com/npm/npm/commit/3bc4a8ee58cb0e0adc84b4f135330f2b1e20d992)
+ [#12851](https://github.com/npm/npm/pull/12851)
+ Clean up `rm-linked` test.
+ ([@iarna](https://github.com/iarna))
+* [`bf7f7f2`](https://github.com/npm/npm/commit/bf7f7f273a794f7573bbbc84b1c216fdcd9e0ef9)
+ [#12851](https://github.com/npm/npm/pull/12851)
+ Clean up `outdated-symlink` test.
+ ([@iarna](https://github.com/iarna))
+* [`ca0baa4`](https://github.com/npm/npm/commit/ca0baa4dac85b1df4e26ef0c73d39314ca6858ca)
+ [#12851](https://github.com/npm/npm/pull/12851)
+ Improve diagnostics for `shrinkwrap-scoped-auth` test.
+ ([@iarna](https://github.com/iarna))
+* [`fbec9fd`](https://github.com/npm/npm/commit/fbec9fd5bb0abce589120d14c1f2b03b58cecce1)
+ [#12851](https://github.com/npm/npm/pull/12851)
+ Rewrite `shrinkwrap-dev-dependency` test to use `common.npm`.
+ ([@iarna](https://github.com/iarna))
+
+### v3.9.3 (2016-05-19):
+
+This week continues our `big-bug` squashing adventure! Things are churning along
+nicely, and we've gotten a lot of fantastic contributions from the community.
+Please keep it up!
+
+A quick note on last week's release: We had a small `npm shrinkwrap`-related
+crasher in `npm@3.9.1`, so once this release goes out, `v3.9.2` is going to be
+`npm@latest`. Please update if you ended up in with that previous version!
+
+Remember we have a weekly team meeting, and you can [suggest agenda items in the
+GitHub issue](https://github.com/npm/npm/issues/12761). Keep an eye out for the
+`#npmweekly` tag on Twitter, too, and join the conversation! We'll do our best
+to address questions y'all send us. ✌
+
+#### FIXES
+
+* [`42d71be`](https://github.com/npm/npm/commit/42d71be2cec674dd9e860ad414f53184f667620d)
+ [#12685](https://github.com/npm/npm/pull/12685)
+ When using `npm ls ` without a semver specifier, `npm ls` would skip
+ any packages in your tree that matched by name, but had a prerelease version
+ in their `package.json`. This patch fixes it so `npm ls` does a simple name
+ match unless you use the `npm ls @` format.
+ ([@zkat](https://github.com/zkat))
+* [`c698ae6`](https://github.com/npm/npm/commit/c698ae666afc92fbc0fcba3c082cfa9b34a4420d)
+ [#12685](https://github.com/npm/npm/pull/12685)
+ Added some tests for more basic `npm ls` functionality.
+ ([@zkat](https://github.com/zkat))
+
+### NOTABLE DEPENDENCY UPDATES
+
+* [`3a6fe23`](https://github.com/npm/npm/commit/3a6fe2373c45e80a1f28aaf176d552f6f97cf131)
+ [npm/fstream-npm#17](https://github.com/npm/fstream-npm/pull/17)
+ `fstream-npm@1.1.0`:
+ `fstream-npm` always includes NOTICE files now.
+ ([@kemitchell](https://github.com/kemitchell))
+* [`df04e05`](https://github.com/npm/npm/commit/df04e05af1f257a1903372e1baf334c0969fbdbd)
+ [#10013](https://github.com/npm/npm/issues/10013)
+ `read-package-tree@5.1.4`:
+ Fixes an issue where `npm install` would fail if your `node_modules` was
+ symlinked.
+ ([@iarna](https://github.com/iarna))
+* [`584676f`](https://github.com/npm/npm/commit/584676f85eaebcb9d6c4d70d2ad320be8a8d6a74)
+ [npm/init-package-json#62](https://github.com/npm/init-package-json/pull/62)
+ `init-package-json@1.9.4`:
+ Stop using `package` for a variable, which defeats some bundlers and linters.
+ ([@adius](https://github.com/adius))
+* [`935a7e3`](https://github.com/npm/npm/commit/935a7e359535e13924934811b77924cbad82619a)
+ `readable-stream@2.1.3`:
+ Node 6 build and buffer-related updates.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+
+#### OTHER DEPENDENCY UPDATES
+
+* [`4c4609e`](https://github.com/npm/npm/commit/4c4609ea49e77303f9d72af6757620e6b3a9a6a9)
+ `inflight@1.0.5`
+ ([@zkat](https://github.com/zkat))
+* [`7a3030d`](https://github.com/npm/npm/commit/7a3030d3d44ea2136425f72950ba22e6efd441d9)
+ `hosted-git-info@2.1.5`
+ ([@zkat](https://github.com/zkat))
+* [`5ed4b58`](https://github.com/npm/npm/commit/5ed4b58409eeb134bca1c96252682fd7600d9906)
+ `which@1.2.9`
+ ([@isaacs](https://github.com/isaacs))
+
+### v3.9.2 (2016-05-17)
+
+This is a quick patch release. The previous release, 3.9.1, introduced a
+bug where npm would crash given a combination of specific package tree on
+disk and a shrinkwrap.
+
+* [`cde367f`](https://github.com/npm/npm/commit/cde367fbb6eebc5db68a44b12a5c7bea158d70db)
+ [#12724](https://github.com/npm/npm/issues/12724)
+ Fix crasher when inflating shrinkwraps with packages on disk that were
+ installed by older npm versions.
+ ([@iarna](https://github.com/iarna))
+
+### v3.9.1 (2016-05-12)
+
+HI all! We have bug fixes to a couple of the hairy corners of `npm`, in the
+form of shrinkwraps and bundled dependencies. Plus some documentation improvements
+and our lodash deps bot a bump.
+
+This is our first week really focused on getting the
+[big bugs](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label:big-bug)
+list down. Our work from this week will be landing next week, and I can't
+wait to tell you about that! (It's about symlinks!)
+
+#### SHRINKWRAP FIX
+
+* [`b894413`](https://github.com/npm/npm/commit/b8944139a935680c4a267468bb2d3c3082b5609f)
+ [#12372](https://github.com/npm/npm/issues/12372)
+ Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install`
+ would not get up the updated package. This corrects that.
+ ([@misterbyrne](https://github.com/misterbyrne))
+
+#### BUNDLED DEPENDENCIES FIX
+
+* [`d0c6d19`](https://github.com/npm/npm/commit/d0c6d194471be8ce3e7b41b744b24f63dd1a3f6f)
+ [#12476](https://github.com/npm/npm/pull/12476)
+ Protects against a crasher when a bundled dep is missing a package.json.
+ ([@dflupu](https://github.com/dflupu))
+
+#### DOCS IMPROVEMENTS
+
+* [`6699aa5`](https://github.com/npm/npm/commit/6699aa53c0a729cfc921ac1d8107c320e5a5ac95)
+ [#12585](https://github.com/npm/npm/pull/12585)
+ Document that engineStrict is quite gone. Not "deprecated" so much as "extirpated".
+ ([@othiym23](https://github.com/othiym23))
+* [`7a41a84`](https://github.com/npm/npm/commit/7a41a84b655be3204d2e80848278a510e42c80e7)
+ [#12636](https://github.com/npm/npm/pull/12636)
+ Improve `npm-scripts` documentation regarding when `node-gyp` is used.
+ ([@reconbot](https://github.com/reconbot))
+* [`4c4b4ba`](https://github.com/npm/npm/commit/4c4b4badf09b9b50cdca85314429a0111bb35cb1)
+ [#12586](https://github.com/npm/npm/pull/12586)
+ Correct `package.json` documentation as to when `node-gyp rebuild` called.
+ This now matches https://docs.npmjs.com/misc/scripts#default-values
+ ([@reconbot](https://github.com/reconbot))
+
+#### DEPENDENCY UPDATES
+
+* [`cfa797f`](https://github.com/npm/npm/commit/cfa797fedd34696d45b61e3ae0398407afece880)
+ `lodash._baseuniq@4.6.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`ab6f180`](https://github.com/npm/npm/commit/ab6f1801971b513f9294b4b8902034ab402af02d)
+ `lodash.keys@4.0.7`
+ ([@jdalton](https://github.com/jdalton))
+* [`4b8d8b6`](https://github.com/npm/npm/commit/4b8d8b63e760a8aa03e8bffa974495dfafbfcb06)
+ `lodash.union@4.4.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`46099d3`](https://github.com/npm/npm/commit/46099d34542760098e5d13c7468a405a724ca407)
+ `lodash.uniq@4.3.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`fff89c6`](https://github.com/npm/npm/commit/fff89c6826c86e9e789adcc9c398385539306042)
+ `lodash.without@4.2.0`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.9.0 (2016-05-05)
+
+Wow! This is a big release week! We've completed the fixes that let the
+test suite pass on Windows, plus more general bug fixes we found while
+fixing things on Windows. Plus a warning to help folks work around a common
+footgun. PLUS an improvement to how npm works with long cache timeouts.
+
+#### INFINITE CACHE A LITTLE BETTER
+
+* [`111ae3e`](https://github.com/npm/npm/commit/111ae3ec366ece7ebcf5988f5bc2a7cd70737dfe)
+ [#8581](https://github.com/npm/npm/issues/8581)
+ When a package is fetched from the cache which cannot satisfy the version
+ requirements, an attempt to fetch it from the network is made. This is
+ helpful for folks using high values for `--cache-min` who are willing to
+ accept possibly not-the-most-recent modules in return for less network
+ traffic.
+ ([@Zirak](https://github.com/Zirak))
+
+#### WARNING: FOOTGUN
+
+* [`60b9a05`](https://github.com/npm/npm/commit/60b9a051aa46b8892fe63b3681839a6fd6642bfd)
+ [#12475](https://github.com/npm/npm/pull/12475)
+ Options can only start with ASCII dashes. Ordinarily this isn't a problem
+ but many web documentation tools "helpfully" convert `--` into an emdash
+ (–), or `-` into an endash (–). If you copy and paste from this documentation
+ your commands won't work the way you expect. This adds a warning that tries
+ to be a little more descriptive about why your command is failing.
+ ([@iarna](https://github.com/iarna))
+
+#### WINDOWS CI
+
+We have [Windows CI](https://ci.appveyor.com/project/npm/npm) setup now! We still have to
+tweak it a little bit around paths to the git binaries, but it's otherwise ready!
+
+* [`bb5d6cb`](https://github.com/npm/npm/commit/bb5d6cbf46b2609243d3b384caadd196e665a797)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Add AppVeyor to CI matrix.
+ ([@othiym23](https://github.com/othiym23))
+
+#### COVERAGE DATA
+
+Not only do our tests produce coverage reports after they run now, we also
+automatically [update Coveralls](https://coveralls.io/github/npm/npm) with
+results from [Travis CI](travis-ci.org/npm/npm) runs.
+
+* [`044cbab`](https://github.com/npm/npm/commit/044cbab0d49adeeb0d9310c64fee6c9759cc7428)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Enable coverage reporting for every test run.
+ ([@othiym23](https://github.com/othiym23))
+
+#### EVERYONE BUGS
+
+* [`37c6a51`](https://github.com/npm/npm/commit/37c6a51c71b0feec8f639b3199a8a9172e58deec)
+ [#12150](https://github.com/npm/npm/pull/12150)
+ Ensure that 'npm cache ls' outputs real filenames. Previously it would
+ sometimes double up the package name in the path it printed.
+ ([@isaacs](https://github.com/isaacs))
+* [`d3ce0b2`](https://github.com/npm/npm/commit/d3ce0b253eb519375071aee29db4ee129dbcdf5c)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Fix unbuilding bins for scoped modules.
+ ([@iarna](https://github.com/iarna))
+* [`e928a30`](https://github.com/npm/npm/commit/e928a30947477a09245f54e9381f46b97bee32d5)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Make handling of local modules (eg `npm install /path/to/my/module`) more
+ consistent when saved to a `package.json`. There were bugs previously where
+ it wouldn't consistently resolve relative paths in the same way.
+ ([@iarna](https://github.com/iarna))
+* [`b820ed4`](https://github.com/npm/npm/commit/b820ed4fc04e21577fa66f7c9482b5ab002e7985)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Under certain circumstances the paths produced for linking, either
+ relative or absolute, would end up basing off the wrong virtual cwd.
+ This resulted in failures for `npm link` in this situations.
+ ([@iarna](https://github.com/iarna))
+
+#### WINDOWS BUGS
+
+* [`7380425`](https://github.com/npm/npm/commit/7380425d810fb8bfc69405a9cbbdec19978a7bee)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Scoped module names were not being correctly inferred from the path on Windows.
+ ([@zkat](https://github.com/zkat))
+* [`91fc24f`](https://github.com/npm/npm/commit/91fc24f2763c2e0591093099ffc866c735f27fde)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Explore with a command to run didn't work properly in Windows– it would pop open a new
+ cmd window and leave it there.
+ ([@iarna](https://github.com/iarna))
+
+#### WINDOWS REFACTORING
+
+* [`f07e643`](https://github.com/npm/npm/commit/f07e6430d4ca02f811138f6140a8bad927607a1f)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Move exec path escaping out to its own function. This turns out to be
+ tricky to get right because how you escape commands to run on Windows via
+ cmd is different then how you escape them at other times. Specifically,
+ you HAVE to quote each directory segment that has a quote in it, that is:
+ `C:\"Program Files"\MyApp\MyApp.exe` By contrast, if that were an argument
+ to a command being run, you CAN'T DO quote it that way, instead you have
+ to wrap the entire path in quotes, like so: `"C:\Program
+ Files\MyApp\MyApp.exe"`.
+ ([@iarna](https://github.com/iarna))
+* [`2e01d29`](https://github.com/npm/npm/commit/2e01d299f8244134b1aa040cab1b59c72c9df4da)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ Create a single function for detecting if we're running on Windows (and
+ using a Windows shell like cmd) and use this instead of doing it one-off
+ all over the place.
+ ([@iarna](https://github.com/iarna))
+
+#### FIX WINDOWS TESTS
+
+As I said before, our tests are passing on Windows! 🎉
+
+* [`ef0dd74`](https://github.com/npm/npm/commit/ef0dd74583be25c72343ed07d1127e4d0cc02df9)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ The fruits of many weeks of labor, fix our tests to pass on Windows.
+ ([@zkat](https://github.com/zkat))
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`8fccda8`](https://github.com/npm/npm/commit/8fccda8587209659c469ab55c608b0e2d7533530)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ `normalize-git-url@3.0.2`:
+ Fix file URLs on Windows.
+ ([@zkat](https://github.com/zkat))
+* [`f53a154`](https://github.com/npm/npm/commit/f53a154df8e0696623e6a71f33e0a7c11a7555aa)
+ `readable-stream@2.1.2`:
+ When readable-stream is disabled, reuse result of `require('stream')`
+ instead of calling it every time.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`02841cf`](https://github.com/npm/npm/commit/02841cfb81d6ba86f691ab43d9bbdac29aec27e7)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ `realize-package-specifier@3.0.2`:
+ Resolve local package paths relative to package root, not cwd.
+ ([@zkat](https://github.com/zkat))
+ ([@iarna](https://github.com/iarna))
+* [`247c1c5`](https://github.com/npm/npm/commit/247c1c5ae08c882c9232ca605731039168bae6ed)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ `npm-package-arg@4.1.1`:
+ Fix Windows file URIs with leading slashes.
+ ([@zkat](https://github.com/zkat))
+* [`365c72b`](https://github.com/npm/npm/commit/365c72bc3ecd9e45f9649725dd635d5625219d8c)
+ `which@1.2.8`
+ ([@isaacs](https://github.com/isaacs))
+* [`e568caa`](https://github.com/npm/npm/commit/e568caabb8390a924ce1cfa51fc914ee6c1637a2)
+ `graceful-fs@4.1.4`
+ ([@isaacs](https://github.com/isaacs))
+* [`304b974`](https://github.com/npm/npm/commit/304b97434959a58f84383bcccc0357c51a4eb39a)
+ [#11444](https://github.com/npm/npm/pull/11444)
+ `standard@6.0.8`
+ ([@feross](https://github.com/feross))
+
+### v3.8.9 (2016-04-28)
+
+Our biggest news this week is that we got the
+[Windows test suite passing](https://github.com/npm/npm/pull/11444)!
+It'll take a little longer to get it passing in our
+[Windows CI](https://ci.appveyor.com/project/npm/npm/) but that's coming
+soon too.
+
+That means we'll be shifting gears away from tests to fixing
+[Big Bugs™](https://github.com/npm/npm/issues?q=is%3Aopen+is%3Aissue+label%3Abig-bug) again.
+Join us at our [team meeting](https://github.com/npm/npm/issues/12517) next
+Tuesday to learn more about that.
+
+#### BUG FIXES AND REFACTORING
+
+* [`60da618`](https://github.com/npm/npm/commit/60da61862885fa904afba7d121860b4282a5b0df)
+ [#12347](https://github.com/npm/npm/issues/12347)
+ Fix a bug that could result in shrinkwraps missing the `resolved` field, which is
+ necessary in producing a fully reproducible build.
+ ([@sminnee](https://github.com/sminnee))
+* [`8597ba4`](https://github.com/npm/npm/commit/8597ba432e91245a1000953b612eb01308178bad)
+ [#12009](https://github.com/npm/npm/issues/12009)
+ Fix a bug in `npm view versions` that resulted in bad output if you
+ didn't also pass in `--json`.
+ ([@watilde](https://github.com/watilde))
+* [`20125f1`](https://github.com/npm/npm/commit/20125f19b96fd05af63f8c0bd243ffb25780279a)
+ [`a53feac`](https://github.com/npm/npm/commit/a53feac2647f7dc4245f1700dfbdd1aba8745672)
+ [`6cfbae4`](https://github.com/npm/npm/commit/6cfbae403abc3cf690565b09569f71cdd41a8372)
+ [#12485](https://github.com/npm/npm/pull/12485)
+ Refactor how the help summaries for commands are produced, such that we only have
+ one list of command aliases.
+ ([@watilde](https://github.com/watilde))
+* [`2ae210c`](https://github.com/npm/npm/commit/2ae210c76ab6fd15fcf15dc1808b01ca0b94fc9e)
+ `read-package-json@2.0.4`:
+ Fix a crash we discovered while fixing up the Windows test suite where if
+ you had a file in your `node_modules` it would cause a crash on Windows
+ (but not MacOS/Linux).
+
+ This makes the error code you get on Windows match that from MacOS/Linux
+ if you try to read a `package.json` from a path that includes a file, not
+ a folder.
+ ([@zkat](https://github.com/zkat))
+
+### v3.8.8 (2016-04-21)
+
+Hi all! Long time no see! We've been heads-down working through getting
+[our test suite passing on Windows](https://github.com/npm/npm/pull/11444).
+Did you know that we have
+[Windows CI](https://ci.appveyor.com/project/npm/npm) now running over at
+Appveyor? In the meantime, we've got a bunch of dependency updates, some
+nice documentation improvements and error messages when your `package.json`
+contains invalid JSON. (Yeah, I thought we did that last one before too!)
+
+#### BAD JSON IS BAD
+
+* [`769e620`](https://github.com/npm/npm/commit/769e6200722d8060b6769e47354032c51cfa85a1)
+ [#12406](https://github.com/npm/npm/pull/12406)
+ Failing to parse the top level `package.json` should be an error.
+ ([@watilde](https://github.com/watilde))
+
+#### DOCUMENTATION
+
+* [`7d64301`](https://github.com/npm/npm/commit/7d643018af5051c920cc73f17bfe32b7ff86e108)
+ [#12415](https://github.com/npm/npm/pull/12415)
+ Clarify that when configuring client-side certificates for authenticating
+ to non-npm registries that `cert` and `key` are not filesystem paths and should
+ actually include the certificate and key data.
+ ([@rvedotrc](https://github.com/rvedotrc))
+* [`f8539b8`](https://github.com/npm/npm/commit/f8539b8c986e81771ccc8ced7e716718423d3187)
+ [#12324](https://github.com/npm/npm/pull/12324)
+ Describe how `npm run` sets `NODE` and `PATH` in more detail.
+ Note that `npm run` changes `PATH` to include the current node
+ interpreter’s directory.
+ ([@addaleax](https://github.com/addaleax))
+* [`2b57606`](https://github.com/npm/npm/commit/2b57606852a2c2a03e4c4b7dcda85b807619c2cf)
+ [#11461](https://github.com/npm/npm/pull/11461)
+ Clarify the documentation for the package.json homepage field.
+ ([@stevemao](https://github.com/stevemao))
+
+#### TESTS
+
+* [`b5a0fbb`](https://github.com/npm/npm/commit/b5a0fbb9e1a2c4fb003dd748264571aa6e3c9e70)
+ [#12329](https://github.com/npm/npm/pull/12329)
+ Fix progress config testing to ignore local user configs.
+ Previously, _any_ local setting would cause the tests to fail as
+ they were trying to test what the default values for the progress
+ bar would be in different environments and any explicit setting
+ overrides those defaults.
+ ([@iarna](https://github.com/iarna))
+* [`3d195bc`](https://github.com/npm/npm/commit/3d195bc0a72b40df02a5c56e4f3be44152e8222b)
+ The lifecycle-signal test could crash on v0.8 due to its use of `Number.parseInt`, which
+ isn't available in that version of node. Fortunately `global.parseInt` _is_, so
+ we just use that instead.
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`05a28e3`](https://github.com/npm/npm/commit/05a28e38586082ac4bbf26ee6f863cc8d07054d6)
+ `npm-package-arg@4.1.1`:
+ Under some circumstances `file://` URLs on Windows were not handled correctly.
+
+ Also, stop converting local module/tarballs into full paths in this
+ module. We do already do that in `realize-package-specifier`, which is
+ more appropriate as it knows what package we're installing relative to.
+ ([@zkat](https://github.com/zkat))
+* [`ada2e93`](https://github.com/npm/npm/commit/ada2e93e8b276000150a9aa93fff69ec366e03d6)
+ `realize-package-specifier@3.0.3`:
+ Require the new `npm-package-arg`, plus fix a case where specifiers that were
+ maybe a tag, maybe a local filename were resolved differently than those that were
+ definitely a local filename.
+ ([@zkat](https://github.com/zkat)) ([@iarna](https://github.com/iarna))
+* [`adc515b`](https://github.com/npm/npm/commit/adc515b22775871386cd62390079fb4bf8e1714a)
+ `fs-vacuum@1.2.9`:
+ A fix for AIX where a non-empty directory can cause `fs.rmDir` to fail with `EEXIST` instead of `ENOTEMPTY`
+ and three new tests
+ ([@richardlau](https://github.com/richardlau))
+
+ Code cleanup, CI & dependency updates.
+ ([@othiym23](https://github.com/othiym23))
+* [`ef53a46`](https://github.com/npm/npm/commit/ef53a46906ce872a4541b605dd42a563cc26e614)
+ `tap@5.7.1`
+ ([@isaacs](https://github.com/isaacs))
+* [`df1f2e4`](https://github.com/npm/npm/commit/df1f2e4838b4d7ea2ea2321a95ae868c0ec0a520)
+ `request@2.72.0`:
+ Fix crashes when response headers indicate gzipped content but the body is
+ empty.
+ Add support for the deflate content encoding.
+ ([@simov](https://github.com/simov))
+* [`776c599`](https://github.com/npm/npm/commit/776c599b204632aca9d29fd92ea5c4f099fdea9f)
+ `readable-stream@2.1.0`:
+ Adds READABLE_STREAM env var that, if set to `disable`, will make
+ `readable-stream` use the local native node streams instead.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`10d6d55`](https://github.com/npm/npm/commit/10d6d5547354fcf50e930c7932ba4d63c0b6009c)
+ `normalize-git-url@3.0.2`:
+ Add support `git+file://` type URLs.
+ ([@zkat](https://github.com/zkat))
+* [`75017ae`](https://github.com/npm/npm/commit/75017aeecec69a1efd546df908aa5befc4467f36)
+ `lodash.union@4.3.0`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.8.7 (2016-04-07)
+
+#### IMPROVED DIAGNOSTICS
+
+* [`38cf79f`](https://github.com/npm/npm/commit/38cf79ffa564ef5cb6677b476e06d0e45351592a)
+ [#12083](https://github.com/npm/npm/pull/12083)
+ If you `ignore-scripts` to disable lifecycles, this makes npm report when it skips running
+ a script.
+ ([@bfred-it](https://github.com/bfred-it))
+
+#### IMPROVE AUTO-INCLUDES
+
+* [`c615182`](https://github.com/npm/npm/commit/c615182c8b47e418338eb1317b99bb66987cda54)
+ [#11995](https://github.com/npm/npm/pull/11995)
+ There were bugs where modules whose names matched the special files that npm always
+ includes would be included, for example, the `history` package was always included.
+
+ With `npm@3` such extraneously bundled modules would not be ordinarily
+ used, as things in `node_modules` in packages are ignored entirely if the
+ package isn't marked as bundling modules.
+
+ Because of this `npm@3` behavior, the `files-and-ignores` test failed to catch this as
+ it was testing _install output_ not what got packed. That has also been fixed.
+ ([@glenjamin](https://github.com/glenjamin))
+
+#### DOCUMENTATION UPDATES
+
+* [`823d9df`](https://github.com/npm/npm/commit/823d9dfa91d7086a26620f007aee4e3cd77b6153)
+ [#12107](https://github.com/npm/npm/pull/12107)
+ In the command summary for `adduser` mention that `login` is an alias.
+ ([@gnerkus](https://github.com/gnerkus))
+* [`7aaf47e`](https://github.com/npm/npm/commit/7aaf47e124c45dde72c961638b770ee535fb2776)
+ [#12244](https://github.com/npm/npm/pull/12244)
+ Update the README to suggest npm@3 for Windows users. Also add a reference to
+ [Microsoft's npm upgrade tool](https://github.com/felixrieseberg/npm-windows-upgrade).
+ ([@felixrieseberg](https://github.com/felixrieseberg))
+
+#### DEPENDENCY UPDATES
+
+* [`486bbc0`](https://github.com/npm/npm/commit/486bbc0e1b101f847e890e6f1925dc8cb253cf3e)
+ `request@2.70.0`
+ ([@simov](https://github.com/simov))
+* [`b1aff34`](https://github.com/npm/npm/commit/b1aff346fc41f13e3306b437e1831942aacf2f54)
+ `lodash.keys@4.0.6`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.8.6 (2016-03-31)
+
+Heeeeeey y'all.
+
+Kat here! Rebecca's been schmoozing with folks at [Microsoft
+Build](https://build.microsoft.com/), so I'm doing the `npm@3` release this
+week.
+
+Speaking of Build, it looks like Microsoft is doing some bash thing. This might
+be really good news for our Windows users once it rolls around. We're keeping an
+eye out and feeling hopeful. 🙆
+
+As far as the release goes: We're really happy to be getting more and more
+community contributions! Keep it up! We really appreciate folks trying to help
+us, and we'll do our best to help point you in the right direction. Even things
+like documentation are a huge help. And remember -- you get socks for it, too!
+
+#### FIXES
+
+* [`f8fb4d8`](https://github.com/npm/npm/commit/f8fb4d83923810eb78d075bd200a9376c64c3e3a)
+ [#12079](https://github.com/npm/npm/pull/12079)
+ Back in `npm@3.2.2` we included [a patch that made it so `npm install pkg` was
+ basically `npm install pkg@latest` instead of
+ `pkg@*`](https://github.com/npm/npm/pull/9170)
+ This is probably what most users expected, but it also ended up [breaking `npm
+ deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided
+ for a package. In that case, we were using `*` to mean "deprecate all
+ versions" and relying on the `pkg` -> `pkg@*` conversion.
+ This patch fixes `npm deprecate pkg` to work as it used to by special casing
+ that particular command's behavior.
+ ([@polm](https://github.com/polm))
+* [`458f773`](https://github.com/npm/npm/commit/458f7734f3376aba0b6ff16d34a25892f7717e40)
+ [#12146](https://github.com/npm/npm/pull/12146)
+ Adds `make doc-clean` to `prepublish` script, to clear out previously built
+ docs before publishing a new npm version
+ ([@watilde](https://github.com/watilde))
+* [`f0d1521`](https://github.com/npm/npm/commit/f0d1521038e956b2197673f36c464684293ce99d)
+ [#12146](https://github.com/npm/npm/pull/12146)
+ Adds `doc-clean` phony target to `make publish`.
+ ([@watilde](https://github.com/watilde))
+
+#### DOC UPDATES
+
+* [`ea92ffc`](https://github.com/npm/npm/commit/ea92ffc9dd2a063896353fc52c104e85ec061360)
+ [#12147](https://github.com/npm/npm/pull/12147)
+ Document that the current behavior of `engines` is just to warn if the node
+ platform is incompatible.
+ ([@reconbot](https://github.com/reconbot))
+* [`cd1ba44`](https://github.com/npm/npm/commit/cd1ba4423b3ca889c741141b95b0d9472b9f71ea)
+ [#12143](https://github.com/npm/npm/pull/12143)
+ Remove `npm faq` command, since the [FAQ was
+ removed](https://github.com/npm/npm/pull/10547).
+ ([@watilde](https://github.com/watilde))
+* [`50a12cb`](https://github.com/npm/npm/commit/50a12cb1f5f158af78d6962ad20ff0a98bc18f18)
+ [#12143](https://github.com/npm/npm/pull/12143)
+ Remove references to the FAQ from the docs, since [it was
+ removed](https://github.com/npm/npm/pull/10547).
+ ([@watilde](https://github.com/watilde))
+* [`60051c2`](https://github.com/npm/npm/commit/60051c25e2ab80c667137dfcd04b242eea25980e)
+ [#12093](https://github.com/npm/npm/pull/12093)
+ Update `bugs` url in `package.json` to use the `https` URL for Github.
+ ([@watilde](https://github.com/watilde))
+* [`af30c37`](https://github.com/npm/npm/commit/af30c374ef22ed1a1c71b14fced7c4b8350e4e82)
+ [#12075](https://github.com/npm/npm/pull/12075)
+ Add the `--ignore-scripts` flag to the `npm install` docs.
+ ([@paulirish](https://github.com/paulirish))
+* [`632b214`](https://github.com/npm/npm/commit/632b214b2f2450e844410792e5947e46844612ff)
+ [#12063](https://github.com/npm/npm/pull/12063)
+ Various minor fixes to the html docs homepage.
+ ([@watilde](https://github.com/watilde))
+
+#### DEP BUMPS
+
+* [`3da0171`](https://github.com/npm/npm/commit/3da01716a0e41d6b5adee2b4fc70fcaf08c0eb24)
+ `lodash.without@4.1.2`
+ ([@jdalton](https://github.com/jdalton))
+* [`69ccf6d`](https://github.com/npm/npm/commit/69ccf6dd4caf95cd0628054307487cae1885acd0)
+ `lodash.uniq@4.2.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`b50c41a`](https://github.com/npm/npm/commit/b50c41a9930dc5353a23c5ae2ff87bb99e11d482)
+ `lodash.union@4.2.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`59c1ad7`](https://github.com/npm/npm/commit/59c1ad7b6f243d07618ed5703bd11d787732fc57)
+ `lodash.clonedeep@4.3.2`
+ ([@jdalton](https://github.com/jdalton))
+* [`2b4f797`](https://github.com/npm/npm/commit/2b4f797dba8e7a1376c8335b7223e82d02cd8243)
+ `lodash._baseuniq@4.5.1`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.8.5 (2016-03-24)
+
+Like my esteemed colleague [@zkat](https://github.com/zkat) said in this
+week's [LTS release notes](https://github.com/npm/npm/releases/tag/v2.15.2),
+this week is another small release but we are continuing to work on our
+[Windows efforts](https://github.com/npm/npm/pull/11444).
+
+You may also be interested in reading the [LTS process and
+policy](https://github.com/npm/npm/wiki/LTS) that
+[@othiym23](https://github.com/othiym23) put together recently. If you have any
+feedback, we would love to hear.
+
+#### DOCTOR IT HURTS WHEN LINK TO MY LINK
+
+Well then, don't do that.
+
+* [`0d4a0b1`](https://github.com/npm/npm/commit/0d4a0b1)
+ [#11442](https://github.com/npm/npm/pull/11442)
+ Fail if the user asks us to make a link from a module back on to itself.
+ ([@antialias](https://github.com/antialias))
+
+#### ERR MODULE LIST TOO LONG
+
+* [`b271ed2`](https://github.com/npm/npm/commit/b271ed2)
+ [#11983](https://github.com/npm/npm/issues/11983)
+ Exit early if no arguments were provided to search instead of trying to display all the modules,
+ running out of memory, and then crashing.
+ ([@SimenB](https://github.com/SimenB))
+
+#### ELIMINATE UNUSED MODULE
+
+* [`b8c7cd7`](https://github.com/npm/npm/commit/b8c7cd7)
+ [#12000](https://github.com/npm/npm/pull/12000)
+ Stop depending on [`async-some`](https://npmjs.com/package/async-some) as it's no
+ longer used in npm.
+ ([@watilde](https://github.com/watilde))
+
+#### DOCUMENTATION IMPROVEMENTS
+
+* [`fdd6b28`](https://github.com/npm/npm/commit/fdd6b28)
+ [#11884](https://github.com/npm/npm/pull/11884)
+ Include `node_modules` in the list of files and directories that npm won't
+ include in packages ordinarily. (Modules listed in `bundledDependencies` and things
+ that those modules rely on, ARE included of course.)
+ ([@Jameskmonger](https://github.com/Jameskmonger))
+* [`aac15eb`](https://github.com/npm/npm/commit/aac15eb)
+ [#12006](https://github.com/npm/npm/pull/12006)
+ Fix typo in npm-orgs documentation, where teams docs went to access docs and vice versa.
+ ([@yaelz](https://github.com/yaelz))
+
+#### FEWER NETWORK TESTS
+
+* [`3e41360`](https://github.com/npm/npm/commit/3e41360)
+ [#11987](https://github.com/npm/npm/pull/11987)
+ Fix test that was inappropriately hitting the network
+ ([@yodeyer](https://github.com/yodeyer))
+
+### v3.8.4 (2016-03-24)
+
+Was erroneously released with just a changelog typo correction and was
+otherwise the same as 3.8.3.
+
+### v3.8.3 (2016-03-17):
+
+#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE
+
+This release includes [the fix for a
+vulnerability](https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29)
+that could cause the unintentional leakage of bearer tokens.
+
+Here are details on this vulnerability and how it affects you.
+
+##### DETAILS
+
+Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests
+from the npm’s command-line interface. A design flaw meant that the CLI was
+sending these bearer tokens with _every_ request made by logged-in users,
+regardless of the destination of their request. (The bearers only should have
+been included for requests made against a registry or registries used for the
+current install.)
+
+An attacker could exploit this flaw by setting up an HTTP server that could
+collect authentication information, then use this authentication information to
+impersonate the users whose tokens they collected. This impersonation would
+allow them to do anything the compromised users could do, including publishing
+new versions of packages.
+
+With the fixes we’ve released, the CLI will only send bearer tokens with
+requests made against a registry.
+
+##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS
+
+If you believe that your bearer token may have been leaked, [invalidate your
+current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun
+`npm login` to generate new tokens. Keep in mind that this may cause continuous
+integration builds in services like Travis to break, in which case you’ll need
+to update the tokens in your CI server’s configuration.
+
+##### WILL THIS BREAK MY CURRENT SETUP?
+
+Maybe.
+
+npm’s CLI team believes that the fix won’t break any existing registry setups.
+Due to the large number of registry software suites out in the wild, though,
+it’s possible our change will be breaking in some cases.
+
+If so, please [file an issue](https://github.com/npm/npm/issues/new) describing
+the software you’re using and how it broke. Our team will work with you to
+mitigate the breakage.
+
+##### CREDIT & THANKS
+
+Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James
+Taylor for reporting this vulnerability to npm.
+
+#### PERFORMANCE IMPROVEMENTS
+
+The updated [`are-we-there-yet`](https://npmjs.com/package/are-we-there-yet)
+changes how it tracks how complete things are to be much more efficient.
+The summary is that `are-we-there-yet` was refactored to remove an expensive
+tree walk.
+
+The result for you should be faster installs when working with very large trees.
+
+Previously `are-we-there-yet` computed this when you asked by passing the request down
+its tree of progress indicators, totaling up the results. In doing so, it had to walk the
+entire tree of progress indicators.
+
+By contrast, `are-we-there-yet` now updates a running total when a change
+is made, bubbling that up the tree from whatever branch made progress. This
+bubbling was already going on so there was nearly no cost associated with taking advantage of it.
+
+* [`32f2bd0`](https://github.com/npm/npm/commit/32f2bd0e26116db253e619d67c4feae1de3ad2c2)
+ `npmlog@2.0.3`:
+ Bring in substantial performance improvements from `are-we-there-yet`.
+ ([@iarna](https://github.com/iarna))
+
+#### DUCT TAPE FOR BUGS
+
+* [`473d324`](https://github.com/npm/npm/commit/473d3244a8ddfd6b260d0aa0d395b119d595bf97)
+ [#11947](https://github.com/npm/npm/pull/11947)
+ Guard against bugs that could cause the installer to crash with errors like:
+
+ ```
+ TypeError: Cannot read property 'target' of null
+ ```
+
+ This doesn't fix the bugs, but it does at least make the installer less
+ likely to explode.
+ ([@thefourtheye](https://github.com/thefourtheye))
+
+#### DOC FIXES
+
+* [`ffa428a`](https://github.com/npm/npm/commit/ffa428a4eee482aa620819bc8df994a76fad7b0c)
+ [#11880](https://github.com/npm/npm/pull/11880)
+ Fix typo in `npm install` documentation.
+ ([@watilde](https://github.com/watilde))
+
+#### DEPENDENCY UPDATES
+
+* [`7537fe1`](https://github.com/npm/npm/commit/7537fe1748c27e6f1144b279b256cd3376d5c41c)
+ `sorted-object@2.0.0`:
+ Create objects with `{}` instead of `Object.create(null)` to make the results
+ strictly equal to what, say, parsed JSON would provide.
+ ([@domenic](https://github.com/domenic))
+* [`8defb0f`](https://github.com/npm/npm/commit/8defb0f7b3ebdbe15c9ef5036052c10eda7e3161)
+ `readable-stream@2.0.6`:
+ Fix sync write issue on 0.10.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+
+#### TEST FIXES FOR THE SELF TESTS
+
+* [`c3edeab`](https://github.com/npm/npm/commit/c3edeabece4400308264e7cf4bc4448bd2729f55)
+ [#11912](https://github.com/npm/npm/pull/11912)
+ Change the self installation test to do its work in `/tmp`.
+ Previously this was installing into a temp subdir in `test/tap`, which
+ wouldn't catch the case where a module was installed in the local
+ `node_modules` folder but not in dependencies, as node would look up
+ the tree and use the copy from the version of npm being tested.
+ ([@iarna](https://github.com/iarna))
+
+### v3.8.2 (2016-03-10):
+
+#### HAVING TROUBLE INSTALLING C MODULES ON ANDROID?
+
+This release includes an updated `node-gyp` with fixes for Android.
+
+* [`634ecba`](https://github.com/npm/npm/commit/634ecba320fb5a3287e8b7debfd8b931827b9e19)
+ `node-gyp@3.3.1`:
+ Fix bug in builds for Android.
+ ([@bnoordhuis](https://github.com/bnoordhuis))
+
+#### NPM LOGOUT CLEANS UP BETTER
+
+* [`460ed21`](https://github.com/npm/npm/commit/460ed217876ac78d21477c288f1c06563fb770b4)
+ [#10529](https://github.com/npm/npm/issues/10529)
+ If you ran `npm logout` with a scope, while we did invalidate your auth
+ token, we weren't removing the auth token from your config file. This patch causes
+ the auth token to be removed.
+ ([@wyze](https://github.com/wyze))
+
+#### HELP MORE HELPFUL
+
+* [`d1d0233`](https://github.com/npm/npm/commit/d1d02335d297da2734b538de44d8967bdcd354cf)
+ [#11003](https://github.com/npm/npm/issues/11003)
+ Update help to only show command names and their shortcuts. Previously
+ some typo corrections were shown, along with various alternate
+ spellings.
+ ([@watilde](https://github.com/watilde))
+* [`47928cd`](https://github.com/npm/npm/commit/47928cd6264e1d6d0ef67435b71c66d01bea664a)
+ [#11003](https://github.com/npm/npm/issues/11003)
+ Remove "verison" typo from the help listing.
+ ([@doug-wade](https://github.com/doug-wade))
+
+#### MORE COMPLETE CONFIG LISTINGS
+
+* [`cf5fd40`](https://github.com/npm/npm/commit/cf5fd401494d96325d74a8bb8c326aa0045a714c)
+ [#11472](https://github.com/npm/npm/issues/11472)
+ Make `npm config list` include the per-project `.npmrc` in the output.
+ ([@mjomble](https://github.com/mjomble))
+
+#### DEPTH LIMITED PARSEABLE DEP LISTINGS
+
+* [`611070f`](https://github.com/npm/npm/commit/611070f0f7a1e185c75cadae46179194084b398f)
+ [#11495](https://github.com/npm/npm/issues/11495)
+ Made `npm ls --parseable` honor the `--depth=#` option.
+ ([@zacdoe](https://github.com/zacdoe))
+
+#### PROGRESS FOR THE (NON) UNICODE REVOLUTION
+
+* [`ff90382`](https://github.com/npm/npm/commit/ff9038227a1976b5e936442716d9877f43c6c9b4)
+ [#11781](https://github.com/npm/npm/issues/11781)
+ Make the progress bars honor the unicode option.
+ ([@watilde](https://github.com/watilde))
+
+#### `npm view --json`, NOW ACTUALLY JSON
+
+* [`24ab70a`](https://github.com/npm/npm/commit/24ab70a4ccfeaa005b80252da313bb589510668e)
+ [#11808](https://github.com/npm/npm/issues/11808)
+ Make `npm view` produce valid JSON when requested with `--json`.
+ Previously `npm view` produced some sort of weird hybrid output, with multiple
+ JSON docs.
+ ([@doug-wade](https://github.com/doug-wade))
+
+#### DOCUMENTATION CHANGES
+
+* [`6fb0499`](https://github.com/npm/npm/commit/6fb0499bea868fdc637656d210c94f051481ecd4)
+ [#11726](https://github.com/npm/npm/issues/11726)
+ Previously we patched the `npm update` docs to suggest using `--depth
+ Infinity` instead of `--depth 9999`, but that was a mistake. We forgot
+ that `npm outdated` (on which `npm update` is built) has a special
+ case where it treats `Infinity` as `0`. This reverts that patch.
+ ([@GriffinSchneider](https://github.com/GriffinSchneider))
+* [`f0bf684`](https://github.com/npm/npm/commit/f0bf684a87ea5eea03432a17f38678fed4960d43)
+ [#11748](https://github.com/npm/npm/pull/11748)
+ Document all of the various aliases for commands in the documentation
+ for those commands.
+ ([@watilde](https://github.com/watilde))
+* [`fe04443`](https://github.com/npm/npm/commit/fe04443d8988e2e41bd4047078e06a26d05d380d)
+ [#10968](https://github.com/npm/npm/issues/10968)
+ The `npm-scope` document notes that scopes have been available on the
+ public registry for a while. This adds that you'll need `npm@2` or later
+ to use them.
+ ([@doug-wade](https://github.com/doug-wade))
+* [`3db37a5`](https://github.com/npm/npm/commit/3db37a52b2b2e3193ef250ad2cf96dfd2def2777)
+ [#11820](https://github.com/npm/npm/pull/11820)
+ The command `npm link` should be linking package from local folder to
+ global, and `npm link package-name` should be from global to local. The
+ description in the documentation was reversed and this fixes that.
+ ([@rhgb](https://github.com/rhgb))
+
+#### GLOB FOR THE GLOB THRONE
+
+* [`be55882`](https://github.com/npm/npm/commit/be55882dc4ee5ce0777b4badc9141dab5bf5be4d)
+ `glob@7.0.3`:
+ Fix a race condition and some windows edge cases.
+ ([@isaacs](https://github.com/isaacs))
+
+### v3.8.1 (2016-03-03):
+
+This week the install summary got better, killing your npm process now
+also kills the scripts it was running and a rarely used search flag got
+documented.
+
+Our improvements on the test suite on Windows are beginning to pick up
+steam, you can follow along by
+[watching the PR](https://github.com/npm/npm/pull/11444).
+
+#### BETTER INSTALL SUMMARIES
+
+* [`e40d457`](https://github.com/npm/npm/commit/e40d4572cc98db06757df5b8bb6b7dbd0546d3d7)
+ [#11699](https://github.com/npm/npm/issues/11699)
+ Ensure that flags like `--production` passed to install don't result in
+ the summary at the end being incorrectly filtered. That summary is
+ produced by the same code as `npm ls` and therefore responds to flags
+ the same way it does. This is undesirable when it's an install summary,
+ however, as we don't want it to filter anything.
+
+ This fixes an issue where `npm install --production ` would
+ result in npm exiting with an error code. The `--production` flag would
+ make `npm ls` filter out `` as it wasn't saved to the
+ `package.json` and thus wasn't a production dependency. The install
+ report is limited to show just the modules installed, so with that
+ filtered out nothing is available. With nothing available `npm ls`
+ would set `npm` to exit with an error code.
+ ([@ixalon](https://github.com/ixalon))
+* [`99337b4`](https://github.com/npm/npm/commit/99337b469163a4b211b9c6ff1aa9712ae0d601d2)
+ [#11600](https://github.com/npm/npm/pull/11600)
+ Make the report of installed modules really only show those modules
+ that were installed. Previously it selected which modules from your
+ tree to display based on `name@version` which worked great when your
+ tree was deduped but would list things it hadn't touched when there
+ were duplicates.
+ ([@iarna](https://github.com/iarna))
+
+#### SCRIPTS BETTER FOLLOW THE LEADER
+
+* [`5454347`](https://github.com/npm/npm/commit/545434766eb3681d3f40b745f9f3187ed63f310a)
+ [#10868](https://github.com/npm/npm/pull/10868)
+ When running a lifecycle script, say through `npm start`, killing npm
+ wouldn't forward that on to the children. It does now.
+ ([@daniel-pedersen](https://github.com/daniel-pedersen))
+
+#### SEARCHING SPECIFIC REGISTRIES
+
+* [`6020447`](https://github.com/npm/npm/commit/60204479f76458a9864aa530cda2b3333f95c2b0)
+ [#11490](https://github.com/npm/npm/pull/11490)
+ Add docs for using the `--registry` flag with search.
+ ([@plumlee](https://github.com/plumlee))
+
+#### LODASH UPDATES
+
+* [`bb14204`](https://github.com/npm/npm/commit/bb14204183dad620a6650452a26cdc64111f8136)
+ `lodash.without@4.1.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`0089059`](https://github.com/npm/npm/commit/0089059c562aee9ad0398e55d2c12c68a6150e79)
+ `lodash.keys@4.0.5`
+ ([@jdalton](https://github.com/jdalton))
+* [`6ee1de4`](https://github.com/npm/npm/commit/6ee1de4474d9683a1f7023067d440780eeb10311)
+ `lodash.clonedeep@4.3.1`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.8.0 (2016-02-25):
+
+This week brings a quality of life improvement for some Windows users, and
+an important knob to be tuned for folks experiencing network problems.
+
+#### LIMIT CONCURRENT REQUESTS
+
+We've long known that `npm`'s tendency to try to request all your
+dependencies simultaneously upset some network hardware (particular,
+consumer grade routers & proxies of all sorts). One of the reasons that we're
+planning to write our own npm specific version of `request` is to be able to
+more easily control this sort of thing.
+
+But fortunately, you don't have to wait for that.
+[@misterbyrne](https://github.com/misterbyrne) took a look at our existing
+code and realized it could be added painlessly TODAY. The new default
+maximum is `50`, instead of `Infinity`. If you're having network issues you
+can try setting that value down to something lower (if you do, please let us
+know... the default is subject to tuning).
+
+* [`910f9ac`](https://github.com/npm/npm/commit/910f9accf398466b8497952bee9f566ab50ade8c)
+ [`f7be667`](https://github.com/npm/npm/commit/f7be667548a132ec190ac9d60a31885a7b4fe2b3)
+ Add a new config option, `maxsockets` and `npm-registry-client@7.1.0` to
+ take advantage of it.
+ ([@misterbyrne](https://github.com/misterbyrne))
+
+#### WINDOWS GIT BASH
+
+We think it's pretty keen too, we were making it really hard to actually
+upgrade if you were using it. NO MORE!
+
+* [`d60351c`](https://github.com/npm/npm/commit/d60351ccae87d71a5f5eac73e3085c6290b52a69)
+ [#11524](https://github.com/npm/npm/issues/11524)
+ Prefer locally installed npm in Git Bash -- previous behavior was to use
+ the global one. This was done previously for other shells, but not for Git
+ Bash.
+ ([@destroyerofbuilds](https://github.com/destroyerofbuilds))
+
+#### DOCUMENTATION IMPROVEMENTS
+
+* [`b63de3c`](https://github.com/npm/npm/commit/b63de3c97c4c27078944249a4d5bbe1c502c23bc)
+ [#11636](https://github.com/npm/npm/issues/11636)
+ Document `--save-bundle` option in main install page.
+ ([@datyayu](https://github.com/datyayu))
+* [`3d26453`](https://github.com/npm/npm/commit/3d264532d6d9df60420e985334aebb53c668d32b)
+ [#11644](https://github.com/npm/npm/pull/11644)
+ Add `directories.test` to the `package.json` documentation.
+ ([@lewiscowper](https://github.com/lewiscowper))
+* [`b64d124`](https://github.com/npm/npm/commit/b64d12432fdad344199b678d700306340d3607eb)
+ [#11441](https://github.com/npm/npm/pull/11441)
+ Add a link in documentation to the contribution guidelines.
+ ([@watilde](https://github.com/watilde))
+* [`82fc548`](https://github.com/npm/npm/commit/82fc548b0e2abbdc4f7968c20b118c30cca79a24)
+ [#11441](https://github.com/npm/npm/pull/11441/commits)
+ Remove mentions of the long defunct Google group.
+ ([@watilde](https://github.com/watilde))
+* [`c6ad091`](https://github.com/npm/npm/commit/c6ad09131af2e2766d6034257a8fcaa294184121)
+ [#11474](https://github.com/npm/npm/pull/11474)
+ Correct invalid JSON in npm-update docs.
+ ([@robludwig](https://github.com/robludwig))
+* [`4906c90`](https://github.com/npm/npm/commit/4906c90ed2668adf59ebee759c7ebb811aa46e57)
+ Expand on the documentation for `bundlededDependencies`, explaining what they are
+ and when you might want to use them.
+ ([@gnerkus](https://github.com/gnerkus))
+
+#### DEPENDENCY UPDATES
+
+* [`93cdc25`](https://github.com/npm/npm/commit/93cdc25432b71cbc9c25c54ae316770e18f4b01e)
+ `strip-ansi@3.0.1`:
+ Non-user visible tests & maintainer doc updates.
+ ([@jbnicolai](https://github.com/jbnicolai))
+* [`3b2ccef`](https://github.com/npm/npm/commit/3b2ccef30dc2038b99ba93cd1404a1d01dac8790)
+ `lodash.keys@4.0.4`
+ ([@jdalton](https://github.com/jdalton))
+* [`30e9eb9`](https://github.com/npm/npm/commit/30e9eb97397a8f85081d328ea9aa54c2a7852613)
+ `lodash._baseuniq@4.5.0`
+ ([@jdalton](https://github.com/jdalton))
+
+
+### v3.7.5 (2016-02-22):
+
+A quick fixup release because when I updated glob, I missed the subdep copies of itself
+that it installed deeper in the tree. =/
+
+This only effected people trying to update to `3.7.4` from `npm@2` or `npm@1`. Updates from
+`npm@3` worked fine (as it fixes up the missing subdeps during installation).
+
+#### OH MY GLOB
+
+* [`63fa704`](https://github.com/npm/npm/commit/63fa7044569127e6e29510dc499a865189806076)
+ [#11633](https://github.com/npm/npm/issues/11633)
+ When updating the top level `npm` to `glob@7`, the subdeps that
+ still depended on `glob@6` got new versions installed but they
+ weren't added to the commit. This adds them back in.
+ ([@iarna](https://github.com/iarna))
+
+### v3.7.4 (2016-02-18):
+
+I'm ([@iarna](https://github.com/iarna)) back from vacation in the frozen
+wastes of Maine! This release sees a couple of bug fixes, some
+documentation updates, a bunch of dependency updates and improvements to our
+test suite.
+
+#### FIXES FOR `update`, FIXES FOR `ls`
+
+* [`53cdb96`](https://github.com/npm/npm/commit/53cdb96634fc329378b4ea4e767ba9987986a76e)
+ [#11362](https://github.com/npm/npm/issues/11362)
+ Make `npm update` stop trying to update linked packages.
+ ([@rhendric](https://github.com/rhendric))
+* [`8d90d25`](https://github.com/npm/npm/commit/8d90d25b3da086843ce43911329c9572bd109078)
+ [#11559](https://github.com/npm/npm/issues/11559)
+ Only list runtime dependencies when doing `npm ls --production`.
+ ([@yibn2008](https://github.com/yibn2008))
+
+#### @wyze, DOCUMENTATION HERO OF THE PEOPLE, GETS THEIR OWN HEADER
+
+* [`b78b301`](https://github.com/npm/npm/commit/b78b30171038ab737eff0b070281277e35af25b4)
+ [#11416](https://github.com/npm/npm/pull/11416)
+ Logout docs were using a section copy-pasted from the adduser docs.
+ ([@wyze](https://github.com/wyze))
+* [`649e28f`](https://github.com/npm/npm/commit/649e28f50aa323e75202eeedb824434535a0a4a0)
+ [#11414](https://github.com/npm/npm/pull/11414)
+ Add colon for consistency.
+ ([@wyze](https://github.com/wyze))
+
+#### WHITTLING AWAY AT PATH LENGTHS
+
+So for all of you who don't know -- Node.js does, in fact, support long Windows
+paths. Unfortunately, depending on the tool and the Windows version, a lot of
+external tooling does not. This means, for example, that some (all?) versions of
+Windows Explorer *can literally never delete npm from their system entirely
+because of deeply-nested npm dependencies*. Which is pretty gnarly.
+
+Incidentally, if you run into that in particularly, you can use
+[rimraf](npm.im/rimraf) to remove such files 💁.
+
+The latest victim of this issue was the Node.js CI setup for testing on Windows,
+which uses some tooling or another that croaks on the usual path length limit
+for that OS: 255 characters.
+
+This isn't ordinarily an issue with `npm@3` as it produces mostly flat
+trees, but you may be surprised to learn that `npm`'s own distribution isn't
+flat, due to needing to be compatible with `npm@1.2`, which ships with
+`node@0.8`!
+
+We've taken another baby step towards alleviating this in this release by
+updating a couple of dependencies that were preventing `npmlog` from deduping,
+and then doing a dedupe on that and `gauge`. Hopefully it helps.
+
+* [`f3c32bc`](https://github.com/npm/npm/commit/f3c32bc3127301741d2fa3a26be6f5f127a35908)
+ [#11528](https://github.com/npm/npm/pull/11528)
+ `node-gyp@3.3.0`:
+ Update to a more recent version that uses a version of npmlog compatible
+ with npm itself. Also adds: AIX support, new `gyp`, `--cafile` command
+ line option, and allows configuration of Node.js and io.js mirrors.
+ ([@rvagg](https://github.com/rvagg))
+
+#### INTERNAL TEST IMPROVEMENTS
+
+The `npm` core team's time recently has been sunk into `npm`'s many years of
+tech debt. Specifically, we've been working on improving the test suite.
+This isn't user visible, but in future should mean a more stable, easier to
+contribute to `npm`. Ordinarily we don't report these kinds of changes in
+the change log, but I thought I might share this week as this chunk is
+bigger than usual.
+
+* [`07f020a`](https://github.com/npm/npm/commit/07f020a09e94ae393c67526985444e128ef6f83c)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ `tacks@1.0.9`:
+ Add a package that provides a tool to generate fixtures from folders and, relatedly,
+ a module that an create and tear down filesystem fixtures easily.
+ ([@iarna](https://github.com/iarna))
+* [`0837346`](https://github.com/npm/npm/commit/083734631f9b11b17c08bca8ba8cb736a7b1e3fb)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ Remove all the relatively cryptic legacy tests and creates new tap tests
+ that check the same functionality. The *legacy* tests were tests that
+ were originally a shell script that was ported to javascript early in
+ `npm`'s history.
+ ([@iarna](https://github.com/iarna))
+ ([@zkat](https://github.com/zkat))
+* [`5a701e7`](https://github.com/npm/npm/commit/5a701e71a0130787fb98450f9de92117b4ef88e1)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ Test that we don't leak auth info into the environment.
+ ([@zkat](https://github.com/zkat))
+* [`502d7d0`](https://github.com/npm/npm/commit/502d7d0628f08b09d8d13538ebccc63de8b3edf5)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ Test that env vars properly passed into scripts.
+ ([@zkat](https://github.com/zkat))
+* [`420f267`](https://github.com/npm/npm/commit/420f2672ee8c909f18bee10b1fc7d4ad91cf328b)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ Test that npm's distribution binary is complete and can be installed and used.
+ ([@iarna](https://github.com/iarna))
+* [`b7e99be`](https://github.com/npm/npm/commit/b7e99be1b1086f2d6098c653c1e20791269c9177)
+ [#11292](https://github.com/npm/npm/pull/11292)
+ Test that the `package.json` `files` section and `.npmignore` do what
+ they're supposed to.
+ ([@zkat](https://github.com/zkat))
+
+#### DEPENDENCY UPDATES
+
+* [`4611098`](https://github.com/npm/npm/commit/4611098fd8c65d61a0645deb05bf38c81300ffca)
+ `rimraf@2.5.2`:
+ Use `glob@7.0.0`.
+ ([@isaacs](https://github.com/isaacs))
+* [`41b2772`](https://github.com/npm/npm/commit/41b2772cb83627f3b5b926cf81e150e7148cb124)
+ `glob@7.0.0`:
+ Raise error if `options.cwd` is specified, and not a directory.
+ ([@isaacs](https://github.com/isaacs))
+* [`c14e74a`](https://github.com/npm/npm/commit/c14e74ab5d17c764f3aa37123a9632fa965f8760)
+ `gauge@1.2.7`: Update to newer lodash versions, for a smaller tree.
+ ([@iarna](https://github.com/iarna))
+* [`d629363`](https://github.com/npm/npm/commit/d6293630ddc25bfa26d19b6be4fd2685976d7358)
+ `lodash.without@4.1.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`3ea4c80`](https://github.com/npm/npm/commit/3ea4c8049ca8df9f64426b1db8a29b9579950134)
+ `lodash.uniq@4.2.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`8ddcc8d`](https://github.com/npm/npm/commit/8ddcc8deb554660a3f7f474fae9758c967d94552)
+ `lodash.union@4.2.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`2b656a6`](https://github.com/npm/npm/commit/2b656a672d351f32ee2af24dcee528356dcd64f4)
+ `lodash.keys@4.0.3`
+ ([@jdalton](https://github.com/jdalton))
+* [`ac171f8`](https://github.com/npm/npm/commit/ac171f8f0318a7dd3c515f3b83502dfa9e87adb8)
+ `lodash.isarguments@3.0.7`
+ ([@jdalton](https://github.com/jdalton))
+* [`bcccd90`](https://github.com/npm/npm/commit/bcccd9057b75d800c799ab15f00924f700415d3e)
+ `lodash.clonedeep@4.3.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`8165bca`](https://github.com/npm/npm/commit/8165bca537d86305a3d08f080f86223a26615aa8)
+ `lodash._baseuniq@4.4.0`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.7.3 (2016-02-11):
+
+Hey all! We've got a pretty small release this week -- just documentation
+updates and a couple of dependencies. This release also includes a particular
+dependency upgrade that makes it so we're exclusively using the latest version
+of `graceful-fs`, which'll make it so things keep working with future Node.js
+releases.
+
+A certain internal Node.js API was deprecated and slated for future removal from
+Node Core. This API was critical for versions of `graceful-fs@<4`, before a
+different approach was used to achieve similar ends. By upgrading this library,
+and making sure all our dependencies are also updated, we've ensured npm will
+continue to work once the API is finally removed. Older versions of npm, on the
+other hand, will simply not work on future versions of Node.js.
+
+#### DEPENDENCY UPGRADES
+
+* [`29536f4`](https://github.com/npm/npm/commit/29536f42da6c06091c9acbc8952f72daa8a9412c)
+ `cmd-shim@2.0.2`:
+ Final straggler using `graceful-fs@<4`.
+ ([@ForbesLindesay](https://github.com/ForbesLindesay))
+* [`5f59e74`](https://github.com/npm/npm/commit/5f59e748ef4c066756bb204a452cecd0543c7a2f)
+ `lodash.uniq@4.1.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`987cabe`](https://github.com/npm/npm/commit/987cabe8a18abcb5a685685958bf74c7258a979c)
+ `lodash.union@4.1.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`5c641f0`](https://github.com/npm/npm/commit/5c641f05fdc153c6bb06a89c46fe2a345ce413db)
+ `lodash.clonedeep@4.1.0`
+ ([@jdalton](https://github.com/jdalton))
+
+#### EVERYONE GETTING SOCKS LIKE IT'S OPRAH'S SHOW
+
+* [`9ea5658`](https://github.com/npm/npm/commit/9ea56582ca4d0991dbed44f992c88f08a643cb4b)
+ [#11410](https://github.com/npm/npm/pull/11410)
+ Fixed a small spelling error in `npm-config.md`.
+ ([@pra85](https://github.com/pra85))
+* [`2a11e56`](https://github.com/npm/npm/commit/2a11e562a14bce18b6ddca6c20d17f97b6a8ec2f)
+ [#11403](https://github.com/npm/npm/pull/11403)
+ Removes `--depth Infinity` warning from documentation -- this operation should
+ actually be totally safe as of `npm@3`. (The warning remains for `npm@2`.)
+ ([@Aourin](https://github.com/Aourin))
+* [`42a4727`](https://github.com/npm/npm/commit/42a4727bfb1e21c890b8e2babda55e06ac2bda29)
+ [#11391](https://github.com/npm/npm/pull/11391)
+ Fixed versions of `shrinkwrap.json` in examples in documentation for `npm
+ shrinkwrap`, which did not quite match up.
+ ([@xcatliu](https://github.com/xcatliu))
+
+### v3.7.2 (2016-02-04):
+
+This week, the CLI team has been busy working on rewriting tests to support
+getting coverage reports going and running all of our tests on Windows.
+Meanwhile, we've got a bunch of dependency updates and one or two other
+things.
+
+#### TESTS WENT INTO HIDING
+
+Last week we took a patch from [@substack](https://github.com/substack) to
+stop the installer from reordering arrays in an installed module's
+`package.json`... but somehow I dropped the test when I was rebasing.
+
+* [`21b9271`](https://github.com/npm/npm/commit/21b927182514a0ff6d9f34480bfc39f72e3e9f8c)
+ [#10063](https://github.com/npm/npm/issues/10063)
+ Restore test that verifies that we don't re-order arrays in a module's
+ `package.json` on install.
+ ([@substack](https://github.com/substack))
+
+#### DOCUMENTATION FIXES
+
+* [`c67521d`](https://github.com/npm/npm/commit/c67521dc6c1e41d39d02c74105e41442851d23bb)
+ [#11348](https://github.com/npm/npm/pull/11348)
+ Improve the documentation around which files are ALWAYS included in published packages
+ and which are ALWAYS excluded.
+ ([@jscissr](https://github.com/jscissr))
+* [`7ef6793`](https://github.com/npm/npm/commit/7ef6793cd191cc8d88340f7e1ce9c9e3d6f0b2f4)
+ [#11348](https://github.com/npm/npm/pull/11348)
+ The release date on the 3.7.0 changelog entry was wrong. I honestly don't
+ know how I keep doing this. =D
+ ([@rafek](https://github.com/rafek))
+
+#### DEPENDENCY UPDATES
+
+* [`8a3c80c`](https://github.com/npm/npm/commit/8a3c80c4fd3d82fe937f30bc7cbd3dee51a8a893)
+ `graceful-fs@4.1.3`:
+ Fix a bug where close wasn't getting made graceful.
+ ([@isaacs](https://github.com/isaacs))
+
+`lodash` saw updates across most of its modules this week with browser
+campatibility fixes that don't really impact us.
+
+* [`2df342b`](https://github.com/npm/npm/commit/2df342bf30efa99b98016acc8a5dc03e00b58b9c)
+ `lodash.without@4.0.2`
+ ([@jdalton](https://github.com/jdalton))
+* [`86aa91d`](https://github.com/npm/npm/commit/86aa91dce60f6b6a92bb3ba2bf6e6be1f6afc750)
+ `lodash.uniq@4.0.2`
+ ([@jdalton](https://github.com/jdalton))
+* [`0a94bf6`](https://github.com/npm/npm/commit/0a94bf6af0ebd38d080f92257e0cd9bae40b31ff)
+ `lodash.union@4.0.2`
+ ([@jdalton](https://github.com/jdalton))
+* [`b4c9582`](https://github.com/npm/npm/commit/b4c9582b4ef5991f3d155e0c6142ed1c631860af)
+ `lodash.isarguments@3.0.6`
+ ([@jdalton](https://github.com/jdalton))
+* [`efe766c`](https://github.com/npm/npm/commit/efe766c63c0948a4ae4c0d12f2b834629ab86e92)
+ `lodash.keys@4.0.2`: Minor code cleanup and the above.
+ ([@jdalton](https://github.com/jdalton))
+* [`36abb24`](https://github.com/npm/npm/commit/36abb24ef31017adbf325e7f833d5d4b0f03f5d4)
+ `lodash.clonedeep@4.0.4`:
+ Add support for cloning prototype objects and the above.
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.7.1 (2016-02-01):
+
+Super quick Monday patch on last week's release.
+
+If you ever wondered why we release things to the `npm@next` tag for a week
+before promoting them to `npm@latest`, this is it!
+
+#### RELEASE TRAIN VINDICATED (again)
+
+* [`adcaf04`](adcaf047811dcc475ab1984fc93fe34540fc03d7)
+ [#11349](https://github.com/npm/npm/issues/11349)
+ Revert last weeks change to use JSON clone instead of `lodash.cloneDeep`.
+ ([@iarna](https://github.com/iarna))
+
+### v3.7.0 (2016-01-29):
+
+Hi all! This week brings us some important performance improvements,
+support for git submodules(!) and a bunch of bug fixes.
+
+#### PERFORMANCE
+
+`gauge`, the module responsible for drawing `npm`'s progress bars, had an
+embarrassing bug in its debounce implementation that resulted in it, on many
+systems, actually being _slower_ than if it hadn't been debouncing. This was
+due to it destroying and then creating a timer object any time it got an
+update while waiting on its minimum update period to elapse. This only was
+a measurable slowdown when sending thousands of updates a second, but
+unfortunately parts of `npm`'s logging do exactly that. This has been patched
+to eliminate that churn, and our testing shows the progress bar as being
+eliminated as a source of slow down.
+
+Meanwhile, `are-we-there-yet` is the module that tracks just how complete
+our big asynchronous install process is. [@STRML](https://github.com/STRML)
+spent some time auditing its source and made a few smaller performance
+improvements to it. Most impactful was eliminating a bizarre bit of code
+that was both binding to AND closing over the current object. I don't have
+any explanation for how that crept in. =D
+
+* [`c680fa9`](https://github.com/npm/npm/commit/c680fa9f8135759eb5512f4b86e47fa265733f79)
+ `npmlog@2.0.2`: New `are-we-there-yet` with performance patches from
+ [@STRML](https://github.com/STRML). New `gauge` with timer churn
+ performance patch.
+ ([@iarna](https://github.com/iarna))
+
+We were also using `lodash`'s `cloneDeep` on `package.json` data which is
+definitely overkill, seeing as `package.json` data has all the restrictions
+of being `json`. The fix for this is just swapping that out for something
+that does a pair of `JSON.stringify`/`JSON.parse`, which is distinctly more
+speedy.
+
+* [`1d1ea7e`](https://github.com/npm/npm/commit/1d1ea7eeb958034878eb6573149aeecc686888d3)
+ [#11306](https://github.com/npm/npm/pull/11306)
+ Use JSON clone instead of `lodash.cloneDeep`.
+ ([@STRML](https://github.com/STRML))
+
+#### NEW FEATURE: GIT SUBMODULE SUPPORT
+
+Long, long requested– the referenced issue is from 2011– we're finally
+getting rudimentary git submodule support.
+
+* [`39dea9c`](https://github.com/npm/npm/commit/39dea9ca4216c6ea628f5ca47d2b34a4b251a1ed)
+ [#1876](https://github.com/npm/npm/issues/1876)
+ Add support for git submodules in git remotes. This is a fairly simple
+ approach, which does not leverage the git caching mechanism to cache
+ submodules. It also doesn't provide a means to disable automatic
+ initialization, e.g. via a setting in the `.gitmodules` file.
+ ([@gagern](https://github.com/gagern))
+
+#### ROBUSTNESS
+
+* [`5dec02a`](https://github.com/npm/npm/commit/5dec02a3d0e82202c021e27aff9d006283fdc25a)
+ [#10347](https://github.com/npm/npm/issues/10347)
+ There is an obscure feature that lets you monkey-patch npm when it starts
+ up. If the module being required with this feature failed, it would
+ previously just make `npm` error out– this reduces that to a warning.
+ ([@evanlucas](https://github.com/evanlucas))
+
+#### BUG FIXES
+
+* [`9ab8b8d`](https://github.com/npm/npm/commit/9ab8b8d047792612ae7f9a6079745d51d5283a53)
+ [#10820](https://github.com/npm/npm/issues/10820)
+ Fix a bug with `npm ls` where if you asked for ONLY production dependencies in output
+ it would exclude dependencies that were BOTH production AND development dependencies.
+ ([@davidvgalbraith](https://github.com/davidvgalbraith))
+* [`6803fed`](https://github.com/npm/npm/commit/6803fedadb8f9b36cd85f7338ecf75d1d183c833)
+ [#8982](https://github.com/npm/npm/issues/8982)
+ Fix a bug where, under some circumstances, if you had a path that
+ contained the name of a package being installed somewhere in it, `npm`
+ would incorrectly refuse to run lifecycle scripts.
+ ([@elvanja](https://github.com/elvanja))
+* [`3eae40b`](https://github.com/npm/npm/commit/3eae40b7a681aa067dfe4fea8c9a76da5b508b48)
+ [#9253](https://github.com/npm/npm/issues/9253)
+ Fix a bug where, when running lifecycle scripts, if the Node.js binary you ran
+ `npm` with wasn't in your `PATH`, `npm` wouldn't use it to run your scripts.
+ ([@segrey](https://github.com/segrey))
+* [`61daa6a`](https://github.com/npm/npm/commit/61daa6ae8cbc041d3a0d8a6f8f268b47dd8176eb)
+ [#11014](https://github.com/npm/npm/issues/11014)
+ Fix a bug where running `rimraf node_modules/` followed by `npm
+ rm --save ` would fail. `npm` now correctly removes the module
+ from your `package.json` even though it doesn't exist on disk.
+ ([@davidvgalbraith](https://github.com/davidvgalbraith))
+* [`a605586`](https://github.com/npm/npm/commit/a605586df134ee97c95f89c4b4bd6bc73f7aa439)
+ [#9679](https://github.com/npm/npm/issues/9679)
+ Fix a bug where `npm install --save git+https://…` would save a `https://`
+ url to your `package.json` which was a problem because `npm` wouldn't then
+ know that it was a git repo.
+ ([@gagern](https://github.com/gagern))
+* [`bbdc700`](https://github.com/npm/npm/commit/bbdc70024467c365cc4e06b8410947c04b6f145b)
+ [#10063](https://github.com/npm/npm/issues/10063)
+ Fix a bug where `npm` would change the order of array properties in the
+ `package.json` files of dependencies. `npm` adds a bunch of stuff to
+ `package.json` files in your `node_modules` folder for debugging and
+ bookkeeping purposes. As a part of this process it sorts the object to
+ reduce file churn when it does updates. This fixes a bug where the arrays
+ in the object were also getting sorted. This wasn't a problem for
+ properties that `npm` itself maintains, but _is_ a problem for properties
+ used by other packages.
+ ([@substack](https://github.com/substack))
+
+#### DOCS IMPROVEMENTS
+
+* [`2609a29`](https://github.com/npm/npm/commit/2609a2950704f577ac888668e81ba514568fab44)
+ [#11273](https://github.com/npm/npm/pull/11273)
+ Include an example of viewing package version history in the `npm view` documentation.
+ ([@vedatmahir](https://github.com/vedatmahir))
+* [`719ea9c`](https://github.com/npm/npm/commit/719ea9c45a5c3233f3afde043b89824aad2df0a7)
+ [#11272](https://github.com/npm/npm/pull/11272)
+ Fix typographical issue in `npm update` documentation.
+ ([@jonathanp](https://github.com/jonathanp))
+* [`cb9df5a`](https://github.com/npm/npm/commit/cb9df5a37091e06071d8704b629e7ebaa41c37fe)
+ [#11215](https://github.com/npm/npm/pull/11215)
+ Do not call `SEE LICENSE IN ` an _SPDX expression_, as it's not.
+ ([@kemitchell](https://github.com/kemitchell))
+* [`f427934`](https://github.com/npm/npm/commit/f4279346c368da4bca09385f773e8eed1d389e5e)
+ [#11196](https://github.com/npm/npm/pull/11196)
+ Correct the `package.json` examples in the `npm update` documentation to actually be
+ valid JSON and not just JavaScript object literals.
+ ([@s100](https://github.com/s100))
+
+#### DEPENDENCY UPDATES
+
+* [`a7b2407`](https://github.com/npm/npm/commit/a7b24074cb59a1ab17c0d8eff1498047e6a123e5)
+ `retry@0.9.0`: New features and interface agnostic refactoring.
+ ([@tim-kos](https://github.com/tim-kos))
+* [`220fc77`](https://github.com/npm/npm/commit/220fc7702ae3e5d601dfefd3e95c14e9b32327de)
+ `request@2.69.0`:
+ A bunch of small bug fixes and module updates.
+ ([@simov](https://github.com/simov))
+* [`9e5c84f`](https://github.com/npm/npm/commit/9e5c84f1903748897e54f8ff099729ff744eab0f)
+ `which@1.2.4`:
+ Update `isexe` and fix bug in `pathExt`, in which files without extensions
+ would sometimes be preferred to files with extensions on Windows, even though
+ those without extensions aren't executable.
+ `pathExt` is a list of extensions that are considered executable (exe, cmd,
+ bat, com on Windows).
+ ([@isaacs](https://github.com/isaacs))
+* [`375b9c4`](https://github.com/npm/npm/commit/375b9c42fe0c6de47ac2f92527354b2ea79b7968)
+ `rimraf@2.5.1`: Minor doc formatting fixes.
+ ([@isaacs](https://github.com/isaacs))
+* [`ef1971e`](https://github.com/npm/npm/commit/ef1971e6270c2bc72e6392b51a8b84f52708f7e7)
+ `lodash.clonedeep@4.0.2`:
+ Misc minor code cleanup. No functional changes.
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.6.0 (2016-01-20):
+
+Hi all! This is a bigger release, in part 'cause we didn't have one last
+week. The most important thing you need to know is that when `npm@3.6.0` replaces
+`npm@3.5.4` as `next`, `npm@3.5.4` WILL NOT be moved on to `latest`. This is due to
+a packaging error that tickles bugs in some earlier releases and makes upgrades to it
+from those versions break the install.
+
+#### NEW FEATURES‼
+
+* [`ff504d4`](https://github.com/npm/npm/commit/ff504d449ea1fa996cbb02c8078964643c51e5f6)
+ [#8752](https://github.com/npm/npm/issues/8752)
+ In `npm outdated`, report symlinked packages as having a wanted & latest
+ version of `linked`.
+ ([@halhenke](https://github.com/halhenke))
+* [`f44d8c9`](https://github.com/npm/npm/commit/f44d8c9a3940f7041f8136f8754a54b13f1f9d60)
+ [#10775](https://github.com/npm/npm/issues/10775)
+ Add a success message to `adduser` / `login`.
+ ([@ekmartin](https://github.com/ekmartin))
+* [`3109303`](https://github.com/npm/npm/commit/310930395c9bf1577cf085b9742210bfc71bb019)
+ [#10043](https://github.com/npm/npm/pull/10043)
+ Warn if you try to use `npm run x` if you don't have a `node_modules` folder, since
+ whatever you're trying to do _probably_ won't work.
+ ([@timkrins](https://github.com/timkrins))
+
+* [`9ed2849`](https://github.com/npm/npm/commit/9ed2849cd7e8cc97111dca42a940905284afe55d)
+ [`e9f1ad8`](https://github.com/npm/npm/commit/e9f1ad88ce58ecd111811e11afa52ac19fc8696e)
+ [`f10d300`](https://github.com/npm/npm/commit/f10d300e5effa7a5756c8d461eef284c283a41d1)
+ [`8b593d8`](https://github.com/npm/npm/commit/8b593d8d187d6ac85d2a59cbe647afb5516c1b94)
+ [#10717](https://github.com/npm/npm/pull/10717)
+ `npm version` can now take a `from-git` argument, which instructs `npm` to read the
+ version from git and update your `package.json` to what it finds. This is in contrast
+ to its normal use where `npm` _tells_ git about your new version.
+ ([@ekmartin](https://github.com/ekmartin))
+
+#### 3.5.4 WAS NOT SO GREAT
+
+The `npm@3.5.4` package was missing some dependencies. Specifically, `glob`
+and `has-unicode` had major release updates which meant that subdeps that
+relied on older major versions couldn't use the npm supplied versions any
+more, and so they needed their own copies.
+
+This went undetected because the actions necessary to run the tests (which
+check for this sort of thing) resolved the missing modules.
+
+Further, it didn't have symptoms when upgrading from _most_ versions of npm.
+Unfortunately, some versions had bugs that were tickled by this and resulted
+in broken upgrades, most notably, `npm@3.3.12`, the version that's been in
+Node.js 5.
+
+* [`1d3325c`](https://github.com/npm/npm/commit/1d3325c040621a4792db80fb232f4994b9d5c5f2)
+ [`02611c6`](https://github.com/npm/npm/commit/02611c673a4d2bbe8fcef8d48407768da31c90d2)
+ [`39d5fea`](https://github.com/npm/npm/commit/39d5feadefdde38d75a18f23343bc6ec37153638)
+ [`7d0e830`](https://github.com/npm/npm/commit/7d0e830f26c73b9d9277b29949227ba9cca27fd9)
+ [#11129](https://github.com/npm/npm/pull/11129)
+ Update the underlying dependencies to allow use for the new versions of
+ `glob` and `has-unicode`.
+ ([@iarna](https://github.com/iarna))
+
+#### WHEN MISSING PATHS ARE OK
+
+* [`bb638fa`](https://github.com/npm/npm/commit/bb638fa4f48d24d2c9935861d5d751c5621eea49)
+ [#11212](https://github.com/npm/npm/pull/11212)
+ When trying to determine if a file was controlled by npm before going to
+ remove it, we check to see if it is inside any of a list of paths that npm
+ considers to be under its control. Not all of those paths always exist
+ (and that's ok!) Previously we were calling it a failure to match if ANY
+ of them didn't exist. We now only do so if NONE of them exist. If some
+ do, then we do our usual checks on them.
+
+ This showed up as an error where you would see something like:
+ ```
+ npm warn gentlyRm not removing /path/to/thing as it wasn't installed by /path/to/other/thing
+ ```
+ But it totally was installed by it.
+ ([@iarna](https://github.com/iarna))
+
+#### BETTER NODE PRE-RELEASE SUPPORT
+
+Historically, if you used a pre-release version of Node.js, you would get
+dozens and dozens of warnings when EVERY engine check failed across all of
+your modules, because `>= 0.10.0` doesn't match prereleases.
+
+You might find this stream of redundent warnings undesirable. I do.
+
+We've moved this into a SINGLE warning you'll get about using a pre-release
+version of Node.js and now suppress those other warnings.
+
+* [`6952f79`](https://github.com/npm/npm/commit/6952f7981e451a2d599a4f513573af208bdfe103)
+ [#11212](https://github.com/npm/npm/pull/11212)
+ Engine check warnings are now issued along with any other warnings about
+ your tree, instead of emitting in the middle of your install (and then
+ disappearing behind the giant tree of stuff installed).
+ ([@iarna](https://github.com/iarna))
+* [`ee2ebe9`](https://github.com/npm/npm/commit/ee2ebe96fb3d105787835b72085bbd2eee66a629)
+ [#11212](https://github.com/npm/npm/pull/11212)
+ Suppress engine verification warnings about pre-release versions of Node.js.
+ ([@iarna](https://github.com/iarna))
+* [`135b7e0`](https://github.com/npm/npm/commit/135b7e078311e8b4e2c8e2b662eed9ba6c2e2537)
+ [#11212](https://github.com/npm/npm/pull/11212)
+ Explicitly warn, in only one place, if you are using a pre-release version
+ of Node.js.
+ ([@iarna](https://github.com/iarna))
+
+#### BUG FIXES
+
+* [`ea331c8`](https://github.com/npm/npm/commit/ea331c82157c65f7643cd4b49fd24031c84bf601)
+ [#10938](https://github.com/npm/npm/issues/10938)
+ When removing a package, sometimes the `node_modules/.bin` wouldn't be
+ cleaned up entirely. This would result in package folders that contained
+ only a `node_modules/.bin` directory. In turn, this would result in `npm
+ ls` and other tools complaining about these broken directories.
+ To fix this, the `unbuild` step now explicitly deletes the
+ `node_modules/.bin` folder as its final step.
+ ([@chrisirhc](https://github.com/chrisirhc))
+* [`00720db`](https://github.com/npm/npm/commit/00720db2c326cf8f968c662444a4575ae8c3020a)
+ [#11158](https://github.com/npm/npm/pull/11158)
+ On Windows, the `node-gyp` wrapper would fail if your path to `node-gyp`
+ contained spaces. This fixes that problem by quoting use of that path.
+ ([@orangemocha](https://github.com/orangemocha))
+* [`69ac933`](https://github.com/npm/npm/commit/69ac9333506752bf2e5af70b3b3e03c6181de3e7)
+ [#11142](https://github.com/npm/npm/pull/11142)
+ Fix a race condition when making directories in the cache, which could
+ lead to `ENOENT` failures.
+ ([@Jimbly](https://github.com/Jimbly))
+* [`e982858`](https://github.com/npm/npm/commit/e982858d9bed65cede9cbb12df9216a4bb9e6fc9)
+ [#9696](https://github.com/npm/npm/issues/9696)
+ When replacing the `package.json` in the cache you sometimes see `EPERM` errors on
+ Windows that you wouldn't on Unix-like operating systems. This ignores those errors
+ and allows Windows to continue. Longer term, we'll be adding something to retry
+ these errors, but ultimately fail if there really is an ongoing permissions issue.
+ ([@orangemocha](https://github.com/orangemocha))
+
+#### DOC CHANGES
+
+* [`3666081`](https://github.com/npm/npm/commit/3666081abd02184ba97a7cdb6ae238085d640b4b)
+ [#11188](https://github.com/npm/npm/pull/11188)
+ Add brief description to publish documentation of what's included in
+ published tarballs.
+ ([@beaugunderson](https://github.com/beaugunderson))
+* [`b463e34`](https://github.com/npm/npm/commit/b463e3424b296cfc4bd384fc8bfe0e2329649164)
+ [#11150](https://github.com/npm/npm/pull/11150)
+ In npm update docs, advise use of `--depth Infinity` instead of `--depth
+ 9999`.
+ ([@halhenke](https://github.com/halhenke))
+* [`382e71a`](https://github.com/npm/npm/commit/382e71a7ee5d1ca3dba55c1e753d529eb8ae6895)
+ [#11128](https://github.com/npm/npm/pull/11128)
+ In the `package.json` docs, make the reference to the "Local Paths" section
+ a link to it as well.
+ ([@orangejulius](https://github.com/orangejulius))
+* [`5277e7f`](https://github.com/npm/npm/commit/5277e7f236e8cb40d7f4a1054506f2d3d159716e)
+ [#11090](https://github.com/npm/npm/pull/11090)
+ Fix the 3.5.4 release date in CHANGELOG.md.
+ ([@ashleygwilliams](https://github.com/ashleygwilliams))
+* [`e6d238a`](https://github.com/npm/npm/commit/e6d238a3d90beeb0af23fa75a9b5e50671d6e4c5)
+ [#11130](https://github.com/npm/npm/pull/11130)
+ Eliminate the "using npm programmatically" section from the README. The
+ documentation for this was removed a while ago and is unsupported.
+ ([@ljharb](https://github.com/ljharb))
+
+#### DEPENDENCY UPDATES
+
+* [`b0dde5c`](https://github.com/npm/npm/commit/b0dde5c3407b58d78969d3da01af2629fcba1c73)
+ `config-chain@1.1.10`: Update tests for most recent version of `ini`.
+ ([@dominictarr](https://github.com/dominictarr))
+* [`c62f414`](https://github.com/npm/npm/commit/c62f414534971761a48ce3cbc3e25214fb09e494)
+ `glob@6.0.4`: Eliminated use of `util._extend`.
+ ([@isaacs](https://github.com/isaacs))
+* [`98a6779`](https://github.com/npm/npm/commit/98a67797978ed7ce534e16b705d3a2a9ca0e6cc1)
+ `lodash.clonedeep@4.0.1`: Bug fixes, including the non-linear performance
+ that was biting npm a while back.
+ ([@jdalton](https://github.com/jdalton))
+* [`0e8c4ce`](https://github.com/npm/npm/commit/0e8c4cebddaefbf5eca0abaad512db266c6722c9)
+ `lodash.without@4.0.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`1fd19f5`](https://github.com/npm/npm/commit/1fd19f57a3551d7d30a6b8a9ce967ef50e0ff0ba)
+ `lodash.uniq@4.0.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`b7486c5`](https://github.com/npm/npm/commit/b7486c550f3391f733d1e1907652be95fddf4368)
+ `lodash.union@4.0.1`
+ ([@jdalton](https://github.com/jdalton))
+* [`54bb591`](https://github.com/npm/npm/commit/54bb5911e18f8fb86eb94159f34b13f0c0aa2e30)
+ `lodash.keys@4.0.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`26f7a7a`](https://github.com/npm/npm/commit/26f7a7aaae0575a85deba2241ee69b433dd1ba98)
+ `lodash.isarray@4.0.0`
+ ([@jdalton](https://github.com/jdalton))
+* [`ed38bd3`](https://github.com/npm/npm/commit/ed38bd3baf544dfc0630fd321d279f137700bd4d)
+ `lodash.isarguments@3.0.5`
+ ([@jdalton](https://github.com/jdalton))
+
+### v3.5.4 (2016-01-07):
+
+I hope you all had fantastic winter holidays, if it's winter where you are
+and if there are holidays‼ We went a few weeks without releases because
+staff was taking time away from work here and there. A new year has come
+and we're back now, and refreshed and ready to dig in!
+
+This week brings us a bunch of documentation improvements and some module
+updates. The core team's focus continues to be on improving tests,
+particularly with Windows, so there's not too much to call out here.
+
+#### DOCUMENTATION IMPROVEMENTS
+
+* [`6b0031e`](https://github.com/npm/npm/commit/6b0031e28c0b10fb2622fdadde41f5cd294348e8)
+ [#11044](https://github.com/npm/npm/pull/11044)
+ Correct documentation regarding the defaults for the `color` config option.
+ ([@scottaddie](https://github.com/scottaddie))
+* [`c6ce69e`](https://github.com/npm/npm/commit/c6ce69eaed7f17b5f1876ac13ecfae3d14a72f24)
+ [#10990](https://github.com/npm/npm/pull/10990)
+ Drop mentions in documentation of `process.installPrefix`, as it hasn't
+ been a thing since Node.js 0.6 and we don't support that.
+ ([@jeffmcmahan](https://github.com/jeffmcmahan))
+* [`dee92d1`](https://github.com/npm/npm/commit/dee92d1f78608a10becf57aae86d5d495f2272bd)
+ [#11037](https://github.com/npm/npm/pull/11037)
+ Clarify the documentation on the max length of the `name` property in
+ `package.json` files.
+ ([@scottaddie](https://github.com/scottaddie))
+* [`4b9d7bb`](https://github.com/npm/npm/commit/4b9d7bb1a4fc3f1edcf563379abfd2273af10881)
+ [#10787](https://github.com/npm/npm/pull/10787)
+ Make the formatting in the documentation for `npm dist-tag` more
+ consistent with other docs.
+ ([@cvrebert](https://github.com/cvrebert))
+* [`7f77a80`](https://github.com/npm/npm/commit/7f77a80d561ee4b2b8c0aba1226fe89dfe339bcd)
+ [#10787](https://github.com/npm/npm/pull/10787)
+ Add documentation to the `npm dist-tag` docs that explains in greater
+ detail how `latest` is different than other tags. Further, improve the
+ documentation with better examples. Add a discussion of common practice
+ for using dist tags to manage alpha's and beta's.
+ ([@cvrebert](https://github.com/cvrebert))
+* [`6db58dd`](https://github.com/npm/npm/commit/6db58dd0d7719c4675a239d43164edc066842b14)
+ [`2ee6371`](https://github.com/npm/npm/commit/2ee6371911bd3a4d566c5d7bc8734facc60cb27c)
+ [#10788](https://github.com/npm/npm/pull/10788)
+ [#10789](https://github.com/npm/npm/pull/10789)
+ Improve documentation cross referencing.
+ ([@cvrebert](https://github.com/cvrebert))
+* [`7ba629a`](https://github.com/npm/npm/commit/7ba629a2ad3eaf736529e053b533cabe3a0d7123)
+ [#10790](https://github.com/npm/npm/pull/10790)
+ Document more clearly that `npm install foo` means `npm install
+ foo@latest`.
+ ([@cvrebert](https://github.com/cvrebert))
+
+#### A FEW MODULE UPDATES
+
+* [`fc2e8d5`](https://github.com/npm/npm/commit/fc2e8d58a91728cb06936eea686efaa4fdec3f06)
+ `glob@6.0.3`: Remove deprecated features and fix a bunch of bugs.
+ ([@isaacs](https://github.com/isaacs))
+* [`5b820c4`](https://github.com/npm/npm/commit/5b820c4e17c907fa8c23771c0cd8e74dd5fdaa51)
+ `has-unicode@2.0.0`: Change the default on Windows to be false, as
+ international Windows installs often install to non-unicode codepages and
+ there's no way to detect this short of a system call or a call to a
+ command line program.
+ ([@iarna](https://github.com/iarna))
+* [`238fe84`](https://github.com/npm/npm/commit/238fe84ac61297f1d71701d80368afaa40463305)
+ `which@1.2.1`: Fixed bugs with uid/gid checks and with quoted Windows PATH
+ parts.
+ ([@isaacs](https://github.com/isaacs))
+* [`5e510e1`](https://github.com/npm/npm/commit/5e510e13d022a22d58742b126482d3b38a14cc83)
+ `rimraf@2.5.0`: Add ability to disable glob support / pass in options.
+ ([@isaacs](https://github.com/isaacs))
+* [`7558215`](https://github.com/npm/npm/commit/755821569466b7be0883f4b0573eeb83c24109eb)
+ `readable-stream@2.0.5`: Minor performance improvements.
+ ([@calvinmetcalf](https://github.com/calvinmetcalf))
+* [`64e8499`](https://github.com/npm/npm/commit/64e84992c812a73d590be443c09a6977d0ae9040)
+ `fs-write-stream-atomic@1.0.8`: Rewrite to use modern streams even on 0.8
+ plus a bunch of tests.
+ ([@iarna](https://github.com/iarna))
+* [`74d92a0`](https://github.com/npm/npm/commit/74d92a08d72ce3603244de4bb3e3706d2b928cef)
+ `columnify@1.5.4`: Some bug fixes around large inputs.
+ ([@timoxley](https://github.com/timoxley))
+
+#### FIX NPM'S TESTS ON 0.8
+
+This doesn't impact you as a user of npm, and ordinarily that means we
+wouldn't call it out here, but if you've ever wanted to contribute, having
+that green travis badge makes it a lot easier to do so with confidence!
+
+* [`b14cdbb`](https://github.com/npm/npm/commit/b14cdbb6002b04bfbefaff70cc45810c20d5a366)
+ [#10872](https://github.com/npm/npm/pull/10872)
+ Rewrite tests using nock to use other alternatives.
+ ([@zkat](https://github.com/zkat))
+* [`59ed01a`](https://github.com/npm/npm/commit/59ed01a8ea7960b1467aed52164fc36a03c77770)
+ [#10872](https://github.com/npm/npm/pull/10872)
+ Work around Node.js 0.8 http back-pressure bug.
+
+ 0.8 http streams have a bug, where if they're paused with data in their
+ buffers when the socket closes, they call `end` before emptying those
+ buffers, which results in the entire pipeline ending and thus the point
+ that applied backpressure never being able to trigger a `resume`.
+
+ We work around this by piping into a pass through stream that has
+ unlimited buffering. The pass through stream is from readable-stream and
+ is thus a current streams3 implementation that is free of these bugs even
+ on 0.8.
+ ([@iarna](https://github.com/iarna))
+
+### v3.5.3 (2015-12-10):
+
+Did you know that Bob Ross reached the rank of master sergeant in the US Air
+Force before becoming perhaps the most soothing painter of all time?
+
+#### TWO HAPPY LITTLE BUG FIXES
+
+* [`71c9590`](https://github.com/npm/npm/commit/71c9590be61b6a7b7fa8b6dc19baa588cda26a27)
+ [#10505](https://github.com/npm/npm/issues/10505) `npm ls --json --depth=0`
+ now respects the depth parameter, when it is zero and when it is not zero.
+ ([@MarkReeder](https://github.com/MarkReeder))
+* [`954fa67`](https://github.com/npm/npm/commit/954fa67f1ca3739992abd244e217a0aaf8465660)
+ [#9099](https://github.com/npm/npm/issues/9099) I had always thought you
+ could run `npm version` from subdirectories in your project, which is great,
+ because now you can. I guess I was just ahead of my time.
+ ([@ekmartin](https://github.com/ekmartin))
+
+#### NOW PAINT IN SOME NICE DOCS CHANGES
+
+* [`b88c37c`](https://github.com/npm/npm/commit/b88c37c1cced40e9e41402cc54a5efc3c33cd13e)
+ [#10546](https://github.com/npm/npm/issues/10546) Goodbye, FAQ! You were
+ cheeky and fun until you weren't! Don't worry: npm still loves everyone,
+ especially you! ([@ashleygwilliams](https://github.com/ashleygwilliams))
+* [`2d3afe9`](https://github.com/npm/npm/commit/2d3afe9644ba69681a36721e79c45d27def71939)
+ [#10570](https://github.com/npm/npm/issues/10570) Update documentation URLs
+ to be HTTPS everywhere sensible. No HTTP shall be spared!
+ ([@rsp](https://github.com/rsp))
+* [`6abd0e0`](https://github.com/npm/npm/commit/6abd0e0626d0f642ce0dae0e128ced80433f15a1)
+ [#10650](https://github.com/npm/npm/issues/10650) Correctly note that there
+ are two lifecycle scripts run by an install phase in an example, instead of
+ three. ([@eymengunay](https://github.com/eymengunay))
+* [`a5e8df5`](https://github.com/npm/npm/commit/a5e8df53b8d6d75398cb6a55a44dcf374b0f1661)
+ [#10687](https://github.com/npm/npm/issues/10687) `npm outdated`'s output can
+ be a little puzzling sometimes. I've attempted to make it clearer, with some
+ examples, of what's going on with "wanted" and "latest" in more cases.
+ ([@othiym23](https://github.com/othiym23))
+* [`8f52833`](https://github.com/npm/npm/commit/8f52833f5d15c4f94467234607d40e75198af1aa)
+ [#10700](https://github.com/npm/npm/issues/10700) Hey, do you remember when
+ `search.npmjs.org` was a thing? I think I do? The last time I used it was in
+ like 2012, and it's gone now, so remove it from the docs.
+ ([@gagern](https://github.com/gagern))
+* [`b6a53b8`](https://github.com/npm/npm/commit/b6a53b889c948053dcbf6d7aab9ad1cd4226dc32)
+ [npm/docs#477](https://github.com/npm/docs/issues/477) Continue to airbrush
+ the CLI API docs out of history. ([@verpixelt](https://github.com/verpixelt))
+* [`b835b72`](https://github.com/npm/npm/commit/b835b72d1dd23b0a17321a85d8d395322d18005d)
+ `semver@5.1.0`: Include BNF for SemVer expression grammar (which is also now
+ included in `npm help semver`). ([@isaacs](https://github.com/isaacs))
+
+#### LAND YOUR DEPENDENCY UPGRADES IN PAIRS SO EVERYONE HAS A FRIEND
+
+* [`95e99fa`](https://github.com/npm/npm/commit/95e99faadcdc85a16210dd79c0e7d83add1b9f3e)
+ `request@2.67.0` ([@simov](https://github.com/simov))
+* [`b49199a`](https://github.com/npm/npm/commit/b49199ac96dfb1afe5719286621a318576dd69ae)
+ [isaacs/rimraf#89](https://github.com/isaacs/rimraf/pull/89) `rimraf@2.4.4`
+ ([@zerok](https://github.com/zerok))
+* [`6632418`](https://github.com/npm/npm/commit/66324189a734a1665e1b78a06ba44089d9c3a11c)
+ [npm/nopt#51](https://github.com/npm/nopt/pull/51) `nopt@3.0.6`
+ ([@wbecker](https://github.com/wbecker))
+* [`f0a3b3e`](https://github.com/npm/npm/commit/f0a3b3e0dbbdaf11ec55dccd59cc21bfa05f9240)
+ [isaacs/once#7](https://github.com/isaacs/once/pull/7) `once@1.3.3`
+ ([@floatdrop](https://github.com/floatdrop))
+
+### v3.5.2 (2015-12-03):
+
+Weeeelcome to another npm release! The short version is that we fixed
+some `ENOENT` and some modules that resulted in modules going missing. We
+also eliminated the use of MD5 in our code base to help folks using
+Node.js in FIPS mode. And we fixed a bad URL in our license file.
+
+#### FIX URL IN LICENSE
+
+The license incorrectly identified the registry URL as
+`registry.npmjs.com` and this has been corrected to `registry.npmjs.org`.
+
+* [`cb6d81b`](https://github.com/npm/npm/commit/cb6d81bd611f68c6126a90127a9dfe5604d46c8c)
+ [#10685](https://github.com/npm/npm/pull/10685)
+ Fix npm public registry URL in notices.
+ ([@kemitchell](https://github.com/kemitchell))
+
+#### ENOENT? MORE LIKE ENOMOREBUGS
+
+The headliner this week was uncovered by the fixes to bundled dependency
+handling over the past few releases. What had been a frustratingly
+intermittent and hard to reproduce bug became something that happened
+every time in Travis. This fixes another whole bunch of errors where you
+would, while running an install have it crash with an `ENOENT` on
+`rename`, or the install would finish but some modules would be
+mysteriously missing and you'd have to install a second time.
+
+What's going on was a bit involved, so bear with me:
+
+`npm@3` generates a list of actions to take against the tree on disk.
+With the exception of lifecycle scripts, it expects these all to be able
+to act independently without interfering with each other.
+
+This means, for instance, that one should be able to upgrade `b` in
+`a→b→c` without having npm reinstall `c`.
+
+That works fine by the way.
+
+But it also means that the move action should be able to move `b` in
+`a→b→c@1.0.1` to `a→d→b→c@1.0.2` without moving or removing `c@1.0.1` and
+while leaving `c@1.0.2` in place if it was already installed.
+
+That is, the `move` action moves an individual node, replacing itself
+with an empty spot if it had children. This is not, as it might first
+appear, something where you move an entire branch to another location on
+the tree.
+
+When moving `b` we already took care to leave `c@1.0.1` in place so that
+other moves (or removes) could handle it, but we were stomping on the
+destination and so `c@1.0.2` was being removed.
+
+* [`f4385d8`](https://github.com/npm/npm/commit/f4385d8e7678349e75c80fae8a1f8f366f197937)
+ [#10655](https://github.com/npm/npm/pull/10655)
+ Preserve destination `node_modules` when moving.
+ ([@iarna](https://github.com/iarna))
+
+There was also a bug with `remove` where it was pruning the entire tree
+at the remove point, prior to running moves and adds.
+
+This was fine most of the time, but if we were moving one of the deps out
+from inside it, kaboom.
+
+* [`19c626d`](https://github.com/npm/npm/commit/19c626d69888f0cdc6e960254b3fdf523ec4b52c)
+ [#10655](https://github.com/npm/npm/pull/10655)
+ Get rid of the remove commit phase– we could have it prune _just_ the
+ module being removed, but that isn't gaining us anything.
+ ([@iarna](https://github.com/iarna))
+
+After all that, we shouldn't be upgrading the `add` of a bundled package
+to a `move`. Moves save us from having to extract the package, but with a
+bundled dependency it's included in another package already so that
+doesn't gain us anything.
+
+* [`641a93b`](https://github.com/npm/npm/commit/641a93bd66a6aa4edf2d6167344b50d1a2afb593)
+ [#10655](https://github.com/npm/npm/pull/10655)
+ Don't convert adds to moves with bundled deps.
+ ([@iarna](https://github.com/iarna))
+
+While I was in there, I also took some time to improve diagnostics to
+make this sort of thing easier to track down in the future:
+
+* [`a04ec04`](https://github.com/npm/npm/commit/a04ec04804e562b511cd31afe89c8ba94aa37ff2)
+ [#10655](https://github.com/npm/ npm/pull/10655)
+ Wrap rename so errors have stack traces.
+ ([@iarna](https://github.com/iarna))
+* [`8ea142f`](https://github.com/npm/npm/commit/8ea142f896a2764290ca5472442b27b047ab7a1a)
+ [#10655](https://github.com/npm/npm/pull/10655)
+ Add silly logging so function is debuggable
+ ([@iarna](https://github.com/iarna))
+
+#### NO MORE MD5
+
+We updated modules that had been using MD5 for non-security purposes.
+While this is perfectly safe, if you compile Node in FIPS-compliance mode
+it will explode if you try to use MD5. We've replaced MD5 with Murmur,
+which conveys our intent better and is faster to boot.
+
+* [`f068b26`](https://github.com/npm/npm/commit/f068b2661a8d0269c184867e003cd08cb6c56cf2)
+ [#10629](https://github.com/npm/npm/issues/10629)
+ `unique-filename@1.1.0`
+ ([@iarna](https://github.com/iarna))
+* [`dba1b24`](https://github.com/npm/npm/commit/dba1b2402aaa2beceec798d3bd22d00650e01069)
+ [#10629](https://github.com/npm/npm/issues/10629)
+ `write-file-atomic@1.1.4`
+ ([@othiym23](https://github.com/othiym23))
+* [`8347a30`](https://github.com/npm/npm/commit/8347a308ef0d2cf0f58f96bba3635af642ec611f)
+ [#10629](https://github.com/npm/npm/issues/10629)
+ `fs-write-stream-atomic@1.0.5`
+ ([@othiym23](https://github.com/othiym23))
+
+#### DEPENDENCY UPDATES
+
+* [`9e2a2bb`](https://github.com/npm/npm/commit/9e2a2bb5bc71a0ab3b3637e8eec212aa22d5c99f)
+ [nodejs/node-gyp#831](https://github.com/nodejs/node-gyp/pull/831)
+ `node-gyp@3.2.1`:
+ Improved \*BSD support.
+ ([@bnoordhuis](https://github.com/bnoordhuis))
+
+### v3.5.1 (2015-11-25):
+
+#### THE npm CLI !== THE npm REGISTRY !== npm, INC.
+
+npm-the-CLI is licensed under the terms of the [Artistic License
+2.0](https://github.com/npm/npm/blob/8d79c1a39dae908f27eaa37ff6b23515d505ef29/LICENSE),
+which is a liberal open-source license that allows you to take this code and do
+pretty much whatever you like with it (that is, of course, not legal language,
+and if you're doing anything with npm that leaves you in doubt about your legal
+rights, please seek the review of qualified counsel, which is to say, not
+members of the CLI team, none of whom have passed the bar, to my knowledge). At
+the same time the primary registry the CLI uses when looking up and downloading
+packages is a commercial service run by npm, Inc., and it has its own [Terms of
+Use](https://www.npmjs.com/policies/terms).
+
+Aside from clarifying the terms of use (and trying to make sure they're more
+widely known), the only recent changes to npm's licenses have been making the
+split between the CLI and registry clearer. You are still free to do whatever
+you like with the CLI's source, and you are free to view, download, and publish
+packages to and from `registry.npmjs.org`, but now the existing terms under
+which you can do so are more clearly documented. Aside from the two commits
+below, see also [the release notes for
+`npm@3.4.1`](https://github.com/npm/npm/releases/tag/v3.4.1), which is where
+the split between the CLI's code and the terms of use for the registry was
+first made more clear.
+
+* [`35a5dd5`](https://github.com/npm/npm/commit/35a5dd5abbfeec4f98a2b4534ec4ef5d16760581)
+ [#10532](https://github.com/npm/npm/issues/10532) Clarify that
+ `registry.npmjs.org` is the default, but that you're free to use the npm CLI
+ with whatever registry you wish. ([@kemitchell](https://github.com/kemitchell))
+* [`fa6b013`](https://github.com/npm/npm/commit/fa6b0136a0e4a19d8979b2013622e5ff3f0446f8)
+ [#10532](https://github.com/npm/npm/issues/10532) Having semi-duplicate
+ release information in `README.md` was confusing and potentially inaccurate,
+ so remove it. ([@kemitchell](https://github.com/kemitchell))
+
+#### EASE UP ON WINDOWS BASH USERS
+
+It turns out that a fair number of us use bash on Windows (through MINGW or
+bundled with Git, plz – Cygwin is still a bridge too far, for both npm and
+Node.js). [@jakub-g](https://github.com/jakub-g) did us all a favor and relaxed
+the check for npm completion to support MINGW bash. Thanks, Jakub!
+
+* [`09498e4`](https://github.com/npm/npm/commit/09498e45c5c9e683f092ab1372670f81db4762b6)
+ [#10156](https://github.com/npm/npm/issues/10156) completion: enable on
+ Windows in git bash ([@jakub-g](https://github.com/jakub-g))
+
+#### THE ONGOING SAGA OF BUNDLED DEPENDENCIES
+
+`npm@3.5.0` fixed up a serious issue with how `npm@3.4.1` (and potentially
+`npm@3.4.0` and `npm@3.3.12`) handled the case in which dependencies bundled
+into a package tarball are handled improperly when one or more of their own
+dependencies are older than what's latest on the registry. Unfortunately, in
+fixing that (quite severe) regression (see [`npm@3.5.0`'s release notes' for
+details](https://github.com/npm/npm/releases/tag/v3.5.0)), we introduced a new
+(small, and fortunately cosmetic) issue where npm superfluously warns you about
+bundled dependencies being stale. We have now fixed that, and hope that we
+haven't introduced any _other_ regressions in the process. :D
+
+* [`20824a7`](https://github.com/npm/npm/commit/20824a75bf7639fb0951a588e3c017a370ae6ec2)
+ [#10501](https://github.com/npm/npm/issues/10501) Only warn about replacing
+ bundled dependencies when actually doing so. ([@iarna](https://github.com/iarna))
+
+#### MAKE NODE-GYP A LITTLE BLUER
+
+* [`1d14d88`](https://github.com/npm/npm/commit/1d14d882c3b5af0a7fee46e8e0e343d07e4c38cb)
+ `node-gyp@3.2.0`: Support AIX, use `which` to find Python, updated to a newer
+ version of `gyp`, and more! ([@bnoordhuis](https://github.com/bnoordhuis))
+
+#### A BOUNTEOUS THANKSGIVING CORNUCOPIA OF DOC TWEAKS
+
+These are great! Keep them coming! Sorry for letting them pile up so deep,
+everybody. Also, a belated Thanksgiving to our Canadian friends, and a happy
+Thanksgiving to all our friends in the USA.
+
+* [`4659f1c`](https://github.com/npm/npm/commit/4659f1c5ad617c46a5e89b48abf0b1c4e6f04307)
+ [#10244](https://github.com/npm/npm/issues/10244) In `npm@3`, `npm dedupe`
+ doesn't take any arguments, so update documentation to reflect that.
+ ([@bengotow](https://github.com/bengotow))
+* [`625a7ee`](https://github.com/npm/npm/commit/625a7ee6b4391e90cb28a95f20a73fd794e1eebe)
+ [#10250](https://github.com/npm/npm/issues/10250) Correct order of `org:team`
+ in `npm team` documentation. ([@louislarry](https://github.com/louislarry))
+* [`bea7f87`](https://github.com/npm/npm/commit/bea7f87399d784e3a6d3393afcca658a61a40d77)
+ [#10371](https://github.com/npm/npm/issues/10371) Remove broken / duplicate
+ link to tag. ([@WickyNilliams](https://github.com/WickyNilliams))
+* [`0a25e29`](https://github.com/npm/npm/commit/0a25e2956e9ddd4065d6bd929559321afc512fde)
+ [#10419](https://github.com/npm/npm/issues/10419) Remove references to
+ nonexistent `npm-rm(1)` documentation. ([@KenanY](https://github.com/KenanY))
+* [`19b94e1`](https://github.com/npm/npm/commit/19b94e1e6781fe2f98ada0a3f49a1bda25e3e32d)
+ [#10474](https://github.com/npm/npm/issues/10474) Clarify that install finds
+ dependencies in `package.json`. ([@sleekweasel](https://github.com/sleekweasel))
+* [`b25efc8`](https://github.com/npm/npm/commit/b25efc88067c843ffdda86ea0f50f95d136a638e)
+ [#9948](https://github.com/npm/npm/issues/9948) Encourage users to file an
+ issue, rather than emailing authors. ([@trodrigues](https://github.com/trodrigues))
+* [`24f4ced`](https://github.com/npm/npm/commit/24f4cedc83b10061f26362bf2f005ab935e0cbfe)
+ [#10497](https://github.com/npm/npm/issues/10497) Clarify what a package is
+ slightly. ([@aredridel](https://github.com/aredridel))
+* [`e8168d4`](https://github.com/npm/npm/commit/e8168d40caae00b2914ea09dbe4bd1b09ba3dcd5)
+ [#10539](https://github.com/npm/npm/issues/10539) Remove an extra, spuriously
+ capitalized letter. ([@alexlukin-softgrad](https://github.com/alexlukin-softgrad))
+
+### v3.5.0 (2015-11-19):
+
+#### TEEN ORCS AT THE GATES
+
+This week heralds the general release of the primary npm registry's [new
+support for private packages for
+organizations](http://blog.npmjs.org/post/133542170540/private-packages-for-organizations).
+For many potential users, it's the missing piece needed to make it easy for you
+to move your organization's private work onto npm. And now it's here! The
+functionality to support it has been in place in the CLI for a while now,
+thanks to [@zkat](https://github.com/zkat)'s hard work.
+
+During our final testing before the release, our ace support team member
+[@snopeks](https://github.com/snopeks) noticed that there had been some drift
+between the CLI team's implementation and what npm was actually preparing to
+ship. In the interests of everyone having a smooth experience with this
+_extremely useful_ new feature, we quickly made a few changes to square up the
+CLI and the web site experiences.
+
+* [`d7fb92d`](https://github.com/npm/npm/commit/d7fb92d1c53ba5196ad6dd2101a06792a4c0412b)
+ [#9327](https://github.com/npm/npm/issues/9327) `npm access` no longer has
+ problems when run in a directory that doesn't contain a `package.json`.
+ ([@othiym23](https://github.com/othiym23))
+* [`17df3b5`](https://github.com/npm/npm/commit/17df3b5d5dffb2e9c223b9cfa2d5fd78c39492a4)
+ [npm/npm-registry-client#126](https://github.com/npm/npm-registry-client/issues/126)
+ `npm-registry-client@7.0.8`: Allow the CLI to grant, revoke, and list
+ permissions on unscoped (public) packages on the primary registry.
+ ([@othiym23](https://github.com/othiym23))
+
+#### NON-OPTIONAL INSTALLS, DEFINITELY NON-OPTIONAL
+
+* [`180263b`](https://github.com/npm/npm/commit/180263b)
+ [#10465](https://github.com/npm/npm/pull/10465)
+ When a non-optional dep fails, we check to see if it's only required by
+ ONLY optional dependencies. If it is, we make it fail all the deps in
+ that chain (and roll them back). If it isn't then we give an error.
+
+ We do this by walking up through all of our ancestors until we either hit an
+ optional dependency or the top of the tree. If we hit the top, we know to
+ give the error.
+
+ If you installed a module by hand but didn't `--save` it, your module
+ won't have the top of the tree as an anscestor and so this code was
+ failing to abort the install with an error
+
+ This updates the logic so that hitting the top OR a module that was
+ requested by the user will trigger the error message.
+ ([@iarna](https://github.com/iarna))
+
+* [`b726a0e`](https://github.com/npm/npm/commit/b726a0e)
+ [#9204](https://github.com/npm/npm/issues/9204)
+ Ideally we would like warnings about your install to come AFTER the
+ output from your compile steps or the giant tree of installed modules.
+
+ To that end, we've moved warnings about failed optional deps to the show
+ after your install completes.
+ ([@iarna](https://github.com/iarna))
+
+#### OVERRIDING BUNDLING
+
+* [`aed71fb`](https://github.com/npm/npm/commit/aed71fb)
+ [#10482](https://github.com/npm/npm/issues/10482)
+ We've been in our bundled modules code a lot lately, and our last go at
+ this introduced a new bug, where if you had a module `a` that bundled
+ a module `b`, which in turn required `c`, and the version of `c` that
+ got bundled wasn't compatible with `b`'s `package.json`, we would then
+ install a compatible version of `c`, but also erase `b` at the same time.
+
+ This fixes that. It also reworks our bundled module support to be much
+ closer to being in line with how we handle non-bundled modules and we're
+ hopeful this will reduce any future errors around them. The new structure
+ is hopefully much easier to reason about anyway.
+ ([@iarna](https://github.com/iarna))
+
+#### A BRIEF NOTE ON NPM'S BACKWARDS COMPATIBILITY
+
+We don't often have much to say about the changes we make to our internal
+testing and tooling, but I'm going to take this opportunity to reiterate that
+npm tries hard to maintain compatibility with a wide variety of Node versions.
+As this change shows, we want to ensure that npm works the same across:
+
+* Node.js 0.8
+* Node.js 0.10
+* Node.js 0.12
+* the latest io.js release
+* Node.js 4 LTS
+* Node.js 5
+
+Contributors who send us pull requests often notice that it's very rare that
+our tests pass across all of those versions (ironically, almost entirely due to
+the packages we use for testing instead of any issues within npm itself). We're
+currently beginning an effort, lasting the rest of 2015, to clean up our test
+suite, and not only get it passing on all of the above versions of Node.js, but
+working solidly on Windows as well. This is a compounding form of technical
+debt that we're finally paying down, and our hope is that cleaning up the tests
+will produce a more robust CLI that's a lot easier to write patches for.
+
+* [`791ec6b`](https://github.com/npm/npm/commit/791ec6b1bac0d1df59f5ebb4ccd16a29a5dc73f0)
+ [#10233](https://github.com/npm/npm/issues/10233) Update Node.js versions
+ that Travis uses to test npm. ([@iarna](https://github.com/iarna))
+
+#### 0.8 + npm <1.4 COMPATIBLE? SURE WHY NOT
+
+Hey, you found the feature we added!
+
+* [`231c58a`](https://github.com/npm/npm/commit/231c58a)
+ [#10337](https://github.com/npm/npm/pull/10337)
+ Add two new flags, first `--legacy-bundling` which installs your
+ dependencies such that if you bundle those dependencies, npm versions
+ prior to `1.4` can still install them. This eliminates all automatic
+ deduping.
+
+ Second, `--global-style` which will install modules in your `node_modules`
+ folder with the same layout as global modules. Only your direct
+ dependencies will show in `node_modules` and everything they depend on
+ will be flattened in their `node_modules` folders. This obviously will
+ elminate some deduping.
+ ([@iarna](https://github.com/iarna))
+
+#### TYPOS IN THE LICENSE, OH MY
+
+* [`8d79c1a`](https://github.com/npm/npm/commit/8d79c1a39dae908f27eaa37ff6b23515d505ef29)
+ [#10478](https://github.com/npm/npm/issues/10478) Correct two typos in npm's
+ LICENSE. ([@jorrit](https://github.com/jorrit))
+
+### v3.4.1 (2015-11-12):
+
+#### ASK FOR NOTHING, GET LATEST
+
+When you run `npm install foo`, you probably expect that you'll get the
+`latest` version of `foo`, whatever that is. And good news! That's what
+this change makes it do.
+
+We _think_ this is what everyone wants, but if this causes problems for
+you, we want to know! If it proves problematic for people we will consider
+reverting it (preferrably before this becomes `npm@latest`).
+
+Previously, when you ran `npm install foo` we would act as if you typed
+`npm install foo@*`. Now, like any range-type specifier, in addition to
+matching the range, it would also have to be `<=` the value of the
+`latest` dist-tag. Further, it would exclude prerelease versions from the
+list of versions considered for a match.
+
+This worked as expected most of the time, unless your `latest` was a
+prerelease version, in which case that version wouldn't be used, to
+everyone's surprise. Worse, if all your versions were prerelease versions
+it would just refuse to install anything. (We fixed that in
+[`npm@3.2.2`](https://github.com/npm/npm/releases/tag/v3.2.2) with
+[`e4a38080`](https://github.com/npm/npm/commit/e4a38080).)
+
+* [`1e834c2`](https://github.com/npm/npm/commit/1e834c2)
+ [#10189](https://github.com/npm/npm/issues/10189)
+ `npm-package-arg@4.1.0` Change the default version from `*` to `latest`.
+ ([@zkat](https://github.com/zkat))
+
+#### BUGS
+
+* [`bec4a84`](https://github.com/npm/npm/commit/bec4a84)
+ [#10338](https://github.com/npm/npm/pull/10338)
+ Failed installs could result in more rollback (removal of just installed
+ packages) than we intended. This bug was first introduced by
+ [`83975520`](https://github.com/npm/npm/commit/83975520).
+ ([@iarna](https://github.com/iarna))
+* [`06c732f`](https://github.com/npm/npm/commit/06c732f)
+ [#10338](https://github.com/npm/npm/pull/10338)
+ Updating a module could result in the module stealing some of its
+ dependencies from the top level, potentially breaking other modules or
+ resulting in many redundent installations. This bug was first introduced
+ by [`971fd47a`](https://github.com/npm/npm/commit/971fd47a).
+ ([@iarna](https://github.com/iarna))
+* [`5653366`](https://github.com/npm/npm/commit/5653366)
+ [#9980](https://github.com/npm/npm/issues/9980)
+ npm, when removing a module, would refuse to remove the symlinked
+ binaries if the module itself was symlinked as well. npm goes to some
+ effort to ensure that it doesn't remove things that aren't is, and this
+ code was being too conservative. This code has been rewritten to be
+ easier to follow and to be unit-testable.
+ ([@iarna](https://github.com/iarna))
+
+#### LICENSE CLARIFICATION
+
+* [`80acf20`](https://github.com/npm/npm/commit/80acf20)
+ [#10326](https://github.com/npm/npm/pull/10326)
+ Update npm's licensing to more completely cover all of the various
+ things that are npm.
+ ([@kemitchell](https://github.com/kemitchell))
+
+#### CLOSER TO GREEN TRAVIS
+
+* [`fc12da9`](https://github.com/npm/npm/commit/fc12da9)
+ [#10232](https://github.com/npm/npm/pull/10232)
+ `nock@1.9.0`
+ Downgrade nock to a version that doesn't depend on streams2 in core so
+ that more of our tests can pass in 0.8.
+ ([@iarna](https://github.com/iarna))
+
+### v3.4.0 (2015-11-05):
+
+#### A NEW FEATURE
+
+This was a group effort, with [@isaacs](https://github.com/isaacs)
+dropping the implementation in back in August. Then, a few days ago,
+[@ashleygwilliams](https://github.com/ashleygwilliams) wrote up docs and
+just today [@othiym23](https://github.com/othiym23) wrote a test.
+
+It's a handy shortcut to update a dependency and then make sure tests
+still pass.
+
+This new command:
+
+```
+npm install-test x
+```
+
+is the equivalent of running:
+
+```
+npm install x && npm test
+```
+
+* [`1ac3e08`](https://github.com/npm/npm/commit/1ac3e08)
+ [`bcb04f6`](https://github.com/npm/npm/commit/bcb04f6)
+ [`b6c17dd`](https://github.com/npm/npm/commit/b6c17dd)
+ [#9443](https://github.com/npm/npm/pull/9443)
+ Add `npm install-test` command, alias `npm it`.
+ ([@isaacs](https://github.com/isaacs),
+ [@ashleygwilliams](https://github.com/ashleygwilliams),
+ [@othiym23](https://github.com/othiym23))
+
+#### BUG FIXES VIA DEPENDENCY UPDATES
+
+* [`31c0080`](https://github.com/npm/npm/commit/31c0080)
+ [#8640](https://github.com/npm/npm/issues/8640)
+ [npm/normalize-package-data#69](https://github.com/npm/normalize-package-data/pull/69)
+ `normalize-package-data@2.3.5`:
+ Fix a bug where if you didn't specify the name of a scoped module's
+ binary, it would install it such that it was impossible to call it.
+ ([@iarna](https://github.com/iarna))
+* [`02b37bc`](https://github.com/npm/npm/commit/02b37bc)
+ [npm/fstream-npm#14](https://github.com/npm/fstream-npm/pull/14)
+ `fstream-npm@1.0.7`:
+ Only filter `config.gypi` when it's in the build directory.
+ ([@mscdex](https://github.com/mscdex))
+* [`accb9d2`](https://github.com/npm/npm/commit/accb9d2)
+ [npm/fstream-npm#15](https://github.com/npm/fstream-npm/pull/15)
+ `fstream-npm@1.0.6`:
+ Stop including directories that happened to have names matching whitelisted
+ npm files in npm module tarballs. The most common cause was that if you had
+ a README directory then everything in it would be included if wanted it
+ or not.
+ ([@taion](https://github.com/taion))
+
+#### DOCUMENTATION FIXES
+
+* [`7cf6366`](https://github.com/npm/npm/commit/7cf6366)
+ [#10036](https://github.com/npm/npm/pull/10036)
+ Fix typo / over-abbreviation.
+ ([@ifdattic](https://github.com/ifdattic))
+* [`d0ad8f4`](https://github.com/npm/npm/commit/d0ad8f4)
+ [#10176](https://github.com/npm/npm/pull/10176)
+ Fix broken link, scopes => scope.
+ ([@ashleygwilliams](https://github.com/ashleygwilliams))
+* [`d623783`](https://github.com/npm/npm/commit/d623783)
+ [#9460](https://github.com/npm/npm/issue/9460)
+ Specifying the default command run by "npm start" and the
+ fact that you can pass it arguments.
+ ([@JuanCaicedo](https://github.com/JuanCaicedo))
+
+#### DEPENDENCY UPDATES FOR THEIR OWN SAKE
+
+* [`0a4c29e`](https://github.com/npm/npm/commit/0a4c29e)
+ [npm/npmlog#19](https://github.com/npm/npmlog/pull/19)
+ `npmlog@2.0.0`: Make it possible to emit log messages with `error` as the
+ prefix.
+ ([@bengl](https://github.com/bengl))
+* [`9463ce9`](https://github.com/npm/npm/commit/9463ce9)
+ `read-package-json@2.0.2`:
+ Minor cleanups.
+ ([@KenanY](https://github.com/KenanY))
+
+### v3.3.12 (2015-11-02):
+
+Hi, a little hot-fix release for a bug introduced in 3.3.11. The ENOENT fix
+last week ([`f0e2088`](https://github.com/npm/npm/commit/f0e2088)) broke
+upgrades of modules that have bundled dependencies (like `npm`, augh!)
+
+* [`aedf7cf`](https://github.com/npm/npm/commit/aedf7cf)
+ [#10192](//github.com/npm/npm/pull/10192)
+ If a bundled module is going to be replacing a module that's currently on
+ disk (for instance, when you upgrade a module that includes bundled
+ dependencies) we want to select the version from the bundle in preference
+ over the one that was there previously.
+ ([@iarna](https://github.com/iarna))
+
+### v3.3.11 (2015-10-29):
+
+This is a dependency update week, so that means no PRs from our lovely
+users. Look for those next week. As it happens, the dependencies updated
+were just devdeps, so nothing for you all to worry about.
+
+But the bug fixes, oh geez, I tracked down some really long standing stuff
+this week!! The headliner is those intermittent `ENOENT` errors that no one
+could reproduce consistently? I think they're nailed! But also pretty
+important, the bug where `hapi` would install w/ a dep missing? Squashed!
+
+#### EEEEEEENOENT
+
+* [`f0e2088`](https://github.com/npm/npm/commit/f0e2088)
+ [#10026](https://github.com/npm/npm/issues/10026)
+ Eliminate some, if not many, of the `ENOENT` errors `npm@3` has seen over
+ the past few months. This was happening when npm would, in its own mind,
+ correct a bundled dependency, due to a `package.json` specifying an
+ incompatible version. Then, when npm extracted the bundled version, what
+ was on disk didn't match its mind and… well, when it tried to act on what
+ was in its mind, we got an `ENOENT` because it didn't actually exist on
+ disk.
+ ([@iarna](https://github.com/iarna))
+
+#### PARTIAL SHRINKWRAPS, NO LONGER A BAD DAY
+
+* [`712fd9c`](https://github.com/npm/npm/commit/712fd9c)
+ [#10153](https://github.com/npm/npm/pull/10153)
+ Imagine that you have a module, let's call it `fun-time`, and it depends
+ on two dependencies, `need-fun@1` and `need-time`. Further, `need-time`
+ requires `need-fun@2`. So after install the logical tree will look like
+ this:
+
+ ```
+ fun-time
+ ├── need-fun@1
+ └── need-time
+ └── need-fun@2
+ ```
+
+ Now, the `fun-time` author also distributes a shrinkwrap, but it only includes
+ the `need-fun@1` in it.
+
+ Resolving dependencies would look something like this:
+
+ 1. Require `need-fun@1`: Use version from shrinkwrap (ignoring version)
+ 2. Require `need-time`: User version in package.json
+ 1. Require `need-fun@2`: Use version from shrinkwrap, which oh hey, is
+ already installed at the top level, so no further action is needed.
+
+ Which results in this tree:
+
+ ```
+ fun-time
+ ├── need-fun@1
+ └── need-time
+ ```
+
+ We're ignoring the version check on things specified in the shrinkwrap
+ so that you can override the version that will be installed. This is
+ because you may want to use a different version than is specified
+ by your dependencies' dependencies' `package.json` files.
+
+ To fix this, we now only allow overrides of a dependency version when
+ that dependency is a child (in the tree) of the thing that requires it.
+ This means that when we're looking for `need-fun@2` we'll see `need-fun@1`
+ and reject it because, although it's from a shrinkwrap, it's parent is
+ `fun-time` and the package doing the requiring is `need-time`.
+
+ ([@iarna](https://github.com/iarna))
+
+#### STRING `package.bin` AND NON-NPMJS REGISTRIES
+
+* [`3de1463`](https://github.com/npm/npm/commit/3de1463)
+ [#9187](https://github.com/npm/npm/issues/9187)
+ If you were using a module with the `bin` field in your `package.json` set
+ to a string on a non-npmjs registry then npm would crash, due to the our
+ expectation that the `bin` field would be an object. We now pass all
+ `package.json` data through a routine that normalizes the format,
+ including the `bin` field. (This is the same routine that your
+ `package.json` is passed through when read off of disk or sent to the
+ registry for publication.) Doing this also ensures that older modules on
+ npm's own registry will be treated exactly the same as new ones. (In the
+ past we weren't always super careful about scrubbing `package.json` data
+ on publish. And even when we were, those rules have subtly changed over
+ time.)
+ ([@iarna](https://github.com/iarna))
+
+### v3.3.10 (2015-10-22):
+
+Hey you all! Welcome to a busy bug fix and PR week. We've got changes
+to how `npm install` replaces dependencies during updates, improvements
+to shrinkwrap behavior, and all sorts of doc updates.
+
+In other news, `npm@3` landed in node master in preparation for `node@5`
+with [`41923c0`](https://github.com/nodejs/node/commit/41923c0).
+
+#### UPDATED DEPS NOW MAKE MORE SENSE
+
+* [`971fd47`](https://github.com/npm/npm/commit/971fd47)
+ [#9929](https://github.com/npm/npm/pull/9929)
+ Make the tree more consistent by doing updates in place. This means
+ that trees after a dependency version update will more often look
+ the same as after a fresh install.
+ ([@iarna](https://github.com/iarna))
+
+#### SHRINKWRAP + DEV DEPS NOW RESPECTED
+
+* [`eb28a8c`](https://github.com/npm/npm/commit/eb28a8c)
+ [#9647](https://github.com/npm/npm/issues/9647)
+ If a shrinkwrap already has dev deps, don't throw them away when
+ someone later runs `npm install --save`.
+ ([@iarna](https://github.com/iarna))
+
+#### FANTASTIC DOCUMENTATION UPDATES
+
+* [`291162c`](https://github.com/npm/npm/commit/291162c)
+ [#10021](https://github.com/npm/npm/pull/10021)
+ Improve wording in the FAQ to be more empathetic and less jokey.
+ ([@TaMe3971](https://github.com/TaMe3971))
+* [`9a28c54`](https://github.com/npm/npm/commit/9a28c54)
+ [#10020](https://github.com/npm/npm/pull/10020)
+ Document the command to see the list of config defaults in the section
+ on config defaults.
+ ([@lady3bean](https://github.com/lady3bean))
+* [`8770b0a`](https://github.com/npm/npm/commit/8770b0a)
+ [#7600](https://github.com/npm/npm/issues/7600)
+ Add shortcuts to all command documentation.
+ ([@RichardLitt](https://github.com/RichardLitt))
+* [`e9b7d0d`](https://github.com/npm/npm/commit/e9b7d0d)
+ [#9950](https://github.com/npm/npm/pull/9950)
+ On errors that can be caused by outdated node & npm, suggest updating
+ as a part of the error message.
+ ([@ForbesLindesay](https://github.com/ForbesLindesay))
+
+#### NEW STANDARD HAS ALWAYS BEEN STANDARD
+
+* [`40c1b0f`](https://github.com/npm/npm/commit/40c1b0f)
+ [#9954](https://github.com/npm/npm/pull/9954)
+ Update to `standard@5` and reformat the source to work with it.
+ ([@cbas](https://github.com/cbas))
+
+### v3.3.9 (2015-10-15):
+
+This week sees a few small changes ready to land:
+
+#### TRAVIS NODE 0.8 BUILDS REJOICE
+
+* [`25a234b`](https://github.com/npm/npm/commit/25a234b)
+ [#9668](https://github.com/npm/npm/issues/9668)
+ Install `npm@3`'s bundled dependencies with `npm@2`, so that the ancient npm
+ that ships with node 0.8 can install `npm@3` directly.
+ ([@othiym23](https://github.com/othiym23))
+
+#### SMALL ERROR MESSAGE IMPROVEMENT
+
+* [`a332f61`](https://github.com/npm/npm/commit/a332f61)
+ [#9927](https://github.com/npm/npm/pull/9927)
+ Update error messages where we report a list of versions that you could
+ have installed to show this as a comma separated list instead of as JSON.
+ ([@iarna](https://github.com/iarna))
+
+#### DEPENDENCY UPDATES
+
+* [`4cd74b0`](https://github.com/npm/npm/commit/4cd74b0)
+ `nock@2.15.0`
+ ([@pgte](https://github.com/pgte))
+* [`9360976`](https://github.com/npm/npm/commit/9360976)
+ `tap@2.1.1`
+ ([@isaacs](https://github.com/isaacs))
+* [`1ead0a4`](https://github.com/npm/npm/commit/1ead0a4)
+ `which@1.2.0`
+ ([@isaacs](https://github.com/isaacs))
+* [`759f88a`](https://github.com/npm/npm/commit/759f88a)
+ `has-unicode@1.0.1`
+ ([@iarna](https://github.com/iarna))
+
+### v3.3.8 (2015-10-12):
+
+This is a small update release, we're reverting
+[`22a3af0`](https://github.com/npm/npm/commit/22a3af0) from last week's
+release, as it is resulting in crashes. We'll revisit this PR during this
+week.
+
+* [`ddde1d5`](https://github.com/npm/npm/commit/ddde1d5)
+ Revert "lifecycle: Swap out custom logic with add-to-path module"
+ ([@iarna](https://github.com/iarna))
+
+### v3.3.7 (2015-10-08):
+
+So, as Kat mentioned in last week's 2.x release, we're now swapping weeks
+between accepting PRs and doing dependency updates, in an effort to keep
+release management work from taking over our lives. This week is a PR week,
+so we've got a bunch of goodies for you.
+
+Relatedly, this week means 3.3.6 is now `latest` and it is WAY faster than
+previous 3.x releases. Give it or this a look!
+
+#### OPTIONAL DEPS, MORE OPTIONAL
+
+* [`2289234`](https://github.com/npm/npm/commit/2289234)
+ [#9643](https://github.com/npm/npm/issues/9643)
+ [#9664](https://github.com/npm/npm/issues/9664)
+ `npm@3` was triggering `npm@2`'s build mechanics when it was linking bin files
+ into the tree. This was originally intended to trigger rebuilds of
+ bundled modules, but `npm@3`'s flat module structure confused it. This
+ caused two seemingly unrelated issues. First, failing optional
+ dependencies could under some circumstances (if they were built during
+ this phase) trigger a full build failure. And second, rebuilds were being
+ triggered of already installed modules, again, in some circumstances.
+ Both of these are fixed by disabling the `npm@2` mechanics and adding a
+ special rebuild phase for the initial installation of bundled modules.
+ ([@iarna](https://github.com/iarna))
+
+#### BAD NAME, NO CRASH
+
+* [`b78fec9`](https://github.com/npm/npm/commit/b78fec9)
+ [#9766](https://github.com/npm/npm/issues/9766)
+ Refactor all attempts to read the module name or package name to go via a
+ single function, with appropriate guards unusual circumstances where they
+ aren't where we expect them. This ultimately will ensure we don't see any
+ more recurrences of the `localeCompare` error and related crashers.
+ ([@iarna](https://github.com/iarna))
+
+#### MISCELLANEOUS BUG FIXES
+
+* [`22a3af0`](https://github.com/npm/npm/commit/22a3af0)
+ [#9553](https://github.com/npm/npm/pull/9553)
+ Factor the lifecycle code to manage paths out into its own module and use that.
+ ([@kentcdodds](https://github.com/kentcdodds))
+* [`6a29fe3`](https://github.com/npm/npm/commit/6a29fe3)
+ [#9677](https://github.com/npm/npm/pull/9677)
+ Start testing our stuff in node 4 on travis
+ ([@fscherwi](https://github.com/fscherwi))
+* [`508c6a4`](https://github.com/npm/npm/commit/508c6a4)
+ [#9669](https://github.com/npm/npm/issues/9669)
+ Make `recalculateMetadata` more resilient to unexpectedly bogus dependency specifiers.
+ ([@tmct](https://github.com/tmct))
+* [`3c44763`](https://github.com/npm/npm/commit/3c44763)
+ [#9643](https://github.com/npm/npm/issues/9463)
+ Update `install --only` to ignore the `NODE_ENV` var and _just_ use the only
+ value, if specified.
+ ([@watilde](https://github.com/watilde))
+* [`87336c3`](https://github.com/npm/npm/commit/87336c3)
+ [#9879](https://github.com/npm/npm/pull/9879)
+ `npm@3`'s shrinkwrap was refusing to shrinkwrap if an optional dependency
+ was missing– patch it to allow this.
+ ([@mantoni](https://github.com/mantoni))
+
+#### DOCUMENTATION UPDATES
+
+* [`82659fd`](https://github.com/npm/npm/commit/82659fd)
+ [#9208](https://github.com/npm/npm/issues/9208)
+ Correct the npm style guide around quote usage
+ ([@aaroncrows](https://github.com/aaroncrows))
+* [`a69c83a`](https://github.com/npm/npm/commit/a69c83a)
+ [#9645](https://github.com/npm/npm/pull/9645)
+ Fix spelling error in README
+ ([@dkoleary88](https://github.com/dkoleary88))
+* [`f2cf054`](https://github.com/npm/npm/commit/f2cf054)
+ [#9714](https://github.com/npm/npm/pull/9714)
+ Fix typos in our documentation
+ ([@reggi](https://github.com/reggi))
+* [`7224bef`](https://github.com/npm/npm/commit/7224bef)
+ [#9759](https://github.com/npm/npm/pull/9759)
+ Fix typo in npm-team docs
+ ([@zkat](https://github.com/zkat))
+* [`7e6e007`](https://github.com/npm/npm/commit/7e6e007)
+ [#9820](https://github.com/npm/npm/pull/9820)
+ Correct documentation as to `binding.gyp`
+ ([@KenanY](https://github.com/KenanY))
+
+### v3.3.6 (2015-09-30):
+
+I have the most exciting news for you this week. YOU HAVE NO IDEA. Well,
+ok, maybe you do if you follow my twitter.
+
+Performance just got 5 bazillion times better (under some circumstances,
+ymmv, etc). So– my test scenario is our very own website. In `npm@2`, on my
+macbook running `npm ls` takes about 5 seconds. Personally it's more than
+I'd like, but it's entire workable. In `npm@3` it has been taking _50_ seconds,
+which is appalling. But after doing some work on Monday isolating the performance
+issues I've been able to reduce `npm@3`'s run time back down to 5 seconds.
+
+Other scenarios were even worse, there was one that until now in `npm@3` that
+took almost 6 minutes, and has been reduced to 14 seconds.
+
+* [`7bc0d4c`](https://github.com/npm/npm/commit/7bc0d4c)
+ [`cf42217`](https://github.com/npm/npm/commit/cf42217)
+ [#8826](https://github.com/npm/npm/issues/8826)
+ Stop using deepclone on super big datastructures. Avoid cloning
+ all-together even when that means mutating things, when possible.
+ Otherwise use a custom written tree-copying function that understands
+ the underlying datastructure well enough to only copy what we absolutely
+ need to.
+ ([@iarna](https://github.com/iarna))
+
+In other news, look for us this Friday and Saturday at the amazing
+[Open Source and Feelings](https://osfeels.com) conference, where something like a
+third of the company will be attending.
+
+#### And finally a dependency update
+
+* [`a6a4437`](https://github.com/npm/npm/commit/a6a4437)
+ `glob@5.0.15`
+ ([@isaacs](https://github.com/isaacs))
+
+#### And some subdep updates
+
+* [`cc5e6a0`](https://github.com/npm/npm/commit/cc5e6a0)
+ `hoek@2.16.3`
+ ([@nlf](https://github.com/nlf))
+* [`912a516`](https://github.com/npm/npm/commit/912a516)
+ `boom@2.9.0`
+ ([@arb](https://github.com/arb))
+* [`63944e9`](https://github.com/npm/npm/commit/63944e9)
+ `bluebird@2.10.1`
+ ([@petkaantonov](https://github.com/petkaantonov))
+* [`ef16003`](https://github.com/npm/npm/commit/ef16003)
+ `mime-types@2.1.7` & `mime-db@1.19.0`
+ ([@dougwilson](https://github.com/dougwilson))
+* [`2b8c0dd`](https://github.com/npm/npm/commit/2b8c0dd)
+ `request@2.64.0`
+ ([@simov](https://github.com/simov))
+* [`8139124`](https://github.com/npm/npm/commit/8139124)
+ `brace-expansion@1.1.1`
+ ([@juliangruber](https://github.com/juliangruber))
+
+### v3.3.5 (2015-09-24):
+
+Some of you all may not be aware, but npm is ALSO a company. I tell you this
+'cause npm-the-company had an all-staff get together this week, flying in
+our remote folks from around the world. That was great, but it also
+basically eliminated normal work on Monday and Tuesday.
+
+Still, we've got a couple of really important bug fixes this week. Plus a
+lil bit from the [now LTS 2.x branch](https://github.com/npm/npm/releases/tag/v2.14.6).
+
+#### ATTENTION WINDOWS USERS
+
+If you previously updated to npm 3 and you try to update again, you may get
+an error messaging telling you that npm won't install npm into itself. Until you
+are at 3.3.5 or greater, you can get around this with `npm install -f -g npm`.
+
+* [`bef06f5`](https://github.com/npm/npm/commit/bef06f5)
+ [#9741](https://github.com/npm/npm/pull/9741) Uh... so... er... it
+ seems that since `npm@3.2.0` on Windows with a default configuration, it's
+ been impossible to update npm. Well, that's not actually true, there's a
+ work around (see above), but it shouldn't be complaining in the first
+ place.
+ ([@iarna](https://github.com/iarna))
+
+#### STACK OVERFLOWS ON PUBLISH
+
+* [`330b496`](https://github.com/npm/npm/commit/330b496)
+ [#9667](https://github.com/npm/npm/pull/9667)
+ We were keeping track of metadata about your project while packing the
+ tree in a way that resulted in this data being written to packed tar files
+ headers. When this metadata included cycles, it resulted in the the tar
+ file entering an infinite recursive loop and eventually crashing with a
+ stack overflow.
+
+ I've patched this by keeping track of your metadata by closing over the
+ variables in question instead, and I've further restricted gathering and
+ tracking the metadata to times when it's actually needed. (Which is only
+ if you need bundled modules.)
+ ([@iarna](https://github.com/iarna))
+
+#### LESS CRASHY ERROR MESSAGES ON BAD PACKAGES
+
+* [`829921f`](https://github.com/npm/npm/commit/829921f)
+ [#9741](https://github.com/npm/npm/pull/9741)
+ Packages with invalid names or versions were crashing the installer. These
+ are now captured and warned as was originally intended.
+ ([@iarna](https://github.com/iarna))
+
+#### ONE DEPENDENCY UPDATE
+
+* [`963295c`](https://github.com/npm/npm/commit/963295c)
+ `npm-install-checks@2.0.1`
+ ([@iarna](https://github.com/iarna))
+
+#### AND ONE SUBDEPENDENCY
+
+* [`448737d`](https://github.com/npm/npm/commit/448737d)
+ `request@2.63.0`
+ ([@simov](https://github.com/simov))
+
+### v3.3.4 (2015-09-17):
+
+This is a relatively quiet release, bringing a few bug fixes and
+some module updates, plus via the
+[2.14.5 release](https://github.com/npm/npm/releases/tag/v2.14.5)
+some forward compatibility fixes with versions of Node that
+aren't yet released.
+
+#### NO BETA NOTICE THIS TIME!!
+
+But, EXCITING NEWS FRIENDS, this week marks the exit of `npm@3`
+from beta. This means that the week of this release,
+[v3.3.3](https://github.com/npm/npm/releases/tag/v3.3.3) will
+become `latest` and this version (v3.3.4) will become `next`!!
+
+#### CRUFT FOR THE CRUFT GODS
+
+What I call "cruft", by which I mean, files sitting around in
+your `node_modules` folder, will no longer produce warnings in
+`npm ls` nor during `npm install`. This brings `npm@3`'s behavior
+in line with `npm@2`.
+
+* [`a127801`](https://github.com/npm/npm/commit/a127801)
+ [#9285](https://github.com/npm/npm/pull/9586)
+ Stop warning about cruft in module directories.
+ ([@iarna](https://github.com/iarna))
+
+#### BETTER ERROR MESSAGE
+
+* [`95ee92c`](https://github.com/npm/npm/commit/95ee92c)
+ [#9433](https://github.com/npm/npm/issues/9433)
+ Give better error messages for invalid URLs in the dependecy
+ list.
+ ([@jamietre](https://github.com/jamietre))
+
+#### MODULE UPDATES
+
+* [`ebb92ca`](https://github.com/npm/npm/commit/ebb92ca)
+ `retry@0.8.0` ([@tim-kos](https://github.com/tim-kos))
+* [`55f1285`](https://github.com/npm/npm/commit/55f1285)
+ `normalize-package-data@2.3.4` ([@zkat](https://github.com/zkat))
+* [`6d4ebff`](https://github.com/npm/npm/commit/6d4ebff)
+ `sha@2.0.1` ([@ForbesLindesay](https://github.com/ForbesLindesay))
+* [`09a9c7a`](https://github.com/npm/npm/commit/09a9c7a)
+ `semver@5.0.3` ([@isaacs](https://github.com/isaacs))
+* [`745000f`](https://github.com/npm/npm/commit/745000f)
+ `node-gyp@3.0.3` ([@rvagg](https://github.com/rvagg))
+
+#### SUB DEP MODULE UPDATES
+
+* [`578ca25`](https://github.com/npm/npm/commit/578ca25)
+ `request@2.62.0` ([@simov](https://github.com/simov))
+* [`1d8996e`](https://github.com/npm/npm/commit/1d8996e)
+ `jju@1.2.1` ([@rlidwka](https://github.com/rlidwka))
+* [`6da1ba4`](https://github.com/npm/npm/commit/6da1ba4)
+ `hoek@2.16.2` ([@nlf](https://github.com/nlf))
+
+### v3.3.3 (2015-09-10):
+
+This short week brought us brings us a few small bug fixes, a
+doc change and a whole lotta dependency updates.
+
+Plus, as usual, this includes a forward port of everything in
+[`npm@2.14.4`](https://github.com/npm/npm/releases/tag/v2.14.4).
+
+#### BETA BUT NOT FOREVER
+
+**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until
+we're confident that it's stable and have assessed the effect of
+the breaking changes on the community. During that time we will
+still be doing `npm@2` releases, with `npm@2` tagged as `latest`
+and `next`. We'll _also_ be publishing new releases of `npm@3`
+as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`.
+We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant
+bugs remaining. So do us a solid and deploy it in non-critical
+CI environments and for day-to-day use, but maybe don't use it
+for production maintenance or frontline continuous deployment
+just yet.
+
+#### REMOVE INSTALLED BINARIES ON WINDOWS
+
+So waaaay back at the start of August, I fixed a bug with
+[#9198](https://github.com/npm/npm/pull/9198). That fix made it
+so that if you had two modules installed that both installed the
+same binary (eg `gulp` & `gulp-cli`), that removing one wouldn't
+remove the binary if it was owned by the other.
+
+It did this by doing some hocus-pocus that, turns out, was
+Unix-specific, so on Windows it just threw up its hands and
+stopped removing installed binaries at all. Not great.
+
+So today we're fixing that– it let us maintain the same safety
+that we added in #9198, but ALSO works with Windows.
+
+* [`25fbaed`](https://github.com/npm/npm/commit/25fbaed)
+ [#9394](https://github.com/npm/npm/issues/9394)
+ Treat cmd-shims the same way we treat symlinks
+ ([@iarna](https://github.com/iarna))
+
+#### API DOCUMENTATION HAS BEEN SACRIFICED THE API GOD
+
+The documentation of the internal APIs of npm is going away,
+because it would lead people into thinking they should integrate
+with npm by using it. Please don't do that! In the future, we'd
+like to give you a suite of stand alone modules that provide
+better, more stand alone APIs for your applications to build on.
+But for now, call the npm binary with `process.exec` or
+`process.spawn` instead.
+
+* [`2fb60bf`](https://github.com/npm/npm/commit/2fb60bf)
+ Remove misleading API documentation
+ ([@othiym23](https://github.com/othiym23))
+
+#### ALLOW `npm link` ON WINDOWS W/ PRERELEASE VERSIONS OF NODE
+
+We never meant to have this be a restriction in the first place
+and it was only just discovered with the recent node 4.0.0
+release candidate.
+
+* [`6665e54`](https://github.com/npm/npm/commit/6665e54)
+ [#9505](https://github.com/npm/npm/pull/9505)
+ Allow npm link to run on Windows with prerelease versions of
+ node
+ ([@jon-hall](https://github.com/jon-hall))
+
+#### graceful-fs update
+
+We're updating all of npm's deps to use the most recent
+`graceful-fs`. This turns out to be important for future not yet
+released versions of node, because older versions monkey-patch
+`fs` in ways that will break in the future. Plus it ALSO makes
+use of `process.binding` which is an internal API that npm
+definitely shouldn't have been using. We're not done yet, but
+this is the bulk of them.
+
+* [`e7bc98e`](https://github.com/npm/npm/commit/e7bc98e)
+ `write-file-atomic@1.1.3`
+ ([@iarna](https://github.com/iarna))
+* [`7417600`](https://github.com/npm/npm/commit/7417600)
+ `tar@2.2.1`
+ ([@zkat](https://github.com/zkat))
+* [`e4e9d40`](https://github.com/npm/npm/commit/e4e9d40)
+ `read-package-json@2.0.1`
+ ([@zkat](https://github.com/zkat))
+* [`481611d`](https://github.com/npm/npm/commit/481611d)
+ `read-installed@4.0.3`
+ ([@zkat](https://github.com/zkat))
+* [`0dabbda`](https://github.com/npm/npm/commit/0dabbda)
+ `npm-registry-client@7.0.4`
+ ([@zkat](https://github.com/zkat))
+* [`c075a91`](https://github.com/npm/npm/commit/c075a91)
+ `fstream@1.0.8`
+ ([@zkat](https://github.com/zkat))
+* [`2e4341a`](https://github.com/npm/npm/commit/2e4341a)
+ `fs-write-stream-atomic@1.0.4`
+ ([@zkat](https://github.com/zkat))
+* [`18ad16e`](https://github.com/npm/npm/commit/18ad16e)
+ `fs-vacuum@1.2.7`
+ ([@zkat](https://github.com/zkat))
+
+#### DEPENDENCY UPDATES
+
+* [`9d6666b`](https://github.com/npm/npm/commit/9d6666b)
+ `node-gyp@3.0.1`
+ ([@rvagg](https://github.com/rvagg))
+* [`349c4df`](https://github.com/npm/npm/commit/349c4df)
+ `retry@0.7.0`
+ ([@tim-kos](https://github.com/tim-kos))
+* [`f507551`](https://github.com/npm/npm/commit/f507551)
+ `which@1.1.2`
+ ([@isaacs](https://github.com/isaacs))
+* [`e5b6743`](https://github.com/npm/npm/commit/e5b6743)
+ `nopt@3.0.4`
+ ([@zkat](https://github.com/zkat))
+
+#### THE DEPENDENCIES OF OUR DEPENDENCIES ARE OUR DEPENDENCIES UPDATES
+
+* [`316382d`](https://github.com/npm/npm/commit/316382d)
+ `mime-types@2.1.6` & `mime-db@1.18.0`
+* [`64b741e`](https://github.com/npm/npm/commit/64b741e)
+ `spdx-correct@1.0.1`
+* [`fff62ac`](https://github.com/npm/npm/commit/fff62ac)
+ `process-nextick-args@1.0.3`
+* [`9d6488c`](https://github.com/npm/npm/commit/9d6488c)
+ `cryptiles@2.0.5`
+* [`1912012`](https://github.com/npm/npm/commit/1912012)
+ `bluebird@2.10.0`
+* [`4d09402`](https://github.com/npm/npm/commit/4d09402)
+ `readdir-scoped-modules@1.0.2`
+
+### v3.3.2 (2015-09-04):
+
+#### PLEASE HOLD FOR THE NEXT AVAILABLE MAINTAINER
+
+This is a tiny little maintenance release, both to update dependencies and to
+keep `npm@3` up to date with changes made to `npm@2`.
+[@othiym23](https://github.com/othiym23) is putting out this release (again) as
+his esteemed colleague [@iarna](https://github.com/iarna) finishes relocating
+herself, her family, and her sizable anime collection all the way across North
+America. It contains [all the goodies in
+`npm@2.14.3`](https://github.com/npm/npm/releases/tag/v2.14.3) and one other
+dependency update.
+
+#### BETA WARNINGS FOR FUN AND PROFIT
+
+**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
+confident that it's stable and have assessed the effect of the breaking
+changes on the community. During that time we will still be doing `npm@2`
+releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
+publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
+alongside those versions until we're ready to switch everyone over to
+`npm@3`. We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant bugs
+remaining. So do us a solid and deploy it in non-critical CI environments
+and for day-to-day use, but maybe don't use it for production maintenance or
+frontline continuous deployment just yet.
+
+That said, it's getting there! It will be leaving beta very soon!
+
+#### ONE OTHER DEPENDENCY UPDATE
+
+* [`bb5de34`](https://github.com/npm/npm/commit/bb5de3493531228df0bd3f0742d5493c826be6dd)
+ `is-my-json-valid@2.12.2`: Upgrade to a new, modernized version of
+ `json-pointer`. ([@mafintosh](https://github.com/mafintosh))
+
+### v3.3.1 (2015-08-27):
+
+Hi all, this `npm@3` update brings you another round of bug fixes. The
+headliner here is that `npm update` works again. We're running down the
+clock on blocker 3.x issues! Shortly after that hits zero we'll be
+promoting 3.x to latest!!
+
+And of course, we have changes that were brought forward from 2.x. Check out
+the release notes for
+[2.14.1](https://github.com/npm/npm/releases/tag/v2.14.1) and
+[2.14.2](https://github.com/npm/npm/releases/tag/v2.14.2).
+
+#### BETA WARNINGS FOR FUN AND PROFIT
+
+**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
+confident that it's stable and have assessed the effect of the breaking
+changes on the community. During that time we will still be doing `npm@2`
+releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
+publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
+alongside those versions until we're ready to switch everyone over to
+`npm@3`. We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant bugs
+remaining. So do us a solid and deploy it in non-critical CI environments
+and for day-to-day use, but maybe don't use it for production maintenance or
+frontline continuous deployment just yet.
+
+#### NPM UPDATE, NOW AGAIN YOUR FRIEND
+
+* [`f130a00`](https://github.com/npm/npm/commit/f130a00)
+ [#9095](https://github.com/npm/npm/issues/9095)
+ `npm update` once again works! Previously, after selecting packages
+ to update, it would then pick the wrong location to run the install
+ from. ([@iarna](https://github.com/iarna))
+
+#### MORE VERBOSING FOR YOUR VERBOSE LIFECYCLES
+
+* [`d088b7d`](https://github.com/npm/npm/commit/d088b7d)
+ [#9227](https://github.com/npm/npm/pull/9227)
+ Add some additional logging at the verbose and silly levels
+ when running lifecycle scripts. Hopefully this will make
+ debugging issues with them a bit easier!
+ ([@saper](https://github.com/saper))
+
+#### AND SOME OTHER BUG FIXES…
+
+* [`f4a5784`](https://github.com/npm/npm/commit/f4a5784)
+ [#9308](https://github.com/npm/npm/issues/9308)
+ Make fetching metadata for local modules faster! This ALSO means
+ that doing things like running `npm repo` won't build your
+ module and maybe run `prepublish`.
+ ([@iarna](https://github.com/iarna))
+
+* [`4468c92`](https://github.com/npm/npm/commit/4468c92)
+ [#9205](https://github.com/npm/npm/issues/9205)
+ Fix a bug where local modules would sometimes not resolve relative
+ links using the correct base path.
+ ([@iarna](https://github.com/iarna))
+
+* [`d395a6b`](https://github.com/npm/npm/commit/d395a6b)
+ [#8995](https://github.com/npm/npm/issues/8995)
+ Certain combinations of packages could result in different install orders for their
+ initial installation than for reinstalls run on the same folder.
+ ([@iarna](https://github.com/iarna))
+
+* [`d119ea6`](https://github.com/npm/npm/commit/d119ea6)
+ [#9113](https://github.com/npm/npm/issues/9113)
+ Make extraneous packages _always_ up in `npm ls`. Previously, if an
+ extraneous package had a dependency that depended back on the original
+ package this would result in the package not showing up in `ls`.
+ ([@iarna](https://github.com/iarna))
+
+* [`02420dc`](https://github.com/npm/npm/commit/02420dc)
+ [#9113](https://github.com/npm/npm/issues/9113)
+ Stop warning about missing top level package.json files. Errors in said
+ files will still be reported.
+ ([@iarna](https://github.com/iarna))
+
+#### SOME DEP UPDATES
+
+* [`1ed1364`](https://github.com/npm/npm/commit/1ed1364) `rimraf@2.4.3`
+ ([@isaacs](https://github.com/isaacs)) Added EPERM to delay/retry loop
+* [`e7b8315`](https://github.com/npm/npm/commit/e7b8315) `read@1.0.7`
+ Smaller distribution package, better metadata
+ ([@isaacs](https://github.com/isaacs))
+
+#### SOME DEPS OF DEPS UPDATES
+
+* [`b273bcc`](https://github.com/npm/npm/commit/b273bcc) `mime-types@2.1.5`
+* [`df6e225`](https://github.com/npm/npm/commit/df6e225) `mime-db@1.17.0`
+* [`785f2ad`](https://github.com/npm/npm/commit/785f2ad) `is-my-json-valid@2.12.1`
+* [`88170dd`](https://github.com/npm/npm/commit/88170dd) `form-data@1.0.0-rc3`
+* [`af5357b`](https://github.com/npm/npm/commit/af5357b) `request@2.61.0`
+* [`337f96a`](https://github.com/npm/npm/commit/337f96a) `chalk@1.1.1`
+* [`3dfd74d`](https://github.com/npm/npm/commit/3dfd74d) `async@1.4.2`
+
+### v3.3.0 (2015-08-13):
+
+This is a pretty EXCITING week. But I may be a little excitable– or
+possibly sleep deprived, it's sometimes hard to tell them apart. =D So
+[Kat](https://github.com/zkat) really went the extra mile this week and got
+the client side support for teams and orgs out in this week's 2.x release.
+You can't use that just yet, 'cause we have to turn on some server side
+stuff too, but this way it'll be there for you all the moment we do! Check
+out the details over in the [2.14.0 release
+notes](https://github.com/npm/npm/releases/tag/v2.14.0)!
+
+But we over here in 3.x ALSO got a new feature this week, check out the new
+`--only` and `--also` flags for better control over when dev and production
+dependencies are used by various npm commands.
+
+That, and some important bug fixes round out this week. Enjoy everyone!
+
+#### NEVER SHALL NOT BETA THE BETA
+
+**_THIS IS BETA SOFTWARE_**. EXCITING NEW BETA WARNING!!! Ok, I fibbed,
+EXACTLY THE SAME BETA WARNINGS: `npm@3` will remain in beta until we're
+confident that it's stable and have assessed the effect of the breaking
+changes on the community. During that time we will still be doing `npm@2`
+releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
+publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
+alongside those versions until we're ready to switch everyone over to
+`npm@3`. We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant bugs
+remaining. So do us a solid and deploy it in non-critical CI environments
+and for day-to-day use, but maybe don't use it for production maintenance or
+frontline continuous deployment just yet.
+
+#### ONLY ALSO DEV
+
+Hey we've got a SUPER cool new feature for you all, thanks to the fantastic
+work of [@davglass](https://github.com/davglass) and
+[@bengl](https://github.com/bengl) we have `--only=prod`,
+`--only=dev`, `--also=prod` and `--also=dev` options. These apply in
+various ways to: `npm install`, `npm ls`, `npm outdated` and `npm update`.
+
+So for instance:
+
+```
+npm install --only=dev
+```
+
+Only installs dev dependencies. By contrast:
+
+```
+npm install --only=prod
+```
+
+Will only install prod dependencies and is very similar to `--production`
+but differs in that it doesn't set the environment variables that
+`--production` does.
+
+The related new flag, `--also` is most useful with things like:
+
+```
+npm shrinkwrap --also=dev
+```
+
+As shrinkwraps don't include dev deps by default. This replaces passing in
+`--dev` in that scenario.
+
+And that leads into the fact that this deprecates `--dev` as its semantics
+across commands were inconsistent and confusing.
+
+* [`3ab1eea`](https://github.com/npm/npm/commit/3ab1eea)
+ [#9024](https://github.com/npm/npm/pull/9024)
+ Add support for `--only`, `--also` and deprecate `--dev`
+ ([@bengl](https://github.com/bengl))
+
+#### DON'T TOUCH! THAT'S NOT YOUR BIN
+
+* [`b31812e`](https://github.com/npm/npm/commit/b31812e)
+ [#8996](https://github.com/npm/npm/pull/8996)
+ When removing a module that has bin files, if one that we're going to
+ remove is a symlink to a DIFFERENT module, leave it alone. This only happens
+ when you have two modules that try to provide the same bin.
+ ([@iarna](https://github.com/iarna))
+
+#### THERE'S AN END IN SIGHT
+
+* [`d2178a9`](https://github.com/npm/npm/commit/d2178a9)
+ [#9223](https://github.com/npm/npm/pull/9223)
+ Close a bunch of infinite loops that could show up with symlink cycles in your dependencies.
+ ([@iarna](https://github.com/iarna))
+
+#### OOPS DIDN'T MEAN TO FIX THAT
+
+Well, not _just_ yet. This was scheduled for next week, but it snuck into
+2.x this week.
+
+* [`139dd92`](https://github.com/npm/npm/commit/139dd92)
+ [#8716](https://github.com/npm/npm/pull/8716)
+ `npm init` will now only pick up the modules you install, not everything
+ else that got flattened with them.
+ ([@iarna](https://github.com/iarna))
+
+### v3.2.2 (2015-08-08):
+
+Lot's of lovely bug fixes for `npm@3`. I'm also suuuuper excited that I
+think we have a handle on stack explosions that effect a small portion of
+our users. We also have some tantalizing clues as to where some low hanging
+fruit may be for performance issues.
+
+And of course, in addition to the `npm@3` specific bug fixes, there are some
+great one's coming in from `npm@2`! [@othiym23](https://github.com/othiym23)
+put together that release this week– check out its
+[release notes](https://github.com/npm/npm/releases/tag/v2.13.4) for the deets.
+
+#### AS ALWAYS STILL BETA
+
+**_THIS IS BETA SOFTWARE_**. Just like the airline safety announcements,
+we're not taking this plane off till we finish telling you: `npm@3` will
+remain in beta until we're confident that it's stable and have assessed the
+effect of the breaking changes on the community. During that time we will
+still be doing `npm@2` releases, with `npm@2` tagged as `latest` and `next`.
+We'll _also_ be publishing new releases of `npm@3` as `npm@v3.x-next` and
+`npm@v3.x-latest` alongside those versions until we're ready to switch
+everyone over to `npm@3`. We need your help to find and fix its remaining
+bugs. It's a significant rewrite, so we are _sure_ there still significant
+bugs remaining. So do us a solid and deploy it in non-critical CI
+environments and for day-to-day use, but maybe don't use it for production
+maintenance or frontline continuous deployment just yet.
+
+#### BUG FIXES
+
+* [`a8c8a13`](https://github.com/npm/npm/commit/a8c8a13)
+ [#9050](https://github.com/npm/npm/issues/9050)
+ Resolve peer deps relative to the parent of the requirer
+ ([@iarna](http://github.com/iarna))
+* [`05f0226`](https://github.com/npm/npm/commit/05f0226)
+ [#9077](https://github.com/npm/npm/issues/9077)
+ Fix crash when saving `git+ssh` urls
+ ([@iarna](http://github.com/iarna))
+* [`e4a3808`](https://github.com/npm/npm/commit/e4a3808)
+ [#8951](https://github.com/npm/npm/issues/8951)
+ Extend our patch to allow `*` to match something when a package only has
+ prerelease versions to everything and not just the cache.
+ ([@iarna](http://github.com/iarna))
+* [`d135abf`](https://github.com/npm/npm/commit/d135abf)
+ [#8871](https://github.com/npm/npm/issues/8871)
+ Don't warn about a missing `package.json` or missing fields in the global
+ install directory.
+ ([@iarna](http://github.com/iarna))
+
+#### DEP VERSION BUMPS
+
+* [`990ee4f`](https://github.com/npm/npm/commit/990ee4f)
+ `path-is-inside@1.0.1` ([@domenic](https://github.com/domenic))
+* [`1f71ec0`](https://github.com/npm/npm/commit/1f71ec0)
+ `lodash.clonedeep@3.0.2` ([@jdalton](https://github.com/jdalton))
+* [`a091354`](https://github.com/npm/npm/commit/a091354)
+ `marked@0.3.5` ([@chjj](https://github.com/chjj))
+* [`fc51f28`](https://github.com/npm/npm/commit/fc51f28)
+ `tap@1.3.2` ([@isaacs](https://github.com/isaacs))
+* [`3569ec0`](https://github.com/npm/npm/commit/3569ec0)
+ `nock@2.10.0` ([@pgte](https://github.com/pgte))
+* [`ad5f6fd`](https://github.com/npm/npm/commit/ad5f6fd)
+ `npm-registry-mock@1.0.1` ([@isaacs](https://github.com/isaacs))
+
+### v3.2.1 (2015-07-31):
+
+#### AN EXTRA QUIET RELEASE
+
+A bunch of stuff got deferred for various reasons, which just means more
+branches to land next week!
+
+Don't forget to check out [Kat's 2.x release](https://github.com/npm/npm/releases/tag/v2.13.4) for other quiet goodies.
+
+#### AS ALWAYS STILL BETA
+
+**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
+you can't be excused. `npm@3` will remain in beta until we're confident
+that it's stable and have assessed the effect of the breaking changes on the
+community. During that time we will still be doing `npm@2` releases, with
+`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
+releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`. We need your
+help to find and fix its remaining bugs. It's a significant rewrite, so we
+are _sure_ there still significant bugs remaining. So do us a solid and
+deploy it in non-critical CI environments and for day-to-day use, but maybe
+don't use it for production maintenance or frontline continuous deployment
+just yet.
+
+
+#### MAKING OUR TESTS TEST THE THING THEY TEST
+
+* [`6e53c3d`](https://github.com/npm/npm/commit/6e53c3d)
+ [#8985](https://github.com/npm/npm/pull/8985)
+ Many thanks to @bengl for noticing that one of our tests wasn't testing
+ what it claimed it was testing! ([@bengl](https://github.com/bengl))
+
+#### MY PACKAGE.JSON WAS ALREADY IN THE RIGHT ORDER
+
+* [`eb2c7aa`](https://github.com/npm/npm/commit/d00d0f)
+ [#9068](https://github.com/npm/npm/pull/9079)
+ Stop sorting keys in the `package.json` that we haven't edited. Many
+ thanks to [@Qix-](https://github.com/Qix-) for bringing this up and
+ providing a first pass at a patch for this.
+ ([@iarna](https://github.com/iarna))
+
+#### DEV DEP UPDATE
+
+* [`555f60c`](https://github.com/npm/npm/commit/555f60c) `marked@0.3.4`
+
+### v3.2.0 (2015-07-24):
+
+#### MORE CONFIG, BETTER WINDOWS AND A BUG FIX
+
+This is a smallish release with a new config option and some bug fixes. And
+lots of module updates.
+
+#### BETA BETAS ON
+
+**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
+you can't be excused. `npm@3` will remain in beta until we're confident
+that it's stable and have assessed the effect of the breaking changes on the
+community. During that time we will still be doing `npm@2` releases, with
+`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
+releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`. We need your
+help to find and fix its remaining bugs. It's a significant rewrite, so we
+are _sure_ there still significant bugs remaining. So do us a solid and
+deploy it in non-critical CI environments and for day-to-day use, but maybe
+don't use it for production maintenance or frontline continuous deployment
+just yet.
+
+
+#### NEW CONFIGS, LESS PROGRESS
+
+* [`423d8f7`](https://github.com/npm/npm/commit/423d8f7)
+ [#8704](https://github.com/npm/npm/issues/8704)
+ Add the ability to disable the new progress bar with `--no-progress`
+ ([@iarna](https://github.com/iarna))
+
+#### AND BUG FIXES
+
+* [`b3ee452`](https://github.com/npm/npm/commit/b3ee452)
+ [#9038](https://github.com/npm/npm/pull/9038)
+ We previously disabled the use of the new `fs.access` API on Windows, but
+ the bug we were seeing is fixed in `io.js@1.5.0` so we now use `fs.access`
+ if you're using that version or greater.
+ ([@iarna](https://github.com/iarna))
+
+* [`b181fa3`](https://github.com/npm/npm/commit/b181fa3)
+ [#8921](https://github.com/npm/npm/issues/8921)
+ [#8637](https://github.com/npm/npm/issues/8637)
+ Rejigger how we validate modules for install. This allow is to fix
+ a problem where arch/os checking wasn't being done at all.
+ It also made it easy to add back in a check that declines to
+ install a module in itself unless you force it.
+ ([@iarna](https://github.com/iarna))
+
+#### AND A WHOLE BUNCH OF SUBDEP VERSIONS
+
+These are all development dependencies and semver-compatible subdep
+upgrades, so they should not have visible impact on users.
+
+* [`6b3f6d9`](https://github.com/npm/npm/commit/6b3f6d9) `standard@4.3.3`
+* [`f4e22e5`](https://github.com/npm/npm/commit/f4e22e5) `readable-stream@2.0.2` (inside concat-stream)
+* [`f130bfc`](https://github.com/npm/npm/commit/f130bfc) `minimatch@2.0.10` (inside node-gyp's copy of glob)
+* [`36c6a0d`](https://github.com/npm/npm/commit/36c6a0d) `caseless@0.11.0`
+* [`80df59c`](https://github.com/npm/npm/commit/80df59c) `chalk@1.1.0`
+* [`ea935d9`](https://github.com/npm/npm/commit/ea935d9) `bluebird@2.9.34`
+* [`3588a0c`](https://github.com/npm/npm/commit/3588a0c) `extend@3.0.0`
+* [`c6a8450`](https://github.com/npm/npm/commit/c6a8450) `form-data@1.0.0-rc2`
+* [`a04925b`](https://github.com/npm/npm/commit/a04925b) `har-validator@1.8.0`
+* [`ee7c095`](https://github.com/npm/npm/commit/ee7c095) `has-ansi@2.0.0`
+* [`944fc34`](https://github.com/npm/npm/commit/944fc34) `hawk@3.1.0`
+* [`783dc7b`](https://github.com/npm/npm/commit/783dc7b) `lodash._basecallback@3.3.1`
+* [`acef0fe`](https://github.com/npm/npm/commit/acef0fe) `lodash._baseclone@3.3.0`
+* [`dfe959a`](https://github.com/npm/npm/commit/dfe959a) `lodash._basedifference@3.0.3`
+* [`a03bc76`](https://github.com/npm/npm/commit/a03bc76) `lodash._baseflatten@3.1.4`
+* [`8a07d50`](https://github.com/npm/npm/commit/8a07d50) `lodash._basetostring@3.0.1`
+* [`7785e3f`](https://github.com/npm/npm/commit/7785e3f) `lodash._baseuniq@3.0.3`
+* [`826fb35`](https://github.com/npm/npm/commit/826fb35) `lodash._createcache@3.1.2`
+* [`76030b3`](https://github.com/npm/npm/commit/76030b3) `lodash._createpadding@3.6.1`
+* [`1a49ec6`](https://github.com/npm/npm/commit/1a49ec6) `lodash._getnative@3.9.1`
+* [`eebe47f`](https://github.com/npm/npm/commit/eebe47f) `lodash.isarguments@3.0.4`
+* [`09994d4`](https://github.com/npm/npm/commit/09994d4) `lodash.isarray@3.0.4`
+* [`b6f8dbf`](https://github.com/npm/npm/commit/b6f8dbf) `lodash.keys@3.1.2`
+* [`c67dd6b`](https://github.com/npm/npm/commit/c67dd6b) `lodash.pad@3.1.1`
+* [`4add042`](https://github.com/npm/npm/commit/4add042) `lodash.repeat@3.0.1`
+* [`e04993c`](https://github.com/npm/npm/commit/e04993c) `lru-cache@2.6.5`
+* [`2ed7da4`](https://github.com/npm/npm/commit/2ed7da4) `mime-db@1.15.0`
+* [`ae08244`](https://github.com/npm/npm/commit/ae08244) `mime-types@2.1.3`
+* [`e71410e`](https://github.com/npm/npm/commit/e71410e) `os-homedir@1.0.1`
+* [`67c13e0`](https://github.com/npm/npm/commit/67c13e0) `process-nextick-args@1.0.2`
+* [`12ee041`](https://github.com/npm/npm/commit/12ee041) `qs@4.0.0`
+* [`15564a6`](https://github.com/npm/npm/commit/15564a6) `spdx-license-ids@1.0.2`
+* [`8733bff`](https://github.com/npm/npm/commit/8733bff) `supports-color@2.0.0`
+* [`230943c`](https://github.com/npm/npm/commit/230943c) `tunnel-agent@0.4.1`
+* [`26a4653`](https://github.com/npm/npm/commit/26a4653) `ansi-styles@2.1.0`
+* [`3d27081`](https://github.com/npm/npm/commit/3d27081) `bl@1.0.0`
+* [`9efa110`](https://github.com/npm/npm/commit/9efa110) `async@1.4.0`
+
+#### MERGED FORWARD
+
+* As usual, we've ported all the `npm@2` goodies in this week's
+ [v2.13.3](https://github.com/npm/npm/releases/tag/v2.13.3)
+ release.
+
+### v3.1.3 (2015-07-17):
+
+Rebecca: So Kat, I hear this week's other release uses a dialog between us to
+explain what changed?
+
+Kat: Well, you could say that…
+
+Rebecca: I would! This week I fixed more `npm@3` bugs!
+
+Kat: That sounds familiar.
+
+Rebecca: Eheheheh, well, before we look at those, a word from our sponsor…
+
+#### BETA IS AS BETA DOES
+
+**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
+you can't be excused. `npm@3` will remain in beta until we're confident
+that it's stable and have assessed the effect of the breaking changes on the
+community. During that time we will still be doing `npm@2` releases, with
+`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
+releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`. We need your
+help to find and fix its remaining bugs. It's a significant rewrite, so we
+are _sure_ there still significant bugs remaining. So do us a solid and
+deploy it in non-critical CI environments and for day-to-day use, but maybe
+don't use it for production maintenance or frontline continuous deployment
+just yet.
+
+Rebecca: Ok, enough of the dialoguing, that's Kat's schtick. But do remember
+kids, betas hide in dark hallways waiting to break your stuff, stuff like…
+
+#### SO MANY LINKS YOU COULD MAKE A CHAIN
+
+* [`6d69ec9`](https://github.com/npm/npm/6d69ec9)
+ [#8967](https://github.com/npm/npm/issues/8967)
+ Removing a module linked into your globals would result in having
+ all of its subdeps removed. Since the npm release process does
+ exactly this, it burned me -every- -single- -week-. =D
+ While we're here, we also removed extraneous warns that used to
+ spill out when you'd remove a symlink.
+ ([@iarna](https://github.com/iarna))
+
+* [`fdb360f`](https://github.com/npm/npm/fdb360f)
+ [#8874](https://github.com/npm/npm/issues/8874)
+ Linking scoped modules was failing outright, but this fixes that
+ and updates our tests so we don't do it again.
+ ([@iarna](https://github.com/iarna))
+
+#### WE'LL TRY NOT TO CRACK YOUR WINDOWS
+
+* [`9fafb18`](https://github.com/npm/npm/9fafb18)
+ [#8701](https://github.com/npm/npm/issues/8701)
+ `npm@3` introduced permissions checks that run before it actually tries to
+ do something. This saves you from having an install fail half way
+ through. We did this using the shiny new `fs.access` function available
+ in `node 0.12` and `io.js`, with fallback options for older nodes. Unfortunately
+ the way we implemented the fallback caused racey problems for Windows systems.
+ This fixes that by ensuring we only ever run any one check on a directory once.
+ BUT it turns out there are bugs in `fs.access` on Windows. So this ALSO just disables
+ the use of `fs.access` on Windows entirely until that settles out.
+ ([@iarna](https://github.com/iarna))
+
+#### ZOOM ZOOM, DEP UPDATES
+
+* [`5656baa`](https://github.com/npm/npm/5656baa)
+ `gauge@1.2.2`: Better handle terminal resizes while printing the progress bar
+ ([@iarna](https://github.com/iarna))
+
+#### MERGED FORWARD
+
+* Check out Kat's [super-fresh release notes for v2.13.2](https://github.com/npm/npm/releases/tag/v2.13.2)
+ and see all the changes we ported from `npm@2`.
+
+### v3.1.2
+
+#### SO VERY BETA RELEASE
+
+So, `v3.1.1` managed to actually break installing local modules. And then
+immediately after I drove to an island for the weekend. 😁 So let's get
+this fixed outside the usual release train!
+
+Fortunately it didn't break installing _global_ modules and so you could
+swap it out for another version at least.
+
+#### DISCLAIMER MEANS WHAT IT SAYS
+
+**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
+you can't be excused. `npm@3` will remain in beta until we're confident
+that it's stable and have assessed the effect of the breaking changes on the
+community. During that time we will still be doing `npm@2` releases, with
+`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
+releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`. We need your
+help to find and fix its remaining bugs. It's a significant rewrite, so we
+are _sure_ there still significant bugs remaining. So do us a solid and
+deploy it in non-critical CI environments and for day-to-day use, but maybe
+don't use it for production maintenance or frontline continuous deployment
+just yet.
+
+#### THIS IS IT, THE REASON
+
+* [`f5e19df`](https://github.com/npm/npm/commit/f5e19df)
+ [#8893](https://github.com/npm/npm/issues/8893)
+ Fix crash when installing local modules introduced by the fix for
+ [#8608](https://github.com/npm/npm/issues/8608)
+ ([@iarna](https://github.com/iarna)
+
+### v3.1.1
+
+#### RED EYE RELEASE
+
+Rebecca's up too late writing tests, so you can have `npm@3` bug fixes! Lots
+of great new issues from you all! ❤️️ Keep it up!
+
+#### YUP STILL BETA, PLEASE PAY ATTENTION
+
+**_THIS IS BETA SOFTWARE_**. Yes, we're still reminding you of this. No,
+you can't be excused. `npm@3` will remain in beta until we're confident
+that it's stable and have assessed the effect of the breaking changes on the
+community. During that time we will still be doing `npm@2` releases, with
+`npm@2` tagged as `latest` and `next`. We'll _also_ be publishing new
+releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest` alongside those
+versions until we're ready to switch everyone over to `npm@3`. We need your
+help to find and fix its remaining bugs. It's a significant rewrite, so we
+are _sure_ there still significant bugs remaining. So do us a solid and
+deploy it in non-critical CI environments and for day-to-day use, but maybe
+don't use it for production maintenance or frontline continuous deployment
+just yet.
+
+#### BOOGS
+
+* [`9badfd6`](https://github.com/npm/npm/commit/9babfd63f19f2d80b2d2624e0963b0bdb0d76ef4)
+ [#8608](https://github.com/npm/npm/issues/8608)
+ Make global installs and uninstalls MUCH faster by only reading the directories of
+ modules referred to by arguments.
+ ([@iarna](https://github.com/iarna)
+* [`075a5f0`](https://github.com/npm/npm/commit/075a5f046ab6837f489b08d44cb601e9fdb369b7)
+ [#8660](https://github.com/npm/npm/issues/8660)
+ Failed optional deps would still result in the optional deps own
+ dependencies being installed. We now find them and fail them out of the
+ tree.
+ ([@iarna](https://github.com/iarna)
+* [`c9fbbb5`](https://github.com/npm/npm/commit/c9fbbb540083396ea58fd179d81131d959d8e049)
+ [#8863](https://github.com/npm/npm/issues/8863)
+ The "no compatible version found" error message was including only the
+ version requested, not the name of the package we wanted. Ooops!
+ ([@iarna](https://github.com/iarna)
+* [`32e6bbd`](https://github.com/npm/npm/commit/32e6bbd21744dcbe8c0720ab53f60caa7f2a0588)
+ [#8806](https://github.com/npm/npm/issues/8806)
+ The "uninstall" lifecycle was being run after all of a module's dependencies has been
+ removed. This reverses that order-- this means "uninstall" lifecycles can make use
+ of the package's dependencies.
+ ([@iarna](https://github.com/iarna)
+
+#### MERGED FORWARD
+
+* Check out the [v2.13.1 release notes](https://github.com/npm/npm/releases/tag/v2.13.1)
+ and see all the changes we ported from `npm@2`.
+
+### v3.1.0 (2015-07-02):
+
+This has been a brief week of bug fixes, plus some fun stuff merged forward
+from this weeks 2.x release. See the
+[2.13.0 release notes](https://github.com/npm/npm/releases/tag/v2.13.0)
+for details on that.
+
+You all have been AWESOME with
+[all](https://github.com/npm/npm/milestones/3.x)
+[the](https://github.com/npm/npm/milestones/3.2.0)
+`npm@3` bug reports! Thank you and keep up the great work!
+
+#### NEW PLACE, SAME CODE
+
+Remember how last week we said `npm@3` would go to `3.0-next` and latest
+tags? Yeaaah, no, please use `npm@v3.x-next` and `npm@v3.x-latest` going forward.
+
+I dunno why we said "suuure, we'll never do a feature release till we're out
+of beta" when we're still forward porting `npm@2.x` features. `¯\_(ツ)_/¯`
+
+If you do accidentally use the old tag names, I'll be maintaining them
+for a few releases, but they won't be around forever.
+
+#### YUP STILL BETA, PLEASE PAY ATTENTION
+
+**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
+confident that it's stable and have assessed the effect of the breaking
+changes on the community. During that time we will still be doing `npm@2`
+releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
+publishing new releases of `npm@3` as `npm@v3.x-next` and `npm@v3.x-latest`
+alongside those versions until we're ready to switch everyone over to
+`npm@3`. We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant bugs
+remaining. So do us a solid and deploy it in non-critical CI environments
+and for day-to-day use, but maybe don't use it for production maintenance
+or frontline continuous deployment just yet.
+
+#### BUGS ON THE WINDOWS
+
+ * [`0030ade`](https://github.com/npm/npm/commit/0030ade)
+ [#8685](https://github.com/npm/npm/issues/8685)
+ Windows would hang when trying to clone git repos
+ ([@euprogramador](https://github.com/npm/npm/pull/8777))
+ * [`b259bcc`](https://github.com/npm/npm/commit/b259bcc)
+ [#8786](https://github.com/npm/npm/pull/8786)
+ Windows permissions checks would cause installations to fail under some
+ circumstances. We're disabling the checks entirely for this release.
+ I'm hoping to check back with this next week to get a Windows friendly
+ fix in.
+ ([@iarna](https://github.com/iarna))
+
+#### SO MANY BUGS SQUASHED, JUST CALL US RAID
+
+ * [`0848698`](https://github.com/npm/npm/commit/0848698)
+ [#8686](https://github.com/npm/npm/pull/8686)
+ Stop leaving progress bar cruft on the screen during publication
+ ([@ajcrites](https://github.com/ajcrites))
+ * [`57c3cea`](https://github.com/npm/npm/commit/57c3cea)
+ [#8695](https://github.com/npm/npm/pull/8695)
+ Remote packages with shrinkwraps made npm cause node + iojs to explode
+ and catch fire. NO MORE.
+ ([@iarna](https://github.com/iarna))
+ * [`2875ba3`](https://github.com/npm/npm/commit/2875ba3)
+ [#8723](https://github.com/npm/npm/pull/8723)
+ I uh, told you that engineStrict checking had gone away last week.
+ TURNS OUT I LIED. So this is making that actually be true.
+ ([@iarna](https://github.com/iarna))
+ * [`28064e5`](https://github.com/npm/npm/commit/28064e5)
+ [#3358](https://github.com/npm/npm/issues/3358)
+ Consistently allow Unicode BOMs at the start of package.json files.
+ Previously this was allowed some of time, like when you were installing
+ modules, but not others, like running npm version or installing w/
+ `--save`.
+ ([@iarna](https://github.com/iarna))
+ * [`3cb6ad2`](https://github.com/npm/npm/commit/3cb6ad2)
+ [#8736](https://github.com/npm/npm/issues/8766)
+ `npm@3` wasn't running the "install" lifecycle in your current (toplevel)
+ module. This broke modules that relied on C compilation. BOO.
+ ([@iarna](https://github.com/iarna))
+ * [`68da583`](https://github.com/npm/npm/commit/68da583)
+ [#8766](https://github.com/npm/npm/issues/8766)
+ To my great shame, `npm link package` wasn't working AT ALL if you
+ didn't have `package` already installed.
+ ([@iarna](https://github.com/iarna))
+ * [`edd7448`](https://github.com/npm/npm/commit/edd7448)
+ `read-package-tree@5.0.0`: This update makes read-package-tree not explode
+ when there's bad data in your node_modules folder. `npm@2` silently
+ ignores this sort of thing.
+ ([@iarna](https://github.com/iarna))
+ * [`0bb08c8`](https://github.com/npm/npm/commit/0bb08c8)
+ [#8778](https://github.com/npm/npm/pull/8778)
+ RELATEDLY, we now show any errors from your node_modules folder after
+ your installation completes as warnings. We're also reporting these in
+ `npm ls` now.
+ ([@iarna](https://github.com/iarna))
+ * [`6c248ff`](https://github.com/npm/npm/commit/6c248ff)
+ [#8779](https://github.com/npm/npm/pull/8779)
+ Hey, you know how we used to complain if your `package.json` was
+ missing stuff? Well guess what, we are again. I know, I know, you can
+ thank me later.
+ ([@iarna](https://github.com/iarna))
+ * [`d6f7c98`](https://github.com/npm/npm/commit/d6f7c98)
+ So, when we were rolling back after errors we had untested code that
+ tried to undo moves. Being untested it turns out it was very broken.
+ I've removed it until we have time to do this right.
+ ([@iarna](https://github.com/iarna))
+
+#### NEW VERSION
+
+Just the one. Others came in via the 2.x release. Do check out its
+changelog, immediately following this message.
+
+ * [`4e602c5`](https://github.com/npm/npm/commit/4e602c5) `lodash@3.2.2`
+
+### v3.0.0 (2015-06-25):
+
+Wow, it's finally here! This has been a long time coming. We are all
+delighted and proud to be getting this out into the world, and are looking
+forward to working with the npm user community to get it production-ready
+as quickly as possible.
+
+`npm@3` constitutes a nearly complete rewrite of npm's installer to be
+easier to maintain, and to bring a bunch of valuable new features and
+design improvements to you all.
+
+[@othiym23](https://github.com/othiym23) and
+[@isaacs](https://github.com/isaacs) have been
+[talking about the changes](http://blog.npmjs.org/post/91303926460/npm-cli-roadmap-a-periodic-update)
+in this release for well over a year, and it's been the primary focus of
+[@iarna](https://github.com/iarna) since she joined the team.
+
+Given that this is a near-total rewrite, all changes listed here are
+[@iarna](https://github.com/iarna)'s work unless otherwise specified.
+
+#### NO, REALLY, READ THIS PARAGRAPH. IT'S THE IMPORTANT ONE.
+
+**_THIS IS BETA SOFTWARE_**. `npm@3` will remain in beta until we're
+confident that it's stable and have assessed the effect of the breaking
+changes on the community. During that time we will still be doing `npm@2`
+releases, with `npm@2` tagged as `latest` and `next`. We'll _also_ be
+publishing new releases of `npm@3` as `npm@3.0-next` and `npm@3.0-latest`
+alongside those versions until we're ready to switch everyone over to
+`npm@3`. We need your help to find and fix its remaining bugs. It's a
+significant rewrite, so we are _sure_ there still significant bugs
+remaining. So do us a solid and deploy it in non-critical CI environments
+and for day-to-day use, but maybe don't use it for production maintenance
+or frontline continuous deployment just yet.
+
+#### BREAKING CHANGES
+
+##### `peerDependencies`
+
+`grunt`, `gulp`, and `broccoli` plugin maintainers take note! You will be
+affected by this change!
+
+* [#6930](https://github.com/npm/npm/issues/6930)
+ ([#6565](https://github.com/npm/npm/issues/6565))
+ `peerDependencies` no longer cause _anything_ to be implicitly installed.
+ Instead, npm will now warn if a packages `peerDependencies` are missing,
+ but it's up to the consumer of the module (i.e. you) to ensure the peers
+ get installed / are included in `package.json` as direct `dependencies`
+ or `devDependencies` of your package.
+* [#3803](https://github.com/npm/npm/issues/3803)
+ npm also no longer checks `peerDependencies` until after it has fully
+ resolved the tree.
+
+This shifts the responsibility for fulfilling peer dependencies from library
+/ framework / plugin maintainers to application authors, and is intended to
+get users out of the dependency hell caused by conflicting `peerDependency`
+constraints. npm's job is to keep you _out_ of dependency hell, not put you
+in it.
+
+##### `engineStrict`
+
+* [#6931](https://github.com/npm/npm/issues/6931) The rarely-used
+ `package.json` option `engineStrict` has been deprecated for several
+ months, producing warnings when it was used. Starting with `npm@3`, the
+ value of the field is ignored, and engine violations will only produce
+ warnings. If you, as a user, want strict `engines` field enforcement,
+ just run `npm config set engine-strict true`.
+
+As with the peer dependencies change, this is about shifting control from
+module authors to application authors. It turns out `engineStrict` was very
+difficult to understand even harder to use correctly, and more often than
+not just made modules using it difficult to deploy.
+
+##### `npm view`
+
+* [`77f1aec`](https://github.com/npm/npm/commit/77f1aec) With `npm view` (aka
+ `npm info`), always return arrays for versions, maintainers, etc. Previously
+ npm would return a plain value if there was only one, and multiple values if
+ there were more. ([@KenanY](https://github.com/KenanY))
+
+#### KNOWN BUGS
+
+Again, this is a _**BETA RELEASE**_, so not everything is working just yet.
+Here are the issues that we already know about. If you run into something
+that isn't on this list,
+[let us know](https://github.com/npm/npm/issues/new)!
+
+* [#8575](https://github.com/npm/npm/issues/8575)
+ Circular deps will never be removed by the prune-on-uninstall code.
+* [#8588](https://github.com/npm/npm/issues/8588)
+ Local deps where the dep name and the name in the package.json differ
+ don't result in an error.
+* [#8637](https://github.com/npm/npm/issues/8637)
+ Modules can install themselves as direct dependencies. `npm@2` declined to
+ do this.
+* [#8660](https://github.com/npm/npm/issues/8660)
+ Dependencies of failed optional dependencies aren't rolled back when the
+ optional dependency is, and then are reported as extraneous thereafter.
+
+#### NEW FEATURES
+
+##### The multi-stage installer!
+
+* [#5919](https://github.com/npm/npm/issues/5919)
+ Previously the installer had a set of steps it executed for each package
+ and it would immediately start executing them as soon as it decided to
+ act on a package.
+
+ But now it executes each of those steps at the same time for all
+ packages, waiting for all of one stage to complete before moving on. This
+ eliminates many race conditions and makes the code easier to reason
+ about.
+
+This fixes, for instance:
+
+* [#6926](https://github.com/npm/npm/issues/6926)
+ ([#5001](https://github.com/npm/npm/issues/5001),
+ [#6170](https://github.com/npm/npm/issues/6170))
+ `install` and `postinstall` lifecycle scripts now only execute `after`
+ all the module with the script's dependencies are installed.
+
+##### Install: it looks different!
+
+You'll now get a tree much like the one produced by `npm ls` that
+highlights in orange the packages that were installed. Similarly, any
+removed packages will have their names prefixed by a `-`.
+
+Also, `npm outdated` used to include the name of the module in the
+`Location` field:
+
+```
+Package Current Wanted Latest Location
+deep-equal MISSING 1.0.0 1.0.0 deep-equal
+glob 4.5.3 4.5.3 5.0.10 rimraf > glob
+```
+
+Now it shows the module that required it as the final point in the
+`Location` field:
+
+```
+Package Current Wanted Latest Location
+deep-equal MISSING 1.0.0 1.0.0 npm
+glob 4.5.3 4.5.3 5.0.10 npm > rimraf
+```
+
+Previously the `Location` field was telling you where the module was on
+disk. Now it tells you what requires the module. When more than one thing
+requires the module you'll see it listed once for each thing requiring it.
+
+##### Install: it works different!
+
+* [#6928](https://github.com/npm/npm/issues/6928)
+ ([#2931](https://github.com/npm/npm/issues/2931)
+ [#2950](https://github.com/npm/npm/issues/2950))
+ `npm install` when you have an `npm-shrinkwrap.json` will ensure you have
+ the modules specified in it are installed in exactly the shape specified
+ no matter what you had when you started.
+* [#6913](https://github.com/npm/npm/issues/6913)
+ ([#1341](https://github.com/npm/npm/issues/1341)
+ [#3124](https://github.com/npm/npm/issues/3124)
+ [#4956](https://github.com/npm/npm/issues/4956)
+ [#6349](https://github.com/npm/npm/issues/6349)
+ [#5465](https://github.com/npm/npm/issues/5465))
+ `npm install` when some of your dependencies are missing sub-dependencies
+ will result in those sub-dependencies being installed. That is, `npm
+ install` now knows how to fix broken installs, most of the time.
+* [#5465](https://github.com/npm/npm/issues/5465)
+ If you directly `npm install` a module that's already a subdep of
+ something else and your new version is incompatible, it will now install
+ the previous version nested in the things that need it.
+* [`a2b50cf`](https://github.com/npm/npm/commit/a2b50cf)
+ [#5693](https://github.com/npm/npm/issues/5693)
+ When installing a new module, if it's mentioned in your
+ `npm-shrinkwrap.json` or your `package.json` use the version specifier
+ from there if you didn't specify one yourself.
+
+##### Flat, flat, flat!
+
+Your dependencies will now be installed *maximally flat*. Insofar as is
+possible, all of your dependencies, and their dependencies, and THEIR
+dependencies will be installed in your project's `node_modules` folder with no
+nesting. You'll only see modules nested underneath one another when two (or
+more) modules have conflicting dependencies.
+
+* [#3697](https://github.com/npm/npm/issues/3697)
+ This will hopefully eliminate most cases where Windows users ended up
+ with paths that were too long for Explorer and other standard tools to
+ deal with.
+* [#6912](https://github.com/npm/npm/issues/6912)
+ ([#4761](https://github.com/npm/npm/issues/4761)
+ [#4037](https://github.com/npm/npm/issues/4037))
+ This also means that your installs will be deduped from the start.
+* [#5827](https://github.com/npm/npm/issues/5827)
+ This deduping even extends to git deps.
+* [#6936](https://github.com/npm/npm/issues/6936)
+ ([#5698](https://github.com/npm/npm/issues/5698))
+ Various commands are dedupe aware now.
+
+This has some implications for the behavior of other commands:
+
+* `npm uninstall` removes any dependencies of the module that you specified
+ that aren't required by any other module. Previously, it would only
+ remove those that happened to be installed under it, resulting in left
+ over cruft if you'd ever deduped.
+* `npm ls` now shows you your dependency tree organized around what
+ requires what, rather than where those modules are on disk.
+* [#6937](https://github.com/npm/npm/issues/6937)
+ `npm dedupe` now flattens the tree in addition to deduping.
+
+And bundling of dependencies when packing or publishing changes too:
+
+* [#2442](https://github.com/npm/npm/issues/2442)
+ bundledDependencies no longer requires that you specify deduped sub deps.
+ npm can now see that a dependency is required by something bundled and
+ automatically include it. To put that another way, bundledDependencies
+ should ONLY include things that you included in dependencies,
+ optionalDependencies or devDependencies.
+* [#5437](https://github.com/npm/npm/issues/5437)
+ When bundling a dependency that's both a `devDependency` and the child of
+ a regular `dependency`, npm bundles the child dependency.
+
+As a demonstration of our confidence in our own work, npm's own
+dependencies are now flattened, deduped, and bundled in the `npm@3` style.
+This means that `npm@3` can't be packed or published by `npm@2`, which is
+something to be aware of if you're hacking on npm.
+
+##### Shrinkwraps: they are a-changin'!
+
+First of all, they should be idempotent now
+([#5779](https://github.com/npm/npm/issues/5779)). No more differences
+because the first time you install (without `npm-shrinkwrap.json`) and the
+second time (with `npm-shrinkwrap.json`).
+
+* [#6781](https://github.com/npm/npm/issues/6781)
+ Second, if you save your changes to `package.json` and you have
+ `npm-shrinkwrap.json`, then it will be updated as well. This applies to
+ all of the commands that update your tree:
+ * `npm install --save`
+ * `npm update --save`
+ * `npm dedupe --save` ([#6410](https://github.com/npm/npm/issues/6410))
+ * `npm uninstall --save`
+* [#4944](https://github.com/npm/npm/issues/4944)
+ ([#5161](https://github.com/npm/npm/issues/5161)
+ [#5448](https://github.com/npm/npm/issues/5448))
+ Third, because `node_modules` folders are now deduped and flat,
+ shrinkwrap has to also be smart enough to handle this.
+
+And finally, enjoy this shrinkwrap bug fix:
+
+* [#3675](https://github.com/npm/npm/issues/3675)
+ When shrinkwrapping a dependency that's both a `devDependency` and the
+ child of a regular `dependency`, npm now correctly includes the child.
+
+##### The Age of Progress (Bars)!
+
+* [#6911](https://github.com/npm/npm/issues/6911)
+ ([#1257](https://github.com/npm/npm/issues/1257)
+ [#5340](https://github.com/npm/npm/issues/5340)
+ [#6420](https://github.com/npm/npm/issues/6420))
+ The spinner is gone (yay? boo? will you miss it?), and in its place npm
+ has _progress bars_, so you actually have some sense of how long installs
+ will take. It's provided in Unicode and non-Unicode variants, and Unicode
+ support is automatically detected from your environment.
+
+#### TINY JEWELS
+
+The bottom is where we usually hide the less interesting bits of each
+release, but each of these are small but incredibly useful bits of this
+release, and very much worth checking out:
+
+* [`9ebe312`](https://github.com/npm/npm/commit/9ebe312)
+ Build system maintainers, rejoice: npm does a better job of cleaning up
+ after itself in your temporary folder.
+* [#6942](https://github.com/npm/npm/issues/6942)
+ Check for permissions issues prior to actually trying to install
+ anything.
+* Emit warnings at the end of the installation when possible, so that
+ they'll be on your screen when npm stops.
+* [#3505](https://github.com/npm/npm/issues/3505)
+ `npm --dry-run`: You can now ask that npm only report what it _would have
+ done_ with the new `--dry-run` flag. This can be passed to any of the
+ commands that change your `node_modules` folder: `install`, `uninstall`,
+ `update` and `dedupe`.
+* [`81b46fb`](https://github.com/npm/npm/commit/81b46fb)
+ npm now knows the correct URLs for `npm bugs` and `npm repo` for
+ repositories hosted on Bitbucket and GitLab, just like it does for GitHub
+ (and GitHub support now extends to projects hosted as gists as well as
+ traditional repositories).
+* [`5be4008a`](https://github.com/npm/npm/commit/5be4008a09730cfa3891d9f145e4ec7f2accd144)
+ npm has been cleaned up to pass the [`standard`](http://npm.im/standard)
+ style checker. Forrest and Rebecca both feel this makes it easier to read
+ and understand the code, and should also make it easier for new
+ contributors to put merge-ready patches.
+ ([@othiym23](https://github.com/othiym23))
+
+#### ZARRO BOOGS
+
+* [`6401643`](https://github.com/npm/npm/commit/6401643)
+ Make sure the global install directory exists before installing to it.
+ ([@thefourtheye](https://github.com/thefourtheye))
+* [#6158](https://github.com/npm/npm/issues/6158)
+ When we remove modules we do so inside-out running unbuild for each one.
+* [`960a765`](https://github.com/npm/npm/commit/960a765)
+ The short usage information for each subcommand has been brought in sync
+ with the documentation. ([@smikes](https://github.com/smikes))
diff --git a/deps/npm/doc/cli/npm-adduser.md b/deps/npm/doc/cli/npm-adduser.md
index 9afece598faf95..5a53bdd8e2e2ca 100644
--- a/deps/npm/doc/cli/npm-adduser.md
+++ b/deps/npm/doc/cli/npm-adduser.md
@@ -33,7 +33,8 @@ your existing record.
Default: https://registry.npmjs.org/
The base URL of the npm package registry. If `scope` is also specified,
-this registry will only be used for packages with that scope. See `npm-scope(7)`.
+this registry will only be used for packages with that scope. `scope` defaults
+to the scope of the project directory you're currently in, if any. See `npm-scope(7)`.
### scope
diff --git a/deps/npm/doc/cli/npm-dist-tag.md b/deps/npm/doc/cli/npm-dist-tag.md
index a88fc35a5e8e7a..8b4c170ddebf9e 100644
--- a/deps/npm/doc/cli/npm-dist-tag.md
+++ b/deps/npm/doc/cli/npm-dist-tag.md
@@ -77,7 +77,6 @@ begin with a number or the letter `v`.
## SEE ALSO
-* npm-tag(1)
* npm-publish(1)
* npm-install(1)
* npm-dedupe(1)
diff --git a/deps/npm/doc/cli/npm-install.md b/deps/npm/doc/cli/npm-install.md
index 874ce1c2872e1f..6a37fcc76b8bdf 100644
--- a/deps/npm/doc/cli/npm-install.md
+++ b/deps/npm/doc/cli/npm-install.md
@@ -343,6 +343,10 @@ folder structures that npm creates.
### Limitations of npm's Install Algorithm
+npm will refuse to install any package with an identical name to the
+current package. This can be overridden with the `--force` flag, but in
+most cases can simply be addressed by changing the local package name.
+
There are some very rare and pathological edge-cases where a cycle can
cause npm to try to install a never-ending tree of packages. Here is
the simplest case:
@@ -374,7 +378,7 @@ affects a real use-case, it will be investigated.
* npm-config(7)
* npmrc(5)
* npm-registry(7)
-* npm-tag(1)
+* npm-dist-tag(1)
* npm-uninstall(1)
* npm-shrinkwrap(1)
* package.json(5)
diff --git a/deps/npm/doc/cli/npm-logout.md b/deps/npm/doc/cli/npm-logout.md
index 0841adfbf847f0..fe6e7b990a2893 100644
--- a/deps/npm/doc/cli/npm-logout.md
+++ b/deps/npm/doc/cli/npm-logout.md
@@ -29,7 +29,7 @@ it takes precedence.
### scope
-Default: none
+Default: The scope of your current project, if any, otherwise none.
If specified, you will be logged out of the specified scope. See `npm-scope(7)`.
diff --git a/deps/npm/doc/cli/npm-publish.md b/deps/npm/doc/cli/npm-publish.md
index fa512e1a174dc6..caf1fd24307500 100644
--- a/deps/npm/doc/cli/npm-publish.md
+++ b/deps/npm/doc/cli/npm-publish.md
@@ -59,5 +59,5 @@ packs them into a tarball to be uploaded to the registry.
* npm-adduser(1)
* npm-owner(1)
* npm-deprecate(1)
-* npm-tag(1)
+* npm-dist-tag(1)
* npm-pack(1)
diff --git a/deps/npm/doc/cli/npm-run-script.md b/deps/npm/doc/cli/npm-run-script.md
index fc6b42a4785edc..f1389c21c623fd 100644
--- a/deps/npm/doc/cli/npm-run-script.md
+++ b/deps/npm/doc/cli/npm-run-script.md
@@ -41,8 +41,11 @@ you should write:
instead of `"scripts": {"test": "node_modules/.bin/tap test/\*.js"}` to run your tests.
`npm run` sets the `NODE` environment variable to the `node` executable with
-which `npm` is executed. Also, the directory within which it resides is added to the
-`PATH`, if the `node` executable is not in the `PATH`.
+which `npm` is executed. Also, if the `--scripts-prepend-node-path` is passed,
+the directory within which `node` resides is added to the
+`PATH`. If `--scripts-prepend-node-path=auto` is passed (which has been the
+default in `npm` v3), this is only performed when that `node` executable is
+not found in the `PATH`.
If you try to run a script without having a `node_modules` directory and it fails,
you will be given a warning to run `npm install`, just in case you've forgotten.
diff --git a/deps/npm/doc/cli/npm-search.md b/deps/npm/doc/cli/npm-search.md
index 78967f14eb019f..c1107d79b735b5 100644
--- a/deps/npm/doc/cli/npm-search.md
+++ b/deps/npm/doc/cli/npm-search.md
@@ -3,20 +3,58 @@ npm-search(1) -- Search for packages
## SYNOPSIS
- npm search [-l|--long] [search terms ...]
+ npm search [-l|--long] [--json] [--parseable] [--no-description] [search terms ...]
aliases: s, se, find
## DESCRIPTION
-Search the registry for packages matching the search terms.
+Search the registry for packages matching the search terms. `npm search`
+performs a linear, incremental, lexically-ordered search through package
+metadata for all files in the registry. If color is enabled, it will further
+highlight the matches in the results.
-If a term starts with `/`, then it's interpreted as a regular expression.
-A trailing `/` will be ignored in this case. (Note that many regular
-expression characters must be escaped or quoted in most shells.)
+Additionally, using the `--searchopts` and `--searchexclude` options paired with
+more search terms will respectively include and exclude further patterns. The
+main difference between `--searchopts` and the standard search terms is that the
+former does not highlight results in the output and can be used for more
+fine-grained filtering. Additionally, both of these can be added to `.npmrc` for
+default search filtering behavior.
+
+Search also allows targeting of maintainers in search results, by prefixing
+their npm username with `=`.
+
+If a term starts with `/`, then it's interpreted as a regular expression and
+supports standard JavaScript RegExp syntax. A trailing `/` will be ignored in
+this case. (Note that many regular expression characters must be escaped or
+quoted in most shells.)
+
+### A Note on caching
## CONFIGURATION
+### description
+
+* Default: true
+* Type: Boolean
+
+Used as `--no-description`, disables search matching in package descriptions and
+suppresses display of that field in results.
+
+### json
+
+* Default: false
+* Type: Boolean
+
+Output search results as a JSON array.
+
+### parseable
+
+* Default: false
+* Type: Boolean
+
+Output search results as lines with tab-separated columns.
+
### long
* Default: false
@@ -27,14 +65,37 @@ lines. When disabled (default) search results are truncated to fit
neatly on a single line. Modules with extremely long names will
fall on multiple lines.
+### searchopts
+
+* Default: ""
+* Type: String
+
+Space-separated options that are always passed to search.
+
+### searchexclude
+
+* Default: ""
+* Type: String
+
+Space-separated options that limit the results from search.
+
+### searchstaleness
+
+* Default: 900 (15 minutes)
+* Type: Number
+
+The age of the cache, in seconds, before another registry request is made.
+
### registry
* Default: https://registry.npmjs.org/
- * Type : url
+ * Type: url
-Search the specified registry for modules. If you have configured npm to point to a different default registry,
-such as your internal private module repository, `npm search` will default to that registry when searching.
-Pass a different registry url such as the default above in order to override this setting.
+Search the specified registry for modules. If you have configured npm to point
+to a different default registry, such as your internal private module
+repository, `npm search` will default to that registry when searching. Pass a
+different registry url such as the default above in order to override this
+setting.
## SEE ALSO
diff --git a/deps/npm/doc/cli/npm-shrinkwrap.md b/deps/npm/doc/cli/npm-shrinkwrap.md
index f89c3b8375e690..ae04bd02bbf8a0 100644
--- a/deps/npm/doc/cli/npm-shrinkwrap.md
+++ b/deps/npm/doc/cli/npm-shrinkwrap.md
@@ -158,12 +158,16 @@ wouldn't actually work. Similarly, the command will fail if there are
extraneous packages (not referenced by `package.json`), since that would
indicate that `package.json` is not correct.
-Since `npm shrinkwrap` is intended to lock down your dependencies for
-production use, `devDependencies` will not be included unless you
-explicitly set the `--dev` flag when you run `npm shrinkwrap`. If
-installed `devDependencies` are excluded, then npm will print a
-warning. If you want them to be installed with your module by
-default, please consider adding them to `dependencies` instead.
+Starting with npm v4.0.1, `devDependencies` are included when you run
+`npm shrinkwrap` and follow the usual rules as to when they're installed.
+As of npm v3.10.8, if you run `npm install --only=production` or
+`npm install --production` with a shrinkwrap including your development
+dependencies they won't be installed. Similarly, if the environment
+variable `NODE_ENV` is `production` then they won't be installed. If you
+need compatibility with versions of npm prior to v3.10.8 or otherwise
+don't want them in your shrinkwrap you can exclude development
+dependencies with:
+`npm shrinkwrap --only=prod` or `npm shrinkwrap --production`.
If shrinkwrapped package A depends on shrinkwrapped package B, B's
shrinkwrap will not be used as part of the installation of A. However,
diff --git a/deps/npm/doc/cli/npm-tag.md b/deps/npm/doc/cli/npm-tag.md
deleted file mode 100644
index 88689d59d38b03..00000000000000
--- a/deps/npm/doc/cli/npm-tag.md
+++ /dev/null
@@ -1,61 +0,0 @@
-npm-tag(1) -- Tag a published version
-=====================================
-
-## SYNOPSIS
-
- [DEPRECATED] npm tag @ []
- See `dist-tag`
-
-## DESCRIPTION
-
-THIS COMMAND IS DEPRECATED. See npm-dist-tag(1) for details.
-
-Tags the specified version of the package with the specified tag, or the
-`--tag` config if not specified.
-
-A tag can be used when installing packages as a reference to a version instead
-of using a specific version number:
-
- npm install @
-
-When installing dependencies, a preferred tagged version may be specified:
-
- npm install --tag
-
-This also applies to `npm dedupe`.
-
-Publishing a package always sets the "latest" tag to the published version.
-
-## PURPOSE
-
-Tags can be used to provide an alias instead of version numbers. For
-example, `npm` currently uses the tag "next" to identify the upcoming
-version, and the tag "latest" to identify the current version.
-
-A project might choose to have multiple streams of development, e.g.,
-"stable", "canary".
-
-## CAVEATS
-
-Tags must share a namespace with version numbers, because they are
-specified in the same slot: `npm install @` vs `npm
-install @`.
-
-Tags that can be interpreted as valid semver ranges will be
-rejected. For example, `v1.4` cannot be used as a tag, because it is
-interpreted by semver as `>=1.4.0 <1.5.0`. See
-.
-
-The simplest way to avoid semver problems with tags is to use tags
-that do not begin with a number or the letter `v`.
-
-## SEE ALSO
-
-* npm-publish(1)
-* npm-install(1)
-* npm-dedupe(1)
-* npm-registry(7)
-* npm-config(1)
-* npm-config(7)
-* npm-dist-tag(1)
-* npmrc(5)
diff --git a/deps/npm/doc/cli/npm-test.md b/deps/npm/doc/cli/npm-test.md
index fe746cc73f17ff..8a379e2efd0988 100644
--- a/deps/npm/doc/cli/npm-test.md
+++ b/deps/npm/doc/cli/npm-test.md
@@ -11,9 +11,6 @@ npm-test(1) -- Test a package
This runs a package's "test" script, if one was provided.
-To run tests as a condition of installation, set the `npat` config to
-true.
-
## SEE ALSO
* npm-run-script(1)
diff --git a/deps/npm/doc/cli/npm-version.md b/deps/npm/doc/cli/npm-version.md
index 2932516bb62140..c00918ddc362d4 100644
--- a/deps/npm/doc/cli/npm-version.md
+++ b/deps/npm/doc/cli/npm-version.md
@@ -85,6 +85,15 @@ and tag up to the server, and deletes the `build/temp` directory.
Commit and tag the version change.
+### sign-git-tag
+
+* Default: false
+* Type: Boolean
+
+Pass the `-s` flag to git to sign the tag.
+
+Note that you must have a default GPG key set up in your git config for this to work properly.
+
## SEE ALSO
* npm-init(1)
diff --git a/deps/npm/doc/files/npmrc.md b/deps/npm/doc/files/npmrc.md
index 011c703be3bd3d..0980c1090ad4c8 100644
--- a/deps/npm/doc/files/npmrc.md
+++ b/deps/npm/doc/files/npmrc.md
@@ -36,11 +36,6 @@ example:
key[] = "first value"
key[] = "second value"
-**NOTE:** Because local (per-project or per-user) `.npmrc` files can contain
-sensitive credentials, they must be readable and writable _only_ by your user
-account (i.e. must have a mode of `0600`), otherwise they _will be ignored by
-npm!_
-
#### Comments
Lines in `.npmrc` files are interpreted as comments when they begin with a `;` or `#` character. `.npmrc` files are parsed by [npm/ini](https://github.com/npm/ini), which specifies this comment syntax.
diff --git a/deps/npm/doc/files/package.json.md b/deps/npm/doc/files/package.json.md
index 4d853850070872..37e7688c5f051a 100644
--- a/deps/npm/doc/files/package.json.md
+++ b/deps/npm/doc/files/package.json.md
@@ -420,7 +420,7 @@ See semver(7) for more details about specifying version ranges.
* `range1 || range2` Passes if either range1 or range2 are satisfied.
* `git...` See 'Git URLs as Dependencies' below
* `user/repo` See 'GitHub URLs' below
-* `tag` A specific version tagged and published as `tag` See `npm-tag(1)`
+* `tag` A specific version tagged and published as `tag` See `npm-dist-tag(1)`
* `path/path/path` See [Local Paths](#local-paths) below
For example, these are all valid:
@@ -471,8 +471,8 @@ included. For example:
"name": "foo",
"version": "0.0.0",
"dependencies": {
- "express": "visionmedia/express",
- "mocha": "visionmedia/mocha#4727d357ea",
+ "express": "expressjs/express",
+ "mocha": "mochajs/mocha#4727d357ea",
"module": "user/repo#feature\/branch"
}
}
@@ -517,7 +517,7 @@ from the root of a package, and can be managed like any other npm
configuration param. See `npm-config(7)` for more on the topic.
For build steps that are not platform-specific, such as compiling
-CoffeeScript or other languages to JavaScript, use the `prepublish`
+CoffeeScript or other languages to JavaScript, use the `prepare`
script to do this, and make the required package a devDependency.
For example:
@@ -529,12 +529,12 @@ For example:
"coffee-script": "~1.6.3"
},
"scripts": {
- "prepublish": "coffee -o lib/ -c src/waza.coffee"
+ "prepare": "coffee -o lib/ -c src/waza.coffee"
},
"main": "lib/waza.js"
}
-The `prepublish` script will be run before publishing, so that users
+The `prepare` script will be run before publishing, so that users
can consume the functionality without requiring them to compile it
themselves. In dev mode (ie, locally running `npm install`), it'll
run this script as well, so that you can test it easily.
diff --git a/deps/npm/doc/misc/npm-config.md b/deps/npm/doc/misc/npm-config.md
index 76d1ee489caff5..26f7d3c61f92dc 100644
--- a/deps/npm/doc/misc/npm-config.md
+++ b/deps/npm/doc/misc/npm-config.md
@@ -20,7 +20,10 @@ interpreted as a configuration parameter. For example, putting
configuration parameter to `bar`. Any environment configurations that
are not given a value will be given the value of `true`. Config
values are case-insensitive, so `NPM_CONFIG_FOO=bar` will work the
-same.
+same. However, please note that inside [npm-scripts](/misc/scripts)
+npm will set it's own environment variables and Node will prefer
+those lowercase versions over any uppercase ones that you might set.
+For details see [this issue](https://github.com/npm/npm/issues/14528).
### npmrc Files
@@ -280,9 +283,6 @@ Show the description in `npm search`
Install `dev-dependencies` along with packages.
-Note that `dev-dependencies` are also installed if the `npat` flag is
-set.
-
### dry-run
* Default: false
@@ -499,9 +499,9 @@ version number, if not already set in package.json.
Whether or not to output JSON data, rather than the normal output.
-This feature is currently experimental, and the output data structures
-for many commands is either not implemented in JSON yet, or subject to
-change. Only the output from `npm ls --json` is currently valid.
+This feature is currently experimental, and the output data structures for many
+commands is either not implemented in JSON yet, or subject to change. Only the
+output from `npm ls --json` and `npm search --json` are currently valid.
### key
@@ -607,13 +607,6 @@ Any "%s" in the message will be replaced with the version number.
The node version to use when checking a package's `engines` map.
-### npat
-
-* Default: false
-* Type: Boolean
-
-Run tests on installation.
-
### onload-script
* Default: false
@@ -655,7 +648,7 @@ process is not aborted.
* Type: Boolean
Output parseable results from commands that write to
-standard output.
+standard output. For `npm search`, this will be tab-separated table format.
### prefix
@@ -801,7 +794,7 @@ patch upgrades.
### scope
-* Default: ""
+* Default: the scope of the current project, if any, or ""
* Type: String
Associate an operation with a scope for a scoped registry. Useful when logging
@@ -810,12 +803,25 @@ in to a private registry for the first time:
will cause `@organization` to be mapped to the registry for future installation
of packages specified according to the pattern `@organization/package`.
-### searchopts
+### scripts-prepend-node-path
-* Default: ""
-* Type: String
+* Default: "warn-only"
+* Type: Boolean, `"auto"` or `"warn-only"`
-Space-separated options that are always passed to search.
+If set to `true`, add the directory in which the current `node` executable
+resides to the `PATH` environment variable when running scripts,
+even if that means that `npm` will invoke a different `node` executable than
+the one which it is running.
+
+If set to `false`, never modify `PATH` with that.
+
+If set to `"warn-only"`, never modify `PATH` but print a warning if `npm` thinks
+that you may want to run it with `true`, e.g. because the `node` executable
+in the `PATH` is not the one `npm` was invoked with.
+
+If set to `auto`, only add that directory to the `PATH` environment variable
+if the `node` executable with which `npm` was invoked and the one that is found
+first on the `PATH` are different.
### searchexclude
@@ -824,15 +830,19 @@ Space-separated options that are always passed to search.
Space-separated options that limit the results from search.
-### searchsort
+### searchopts
-* Default: "name"
+* Default: ""
* Type: String
-* Values: "name", "-name", "date", "-date", "description",
- "-description", "keywords", "-keywords"
-Indication of which field to sort search results by. Prefix with a `-`
-character to indicate reverse sort.
+Space-separated options that are always passed to search.
+
+### searchstaleness
+
+* Default: 900 (15 minutes)
+* Type: Number
+
+The age of the cache, in seconds, before another registry request is made.
### shell
diff --git a/deps/npm/doc/misc/npm-disputes.md b/deps/npm/doc/misc/npm-disputes.md
index 9fb1eaab452f26..47644888d9f9ec 100644
--- a/deps/npm/doc/misc/npm-disputes.md
+++ b/deps/npm/doc/misc/npm-disputes.md
@@ -1,7 +1,16 @@
npm-disputes(7) -- Handling Module Name Disputes
================================================
-## SYNOPSIS
+This document describes the steps that you should take to resolve module name
+disputes with other npm publishers. It also describes special steps you should
+take about names you think infringe your trademarks.
+
+This document is a clarification of the acceptable behavior outlined in the
+[npm Code of Conduct](https://www.npmjs.com/policies/conduct), and nothing in
+this document should be interpreted to contradict any aspect of the npm Code of
+Conduct.
+
+## TL;DR
1. Get the author email with `npm owner ls `
2. Email the author, CC
@@ -11,87 +20,109 @@ Don't squat on package names. Publish code or move out of the way.
## DESCRIPTION
-There sometimes arise cases where a user publishes a module, and then
-later, some other user wants to use that name. Here are some common
-ways that happens (each of these is based on actual events.)
-
-1. Joe writes a JavaScript module `foo`, which is not node-specific.
- Joe doesn't use node at all. Bob wants to use `foo` in node, so he
- wraps it in an npm module. Some time later, Joe starts using node,
- and wants to take over management of his program.
-2. Bob writes an npm module `foo`, and publishes it. Perhaps much
- later, Joe finds a bug in `foo`, and fixes it. He sends a pull
- request to Bob, but Bob doesn't have the time to deal with it,
- because he has a new job and a new baby and is focused on his new
- erlang project, and kind of not involved with node any more. Joe
- would like to publish a new `foo`, but can't, because the name is
- taken.
-3. Bob writes a 10-line flow-control library, and calls it `foo`, and
- publishes it to the npm registry. Being a simple little thing, it
- never really has to be updated. Joe works for Foo Inc, the makers
- of the critically acclaimed and widely-marketed `foo` JavaScript
- toolkit framework. They publish it to npm as `foojs`, but people are
- routinely confused when `npm install foo` is some different thing.
-4. Bob writes a parser for the widely-known `foo` file format, because
- he needs it for work. Then, he gets a new job, and never updates the
- prototype. Later on, Joe writes a much more complete `foo` parser,
- but can't publish, because Bob's `foo` is in the way.
-
-The validity of Joe's claim in each situation can be debated. However,
-Joe's appropriate course of action in each case is the same.
-
-1. `npm owner ls foo`. This will tell Joe the email address of the
- owner (Bob).
-2. Joe emails Bob, explaining the situation **as respectfully as
- possible**, and what he would like to do with the module name. He
- adds the npm support staff to the CC list of
- the email. Mention in the email that Bob can run `npm owner add
- joe foo` to add Joe as an owner of the `foo` package.
-3. After a reasonable amount of time, if Bob has not responded, or if
- Bob and Joe can't come to any sort of resolution, email support
- and we'll sort it out. ("Reasonable" is
- usually at least 4 weeks, but extra time is allowed around common
- holidays.)
+There sometimes arise cases where a user publishes a module, and then later,
+some other user wants to use that name. Here are some common ways that happens
+(each of these is based on actual events.)
+
+1. Alice writes a JavaScript module `foo`, which is not node-specific. Alice
+ doesn't use node at all. Yusuf wants to use `foo` in node, so he wraps it in
+ an npm module. Some time later, Alice starts using node, and wants to take
+ over management of her program.
+2. Yusuf writes an npm module `foo`, and publishes it. Perhaps much later, Alice
+ finds a bug in `foo`, and fixes it. She sends a pull request to Yusuf, but
+ Yusuf doesn't have the time to deal with it, because he has a new job and a
+ new baby and is focused on his new Erlang project, and kind of not involved
+ with node any more. Alice would like to publish a new `foo`, but can't,
+ because the name is taken.
+3. Yusuf writes a 10-line flow-control library, and calls it `foo`, and
+ publishes it to the npm registry. Being a simple little thing, it never
+ really has to be updated. Alice works for Foo Inc, the makers of the
+ critically acclaimed and widely-marketed `foo` JavaScript toolkit framework.
+ They publish it to npm as `foojs`, but people are routinely confused when
+ `npm install `foo`` is some different thing.
+4. Yusuf writes a parser for the widely-known `foo` file format, because he
+ needs it for work. Then, he gets a new job, and never updates the prototype.
+ Later on, Alice writes a much more complete `foo` parser, but can't publish,
+ because Yusuf's `foo` is in the way.
+
+1. `npm owner ls foo`. This will tell Alice the email address of the owner
+ (Yusuf).
+2. Alice emails Yusuf, explaining the situation **as respectfully as possible**,
+ and what she would like to do with the module name. She adds the npm support
+ staff to the CC list of the email. Mention in the email
+ that Yusuf can run npm owner `add alice foo` to add Alice as an owner of the
+ foo package.
+3. After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
+ and Alice can't come to any sort of resolution, email support
+ and we'll sort it out. ("Reasonable" is usually at least
+ 4 weeks.)
## REASONING
-In almost every case so far, the parties involved have been able to reach
-an amicable resolution without any major intervention. Most people
-really do want to be reasonable, and are probably not even aware that
-they're in your way.
+In almost every case so far, the parties involved have been able to reach an
+amicable resolution without any major intervention. Most people really do want
+to be reasonable, and are probably not even aware that they're in your way.
-Module ecosystems are most vibrant and powerful when they are as
-self-directed as possible. If an admin one day deletes something you
-had worked on, then that is going to make most people quite upset,
-regardless of the justification. When humans solve their problems by
-talking to other humans with respect, everyone has the chance to end up
-feeling good about the interaction.
+Module ecosystems are most vibrant and powerful when they are as self-directed
+as possible. If an admin one day deletes something you had worked on, then that
+is going to make most people quite upset, regardless of the justification. When
+humans solve their problems by talking to other humans with respect, everyone
+has the chance to end up feeling good about the interaction.
## EXCEPTIONS
-Some things are not allowed, and will be removed without discussion if
-they are brought to the attention of the npm registry admins, including
-but not limited to:
+Some things are not allowed, and will be removed without discussion if they are
+brought to the attention of the npm registry admins, including but not limited
+to:
-1. Malware (that is, a package designed to exploit or harm the machine on
- which it is installed).
-2. Violations of copyright or licenses (for example, cloning an
- MIT-licensed program, and then removing or changing the copyright and
- license statement).
+1. Malware (that is, a package designed to exploit or harm the machine on which
+ it is installed).
+2. Violations of copyright or licenses (for example, cloning an MIT-licensed
+ program, and then removing or changing the copyright and license statement).
3. Illegal content.
-4. "Squatting" on a package name that you *plan* to use, but aren't
- actually using. Sorry, I don't care how great the name is, or how
- perfect a fit it is for the thing that someday might happen. If
- someone wants to use it today, and you're just taking up space with
- an empty tarball, you're going to be evicted.
-5. Putting empty packages in the registry. Packages must have SOME
- functionality. It can be silly, but it can't be *nothing*. (See
- also: squatting.)
-6. Doing weird things with the registry, like using it as your own
- personal application database or otherwise putting non-packagey
- things into it.
-
-If you see bad behavior like this, please report it right away.
+4. "Squatting" on a package name that you plan to use, but aren't actually
+ using. Sorry, I don't care how great the name is, or how perfect a fit it is
+ for the thing that someday might happen. If someone wants to use it today,
+ and you're just taking up space with an empty tarball, you're going to be
+ evicted.
+5. Putting empty packages in the registry. Packages must have SOME
+ functionality. It can be silly, but it can't be nothing. (See also:
+ squatting.)
+6. Doing weird things with the registry, like using it as your own personal
+ application database or otherwise putting non-packagey things into it.
+7. Other things forbidden by the npm
+ [Code of Conduct](https://www.npmjs.com/policies/conduct) such as hateful
+ language, pornographic content, or harassment.
+
+If you see bad behavior like this, please report it to right
+away. **You are never expected to resolve abusive behavior on your own. We are
+here to help.**
+
+## TRADEMARKS
+
+If you think another npm publisher is infringing your trademark, such as by
+using a confusingly similar package name, email with a link to
+the package or user account on [https://npmjs.com](https://npmjs.com). Attach a
+copy of your trademark registration certificate.
+
+If we see that the package's publisher is intentionally misleading others by
+misusing your registered mark without permission, we will transfer the package
+name to you. Otherwise, we will contact the package publisher and ask them to
+clear up any confusion with changes to their package's `README` file or
+metadata.
+
+## CHANGES
+
+This is a living document and may be updated from time to time. Please refer to
+the [git history for this document](https://github.com/npm/npm/commits/master/doc/misc/npm-disputes.md)
+to view the changes.
+
+## LICENSE
+
+Copyright (C) npm, Inc., All rights reserved
+
+This document may be reused under a Creative Commons Attribution-ShareAlike
+License.
## SEE ALSO
diff --git a/deps/npm/doc/misc/npm-index.md b/deps/npm/doc/misc/npm-index.md
index 7df6cc2c362fbc..775558f4a8c60c 100644
--- a/deps/npm/doc/misc/npm-index.md
+++ b/deps/npm/doc/misc/npm-index.md
@@ -177,10 +177,6 @@ Start a package
Stop a package
-### npm-tag(1)
-
-Tag a published version
-
### npm-team(1)
Manage organization teams and team memberships
diff --git a/deps/npm/doc/misc/npm-registry.md b/deps/npm/doc/misc/npm-registry.md
index becffa2f6ebda4..17d0d4acfa9469 100644
--- a/deps/npm/doc/misc/npm-registry.md
+++ b/deps/npm/doc/misc/npm-registry.md
@@ -21,6 +21,29 @@ The registry URL used is determined by the scope of the package (see
supplied by the `registry` config parameter. See `npm-config(1)`,
`npmrc(5)`, and `npm-config(7)` for more on managing npm's configuration.
+## Does npm send any information about me back to the registry?
+
+Yes.
+
+When making requests of the registry npm adds two headers with information
+about your environment:
+
+* `Npm-Scope` – If your project is scoped, this header will contain its
+ scope. In the future npm hopes to build registry features that use this
+ information to allow you to customize your experience for your
+ organization.
+* `Npm-In-CI` – Set to "true" if npm believes this install is running in a
+ continous integration environment, "false" otherwise. This is detected by
+ looking for the following environment variables: `CI`, `TDDIUM`,
+ `JENKINS_URL`, `bamboo.buildKey`. If you'd like to learn more you may find
+ the [original PR](https://github.com/npm/npm-registry-client/pull/129)
+ interesting.
+ This is used to gather better metrics on how npm is used by humans, versus
+ build farms.
+
+The npm registry does not to correlate the information in these headers with
+any authenticated accounts that may be used in the same requests.
+
## Can I run my own private registry?
Yes!
diff --git a/deps/npm/doc/misc/npm-scripts.md b/deps/npm/doc/misc/npm-scripts.md
index 241815fcd41838..3f048716de693b 100644
--- a/deps/npm/doc/misc/npm-scripts.md
+++ b/deps/npm/doc/misc/npm-scripts.md
@@ -8,7 +8,13 @@ following scripts:
* prepublish:
Run BEFORE the package is published. (Also run on local `npm
- install` without any arguments.)
+ install` without any arguments. See below.)
+* prepare:
+ Run both BEFORE the package is published, and on local `npm
+ install` without any arguments. (See below.) This is run
+ AFTER `prepublish`, but BEFORE `prepublishOnly`.
+* prepublishOnly:
+ Run BEFORE the package is published. (See below.)
* publish, postpublish:
Run AFTER the package is published.
* preinstall:
@@ -43,7 +49,30 @@ names will be run for those as well (e.g. `premyscript`, `myscript`,
`postmyscript`). Scripts from dependencies can be run with `npm explore
-- npm run `.
-## COMMON USES
+## PREPUBLISH AND PREPARE
+
+### DEPRECATION NOTE
+
+Since `npm@1.1.71`, the npm CLI has run the `prepublish` script for both `npm
+publish` and `npm install`, because it's a convenient way to prepare a package
+for use (some common use cases are described in the section below). It has
+also turned out to be, in practice, [very
+confusing](https://github.com/npm/npm/issues/10074). As of `npm@4.0.0`, a new
+event has been introduced, `prepare`, that preserves this existing behavior. A
+_new_ event, `prepublishOnly` has been added as a transitional strategy to
+allow users to avoid the confusing behavior of existing npm versions and only
+run on `npm publish` (for instance, running the tests one last time to ensure
+they're in good shape).
+
+**IMPORTANT:** As of `npm@5`, `prepublish` will _only_ be run for `npm
+publish`. This will make its behavior identical to `prepublishOnly`, so
+`npm@6` or later may drop support for the use of `prepublishOnly`, and then
+maybe we can all forget this embarrassing thing ever happened.
+
+See for a much lengthier
+justification, with further reading, for this change.
+
+### USE CASES
If you need to perform operations on your package before it is used, in a way
that is not dependent on the operating system or architecture of the
diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html
index 4aa3cc5e4798ca..0d97ebb0153119 100644
--- a/deps/npm/html/doc/README.html
+++ b/deps/npm/html/doc/README.html
@@ -10,7 +10,7 @@
The base URL of the npm package registry. If scope is also specified,
-this registry will only be used for packages with that scope. See npm-scope(7).
+this registry will only be used for packages with that scope. scope defaults
+to the scope of the project directory you're currently in, if any. See npm-scope(7).
scope
Default: none
If specified, the user and login credentials given will be associated
@@ -72,5 +73,5 @@
See npm-folders(5) for a more detailed description of the specific
folder structures that npm creates.
Limitations of npm's Install Algorithm
+
npm will refuse to install any package with an identical name to the
+current package. This can be overridden with the --force flag, but in
+most cases can simply be addressed by changing the local package name.
There are some very rare and pathological edge-cases where a cycle can
cause npm to try to install a never-ending tree of packages. Here is
the simplest case:
limit the results to only the paths to the packages named. Note that
nested packages will also show the paths to the specified packages.
For example, running npm ls promzard in npm's source tree will show:
-
instead of "scripts": {"test": "node_modules/.bin/tap test/\*.js"} to run your tests.
npm run sets the NODE environment variable to the node executable with
-which npm is executed. Also, the directory within which it resides is added to the
-PATH, if the node executable is not in the PATH.
+which npm is executed. Also, if the --scripts-prepend-node-path is passed,
+the directory within which node resides is added to the
+PATH. If --scripts-prepend-node-path=auto is passed (which has been the
+default in npm v3), this is only performed when that node executable is
+not found in the PATH.
If you try to run a script without having a node_modules directory and it fails,
you will be given a warning to run npm install, just in case you've forgotten.
Search the registry for packages matching the search terms.
-
If a term starts with /, then it's interpreted as a regular expression.
-A trailing / will be ignored in this case. (Note that many regular
-expression characters must be escaped or quoted in most shells.)
+
Search the registry for packages matching the search terms. npm search
+performs a linear, incremental, lexically-ordered search through package
+metadata for all files in the registry. If color is enabled, it will further
+highlight the matches in the results.
+
Additionally, using the --searchopts and --searchexclude options paired with
+more search terms will respectively include and exclude further patterns. The
+main difference between --searchopts and the standard search terms is that the
+former does not highlight results in the output and can be used for more
+fine-grained filtering. Additionally, both of these can be added to .npmrc for
+default search filtering behavior.
+
Search also allows targeting of maintainers in search results, by prefixing
+their npm username with =.
+
If a term starts with /, then it's interpreted as a regular expression and
+supports standard JavaScript RegExp syntax. A trailing / will be ignored in
+this case. (Note that many regular expression characters must be escaped or
+quoted in most shells.)
+
A Note on caching
CONFIGURATION
+
description
+
+
Default: true
+
Type: Boolean
+
+
Used as --no-description, disables search matching in package descriptions and
+suppresses display of that field in results.
+
json
+
+
Default: false
+
Type: Boolean
+
+
Output search results as a JSON array.
+
parseable
+
+
Default: false
+
Type: Boolean
+
+
Output search results as lines with tab-separated columns.
long
Default: false
@@ -29,14 +61,34 @@
long
lines. When disabled (default) search results are truncated to fit
neatly on a single line. Modules with extremely long names will
fall on multiple lines.
+
searchopts
+
+
Default: ""
+
Type: String
+
+
Space-separated options that are always passed to search.
+
searchexclude
+
+
Default: ""
+
Type: String
+
+
Space-separated options that limit the results from search.
+
searchstaleness
+
+
Default: 900 (15 minutes)
+
Type: Number
+
+
The age of the cache, in seconds, before another registry request is made.
Search the specified registry for modules. If you have configured npm to point to a different default registry,
-such as your internal private module repository, npm search will default to that registry when searching.
-Pass a different registry url such as the default above in order to override this setting.
+
Search the specified registry for modules. If you have configured npm to point
+to a different default registry, such as your internal private module
+repository, npm search will default to that registry when searching. Pass a
+different registry url such as the default above in order to override this
+setting.
wouldn't actually work. Similarly, the command will fail if there are
extraneous packages (not referenced by package.json), since that would
indicate that package.json is not correct.
-
Since npm shrinkwrap is intended to lock down your dependencies for
-production use, devDependencies will not be included unless you
-explicitly set the --dev flag when you run npm shrinkwrap. If
-installed devDependencies are excluded, then npm will print a
-warning. If you want them to be installed with your module by
-default, please consider adding them to dependencies instead.
+
Starting with npm v4.0.1, devDependencies are included when you run
+npm shrinkwrap and follow the usual rules as to when they're installed.
+As of npm v3.10.8, if you run npm install --only=production or
+npm install --production with a shrinkwrap including your development
+dependencies they won't be installed. Similarly, if the environment
+variable NODE_ENV is production then they won't be installed. If you
+need compatibility with versions of npm prior to v3.10.8 or otherwise
+don't want them in your shrinkwrap you can exclude development
+dependencies with:
+npm shrinkwrap --only=prod or npm shrinkwrap --production.
If shrinkwrapped package A depends on shrinkwrapped package B, B's
shrinkwrap will not be used as part of the installation of A. However,
because A's shrinkwrap is constructed from a valid installation of B
@@ -176,5 +180,5 @@
[DEPRECATED] npm tag <name>@<version> [<tag>]
-See `dist-tag`
-
DESCRIPTION
-
THIS COMMAND IS DEPRECATED. See npm-dist-tag(1) for details.
-
Tags the specified version of the package with the specified tag, or the
---tag config if not specified.
-
A tag can be used when installing packages as a reference to a version instead
-of using a specific version number:
-
npm install <name>@<tag>
-
When installing dependencies, a preferred tagged version may be specified:
-
npm install --tag <tag>
-
This also applies to npm dedupe.
-
Publishing a package always sets the "latest" tag to the published version.
-
PURPOSE
-
Tags can be used to provide an alias instead of version numbers. For
-example, npm currently uses the tag "next" to identify the upcoming
-version, and the tag "latest" to identify the current version.
-
A project might choose to have multiple streams of development, e.g.,
-"stable", "canary".
-
CAVEATS
-
Tags must share a namespace with version numbers, because they are
-specified in the same slot: npm install <pkg>@<version> vs npm
-install <pkg>@<tag>.
-
Tags that can be interpreted as valid semver ranges will be
-rejected. For example, v1.4 cannot be used as a tag, because it is
-interpreted by semver as >=1.4.0 <1.5.0. See
-https://github.com/npm/npm/issues/6082.
-
The simplest way to avoid semver problems with tags is to use tags
-that do not begin with a number or the letter v.
npm is the package manager for the Node JavaScript platform. It puts
modules in place so that node can find them, and manages dependency
@@ -126,7 +126,7 @@
from the root of a package, and can be managed like any other npm
configuration param. See npm-config(7) for more on the topic.
For build steps that are not platform-specific, such as compiling
-CoffeeScript or other languages to JavaScript, use the prepublish
+CoffeeScript or other languages to JavaScript, use the prepare
script to do this, and make the required package a devDependency.
The prepublish script will be run before publishing, so that users
+
The prepare script will be run before publishing, so that users
can consume the functionality without requiring them to compile it
themselves. In dev mode (ie, locally running npm install), it'll
run this script as well, so that you can test it easily.
NOTE: Because local (per-project or per-user) .npmrc files can contain
-sensitive credentials, they must be readable and writable only by your user
-account (i.e. must have a mode of 0600), otherwise they will be ignored by
-npm!
-
Comments
+
Comments
Lines in .npmrc files are interpreted as comments when they begin with a ; or # character. .npmrc files are parsed by npm/ini, which specifies this comment syntax.
from the root of a package, and can be managed like any other npm
configuration param. See npm-config(7) for more on the topic.
For build steps that are not platform-specific, such as compiling
-CoffeeScript or other languages to JavaScript, use the prepublish
+CoffeeScript or other languages to JavaScript, use the prepare
script to do this, and make the required package a devDependency.
The prepublish script will be run before publishing, so that users
+
The prepare script will be run before publishing, so that users
can consume the functionality without requiring them to compile it
themselves. In dev mode (ie, locally running npm install), it'll
run this script as well, so that you can test it easily.
configuration parameter to bar. Any environment configurations that
are not given a value will be given the value of true. Config
values are case-insensitive, so NPM_CONFIG_FOO=bar will work the
-same.
+same. However, please note that inside npm-scripts
+npm will set it's own environment variables and Node will prefer
+those lowercase versions over any uppercase ones that you might set.
+For details see this issue.
npmrc Files
The four relevant files are:
@@ -236,8 +239,6 @@
dev
Type: Boolean
Install dev-dependencies along with packages.
-
Note that dev-dependencies are also installed if the npat flag is
-set.
dry-run
Default: false
@@ -431,9 +432,9 @@
json
Type: Boolean
Whether or not to output JSON data, rather than the normal output.
-
This feature is currently experimental, and the output data structures
-for many commands is either not implemented in JSON yet, or subject to
-change. Only the output from npm ls --json is currently valid.
+
This feature is currently experimental, and the output data structures for many
+commands is either not implemented in JSON yet, or subject to change. Only the
+output from npm ls --json and npm search --json are currently valid.
key
Default: null
@@ -522,12 +523,6 @@
node-version
Type: semver or false
The node version to use when checking a package's engines map.
-
npat
-
-
Default: false
-
Type: Boolean
-
-
Run tests on installation.
onload-script
Default: false
@@ -563,7 +558,7 @@
parseable
Type: Boolean
Output parseable results from commands that write to
-standard output.
+standard output. For npm search, this will be tab-separated table format.
Default: the scope of the current project, if any, or ""
Type: String
Associate an operation with a scope for a scoped registry. Useful when logging
@@ -693,27 +688,40 @@
scope
npm login --scope=@organization --registry=registry.organization.com, which
will cause @organization to be mapped to the registry for future installation
of packages specified according to the pattern @organization/package.
-
searchopts
+
scripts-prepend-node-path
+
+
Default: "warn-only"
+
Type: Boolean, "auto" or "warn-only"
+
+
If set to true, add the directory in which the current node executable
+resides to the PATH environment variable when running scripts,
+even if that means that npm will invoke a different node executable than
+the one which it is running.
+
If set to false, never modify PATH with that.
+
If set to "warn-only", never modify PATH but print a warning if npm thinks
+that you may want to run it with true, e.g. because the node executable
+in the PATH is not the one npm was invoked with.
+
If set to auto, only add that directory to the PATH environment variable
+if the node executable with which npm was invoked and the one that is found
+first on the PATH are different.
+
searchexclude
Default: ""
Type: String
-
Space-separated options that are always passed to search.
-
searchexclude
+
Space-separated options that limit the results from search.
+
searchopts
Default: ""
Type: String
-
Space-separated options that limit the results from search.
-
searchsort
+
Space-separated options that are always passed to search.
This document describes the steps that you should take to resolve module name
+disputes with other npm publishers. It also describes special steps you should
+take about names you think infringe your trademarks.
+
This document is a clarification of the acceptable behavior outlined in the
+npm Code of Conduct, and nothing in
+this document should be interpreted to contradict any aspect of the npm Code of
+Conduct.
After a few weeks, if there's no resolution, we'll sort it out.
Don't squat on package names. Publish code or move out of the way.
DESCRIPTION
-
There sometimes arise cases where a user publishes a module, and then
-later, some other user wants to use that name. Here are some common
-ways that happens (each of these is based on actual events.)
+
There sometimes arise cases where a user publishes a module, and then later,
+some other user wants to use that name. Here are some common ways that happens
+(each of these is based on actual events.)
-
Joe writes a JavaScript module foo, which is not node-specific.
-Joe doesn't use node at all. Bob wants to use foo in node, so he
-wraps it in an npm module. Some time later, Joe starts using node,
-and wants to take over management of his program.
-
Bob writes an npm module foo, and publishes it. Perhaps much
-later, Joe finds a bug in foo, and fixes it. He sends a pull
-request to Bob, but Bob doesn't have the time to deal with it,
-because he has a new job and a new baby and is focused on his new
-erlang project, and kind of not involved with node any more. Joe
-would like to publish a new foo, but can't, because the name is
-taken.
-
Bob writes a 10-line flow-control library, and calls it foo, and
-publishes it to the npm registry. Being a simple little thing, it
-never really has to be updated. Joe works for Foo Inc, the makers
-of the critically acclaimed and widely-marketed foo JavaScript
-toolkit framework. They publish it to npm as foojs, but people are
-routinely confused when npm install foo is some different thing.
-
Bob writes a parser for the widely-known foo file format, because
-he needs it for work. Then, he gets a new job, and never updates the
-prototype. Later on, Joe writes a much more complete foo parser,
-but can't publish, because Bob's foo is in the way.
-
-
The validity of Joe's claim in each situation can be debated. However,
-Joe's appropriate course of action in each case is the same.
-
-
npm owner ls foo. This will tell Joe the email address of the
-owner (Bob).
-
Joe emails Bob, explaining the situation as respectfully as
-possible, and what he would like to do with the module name. He
-adds the npm support staff support@npmjs.com to the CC list of
-the email. Mention in the email that Bob can run npm owner add
-joe foo to add Joe as an owner of the foo package.
-
After a reasonable amount of time, if Bob has not responded, or if
-Bob and Joe can't come to any sort of resolution, email support
-support@npmjs.com and we'll sort it out. ("Reasonable" is
-usually at least 4 weeks, but extra time is allowed around common
-holidays.)
+
Alice writes a JavaScript module foo, which is not node-specific. Alice
+doesn't use node at all. Yusuf wants to use foo in node, so he wraps it in
+an npm module. Some time later, Alice starts using node, and wants to take
+over management of her program.
+
Yusuf writes an npm module foo, and publishes it. Perhaps much later, Alice
+finds a bug in foo, and fixes it. She sends a pull request to Yusuf, but
+Yusuf doesn't have the time to deal with it, because he has a new job and a
+new baby and is focused on his new Erlang project, and kind of not involved
+with node any more. Alice would like to publish a new foo, but can't,
+because the name is taken.
+
Yusuf writes a 10-line flow-control library, and calls it foo, and
+publishes it to the npm registry. Being a simple little thing, it never
+really has to be updated. Alice works for Foo Inc, the makers of the
+critically acclaimed and widely-marketed foo JavaScript toolkit framework.
+They publish it to npm as foojs, but people are routinely confused when
+npm installfoo`` is some different thing.
+
Yusuf writes a parser for the widely-known foo file format, because he
+needs it for work. Then, he gets a new job, and never updates the prototype.
+Later on, Alice writes a much more complete foo parser, but can't publish,
+because Yusuf's foo is in the way.
+
+
npm owner ls foo. This will tell Alice the email address of the owner
+(Yusuf).
+
+
Alice emails Yusuf, explaining the situation as respectfully as possible,
+and what she would like to do with the module name. She adds the npm support
+staff support@npmjs.com to the CC list of the email. Mention in the email
+that Yusuf can run npm owner add alice foo to add Alice as an owner of the
+foo package.
+
After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
+and Alice can't come to any sort of resolution, email support
+support@npmjs.com and we'll sort it out. ("Reasonable" is usually at least
+4 weeks.)
REASONING
-
In almost every case so far, the parties involved have been able to reach
-an amicable resolution without any major intervention. Most people
-really do want to be reasonable, and are probably not even aware that
-they're in your way.
-
Module ecosystems are most vibrant and powerful when they are as
-self-directed as possible. If an admin one day deletes something you
-had worked on, then that is going to make most people quite upset,
-regardless of the justification. When humans solve their problems by
-talking to other humans with respect, everyone has the chance to end up
-feeling good about the interaction.
+
In almost every case so far, the parties involved have been able to reach an
+amicable resolution without any major intervention. Most people really do want
+to be reasonable, and are probably not even aware that they're in your way.
+
Module ecosystems are most vibrant and powerful when they are as self-directed
+as possible. If an admin one day deletes something you had worked on, then that
+is going to make most people quite upset, regardless of the justification. When
+humans solve their problems by talking to other humans with respect, everyone
+has the chance to end up feeling good about the interaction.
EXCEPTIONS
-
Some things are not allowed, and will be removed without discussion if
-they are brought to the attention of the npm registry admins, including
-but not limited to:
+
Some things are not allowed, and will be removed without discussion if they are
+brought to the attention of the npm registry admins, including but not limited
+to:
-
Malware (that is, a package designed to exploit or harm the machine on
-which it is installed).
-
Violations of copyright or licenses (for example, cloning an
-MIT-licensed program, and then removing or changing the copyright and
-license statement).
+
Malware (that is, a package designed to exploit or harm the machine on which
+it is installed).
+
Violations of copyright or licenses (for example, cloning an MIT-licensed
+program, and then removing or changing the copyright and license statement).
Illegal content.
-
"Squatting" on a package name that you plan to use, but aren't
-actually using. Sorry, I don't care how great the name is, or how
-perfect a fit it is for the thing that someday might happen. If
-someone wants to use it today, and you're just taking up space with
-an empty tarball, you're going to be evicted.
-
Putting empty packages in the registry. Packages must have SOME
-functionality. It can be silly, but it can't be nothing. (See
-also: squatting.)
-
Doing weird things with the registry, like using it as your own
-personal application database or otherwise putting non-packagey
-things into it.
+
"Squatting" on a package name that you plan to use, but aren't actually
+using. Sorry, I don't care how great the name is, or how perfect a fit it is
+for the thing that someday might happen. If someone wants to use it today,
+and you're just taking up space with an empty tarball, you're going to be
+evicted.
+
Putting empty packages in the registry. Packages must have SOME
+functionality. It can be silly, but it can't be nothing. (See also:
+squatting.)
+
Doing weird things with the registry, like using it as your own personal
+application database or otherwise putting non-packagey things into it.
+
Other things forbidden by the npm
+Code of Conduct such as hateful
+language, pornographic content, or harassment.
-
If you see bad behavior like this, please report it right away.
+
If you see bad behavior like this, please report it to abuse@npmjs.com right
+away. You are never expected to resolve abusive behavior on your own. We are
+here to help.
+
TRADEMARKS
+
If you think another npm publisher is infringing your trademark, such as by
+using a confusingly similar package name, email abuse@npmjs.com with a link to
+the package or user account on https://npmjs.com. Attach a
+copy of your trademark registration certificate.
+
If we see that the package's publisher is intentionally misleading others by
+misusing your registered mark without permission, we will transfer the package
+name to you. Otherwise, we will contact the package publisher and ask them to
+clear up any confusion with changes to their package's README file or
+metadata.
+
CHANGES
+
This is a living document and may be updated from time to time. Please refer to
+the git history for this document
+to view the changes.
+
LICENSE
+
Copyright (C) npm, Inc., All rights reserved
+
This document may be reused under a Creative Commons Attribution-ShareAlike
+License.
npm-scope(7)). If no scope is specified, the default registry is used, which is
supplied by the registry config parameter. See npm-config(1),
npmrc(5), and npm-config(7) for more on managing npm's configuration.
+
Does npm send any information about me back to the registry?
+
Yes.
+
When making requests of the registry npm adds two headers with information
+about your environment:
+
+
Npm-Scope – If your project is scoped, this header will contain its
+scope. In the future npm hopes to build registry features that use this
+information to allow you to customize your experience for your
+organization.
+
Npm-In-CI – Set to "true" if npm believes this install is running in a
+continous integration environment, "false" otherwise. This is detected by
+looking for the following environment variables: CI, TDDIUM,
+JENKINS_URL, bamboo.buildKey. If you'd like to learn more you may find
+the original PR
+interesting.
+This is used to gather better metrics on how npm is used by humans, versus
+build farms.
+
+
The npm registry does not to correlate the information in these headers with
+any authenticated accounts that may be used in the same requests.
Can I run my own private registry?
Yes!
The easiest way is to replicate the couch database, and use the same (or
@@ -70,5 +90,5 @@
prepublish:
Run BEFORE the package is published. (Also run on local npm
-install without any arguments.)
+install without any arguments. See below.)
+
prepare:
+Run both BEFORE the package is published, and on local npm
+install without any arguments. (See below.) This is run
+AFTER prepublish, but BEFORE prepublishOnly.
+
prepublishOnly:
+Run BEFORE the package is published. (See below.)
publish, postpublish:
Run AFTER the package is published.
preinstall:
@@ -50,7 +56,25 @@
DESCRIPTION
names will be run for those as well (e.g. premyscript, myscript,
postmyscript). Scripts from dependencies can be run with `npm explore
-- npm run `.
-
COMMON USES
+
PREPUBLISH AND PREPARE
+
DEPRECATION NOTE
+
Since npm@1.1.71, the npm CLI has run the prepublish script for both npm
+publish and npm install, because it's a convenient way to prepare a package
+for use (some common use cases are described in the section below). It has
+also turned out to be, in practice, very
+confusing. As of npm@4.0.0, a new
+event has been introduced, prepare, that preserves this existing behavior. A
+new event, prepublishOnly has been added as a transitional strategy to
+allow users to avoid the confusing behavior of existing npm versions and only
+run on npm publish (for instance, running the tests one last time to ensure
+they're in good shape).
+
IMPORTANT: As of npm@5, prepublish will only be run for npm
+publish. This will make its behavior identical to prepublishOnly, so
+npm@6 or later may drop support for the use of prepublishOnly, and then
+maybe we can all forget this embarrassing thing ever happened.
If you need to perform operations on your package before it is used, in a way
that is not dependent on the operating system or architecture of the
target system, use a prepublish script. This includes
@@ -213,5 +237,5 @@
diff --git a/deps/npm/node_modules/mississippi/node_modules/stream-each/index.js b/deps/npm/node_modules/mississippi/node_modules/stream-each/index.js
new file mode 100644
index 00000000000000..ea8d112f981f09
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/stream-each/index.js
@@ -0,0 +1,53 @@
+var eos = require('end-of-stream')
+
+module.exports = each
+
+function each (stream, fn, cb) {
+ var want = true
+ var error = null
+ var ended = false
+ var running = false
+
+ stream.on('readable', onreadable)
+ onreadable()
+
+ if (cb) eos(stream, {readable: true, writable: false}, done)
+ return stream
+
+ function done (err) {
+ if (!error) error = err
+ ended = true
+ if (!running) cb(error)
+ }
+
+ function onreadable () {
+ if (want) read()
+ }
+
+ function afterRead (err) {
+ running = false
+
+ if (err) {
+ error = err
+ if (ended) return cb(error)
+ stream.destroy(err)
+ return
+ }
+ if (ended) return cb(error)
+ read()
+ }
+
+ function read () {
+ if (ended || running) return
+ want = false
+
+ var data = stream.read()
+ if (!data) {
+ want = true
+ return
+ }
+
+ running = true
+ fn(data, afterRead)
+ }
+}
diff --git a/deps/npm/node_modules/mississippi/node_modules/stream-each/package.json b/deps/npm/node_modules/mississippi/node_modules/stream-each/package.json
new file mode 100644
index 00000000000000..d73cd30d829b82
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/stream-each/package.json
@@ -0,0 +1,98 @@
+{
+ "_args": [
+ [
+ {
+ "raw": "stream-each@^1.1.0",
+ "scope": null,
+ "escapedName": "stream-each",
+ "name": "stream-each",
+ "rawSpec": "^1.1.0",
+ "spec": ">=1.1.0 <2.0.0",
+ "type": "range"
+ },
+ "/Users/zkat/Documents/code/npm/node_modules/mississippi"
+ ]
+ ],
+ "_from": "stream-each@>=1.1.0 <2.0.0",
+ "_id": "stream-each@1.1.2",
+ "_inCache": true,
+ "_location": "/mississippi/stream-each",
+ "_nodeVersion": "4.2.3",
+ "_npmOperationalInternal": {
+ "host": "packages-5-east.internal.npmjs.com",
+ "tmp": "tmp/stream-each-1.1.2.tgz_1454600601831_0.7560806761030108"
+ },
+ "_npmUser": {
+ "name": "mafintosh",
+ "email": "mathiasbuus@gmail.com"
+ },
+ "_npmVersion": "2.14.7",
+ "_phantomChildren": {},
+ "_requested": {
+ "raw": "stream-each@^1.1.0",
+ "scope": null,
+ "escapedName": "stream-each",
+ "name": "stream-each",
+ "rawSpec": "^1.1.0",
+ "spec": ">=1.1.0 <2.0.0",
+ "type": "range"
+ },
+ "_requiredBy": [
+ "/mississippi"
+ ],
+ "_resolved": "https://registry.npmjs.org/stream-each/-/stream-each-1.1.2.tgz",
+ "_shasum": "7d4f887f24c721ab0155b12a34263d8732ad8d39",
+ "_shrinkwrap": null,
+ "_spec": "stream-each@^1.1.0",
+ "_where": "/Users/zkat/Documents/code/npm/node_modules/mississippi",
+ "author": {
+ "name": "Mathias Buus",
+ "url": "@mafintosh"
+ },
+ "bugs": {
+ "url": "https://github.com/mafintosh/stream-each/issues"
+ },
+ "dependencies": {
+ "end-of-stream": "^1.1.0"
+ },
+ "description": "Iterate all the data in a stream",
+ "devDependencies": {
+ "standard": "^5.3.1",
+ "tape": "^4.2.1",
+ "through2": "^2.0.0"
+ },
+ "directories": {},
+ "dist": {
+ "shasum": "7d4f887f24c721ab0155b12a34263d8732ad8d39",
+ "tarball": "https://registry.npmjs.org/stream-each/-/stream-each-1.1.2.tgz"
+ },
+ "gitHead": "f0ef91ddbe95688e376598b9959cab463c733b57",
+ "homepage": "https://github.com/mafintosh/stream-each",
+ "license": "MIT",
+ "main": "index.js",
+ "maintainers": [
+ {
+ "name": "karissa",
+ "email": "krmckelv@gmail.com"
+ },
+ {
+ "name": "mafintosh",
+ "email": "mathiasbuus@gmail.com"
+ },
+ {
+ "name": "maxogden",
+ "email": "max@maxogden.com"
+ }
+ ],
+ "name": "stream-each",
+ "optionalDependencies": {},
+ "readme": "ERROR: No README data found!",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/mafintosh/stream-each.git"
+ },
+ "scripts": {
+ "test": "standard && tape test.js"
+ },
+ "version": "1.1.2"
+}
diff --git a/deps/npm/node_modules/mississippi/node_modules/stream-each/test.js b/deps/npm/node_modules/mississippi/node_modules/stream-each/test.js
new file mode 100644
index 00000000000000..36454c45ebfaa9
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/stream-each/test.js
@@ -0,0 +1,82 @@
+var tape = require('tape')
+var through = require('through2')
+var each = require('./')
+
+tape('each', function (t) {
+ var s = through.obj()
+ s.write('a')
+ s.write('b')
+ s.write('c')
+ s.end()
+
+ s.on('end', function () {
+ t.end()
+ })
+
+ var expected = ['a', 'b', 'c']
+ each(s, function (data, next) {
+ t.same(data, expected.shift())
+ next()
+ })
+})
+
+tape('each and callback', function (t) {
+ var s = through.obj()
+ s.write('a')
+ s.write('b')
+ s.write('c')
+ s.end()
+
+ var expected = ['a', 'b', 'c']
+ each(s, function (data, next) {
+ t.same(data, expected.shift())
+ next()
+ }, function () {
+ t.end()
+ })
+})
+
+tape('each (write after)', function (t) {
+ var s = through.obj()
+ s.on('end', function () {
+ t.end()
+ })
+
+ var expected = ['a', 'b', 'c']
+ each(s, function (data, next) {
+ t.same(data, expected.shift())
+ next()
+ })
+
+ setTimeout(function () {
+ s.write('a')
+ s.write('b')
+ s.write('c')
+ s.end()
+ }, 100)
+})
+
+tape('each error', function (t) {
+ var s = through.obj()
+ s.write('hello')
+ s.on('error', function (err) {
+ t.same(err.message, 'stop')
+ t.end()
+ })
+
+ each(s, function (data, next) {
+ next(new Error('stop'))
+ })
+})
+
+tape('each error and callback', function (t) {
+ var s = through.obj()
+ s.write('hello')
+
+ each(s, function (data, next) {
+ next(new Error('stop'))
+ }, function (err) {
+ t.same(err.message, 'stop')
+ t.end()
+ })
+})
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/.npmignore b/deps/npm/node_modules/mississippi/node_modules/through2/.npmignore
new file mode 100644
index 00000000000000..1e1dcab34ccb66
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/.npmignore
@@ -0,0 +1,3 @@
+test
+.jshintrc
+.travis.yml
\ No newline at end of file
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/LICENSE b/deps/npm/node_modules/mississippi/node_modules/through2/LICENSE
new file mode 100644
index 00000000000000..f6a0029de11d71
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/LICENSE
@@ -0,0 +1,39 @@
+Copyright 2013, Rod Vagg (the "Original Author")
+All rights reserved.
+
+MIT +no-false-attribs License
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+Distributions of all or part of the Software intended to be used
+by the recipients as they would use the unmodified Software,
+containing modifications that substantially alter, remove, or
+disable functionality of the Software, outside of the documented
+configuration mechanisms provided by the Software, shall be
+modified such that the Original Author's bug reporting email
+addresses and urls are either replaced with the contact information
+of the parties responsible for the changes, or removed entirely.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+
+Except where noted, this license applies to any and all software
+programs and associated documentation files created by the
+Original Author, when distributed with the Software.
\ No newline at end of file
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/README.md b/deps/npm/node_modules/mississippi/node_modules/through2/README.md
new file mode 100644
index 00000000000000..c84b3464ada4c9
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/README.md
@@ -0,0 +1,133 @@
+# through2
+
+[](https://nodei.co/npm/through2/)
+
+**A tiny wrapper around Node streams.Transform (Streams2) to avoid explicit subclassing noise**
+
+Inspired by [Dominic Tarr](https://github.com/dominictarr)'s [through](https://github.com/dominictarr/through) in that it's so much easier to make a stream out of a function than it is to set up the prototype chain properly: `through(function (chunk) { ... })`.
+
+Note: As 2.x.x this module starts using **Streams3** instead of Stream2. To continue using a Streams2 version use `npm install through2@0` to fetch the latest version of 0.x.x. More information about Streams2 vs Streams3 and recommendations see the article **[Why I don't use Node's core 'stream' module](http://r.va.gg/2014/06/why-i-dont-use-nodes-core-stream-module.html)**.
+
+```js
+fs.createReadStream('ex.txt')
+ .pipe(through2(function (chunk, enc, callback) {
+ for (var i = 0; i < chunk.length; i++)
+ if (chunk[i] == 97)
+ chunk[i] = 122 // swap 'a' for 'z'
+
+ this.push(chunk)
+
+ callback()
+ }))
+ .pipe(fs.createWriteStream('out.txt'))
+```
+
+Or object streams:
+
+```js
+var all = []
+
+fs.createReadStream('data.csv')
+ .pipe(csv2())
+ .pipe(through2.obj(function (chunk, enc, callback) {
+ var data = {
+ name : chunk[0]
+ , address : chunk[3]
+ , phone : chunk[10]
+ }
+ this.push(data)
+
+ callback()
+ }))
+ .on('data', function (data) {
+ all.push(data)
+ })
+ .on('end', function () {
+ doSomethingSpecial(all)
+ })
+```
+
+Note that `through2.obj(fn)` is a convenience wrapper around `through2({ objectMode: true }, fn)`.
+
+## API
+
+through2([ options, ] [ transformFunction ] [, flushFunction ])
+
+Consult the **[stream.Transform](http://nodejs.org/docs/latest/api/stream.html#stream_class_stream_transform)** documentation for the exact rules of the `transformFunction` (i.e. `this._transform`) and the optional `flushFunction` (i.e. `this._flush`).
+
+### options
+
+The options argument is optional and is passed straight through to `stream.Transform`. So you can use `objectMode:true` if you are processing non-binary streams (or just use `through2.obj()`).
+
+The `options` argument is first, unlike standard convention, because if I'm passing in an anonymous function then I'd prefer for the options argument to not get lost at the end of the call:
+
+```js
+fs.createReadStream('/tmp/important.dat')
+ .pipe(through2({ objectMode: true, allowHalfOpen: false },
+ function (chunk, enc, cb) {
+ cb(null, 'wut?') // note we can use the second argument on the callback
+ // to provide data as an alternative to this.push('wut?')
+ }
+ )
+ .pipe(fs.createWriteStream('/tmp/wut.txt'))
+```
+
+### transformFunction
+
+The `transformFunction` must have the following signature: `function (chunk, encoding, callback) {}`. A minimal implementation should call the `callback` function to indicate that the transformation is done, even if that transformation means discarding the chunk.
+
+To queue a new chunk, call `this.push(chunk)`—this can be called as many times as required before the `callback()` if you have multiple pieces to send on.
+
+Alternatively, you may use `callback(err, chunk)` as shorthand for emitting a single chunk or an error.
+
+If you **do not provide a `transformFunction`** then you will get a simple pass-through stream.
+
+### flushFunction
+
+The optional `flushFunction` is provided as the last argument (2nd or 3rd, depending on whether you've supplied options) is called just prior to the stream ending. Can be used to finish up any processing that may be in progress.
+
+```js
+fs.createReadStream('/tmp/important.dat')
+ .pipe(through2(
+ function (chunk, enc, cb) { cb(null, chunk) }, // transform is a noop
+ function (cb) { // flush function
+ this.push('tacking on an extra buffer to the end');
+ cb();
+ }
+ ))
+ .pipe(fs.createWriteStream('/tmp/wut.txt'));
+```
+
+through2.ctor([ options, ] transformFunction[, flushFunction ])
+
+Instead of returning a `stream.Transform` instance, `through2.ctor()` returns a **constructor** for a custom Transform. This is useful when you want to use the same transform logic in multiple instances.
+
+```js
+var FToC = through2.ctor({objectMode: true}, function (record, encoding, callback) {
+ if (record.temp != null && record.unit == "F") {
+ record.temp = ( ( record.temp - 32 ) * 5 ) / 9
+ record.unit = "C"
+ }
+ this.push(record)
+ callback()
+})
+
+// Create instances of FToC like so:
+var converter = new FToC()
+// Or:
+var converter = FToC()
+// Or specify/override options when you instantiate, if you prefer:
+var converter = FToC({objectMode: true})
+```
+
+## See Also
+
+ - [through2-map](https://github.com/brycebaril/through2-map) - Array.prototype.map analog for streams.
+ - [through2-filter](https://github.com/brycebaril/through2-filter) - Array.prototype.filter analog for streams.
+ - [through2-reduce](https://github.com/brycebaril/through2-reduce) - Array.prototype.reduce analog for streams.
+ - [through2-spy](https://github.com/brycebaril/through2-spy) - Wrapper for simple stream.PassThrough spies.
+ - the [mississippi stream utility collection](https://github.com/maxogden/mississippi) includes `through2` as well as many more useful stream modules similar to this one
+
+## License
+
+**through2** is Copyright (c) 2013 Rod Vagg [@rvagg](https://twitter.com/rvagg) and licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE file for more details.
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.npmignore b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.npmignore
new file mode 100644
index 00000000000000..38344f87a62766
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.npmignore
@@ -0,0 +1,5 @@
+build/
+test/
+examples/
+fs.js
+zlib.js
\ No newline at end of file
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.travis.yml b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.travis.yml
new file mode 100644
index 00000000000000..1b82118460cfe4
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.travis.yml
@@ -0,0 +1,52 @@
+sudo: false
+language: node_js
+before_install:
+ - npm install -g npm@2
+ - npm install -g npm
+notifications:
+ email: false
+matrix:
+ fast_finish: true
+ allow_failures:
+ - env: TASK=browser BROWSER_NAME=ipad BROWSER_VERSION="6.0..latest"
+ - env: TASK=browser BROWSER_NAME=iphone BROWSER_VERSION="6.0..latest"
+ include:
+ - node_js: '0.8'
+ env: TASK=test
+ - node_js: '0.10'
+ env: TASK=test
+ - node_js: '0.11'
+ env: TASK=test
+ - node_js: '0.12'
+ env: TASK=test
+ - node_js: 1
+ env: TASK=test
+ - node_js: 2
+ env: TASK=test
+ - node_js: 3
+ env: TASK=test
+ - node_js: 4
+ env: TASK=test
+ - node_js: 5
+ env: TASK=test
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=android BROWSER_VERSION="4.0..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=ie BROWSER_VERSION="9..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=opera BROWSER_VERSION="11..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=chrome BROWSER_VERSION="-3..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=firefox BROWSER_VERSION="-3..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=ipad BROWSER_VERSION="6.0..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=iphone BROWSER_VERSION="6.0..latest"
+ - node_js: 5
+ env: TASK=browser BROWSER_NAME=safari BROWSER_VERSION="5..latest"
+script: "npm run $TASK"
+env:
+ global:
+ - secure: rE2Vvo7vnjabYNULNyLFxOyt98BoJexDqsiOnfiD6kLYYsiQGfr/sbZkPMOFm9qfQG7pjqx+zZWZjGSswhTt+626C0t/njXqug7Yps4c3dFblzGfreQHp7wNX5TFsvrxd6dAowVasMp61sJcRnB2w8cUzoe3RAYUDHyiHktwqMc=
+ - secure: g9YINaKAdMatsJ28G9jCGbSaguXCyxSTy+pBO6Ch0Cf57ZLOTka3HqDj8p3nV28LUIHZ3ut5WO43CeYKwt4AUtLpBS3a0dndHdY6D83uY6b2qh5hXlrcbeQTq2cvw2y95F7hm4D1kwrgZ7ViqaKggRcEupAL69YbJnxeUDKWEdI=
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.zuul.yml b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.zuul.yml
new file mode 100644
index 00000000000000..96d9cfbd38662f
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/.zuul.yml
@@ -0,0 +1 @@
+ui: tape
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/LICENSE b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/LICENSE
new file mode 100644
index 00000000000000..e3d4e695a4cff2
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/LICENSE
@@ -0,0 +1,18 @@
+Copyright Joyent, Inc. and other Node contributors. All rights reserved.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/README.md b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/README.md
new file mode 100644
index 00000000000000..1a67c48cd031b5
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/README.md
@@ -0,0 +1,36 @@
+# readable-stream
+
+***Node-core v5.8.0 streams for userland*** [](https://travis-ci.org/nodejs/readable-stream)
+
+
+[](https://nodei.co/npm/readable-stream/)
+[](https://nodei.co/npm/readable-stream/)
+
+
+[](https://saucelabs.com/u/readable-stream)
+
+```bash
+npm install --save readable-stream
+```
+
+***Node-core streams for userland***
+
+This package is a mirror of the Streams2 and Streams3 implementations in
+Node-core, including [documentation](doc/stream.markdown).
+
+If you want to guarantee a stable streams base, regardless of what version of
+Node you, or the users of your libraries are using, use **readable-stream** *only* and avoid the *"stream"* module in Node-core, for background see [this blogpost](http://r.va.gg/2014/06/why-i-dont-use-nodes-core-stream-module.html).
+
+As of version 2.0.0 **readable-stream** uses semantic versioning.
+
+# Streams WG Team Members
+
+* **Chris Dickinson** ([@chrisdickinson](https://github.com/chrisdickinson)) <christopher.s.dickinson@gmail.com>
+ - Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B
+* **Calvin Metcalf** ([@calvinmetcalf](https://github.com/calvinmetcalf)) <calvin.metcalf@gmail.com>
+ - Release GPG key: F3EF5F62A87FC27A22E643F714CE4FF5015AA242
+* **Rod Vagg** ([@rvagg](https://github.com/rvagg)) <rod@vagg.org>
+ - Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D
+* **Sam Newman** ([@sonewman](https://github.com/sonewman)) <newmansam@outlook.com>
+* **Mathias Buus** ([@mafintosh](https://github.com/mafintosh)) <mathiasbuus@gmail.com>
+* **Domenic Denicola** ([@domenic](https://github.com/domenic)) <d@domenic.me>
diff --git a/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/doc/stream.markdown b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/doc/stream.markdown
new file mode 100644
index 00000000000000..0bc3819e63b025
--- /dev/null
+++ b/deps/npm/node_modules/mississippi/node_modules/through2/node_modules/readable-stream/doc/stream.markdown
@@ -0,0 +1,1760 @@
+# Stream
+
+ Stability: 2 - Stable
+
+A stream is an abstract interface implemented by various objects in
+Node.js. For example a [request to an HTTP server][http-incoming-message] is a
+stream, as is [`process.stdout`][]. Streams are readable, writable, or both. All
+streams are instances of [`EventEmitter`][].
+
+You can load the Stream base classes by doing `require('stream')`.
+There are base classes provided for [Readable][] streams, [Writable][]
+streams, [Duplex][] streams, and [Transform][] streams.
+
+This document is split up into 3 sections:
+
+1. The first section explains the parts of the API that you need to be
+ aware of to use streams in your programs.
+2. The second section explains the parts of the API that you need to
+ use if you implement your own custom streams yourself. The API is designed to
+ make this easy for you to do.
+3. The third section goes into more depth about how streams work,
+ including some of the internal mechanisms and functions that you
+ should probably not modify unless you definitely know what you are
+ doing.
+
+
+## API for Stream Consumers
+
+
+
+Streams can be either [Readable][], [Writable][], or both ([Duplex][]).
+
+All streams are EventEmitters, but they also have other custom methods
+and properties depending on whether they are Readable, Writable, or
+Duplex.
+
+If a stream is both Readable and Writable, then it implements all of
+the methods and events. So, a [Duplex][] or [Transform][] stream is
+fully described by this API, though their implementation may be
+somewhat different.
+
+It is not necessary to implement Stream interfaces in order to consume
+streams in your programs. If you **are** implementing streaming
+interfaces in your own program, please also refer to
+[API for Stream Implementors][].
+
+Almost all Node.js programs, no matter how simple, use Streams in some
+way. Here is an example of using Streams in an Node.js program:
+
+```js
+const http = require('http');
+
+var server = http.createServer( (req, res) => {
+ // req is an http.IncomingMessage, which is a Readable Stream
+ // res is an http.ServerResponse, which is a Writable Stream
+
+ var body = '';
+ // we want to get the data as utf8 strings
+ // If you don't set an encoding, then you'll get Buffer objects
+ req.setEncoding('utf8');
+
+ // Readable streams emit 'data' events once a listener is added
+ req.on('data', (chunk) => {
+ body += chunk;
+ });
+
+ // the end event tells you that you have entire body
+ req.on('end', () => {
+ try {
+ var data = JSON.parse(body);
+ } catch (er) {
+ // uh oh! bad json!
+ res.statusCode = 400;
+ return res.end(`error: ${er.message}`);
+ }
+
+ // write back something interesting to the user:
+ res.write(typeof data);
+ res.end();
+ });
+});
+
+server.listen(1337);
+
+// $ curl localhost:1337 -d '{}'
+// object
+// $ curl localhost:1337 -d '"foo"'
+// string
+// $ curl localhost:1337 -d 'not json'
+// error: Unexpected token o
+```
+
+### Class: stream.Duplex
+
+Duplex streams are streams that implement both the [Readable][] and
+[Writable][] interfaces.
+
+Examples of Duplex streams include:
+
+* [TCP sockets][]
+* [zlib streams][zlib]
+* [crypto streams][crypto]
+
+### Class: stream.Readable
+
+
+
+The Readable stream interface is the abstraction for a *source* of
+data that you are reading from. In other words, data comes *out* of a
+Readable stream.
+
+A Readable stream will not start emitting data until you indicate that
+you are ready to receive it.
+
+Readable streams have two "modes": a **flowing mode** and a **paused
+mode**. When in flowing mode, data is read from the underlying system
+and provided to your program as fast as possible. In paused mode, you
+must explicitly call [`stream.read()`][stream-read] to get chunks of data out.
+Streams start out in paused mode.
+
+**Note**: If no data event handlers are attached, and there are no
+[`stream.pipe()`][] destinations, and the stream is switched into flowing
+mode, then data will be lost.
+
+You can switch to flowing mode by doing any of the following:
+
+* Adding a [`'data'`][] event handler to listen for data.
+* Calling the [`stream.resume()`][stream-resume] method to explicitly open the
+ flow.
+* Calling the [`stream.pipe()`][] method to send the data to a [Writable][].
+
+You can switch back to paused mode by doing either of the following:
+
+* If there are no pipe destinations, by calling the
+ [`stream.pause()`][stream-pause] method.
+* If there are pipe destinations, by removing any [`'data'`][] event
+ handlers, and removing all pipe destinations by calling the
+ [`stream.unpipe()`][] method.
+
+Note that, for backwards compatibility reasons, removing [`'data'`][]
+event handlers will **not** automatically pause the stream. Also, if
+there are piped destinations, then calling [`stream.pause()`][stream-pause] will
+not guarantee that the stream will *remain* paused once those
+destinations drain and ask for more data.
+
+Examples of readable streams include:
+
+* [HTTP responses, on the client][http-incoming-message]
+* [HTTP requests, on the server][http-incoming-message]
+* [fs read streams][]
+* [zlib streams][zlib]
+* [crypto streams][crypto]
+* [TCP sockets][]
+* [child process stdout and stderr][]
+* [`process.stdin`][]
+
+#### Event: 'close'
+
+Emitted when the stream and any of its underlying resources (a file
+descriptor, for example) have been closed. The event indicates that
+no more events will be emitted, and no further computation will occur.
+
+Not all streams will emit the `'close'` event.
+
+#### Event: 'data'
+
+* `chunk` {Buffer|String} The chunk of data.
+
+Attaching a `'data'` event listener to a stream that has not been
+explicitly paused will switch the stream into flowing mode. Data will
+then be passed as soon as it is available.
+
+If you just want to get all the data out of the stream as fast as
+possible, this is the best way to do so.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.on('data', (chunk) => {
+ console.log('got %d bytes of data', chunk.length);
+});
+```
+
+#### Event: 'end'
+
+This event fires when there will be no more data to read.
+
+Note that the `'end'` event **will not fire** unless the data is
+completely consumed. This can be done by switching into flowing mode,
+or by calling [`stream.read()`][stream-read] repeatedly until you get to the
+end.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.on('data', (chunk) => {
+ console.log('got %d bytes of data', chunk.length);
+});
+readable.on('end', () => {
+ console.log('there will be no more data.');
+});
+```
+
+#### Event: 'error'
+
+* {Error Object}
+
+Emitted if there was an error receiving data.
+
+#### Event: 'readable'
+
+When a chunk of data can be read from the stream, it will emit a
+`'readable'` event.
+
+In some cases, listening for a `'readable'` event will cause some data
+to be read into the internal buffer from the underlying system, if it
+hadn't already.
+
+```javascript
+var readable = getReadableStreamSomehow();
+readable.on('readable', () => {
+ // there is some data to read now
+});
+```
+
+Once the internal buffer is drained, a `'readable'` event will fire
+again when more data is available.
+
+The `'readable'` event is not emitted in the "flowing" mode with the
+sole exception of the last one, on end-of-stream.
+
+The `'readable'` event indicates that the stream has new information:
+either new data is available or the end of the stream has been reached.
+In the former case, [`stream.read()`][stream-read] will return that data. In the
+latter case, [`stream.read()`][stream-read] will return null. For instance, in
+the following example, `foo.txt` is an empty file:
+
+```js
+const fs = require('fs');
+var rr = fs.createReadStream('foo.txt');
+rr.on('readable', () => {
+ console.log('readable:', rr.read());
+});
+rr.on('end', () => {
+ console.log('end');
+});
+```
+
+The output of running this script is:
+
+```
+$ node test.js
+readable: null
+end
+```
+
+#### readable.isPaused()
+
+* Return: {Boolean}
+
+This method returns whether or not the `readable` has been **explicitly**
+paused by client code (using [`stream.pause()`][stream-pause] without a
+corresponding [`stream.resume()`][stream-resume]).
+
+```js
+var readable = new stream.Readable
+
+readable.isPaused() // === false
+readable.pause()
+readable.isPaused() // === true
+readable.resume()
+readable.isPaused() // === false
+```
+
+#### readable.pause()
+
+* Return: `this`
+
+This method will cause a stream in flowing mode to stop emitting
+[`'data'`][] events, switching out of flowing mode. Any data that becomes
+available will remain in the internal buffer.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.on('data', (chunk) => {
+ console.log('got %d bytes of data', chunk.length);
+ readable.pause();
+ console.log('there will be no more data for 1 second');
+ setTimeout(() => {
+ console.log('now data will start flowing again');
+ readable.resume();
+ }, 1000);
+});
+```
+
+#### readable.pipe(destination[, options])
+
+* `destination` {stream.Writable} The destination for writing data
+* `options` {Object} Pipe options
+ * `end` {Boolean} End the writer when the reader ends. Default = `true`
+
+This method pulls all the data out of a readable stream, and writes it
+to the supplied destination, automatically managing the flow so that
+the destination is not overwhelmed by a fast readable stream.
+
+Multiple destinations can be piped to safely.
+
+```js
+var readable = getReadableStreamSomehow();
+var writable = fs.createWriteStream('file.txt');
+// All the data from readable goes into 'file.txt'
+readable.pipe(writable);
+```
+
+This function returns the destination stream, so you can set up pipe
+chains like so:
+
+```js
+var r = fs.createReadStream('file.txt');
+var z = zlib.createGzip();
+var w = fs.createWriteStream('file.txt.gz');
+r.pipe(z).pipe(w);
+```
+
+For example, emulating the Unix `cat` command:
+
+```js
+process.stdin.pipe(process.stdout);
+```
+
+By default [`stream.end()`][stream-end] is called on the destination when the
+source stream emits [`'end'`][], so that `destination` is no longer writable.
+Pass `{ end: false }` as `options` to keep the destination stream open.
+
+This keeps `writer` open so that "Goodbye" can be written at the
+end.
+
+```js
+reader.pipe(writer, { end: false });
+reader.on('end', () => {
+ writer.end('Goodbye\n');
+});
+```
+
+Note that [`process.stderr`][] and [`process.stdout`][] are never closed until
+the process exits, regardless of the specified options.
+
+#### readable.read([size])
+
+* `size` {Number} Optional argument to specify how much data to read.
+* Return {String|Buffer|Null}
+
+The `read()` method pulls some data out of the internal buffer and
+returns it. If there is no data available, then it will return
+`null`.
+
+If you pass in a `size` argument, then it will return that many
+bytes. If `size` bytes are not available, then it will return `null`,
+unless we've ended, in which case it will return the data remaining
+in the buffer.
+
+If you do not specify a `size` argument, then it will return all the
+data in the internal buffer.
+
+This method should only be called in paused mode. In flowing mode,
+this method is called automatically until the internal buffer is
+drained.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.on('readable', () => {
+ var chunk;
+ while (null !== (chunk = readable.read())) {
+ console.log('got %d bytes of data', chunk.length);
+ }
+});
+```
+
+If this method returns a data chunk, then it will also trigger the
+emission of a [`'data'`][] event.
+
+Note that calling [`stream.read([size])`][stream-read] after the [`'end'`][]
+event has been triggered will return `null`. No runtime error will be raised.
+
+#### readable.resume()
+
+* Return: `this`
+
+This method will cause the readable stream to resume emitting [`'data'`][]
+events.
+
+This method will switch the stream into flowing mode. If you do *not*
+want to consume the data from a stream, but you *do* want to get to
+its [`'end'`][] event, you can call [`stream.resume()`][stream-resume] to open
+the flow of data.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.resume();
+readable.on('end', () => {
+ console.log('got to the end, but did not read anything');
+});
+```
+
+#### readable.setEncoding(encoding)
+
+* `encoding` {String} The encoding to use.
+* Return: `this`
+
+Call this function to cause the stream to return strings of the specified
+encoding instead of Buffer objects. For example, if you do
+`readable.setEncoding('utf8')`, then the output data will be interpreted as
+UTF-8 data, and returned as strings. If you do `readable.setEncoding('hex')`,
+then the data will be encoded in hexadecimal string format.
+
+This properly handles multi-byte characters that would otherwise be
+potentially mangled if you simply pulled the Buffers directly and
+called [`buf.toString(encoding)`][] on them. If you want to read the data
+as strings, always use this method.
+
+Also you can disable any encoding at all with `readable.setEncoding(null)`.
+This approach is very useful if you deal with binary data or with large
+multi-byte strings spread out over multiple chunks.
+
+```js
+var readable = getReadableStreamSomehow();
+readable.setEncoding('utf8');
+readable.on('data', (chunk) => {
+ assert.equal(typeof chunk, 'string');
+ console.log('got %d characters of string data', chunk.length);
+});
+```
+
+#### readable.unpipe([destination])
+
+* `destination` {stream.Writable} Optional specific stream to unpipe
+
+This method will remove the hooks set up for a previous [`stream.pipe()`][]
+call.
+
+If the destination is not specified, then all pipes are removed.
+
+If the destination is specified, but no pipe is set up for it, then
+this is a no-op.
+
+```js
+var readable = getReadableStreamSomehow();
+var writable = fs.createWriteStream('file.txt');
+// All the data from readable goes into 'file.txt',
+// but only for the first second
+readable.pipe(writable);
+setTimeout(() => {
+ console.log('stop writing to file.txt');
+ readable.unpipe(writable);
+ console.log('manually close the file stream');
+ writable.end();
+}, 1000);
+```
+
+#### readable.unshift(chunk)
+
+* `chunk` {Buffer|String} Chunk of data to unshift onto the read queue
+
+This is useful in certain cases where a stream is being consumed by a
+parser, which needs to "un-consume" some data that it has
+optimistically pulled out of the source, so that the stream can be
+passed on to some other party.
+
+Note that `stream.unshift(chunk)` cannot be called after the [`'end'`][] event
+has been triggered; a runtime error will be raised.
+
+If you find that you must often call `stream.unshift(chunk)` in your
+programs, consider implementing a [Transform][] stream instead. (See [API
+for Stream Implementors][].)
+
+```js
+// Pull off a header delimited by \n\n
+// use unshift() if we get too much
+// Call the callback with (error, header, stream)
+const StringDecoder = require('string_decoder').StringDecoder;
+function parseHeader(stream, callback) {
+ stream.on('error', callback);
+ stream.on('readable', onReadable);
+ var decoder = new StringDecoder('utf8');
+ var header = '';
+ function onReadable() {
+ var chunk;
+ while (null !== (chunk = stream.read())) {
+ var str = decoder.write(chunk);
+ if (str.match(/\n\n/)) {
+ // found the header boundary
+ var split = str.split(/\n\n/);
+ header += split.shift();
+ var remaining = split.join('\n\n');
+ var buf = new Buffer(remaining, 'utf8');
+ if (buf.length)
+ stream.unshift(buf);
+ stream.removeListener('error', callback);
+ stream.removeListener('readable', onReadable);
+ // now the body of the message can be read from the stream.
+ callback(null, header, stream);
+ } else {
+ // still reading the header.
+ header += str;
+ }
+ }
+ }
+}
+```
+
+Note that, unlike [`stream.push(chunk)`][stream-push], `stream.unshift(chunk)`
+will not end the reading process by resetting the internal reading state of the
+stream. This can cause unexpected results if `unshift()` is called during a
+read (i.e. from within a [`stream._read()`][stream-_read] implementation on a
+custom stream). Following the call to `unshift()` with an immediate
+[`stream.push('')`][stream-push] will reset the reading state appropriately,
+however it is best to simply avoid calling `unshift()` while in the process of
+performing a read.
+
+#### readable.wrap(stream)
+
+* `stream` {Stream} An "old style" readable stream
+
+Versions of Node.js prior to v0.10 had streams that did not implement the
+entire Streams API as it is today. (See [Compatibility][] for
+more information.)
+
+If you are using an older Node.js library that emits [`'data'`][] events and
+has a [`stream.pause()`][stream-pause] method that is advisory only, then you
+can use the `wrap()` method to create a [Readable][] stream that uses the old
+stream as its data source.
+
+You will very rarely ever need to call this function, but it exists
+as a convenience for interacting with old Node.js programs and libraries.
+
+For example:
+
+```js
+const OldReader = require('./old-api-module.js').OldReader;
+const Readable = require('stream').Readable;
+const oreader = new OldReader;
+const myReader = new Readable().wrap(oreader);
+
+myReader.on('readable', () => {
+ myReader.read(); // etc.
+});
+```
+
+### Class: stream.Transform
+
+Transform streams are [Duplex][] streams where the output is in some way
+computed from the input. They implement both the [Readable][] and
+[Writable][] interfaces.
+
+Examples of Transform streams include:
+
+* [zlib streams][zlib]
+* [crypto streams][crypto]
+
+### Class: stream.Writable
+
+
+
+The Writable stream interface is an abstraction for a *destination*
+that you are writing data *to*.
+
+Examples of writable streams include:
+
+* [HTTP requests, on the client][]
+* [HTTP responses, on the server][]
+* [fs write streams][]
+* [zlib streams][zlib]
+* [crypto streams][crypto]
+* [TCP sockets][]
+* [child process stdin][]
+* [`process.stdout`][], [`process.stderr`][]
+
+#### Event: 'drain'
+
+If a [`stream.write(chunk)`][stream-write] call returns `false`, then the
+`'drain'` event will indicate when it is appropriate to begin writing more data
+to the stream.
+
+```js
+// Write the data to the supplied writable stream one million times.
+// Be attentive to back-pressure.
+function writeOneMillionTimes(writer, data, encoding, callback) {
+ var i = 1000000;
+ write();
+ function write() {
+ var ok = true;
+ do {
+ i -= 1;
+ if (i === 0) {
+ // last time!
+ writer.write(data, encoding, callback);
+ } else {
+ // see if we should continue, or wait
+ // don't pass the callback, because we're not done yet.
+ ok = writer.write(data, encoding);
+ }
+ } while (i > 0 && ok);
+ if (i > 0) {
+ // had to stop early!
+ // write some more once it drains
+ writer.once('drain', write);
+ }
+ }
+}
+```
+
+#### Event: 'error'
+
+* {Error}
+
+Emitted if there was an error when writing or piping data.
+
+#### Event: 'finish'
+
+When the [`stream.end()`][stream-end] method has been called, and all data has
+been flushed to the underlying system, this event is emitted.
+
+```javascript
+var writer = getWritableStreamSomehow();
+for (var i = 0; i < 100; i ++) {
+ writer.write('hello, #${i}!\n');
+}
+writer.end('this is the end\n');
+writer.on('finish', () => {
+ console.error('all writes are now complete.');
+});
+```
+
+#### Event: 'pipe'
+
+* `src` {stream.Readable} source stream that is piping to this writable
+
+This is emitted whenever the [`stream.pipe()`][] method is called on a readable
+stream, adding this writable to its set of destinations.
+
+```js
+var writer = getWritableStreamSomehow();
+var reader = getReadableStreamSomehow();
+writer.on('pipe', (src) => {
+ console.error('something is piping into the writer');
+ assert.equal(src, reader);
+});
+reader.pipe(writer);
+```
+
+#### Event: 'unpipe'
+
+* `src` {[Readable][] Stream} The source stream that
+ [unpiped][`stream.unpipe()`] this writable
+
+This is emitted whenever the [`stream.unpipe()`][] method is called on a
+readable stream, removing this writable from its set of destinations.
+
+```js
+var writer = getWritableStreamSomehow();
+var reader = getReadableStreamSomehow();
+writer.on('unpipe', (src) => {
+ console.error('something has stopped piping into the writer');
+ assert.equal(src, reader);
+});
+reader.pipe(writer);
+reader.unpipe(writer);
+```
+
+#### writable.cork()
+
+Forces buffering of all writes.
+
+Buffered data will be flushed either at [`stream.uncork()`][] or at
+[`stream.end()`][stream-end] call.
+
+#### writable.end([chunk][, encoding][, callback])
+
+* `chunk` {String|Buffer} Optional data to write
+* `encoding` {String} The encoding, if `chunk` is a String
+* `callback` {Function} Optional callback for when the stream is finished
+
+Call this method when no more data will be written to the stream. If supplied,
+the callback is attached as a listener on the [`'finish'`][] event.
+
+Calling [`stream.write()`][stream-write] after calling
+[`stream.end()`][stream-end] will raise an error.
+
+```js
+// write 'hello, ' and then end with 'world!'
+var file = fs.createWriteStream('example.txt');
+file.write('hello, ');
+file.end('world!');
+// writing more now is not allowed!
+```
+
+#### writable.setDefaultEncoding(encoding)
+
+* `encoding` {String} The new default encoding
+
+Sets the default encoding for a writable stream.
+
+#### writable.uncork()
+
+Flush all data, buffered since [`stream.cork()`][] call.
+
+#### writable.write(chunk[, encoding][, callback])
+
+* `chunk` {String|Buffer} The data to write
+* `encoding` {String} The encoding, if `chunk` is a String
+* `callback` {Function} Callback for when this chunk of data is flushed
+* Returns: {Boolean} `true` if the data was handled completely.
+
+This method writes some data to the underlying system, and calls the
+supplied callback once the data has been fully handled.
+
+The return value indicates if you should continue writing right now.
+If the data had to be buffered internally, then it will return
+`false`. Otherwise, it will return `true`.
+
+This return value is strictly advisory. You MAY continue to write,
+even if it returns `false`. However, writes will be buffered in
+memory, so it is best not to do this excessively. Instead, wait for
+the [`'drain'`][] event before writing more data.
+
+
+## API for Stream Implementors
+
+
+
+To implement any sort of stream, the pattern is the same:
+
+1. Extend the appropriate parent class in your own subclass. (The
+ [`util.inherits()`][] method is particularly helpful for this.)
+2. Call the appropriate parent class constructor in your constructor,
+ to be sure that the internal mechanisms are set up properly.
+3. Implement one or more specific methods, as detailed below.
+
+The class to extend and the method(s) to implement depend on the sort
+of stream class you are writing:
+
+
-
-*Note*: The implementation code for a stream should *never* call the "public"
-methods of a stream that are intended for use by consumers (as described in
-the [API for Stream Consumers][] section). Doing so may lead to adverse
-side effects in application code consuming the stream.
-
-### Simplified Construction
-
-For many simple cases, it is possible to construct a stream without relying on
-inheritance. This can be accomplished by directly creating instances of the
-`stream.Writable`, `stream.Readable`, `stream.Duplex` or `stream.Transform`
-objects and passing appropriate methods as constructor options.
-
-For example:
-
-```js
-const Writable = require('stream').Writable;
-
-const myWritable = new Writable({
- write(chunk, encoding, callback) {
- // ...
- }
-});
-```
-
-### Implementing a Writable Stream
-
-The `stream.Writable` class is extended to implement a [Writable][] stream.
-
-Custom Writable streams *must* call the `new stream.Writable([options])`
-constructor and implement the `writable._write()` method. The
-`writable._writev()` method *may* also be implemented.
-
-#### Constructor: new stream.Writable([options])
-
-* `options` {Object}
- * `highWaterMark` {Number} Buffer level when
- [`stream.write()`][stream-write] starts returning `false`. Defaults to
- `16384` (16kb), or `16` for `objectMode` streams.
- * `decodeStrings` {Boolean} Whether or not to decode strings into
- Buffers before passing them to [`stream._write()`][stream-_write].
- Defaults to `true`
- * `objectMode` {Boolean} Whether or not the
- [`stream.write(anyObj)`][stream-write] is a valid operation. When set,
- it becomes possible to write JavaScript values other than string or
- `Buffer` if supported by the stream implementation. Defaults to `false`
- * `write` {Function} Implementation for the
- [`stream._write()`][stream-_write] method.
- * `writev` {Function} Implementation for the
- [`stream._writev()`][stream-_writev] method.
-
-For example:
-
-```js
-const Writable = require('stream').Writable;
-
-class MyWritable extends Writable {
- constructor(options) {
- // Calls the stream.Writable() constructor
- super(options);
- }
-}
-```
-
-Or, when using pre-ES6 style constructors:
-
-```js
-const Writable = require('stream').Writable;
-const util = require('util');
-
-function MyWritable(options) {
- if (!(this instanceof MyWritable))
- return new MyWritable(options);
- Writable.call(this, options);
-}
-util.inherits(MyWritable, Writable);
-```
-
-Or, using the Simplified Constructor approach:
-
-```js
-const Writable = require('stream').Writable;
-
-const myWritable = new Writable({
- write(chunk, encoding, callback) {
- // ...
- },
- writev(chunks, callback) {
- // ...
- }
-});
-```
-
-#### writable.\_write(chunk, encoding, callback)
-
-* `chunk` {Buffer|String} The chunk to be written. Will **always**
- be a buffer unless the `decodeStrings` option was set to `false`.
-* `encoding` {String} If the chunk is a string, then `encoding` is the
- character encoding of that string. If chunk is a `Buffer`, or if the
- stream is operating in object mode, `encoding` may be ignored.
-* `callback` {Function} Call this function (optionally with an error
- argument) when processing is complete for the supplied chunk.
-
-All Writable stream implementations must provide a
-[`writable._write()`][stream-_write] method to send data to the underlying
-resource.
-
-*Note*: [Transform][] streams provide their own implementation of the
-[`writable._write()`][stream-_write].
-
-*Note*: **This function MUST NOT be called by application code directly.** It
-should be implemented by child classes, and called only by the internal Writable
-class methods only.
-
-The `callback` method must be called to signal either that the write completed
-successfully or failed with an error. The first argument passed to the
-`callback` must be the `Error` object if the call failed or `null` if the
-write succeeded.
-
-It is important to note that all calls to `writable.write()` that occur between
-the time `writable._write()` is called and the `callback` is called will cause
-the written data to be buffered. Once the `callback` is invoked, the stream will
-emit a `'drain'` event. If a stream implementation is capable of processing
-multiple chunks of data at once, the `writable._writev()` method should be
-implemented.
-
-If the `decodeStrings` property is set in the constructor options, then
-`chunk` may be a string rather than a Buffer, and `encoding` will
-indicate the character encoding of the string. This is to support
-implementations that have an optimized handling for certain string
-data encodings. If the `decodeStrings` property is explicitly set to `false`,
-the `encoding` argument can be safely ignored, and `chunk` will always be a
-`Buffer`.
-
-The `writable._write()` method is prefixed with an underscore because it is
-internal to the class that defines it, and should never be called directly by
-user programs.
-
-#### writable.\_writev(chunks, callback)
-
-* `chunks` {Array} The chunks to be written. Each chunk has following
- format: `{ chunk: ..., encoding: ... }`.
-* `callback` {Function} A callback function (optionally with an error
- argument) to be invoked when processing is complete for the supplied chunks.
-
-*Note*: **This function MUST NOT be called by application code directly.** It
-should be implemented by child classes, and called only by the internal Writable
-class methods only.
-
-The `writable._writev()` method may be implemented in addition to
-`writable._write()` in stream implementations that are capable of processing
-multiple chunks of data at once. If implemented, the method will be called with
-all chunks of data currently buffered in the write queue.
-
-The `writable._writev()` method is prefixed with an underscore because it is
-internal to the class that defines it, and should never be called directly by
-user programs.
-
-#### Errors While Writing
-
-It is recommended that errors occurring during the processing of the
-`writable._write()` and `writable._writev()` methods are reported by invoking
-the callback and passing the error as the first argument. This will cause an
-`'error'` event to be emitted by the Writable. Throwing an Error from within
-`writable._write()` can result in expected and inconsistent behavior depending
-on how the stream is being used. Using the callback ensures consistent and
-predictable handling of errors.
-
-```js
-const Writable = require('stream').Writable;
-
-const myWritable = new Writable({
- write(chunk, encoding, callback) {
- if (chunk.toString().indexOf('a') >= 0) {
- callback(new Error('chunk is invalid'));
- } else {
- callback();
- }
- }
-});
-```
-
-#### An Example Writable Stream
-
-The following illustrates a rather simplistic (and somewhat pointless) custom
-Writable stream implementation. While this specific Writable stream instance
-is not of any real particular usefulness, the example illustrates each of the
-required elements of a custom [Writable][] stream instance:
-
-```js
-const Writable = require('stream').Writable;
-
-class MyWritable extends Writable {
- constructor(options) {
- super(options);
- }
-
- _write(chunk, encoding, callback) {
- if (chunk.toString().indexOf('a') >= 0) {
- callback(new Error('chunk is invalid'));
- } else {
- callback();
- }
- }
-}
-```
-
-### Implementing a Readable Stream
-
-The `stream.Readable` class is extended to implement a [Readable][] stream.
-
-Custom Readable streams *must* call the `new stream.Readable([options])`
-constructor and implement the `readable._read()` method.
-
-#### new stream.Readable([options])
-
-* `options` {Object}
- * `highWaterMark` {Number} The maximum number of bytes to store in
- the internal buffer before ceasing to read from the underlying
- resource. Defaults to `16384` (16kb), or `16` for `objectMode` streams
- * `encoding` {String} If specified, then buffers will be decoded to
- strings using the specified encoding. Defaults to `null`
- * `objectMode` {Boolean} Whether this stream should behave
- as a stream of objects. Meaning that [`stream.read(n)`][stream-read] returns
- a single value instead of a Buffer of size n. Defaults to `false`
- * `read` {Function} Implementation for the [`stream._read()`][stream-_read]
- method.
-
-For example:
-
-```js
-const Readable = require('stream').Readable;
-
-class MyReadable extends Readable {
- constructor(options) {
- // Calls the stream.Readable(options) constructor
- super(options);
- }
-}
-```
-
-Or, when using pre-ES6 style constructors:
-
-```js
-const Readable = require('stream').Readable;
-const util = require('util');
-
-function MyReadable(options) {
- if (!(this instanceof MyReadable))
- return new MyReadable(options);
- Readable.call(this, options);
-}
-util.inherits(MyReadable, Readable);
-```
-
-Or, using the Simplified Constructor approach:
-
-```js
-const Readable = require('stream').Readable;
-
-const myReadable = new Readable({
- read(size) {
- // ...
- }
-});
-```
-
-#### readable.\_read(size)
-
-* `size` {Number} Number of bytes to read asynchronously
-
-*Note*: **This function MUST NOT be called by application code directly.** It
-should be implemented by child classes, and called only by the internal Readable
-class methods only.
-
-All Readable stream implementations must provide an implementation of the
-`readable._read()` method to fetch data from the underlying resource.
-
-When `readable._read()` is called, if data is available from the resource, the
-implementation should begin pushing that data into the read queue using the
-[`this.push(dataChunk)`][stream-push] method. `_read()` should continue reading
-from the resource and pushing data until `readable.push()` returns `false`. Only
-when `_read()` is called again after it has stopped should it resume pushing
-additional data onto the queue.
-
-*Note*: Once the `readable._read()` method has been called, it will not be
-called again until the [`readable.push()`][stream-push] method is called.
-
-The `size` argument is advisory. For implementations where a "read" is a
-single operation that returns data can use the `size` argument to determine how
-much data to fetch. Other implementations may ignore this argument and simply
-provide data whenever it becomes available. There is no need to "wait" until
-`size` bytes are available before calling [`stream.push(chunk)`][stream-push].
-
-The `readable._read()` method is prefixed with an underscore because it is
-internal to the class that defines it, and should never be called directly by
-user programs.
-
-#### readable.push(chunk[, encoding])
-
-* `chunk` {Buffer|Null|String} Chunk of data to push into the read queue
-* `encoding` {String} Encoding of String chunks. Must be a valid
- Buffer encoding, such as `'utf8'` or `'ascii'`
-* Returns {Boolean} `true` if additional chunks of data may continued to be
- pushed; `false` otherwise.
-
-When `chunk` is a `Buffer` or `string`, the `chunk` of data will be added to the
-internal queue for users of the stream to consume. Passing `chunk` as `null`
-signals the end of the stream (EOF), after which no more data can be written.
-
-When the Readable is operating in paused mode, the data added with
-`readable.push()` can be read out by calling the
-[`readable.read()`][stream-read] method when the [`'readable'`][] event is
-emitted.
-
-When the Readable is operating in flowing mode, the data added with
-`readable.push()` will be delivered by emitting a `'data'` event.
-
-The `readable.push()` method is designed to be as flexible as possible. For
-example, when wrapping a lower-level source that provides some form of
-pause/resume mechanism, and a data callback, the low-level source can be wrapped
-by the custom Readable instance as illustrated in the following example:
-
-```js
-// source is an object with readStop() and readStart() methods,
-// and an `ondata` member that gets called when it has data, and
-// an `onend` member that gets called when the data is over.
-
-class SourceWrapper extends Readable {
- constructor(options) {
- super(options);
-
- this._source = getLowlevelSourceObject();
-
- // Every time there's data, push it into the internal buffer.
- this._source.ondata = (chunk) => {
- // if push() returns false, then stop reading from source
- if (!this.push(chunk))
- this._source.readStop();
- };
-
- // When the source ends, push the EOF-signaling `null` chunk
- this._source.onend = () => {
- this.push(null);
- };
- }
- // _read will be called when the stream wants to pull more data in
- // the advisory size argument is ignored in this case.
- _read(size) {
- this._source.readStart();
- }
-}
-```
-*Note*: The `readable.push()` method is intended be called only by Readable
-Implementers, and only from within the `readable._read()` method.
-
-#### Errors While Reading
-
-It is recommended that errors occurring during the processing of the
-`readable._read()` method are emitted using the `'error'` event rather than
-being thrown. Throwing an Error from within `readable._read()` can result in
-expected and inconsistent behavior depending on whether the stream is operating
-in flowing or paused mode. Using the `'error'` event ensures consistent and
-predictable handling of errors.
-
-```js
-const Readable = require('stream').Readable;
-
-const myReadable = new Readable({
- read(size) {
- if (checkSomeErrorCondition()) {
- process.nextTick(() => this.emit('error', err));
- return;
- }
- // do some work
- }
-});
-```
-
-#### An Example Counting Stream
-
-
-
-The following is a basic example of a Readable stream that emits the numerals
-from 1 to 1,000,000 in ascending order, and then ends.
-
-```js
-const Readable = require('stream').Readable;
-
-class Counter extends Readable {
- constructor(opt) {
- super(opt);
- this._max = 1000000;
- this._index = 1;
- }
-
- _read() {
- var i = this._index++;
- if (i > this._max)
- this.push(null);
- else {
- var str = '' + i;
- var buf = Buffer.from(str, 'ascii');
- this.push(buf);
- }
- }
-}
-```
-
-### Implementing a Duplex Stream
-
-A [Duplex][] stream is one that implements both [Readable][] and [Writable][],
-such as a TCP socket connection.
-
-Because Javascript does not have support for multiple inheritance, the
-`stream.Duplex` class is extended to implement a [Duplex][] stream (as opposed
-to extending the `stream.Readable` *and* `stream.Writable` classes).
-
-*Note*: The `stream.Duplex` class prototypically inherits from `stream.Readable`
-and parasitically from `stream.Writable`.
-
-Custom Duplex streams *must* call the `new stream.Duplex([options])`
-constructor and implement *both* the `readable._read()` and
-`writable._write()` methods.
-
-#### new stream.Duplex(options)
-
-* `options` {Object} Passed to both Writable and Readable
- constructors. Also has the following fields:
- * `allowHalfOpen` {Boolean} Defaults to `true`. If set to `false`, then
- the stream will automatically end the readable side when the
- writable side ends and vice versa.
- * `readableObjectMode` {Boolean} Defaults to `false`. Sets `objectMode`
- for readable side of the stream. Has no effect if `objectMode`
- is `true`.
- * `writableObjectMode` {Boolean} Defaults to `false`. Sets `objectMode`
- for writable side of the stream. Has no effect if `objectMode`
- is `true`.
-
-For example:
-
-```js
-const Duplex = require('stream').Duplex;
-
-class MyDuplex extends Duplex {
- constructor(options) {
- super(options);
- }
-}
-```
-
-Or, when using pre-ES6 style constructors:
-
-```js
-const Duplex = require('stream').Duplex;
-const util = require('util');
-
-function MyDuplex(options) {
- if (!(this instanceof MyDuplex))
- return new MyDuplex(options);
- Duplex.call(this, options);
-}
-util.inherits(MyDuplex, Duplex);
-```
-
-Or, using the Simplified Constructor approach:
-
-```js
-const Duplex = require('stream').Duplex;
-
-const myDuplex = new Duplex({
- read(size) {
- // ...
- },
- write(chunk, encoding, callback) {
- // ...
- }
-});
-```
-
-#### An Example Duplex Stream
-
-The following illustrates a simple example of a Duplex stream that wraps a
-hypothetical lower-level source object to which data can be written, and
-from which data can be read, albeit using an API that is not compatible with
-Node.js streams.
-The following illustrates a simple example of a Duplex stream that buffers
-incoming written data via the [Writable][] interface that is read back out
-via the [Readable][] interface.
-
-```js
-const Duplex = require('stream').Duplex;
-const kSource = Symbol('source');
-
-class MyDuplex extends Duplex {
- constructor(source, options) {
- super(options);
- this[kSource] = source;
- }
-
- _write(chunk, encoding, callback) {
- // The underlying source only deals with strings
- if (Buffer.isBuffer(chunk))
- chunk = chunk.toString(encoding);
- this[kSource].writeSomeData(chunk, encoding);
- callback();
- }
-
- _read(size) {
- this[kSource].fetchSomeData(size, (data, encoding) => {
- this.push(Buffer.from(data, encoding));
- });
- }
-}
-```
-
-The most important aspect of a Duplex stream is that the Readable and Writable
-sides operate independently of one another despite co-existing within a single
-object instance.
-
-#### Object Mode Duplex Streams
-
-For Duplex streams, `objectMode` can be set exclusively for either the Readable
-or Writable side using the `readableObjectMode` and `writableObjectMode` options
-respectively.
-
-In the following example, for instance, a new Transform stream (which is a
-type of [Duplex][] stream) is created that has an object mode Writable side
-that accepts JavaScript numbers that are converted to hexidecimal strings on
-the Readable side.
-
-```js
-const Transform = require('stream').Transform;
-
-// All Transform streams are also Duplex Streams
-const myTransform = new Transform({
- writableObjectMode: true,
-
- transform(chunk, encoding, callback) {
- // Coerce the chunk to a number if necessary
- chunk |= 0;
-
- // Transform the chunk into something else.
- const data = chunk.toString(16);
-
- // Push the data onto the readable queue.
- callback(null, '0'.repeat(data.length % 2) + data);
- }
-});
-
-myTransform.setEncoding('ascii');
-myTransform.on('data', (chunk) => console.log(chunk));
-
-myTransform.write(1);
- // Prints: 01
-myTransform.write(10);
- // Prints: 0a
-myTransform.write(100);
- // Prints: 64
-```
-
-### Implementing a Transform Stream
-
-A [Transform][] stream is a [Duplex][] stream where the output is computed
-in some way from the input. Examples include [zlib][] streams or [crypto][]
-streams that compress, encrypt, or decrypt data.
-
-*Note*: There is no requirement that the output be the same size as the input,
-the same number of chunks, or arrive at the same time. For example, a
-Hash stream will only ever have a single chunk of output which is
-provided when the input is ended. A `zlib` stream will produce output
-that is either much smaller or much larger than its input.
-
-The `stream.Transform` class is extended to implement a [Transform][] stream.
-
-The `stream.Transform` class prototypically inherits from `stream.Duplex` and
-implements its own versions of the `writable._write()` and `readable._read()`
-methods. Custom Transform implementations *must* implement the
-[`transform._transform()`][stream-_transform] method and *may* also implement
-the [`transform._flush()`][stream-_flush] method.
-
-*Note*: Care must be taken when using Transform streams in that data written
-to the stream can cause the Writable side of the stream to become paused if
-the output on the Readable side is not consumed.
-
-#### new stream.Transform([options])
-
-* `options` {Object} Passed to both Writable and Readable
- constructors. Also has the following fields:
- * `transform` {Function} Implementation for the
- [`stream._transform()`][stream-_transform] method.
- * `flush` {Function} Implementation for the [`stream._flush()`][stream-_flush]
- method.
-
-For example:
-
-```js
-const Transform = require('stream').Transform;
-
-class MyTransform extends Transform {
- constructor(options) {
- super(options);
- }
-}
-```
-
-Or, when using pre-ES6 style constructors:
-
-```js
-const Transform = require('stream').Transform;
-const util = require('util');
-
-function MyTransform(options) {
- if (!(this instanceof MyTransform))
- return new MyTransform(options);
- Transform.call(this, options);
-}
-util.inherits(MyTransform, Transform);
-```
-
-Or, using the Simplified Constructor approach:
-
-```js
-const Transform = require('stream').Transform;
-
-const myTransform = new Transform({
- transform(chunk, encoding, callback) {
- // ...
- }
-});
-```
-
-#### Events: 'finish' and 'end'
-
-The [`'finish'`][] and [`'end'`][] events are from the `stream.Writable`
-and `stream.Readable` classes, respectively. The `'finish'` event is emitted
-after [`stream.end()`][stream-end] is called and all chunks have been processed
-by [`stream._transform()`][stream-_transform]. The `'end'` event is emitted
-after all data has been output, which occurs after the callback in
-[`transform._flush()`][stream-_flush] has been called.
-
-#### transform.\_flush(callback)
-
-* `callback` {Function} A callback function (optionally with an error
- argument) to be called when remaining data has been flushed.
-
-*Note*: **This function MUST NOT be called by application code directly.** It
-should be implemented by child classes, and called only by the internal Readable
-class methods only.
-
-In some cases, a transform operation may need to emit an additional bit of
-data at the end of the stream. For example, a `zlib` compression stream will
-store an amount of internal state used to optimally compress the output. When
-the stream ends, however, that additional data needs to be flushed so that the
-compressed data will be complete.
-
-Custom [Transform][] implementations *may* implement the `transform._flush()`
-method. This will be called when there is no more written data to be consumed,
-but before the [`'end'`][] event is emitted signaling the end of the
-[Readable][] stream.
-
-Within the `transform._flush()` implementation, the `readable.push()` method
-may be called zero or more times, as appropriate. The `callback` function must
-be called when the flush operation is complete.
-
-The `transform._flush()` method is prefixed with an underscore because it is
-internal to the class that defines it, and should never be called directly by
-user programs.
-
-#### transform.\_transform(chunk, encoding, callback)
-
-* `chunk` {Buffer|String} The chunk to be transformed. Will **always**
- be a buffer unless the `decodeStrings` option was set to `false`.
-* `encoding` {String} If the chunk is a string, then this is the
- encoding type. If chunk is a buffer, then this is the special
- value - 'buffer', ignore it in this case.
-* `callback` {Function} A callback function (optionally with an error
- argument and data) to be called after the supplied `chunk` has been
- processed.
-
-*Note*: **This function MUST NOT be called by application code directly.** It
-should be implemented by child classes, and called only by the internal Readable
-class methods only.
-
-All Transform stream implementations must provide a `_transform()`
-method to accept input and produce output. The `transform._transform()`
-implementation handles the bytes being written, computes an output, then passes
-that output off to the readable portion using the `readable.push()` method.
-
-The `transform.push()` method may be called zero or more times to generate
-output from a single input chunk, depending on how much is to be output
-as a result of the chunk.
-
-It is possible that no output is generated from any given chunk of input data.
-
-The `callback` function must be called only when the current chunk is completely
-consumed. The first argument passed to the `callback` must be an `Error` object
-if an error occurred while processing the input or `null` otherwise. If a second
-argument is passed to the `callback`, it will be forwarded on to the
-`readable.push()` method. In other words the following are equivalent:
-
-```js
-transform.prototype._transform = function (data, encoding, callback) {
- this.push(data);
- callback();
-};
-
-transform.prototype._transform = function (data, encoding, callback) {
- callback(null, data);
-};
-```
-
-The `transform._transform()` method is prefixed with an underscore because it
-is internal to the class that defines it, and should never be called directly by
-user programs.
-
-#### Class: stream.PassThrough
-
-The `stream.PassThrough` class is a trivial implementation of a [Transform][]
-stream that simply passes the input bytes across to the output. Its purpose is
-primarily for examples and testing, but there are some use cases where
-`stream.PassThrough` is useful as a building block for novel sorts of streams.
-
-## Additional Notes
-
-
-
-### Compatibility with Older Node.js Versions
-
-
-
-In versions of Node.js prior to v0.10, the Readable stream interface was
-simpler, but also less powerful and less useful.
-
-* Rather than waiting for calls the [`stream.read()`][stream-read] method,
- [`'data'`][] events would begin emitting immediately. Applications that
- would need to perform some amount of work to decide how to handle data
- were required to store read data into buffers so the data would not be lost.
-* The [`stream.pause()`][stream-pause] method was advisory, rather than
- guaranteed. This meant that it was still necessary to be prepared to receive
- [`'data'`][] events *even when the stream was in a paused state*.
-
-In Node.js v0.10, the [Readable][] class was added. For backwards compatibility
-with older Node.js programs, Readable streams switch into "flowing mode" when a
-[`'data'`][] event handler is added, or when the
-[`stream.resume()`][stream-resume] method is called. The effect is that, even
-when not using the new [`stream.read()`][stream-read] method and
-[`'readable'`][] event, it is no longer necessary to worry about losing
-[`'data'`][] chunks.
-
-While most applications will continue to function normally, this introduces an
-edge case in the following conditions:
-
-* No [`'data'`][] event listener is added.
-* The [`stream.resume()`][stream-resume] method is never called.
-* The stream is not piped to any writable destination.
-
-For example, consider the following code:
-
-```js
-// WARNING! BROKEN!
-net.createServer((socket) => {
-
- // we add an 'end' method, but never consume the data
- socket.on('end', () => {
- // It will never get here.
- socket.end('The message was received but was not processed.\n');
- });
-
-}).listen(1337);
-```
-
-In versions of Node.js prior to v0.10, the incoming message data would be
-simply discarded. However, in Node.js v0.10 and beyond, the socket remains
-paused forever.
-
-The workaround in this situation is to call the
-[`stream.resume()`][stream-resume] method to begin the flow of data:
-
-```js
-// Workaround
-net.createServer((socket) => {
-
- socket.on('end', () => {
- socket.end('The message was received but was not processed.\n');
- });
-
- // start the flow of data, discarding it.
- socket.resume();
-
-}).listen(1337);
-```
-
-In addition to new Readable streams switching into flowing mode,
-pre-v0.10 style streams can be wrapped in a Readable class using the
-[`readable.wrap()`][`stream.wrap()`] method.
-
-
-### `readable.read(0)`
-
-There are some cases where it is necessary to trigger a refresh of the
-underlying readable stream mechanisms, without actually consuming any
-data. In such cases, it is possible to call `readable.read(0)`, which will
-always return `null`.
-
-If the internal read buffer is below the `highWaterMark`, and the
-stream is not currently reading, then calling `stream.read(0)` will trigger
-a low-level [`stream._read()`][stream-_read] call.
-
-While most applications will almost never need to do this, there are
-situations within Node.js where this is done, particularly in the
-Readable stream class internals.
-
-### `readable.push('')`
-
-Use of `readable.push('')` is not recommended.
-
-Pushing a zero-byte string or `Buffer` to a stream that is not in object mode
-has an interesting side effect. Because it *is* a call to
-[`readable.push()`][stream-push], the call will end the reading process.
-However, because the argument is an empty string, no data is added to the
-readable buffer so there is nothing for a user to consume.
-
-[`'data'`]: #stream_event_data
-[`'drain'`]: #stream_event_drain
-[`'end'`]: #stream_event_end
-[`'finish'`]: #stream_event_finish
-[`'readable'`]: #stream_event_readable
-[`buf.toString(encoding)`]: https://nodejs.org/docs/v6.3.1/api/buffer.html#buffer_buf_tostring_encoding_start_end
-[`EventEmitter`]: https://nodejs.org/docs/v6.3.1/api/events.html#events_class_eventemitter
-[`process.stderr`]: https://nodejs.org/docs/v6.3.1/api/process.html#process_process_stderr
-[`process.stdin`]: https://nodejs.org/docs/v6.3.1/api/process.html#process_process_stdin
-[`process.stdout`]: https://nodejs.org/docs/v6.3.1/api/process.html#process_process_stdout
-[`stream.cork()`]: #stream_writable_cork
-[`stream.pipe()`]: #stream_readable_pipe_destination_options
-[`stream.uncork()`]: #stream_writable_uncork
-[`stream.unpipe()`]: #stream_readable_unpipe_destination
-[`stream.wrap()`]: #stream_readable_wrap_stream
-[`tls.CryptoStream`]: https://nodejs.org/docs/v6.3.1/api/tls.html#tls_class_cryptostream
-[API for Stream Consumers]: #stream_api_for_stream_consumers
-[API for Stream Implementers]: #stream_api_for_stream_implementers
-[child process stdin]: https://nodejs.org/docs/v6.3.1/api/child_process.html#child_process_child_stdin
-[child process stdout and stderr]: https://nodejs.org/docs/v6.3.1/api/child_process.html#child_process_child_stdout
-[Compatibility]: #stream_compatibility_with_older_node_js_versions
-[crypto]: crypto.html
-[Duplex]: #stream_class_stream_duplex
-[fs read streams]: https://nodejs.org/docs/v6.3.1/api/fs.html#fs_class_fs_readstream
-[fs write streams]: https://nodejs.org/docs/v6.3.1/api/fs.html#fs_class_fs_writestream
-[`fs.createReadStream()`]: https://nodejs.org/docs/v6.3.1/api/fs.html#fs_fs_createreadstream_path_options
-[`fs.createWriteStream()`]: https://nodejs.org/docs/v6.3.1/api/fs.html#fs_fs_createwritestream_path_options
-[`net.Socket`]: https://nodejs.org/docs/v6.3.1/api/net.html#net_class_net_socket
-[`zlib.createDeflate()`]: https://nodejs.org/docs/v6.3.1/api/zlib.html#zlib_zlib_createdeflate_options
-[HTTP requests, on the client]: https://nodejs.org/docs/v6.3.1/api/http.html#http_class_http_clientrequest
-[HTTP responses, on the server]: https://nodejs.org/docs/v6.3.1/api/http.html#http_class_http_serverresponse
-[http-incoming-message]: https://nodejs.org/docs/v6.3.1/api/http.html#http_class_http_incomingmessage
-[Object mode]: #stream_object_mode
-[Readable]: #stream_class_stream_readable
-[SimpleProtocol v2]: #stream_example_simpleprotocol_parser_v2
-[stream-_flush]: #stream_transform_flush_callback
-[stream-_read]: #stream_readable_read_size_1
-[stream-_transform]: #stream_transform_transform_chunk_encoding_callback
-[stream-_write]: #stream_writable_write_chunk_encoding_callback_1
-[stream-_writev]: #stream_writable_writev_chunks_callback
-[stream-end]: #stream_writable_end_chunk_encoding_callback
-[stream-pause]: #stream_readable_pause
-[stream-push]: #stream_readable_push_chunk_encoding
-[stream-read]: #stream_readable_read_size
-[stream-resume]: #stream_readable_resume
-[stream-write]: #stream_writable_write_chunk_encoding_callback
-[TCP sockets]: https://nodejs.org/docs/v6.3.1/api/net.html#net_class_net_socket
-[Transform]: #stream_class_stream_transform
-[Writable]: #stream_class_stream_writable
-[zlib]: zlib.html
diff --git a/deps/npm/node_modules/readable-stream/lib/_stream_readable.js b/deps/npm/node_modules/readable-stream/lib/_stream_readable.js
index 208cc65f1cca99..3a7d42d62b86a3 100644
--- a/deps/npm/node_modules/readable-stream/lib/_stream_readable.js
+++ b/deps/npm/node_modules/readable-stream/lib/_stream_readable.js
@@ -10,6 +10,10 @@ var processNextTick = require('process-nextick-args');
var isArray = require('isarray');
/**/
+/**/
+var Duplex;
+/**/
+
Readable.ReadableState = ReadableState;
/**/
@@ -57,6 +61,8 @@ var StringDecoder;
util.inherits(Readable, Stream);
function prependListener(emitter, event, fn) {
+ // Sadly this is not cacheable as some libraries bundle their own
+ // event emitter implementation with them.
if (typeof emitter.prependListener === 'function') {
return emitter.prependListener(event, fn);
} else {
@@ -68,7 +74,6 @@ function prependListener(emitter, event, fn) {
}
}
-var Duplex;
function ReadableState(options, stream) {
Duplex = Duplex || require('./_stream_duplex');
@@ -138,7 +143,6 @@ function ReadableState(options, stream) {
}
}
-var Duplex;
function Readable(options) {
Duplex = Duplex || require('./_stream_duplex');
@@ -461,7 +465,7 @@ function maybeReadMore_(stream, state) {
// for virtual (non-string, non-buffer) streams, "length" is somewhat
// arbitrary, and perhaps not very meaningful.
Readable.prototype._read = function (n) {
- this.emit('error', new Error('not implemented'));
+ this.emit('error', new Error('_read() is not implemented'));
};
Readable.prototype.pipe = function (dest, pipeOpts) {
@@ -639,16 +643,16 @@ Readable.prototype.unpipe = function (dest) {
state.pipesCount = 0;
state.flowing = false;
- for (var _i = 0; _i < len; _i++) {
- dests[_i].emit('unpipe', this);
+ for (var i = 0; i < len; i++) {
+ dests[i].emit('unpipe', this);
}return this;
}
// try to find the right one.
- var i = indexOf(state.pipes, dest);
- if (i === -1) return this;
+ var index = indexOf(state.pipes, dest);
+ if (index === -1) return this;
- state.pipes.splice(i, 1);
+ state.pipes.splice(index, 1);
state.pipesCount -= 1;
if (state.pipesCount === 1) state.pipes = state.pipes[0];
diff --git a/deps/npm/node_modules/readable-stream/lib/_stream_transform.js b/deps/npm/node_modules/readable-stream/lib/_stream_transform.js
index dbc996ede62363..cd2583207f5b20 100644
--- a/deps/npm/node_modules/readable-stream/lib/_stream_transform.js
+++ b/deps/npm/node_modules/readable-stream/lib/_stream_transform.js
@@ -94,7 +94,6 @@ function Transform(options) {
this._transformState = new TransformState(this);
- // when the writable side finishes, then flush out anything remaining.
var stream = this;
// start out asking for a readable event once data is transformed.
@@ -111,9 +110,10 @@ function Transform(options) {
if (typeof options.flush === 'function') this._flush = options.flush;
}
+ // When the writable side finishes, then flush out anything remaining.
this.once('prefinish', function () {
- if (typeof this._flush === 'function') this._flush(function (er) {
- done(stream, er);
+ if (typeof this._flush === 'function') this._flush(function (er, data) {
+ done(stream, er, data);
});else done(stream);
});
}
@@ -134,7 +134,7 @@ Transform.prototype.push = function (chunk, encoding) {
// an error, then that'll put the hurt on the whole operation. If you
// never call cb(), then you'll never get another chunk.
Transform.prototype._transform = function (chunk, encoding, cb) {
- throw new Error('Not implemented');
+ throw new Error('_transform() is not implemented');
};
Transform.prototype._write = function (chunk, encoding, cb) {
@@ -164,9 +164,11 @@ Transform.prototype._read = function (n) {
}
};
-function done(stream, er) {
+function done(stream, er, data) {
if (er) return stream.emit('error', er);
+ if (data !== null && data !== undefined) stream.push(data);
+
// if there's nothing in the write buffer, then that means
// that nothing more will ever be provided
var ws = stream._writableState;
diff --git a/deps/npm/node_modules/readable-stream/lib/_stream_writable.js b/deps/npm/node_modules/readable-stream/lib/_stream_writable.js
index ed5efcbd203208..4d9c62ba62ff2b 100644
--- a/deps/npm/node_modules/readable-stream/lib/_stream_writable.js
+++ b/deps/npm/node_modules/readable-stream/lib/_stream_writable.js
@@ -14,6 +14,10 @@ var processNextTick = require('process-nextick-args');
var asyncWrite = !process.browser && ['v0.10', 'v0.9.'].indexOf(process.version.slice(0, 5)) > -1 ? setImmediate : processNextTick;
/**/
+/**/
+var Duplex;
+/**/
+
Writable.WritableState = WritableState;
/**/
@@ -54,7 +58,6 @@ function WriteReq(chunk, encoding, cb) {
this.next = null;
}
-var Duplex;
function WritableState(options, stream) {
Duplex = Duplex || require('./_stream_duplex');
@@ -76,6 +79,7 @@ function WritableState(options, stream) {
// cast to ints.
this.highWaterMark = ~ ~this.highWaterMark;
+ // drain event flag.
this.needDrain = false;
// at the start of calling end()
this.ending = false;
@@ -150,7 +154,7 @@ function WritableState(options, stream) {
this.corkedRequestsFree = new CorkedRequest(this);
}
-WritableState.prototype.getBuffer = function writableStateGetBuffer() {
+WritableState.prototype.getBuffer = function getBuffer() {
var current = this.bufferedRequest;
var out = [];
while (current) {
@@ -170,13 +174,37 @@ WritableState.prototype.getBuffer = function writableStateGetBuffer() {
} catch (_) {}
})();
-var Duplex;
+// Test _writableState for inheritance to account for Duplex streams,
+// whose prototype chain only points to Readable.
+var realHasInstance;
+if (typeof Symbol === 'function' && Symbol.hasInstance && typeof Function.prototype[Symbol.hasInstance] === 'function') {
+ realHasInstance = Function.prototype[Symbol.hasInstance];
+ Object.defineProperty(Writable, Symbol.hasInstance, {
+ value: function (object) {
+ if (realHasInstance.call(this, object)) return true;
+
+ return object && object._writableState instanceof WritableState;
+ }
+ });
+} else {
+ realHasInstance = function (object) {
+ return object instanceof this;
+ };
+}
+
function Writable(options) {
Duplex = Duplex || require('./_stream_duplex');
- // Writable ctor is applied to Duplexes, though they're not
- // instanceof Writable, they're instanceof Readable.
- if (!(this instanceof Writable) && !(this instanceof Duplex)) return new Writable(options);
+ // Writable ctor is applied to Duplexes, too.
+ // `realHasInstance` is necessary because using plain `instanceof`
+ // would return false, as no `_writableState` property is attached.
+
+ // Trying to use the custom `instanceof` for Writable here will also break the
+ // Node.js LazyTransform implementation, which has a non-trivial getter for
+ // `_writableState` that would lead to infinite recursion.
+ if (!realHasInstance.call(Writable, this) && !(this instanceof Duplex)) {
+ return new Writable(options);
+ }
this._writableState = new WritableState(options, this);
@@ -436,7 +464,7 @@ function clearBuffer(stream, state) {
}
Writable.prototype._write = function (chunk, encoding, cb) {
- cb(new Error('not implemented'));
+ cb(new Error('_write() is not implemented'));
};
Writable.prototype._writev = null;
diff --git a/deps/npm/node_modules/readable-stream/package.json b/deps/npm/node_modules/readable-stream/package.json
index 6cdacd2f62da22..bc5214bf185c79 100644
--- a/deps/npm/node_modules/readable-stream/package.json
+++ b/deps/npm/node_modules/readable-stream/package.json
@@ -2,57 +2,61 @@
"_args": [
[
{
- "raw": "readable-stream@2.1.5",
+ "raw": "readable-stream@2.2.2",
"scope": null,
"escapedName": "readable-stream",
"name": "readable-stream",
- "rawSpec": "2.1.5",
- "spec": "2.1.5",
+ "rawSpec": "2.2.2",
+ "spec": "2.2.2",
"type": "version"
},
- "/Users/zkat/Documents/code/npm"
+ "/Users/rebecca/code/npm-latest"
]
],
- "_from": "readable-stream@2.1.5",
- "_id": "readable-stream@2.1.5",
+ "_from": "readable-stream@2.2.2",
+ "_id": "readable-stream@2.2.2",
"_inCache": true,
"_location": "/readable-stream",
- "_nodeVersion": "5.12.0",
+ "_nodeVersion": "7.1.0",
"_npmOperationalInternal": {
- "host": "packages-16-east.internal.npmjs.com",
- "tmp": "tmp/readable-stream-2.1.5.tgz_1471463532993_0.15824943827465177"
+ "host": "packages-18-east.internal.npmjs.com",
+ "tmp": "tmp/readable-stream-2.2.2.tgz_1479128709230_0.5291099038440734"
},
"_npmUser": {
"name": "cwmma",
"email": "calvin.metcalf@gmail.com"
},
- "_npmVersion": "3.8.6",
+ "_npmVersion": "3.10.7",
"_phantomChildren": {},
"_requested": {
- "raw": "readable-stream@2.1.5",
+ "raw": "readable-stream@2.2.2",
"scope": null,
"escapedName": "readable-stream",
"name": "readable-stream",
- "rawSpec": "2.1.5",
- "spec": "2.1.5",
+ "rawSpec": "2.2.2",
+ "spec": "2.2.2",
"type": "version"
},
"_requiredBy": [
"#USER",
"/",
"/fs-write-stream-atomic",
+ "/mississippi/duplexify",
+ "/mississippi/flush-write-stream",
+ "/mississippi/from2",
"/node-gyp/npmlog/are-we-there-yet",
"/npm-registry-client/npmlog/are-we-there-yet",
"/npmlog/are-we-there-yet",
"/sha",
"/tap",
+ "/tap/tap-mocha-reporter",
"/tap/tap-parser"
],
- "_resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.1.5.tgz",
- "_shasum": "66fa8b720e1438b364681f2ad1a63c618448c9d0",
+ "_resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.2.2.tgz",
+ "_shasum": "a9e6fec3c7dda85f8bb1b3ba7028604556fc825e",
"_shrinkwrap": null,
- "_spec": "readable-stream@2.1.5",
- "_where": "/Users/zkat/Documents/code/npm",
+ "_spec": "readable-stream@2.2.2",
+ "_where": "/Users/rebecca/code/npm-latest",
"browser": {
"util": false
},
@@ -72,6 +76,7 @@
"devDependencies": {
"assert": "~1.4.0",
"babel-polyfill": "^6.9.1",
+ "buffer": "^4.9.0",
"nyc": "^6.4.0",
"tap": "~0.7.1",
"tape": "~4.5.1",
@@ -79,10 +84,10 @@
},
"directories": {},
"dist": {
- "shasum": "66fa8b720e1438b364681f2ad1a63c618448c9d0",
- "tarball": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.1.5.tgz"
+ "shasum": "a9e6fec3c7dda85f8bb1b3ba7028604556fc825e",
+ "tarball": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.2.2.tgz"
},
- "gitHead": "758c8b3845af855fde736b6a7f58a15fba00d1e7",
+ "gitHead": "f239454e183d2032c0eb7d79a1c08f674fdd8db4",
"homepage": "https://github.com/nodejs/readable-stream#readme",
"keywords": [
"readable",
@@ -129,5 +134,5 @@
"test": "tap test/parallel/*.js test/ours/*.js",
"write-zuul": "printf \"ui: tape\nbrowsers:\n - name: $BROWSER_NAME\n version: $BROWSER_VERSION\n\">.zuul.yml"
},
- "version": "2.1.5"
+ "version": "2.2.2"
}
diff --git a/deps/npm/node_modules/request/.npmignore b/deps/npm/node_modules/request/.npmignore
deleted file mode 100644
index 67fe11cc0a77bb..00000000000000
--- a/deps/npm/node_modules/request/.npmignore
+++ /dev/null
@@ -1,6 +0,0 @@
-coverage
-tests
-node_modules
-examples
-release.sh
-disabled.appveyor.yml
diff --git a/deps/npm/node_modules/request/.travis.yml b/deps/npm/node_modules/request/.travis.yml
deleted file mode 100644
index 9be8247c7b52bc..00000000000000
--- a/deps/npm/node_modules/request/.travis.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-
-language: node_js
-
-node_js:
- - node
- - 6
- - 4
- - 0.12
-
-after_script:
- - npm run test-cov
- - codecov
- - cat ./coverage/lcov.info | coveralls
-
-webhooks:
- urls: https://webhooks.gitter.im/e/237280ed4796c19cc626
- on_success: change # options: [always|never|change] default: always
- on_failure: always # options: [always|never|change] default: always
- on_start: false # default: false
-
-sudo: false
diff --git a/deps/npm/node_modules/request/CHANGELOG.md b/deps/npm/node_modules/request/CHANGELOG.md
index 042c6e526f3a0d..7a9b2abf9e4d1e 100644
--- a/deps/npm/node_modules/request/CHANGELOG.md
+++ b/deps/npm/node_modules/request/CHANGELOG.md
@@ -1,5 +1,33 @@
## Change Log
+### v2.79.0 (2016/11/18)
+- [#2368](https://github.com/request/request/pull/2368) Fix typeof check in test-pool.js (@forivall)
+- [#2394](https://github.com/request/request/pull/2394) Use `files` in package.json (@SimenB)
+- [#2463](https://github.com/request/request/pull/2463) AWS support for session tokens for temporary credentials (@simov)
+- [#2467](https://github.com/request/request/pull/2467) Migrate to uuid (@simov, @antialias)
+- [#2459](https://github.com/request/request/pull/2459) Update taper to version 0.5.0 🚀 (@greenkeeperio-bot)
+- [#2448](https://github.com/request/request/pull/2448) Make other connect timeout test more reliable too (@mscdex)
+
+### v2.78.0 (2016/11/03)
+- [#2447](https://github.com/request/request/pull/2447) Always set request timeout on keep-alive connections (@mscdex)
+
+### v2.77.0 (2016/11/03)
+- [#2439](https://github.com/request/request/pull/2439) Fix socket 'connect' listener handling (@mscdex)
+- [#2442](https://github.com/request/request/pull/2442) 👻😱 Node.js 0.10 is unmaintained 😱👻 (@greenkeeperio-bot)
+- [#2435](https://github.com/request/request/pull/2435) Add followOriginalHttpMethod to redirect to original HTTP method (@kirrg001)
+- [#2414](https://github.com/request/request/pull/2414) Improve test-timeout reliability (@mscdex)
+
+### v2.76.0 (2016/10/25)
+- [#2424](https://github.com/request/request/pull/2424) Handle buffers directly instead of using "bl" (@zertosh)
+- [#2415](https://github.com/request/request/pull/2415) Re-enable timeout tests on Travis + other fixes (@mscdex)
+- [#2431](https://github.com/request/request/pull/2431) Improve timeouts accuracy and node v6.8.0+ compatibility (@mscdex, @greenkeeperio-bot)
+- [#2428](https://github.com/request/request/pull/2428) Update qs to version 6.3.0 🚀 (@greenkeeperio-bot)
+- [#2420](https://github.com/request/request/pull/2420) change .on to .once, remove possible memory leaks (@duereg)
+- [#2426](https://github.com/request/request/pull/2426) Remove "isFunction" helper in favor of "typeof" check (@zertosh)
+- [#2425](https://github.com/request/request/pull/2425) Simplify "defer" helper creation (@zertosh)
+- [#2402](https://github.com/request/request/pull/2402) form-data@2.1.1 breaks build 🚨 (@greenkeeperio-bot)
+- [#2393](https://github.com/request/request/pull/2393) Update form-data to version 2.1.0 🚀 (@greenkeeperio-bot)
+
### v2.75.0 (2016/09/17)
- [#2381](https://github.com/request/request/pull/2381) Drop support for Node 0.10 (@simov)
- [#2377](https://github.com/request/request/pull/2377) Update form-data to version 2.0.0 🚀 (@greenkeeperio-bot)
@@ -476,7 +504,6 @@
### v2.29.0 (2013/12/06)
- [#727](https://github.com/request/request/pull/727) fix requester bug (@jchris)
-
### v2.28.0 (2013/12/04)
- [#724](https://github.com/request/request/pull/724) README.md: add custom HTTP Headers example. (@tcort)
- [#719](https://github.com/request/request/pull/719) Made a comment gender neutral. (@unsetbit)
@@ -493,15 +520,9 @@
- [#662](https://github.com/request/request/pull/662) option.tunnel to explicitly disable tunneling (@seanmonstar)
- [#659](https://github.com/request/request/pull/659) fix failure when running with NODE_DEBUG=request, and a test for that (@jrgm)
- [#630](https://github.com/request/request/pull/630) Send random cnonce for HTTP Digest requests (@wprl)
-
-### v2.27.0 (2013/08/15)
- [#619](https://github.com/request/request/pull/619) decouple things a bit (@joaojeronimo)
-
-### v2.26.0 (2013/08/07)
- [#613](https://github.com/request/request/pull/613) Fixes #583, moved initialization of self.uri.pathname (@lexander)
- [#605](https://github.com/request/request/pull/605) Only include ":" + pass in Basic Auth if it's defined (fixes #602) (@bendrucker)
-
-### v2.25.0 (2013/07/23)
- [#596](https://github.com/request/request/pull/596) Global agent is being used when pool is specified (@Cauldrath)
- [#594](https://github.com/request/request/pull/594) Emit complete event when there is no callback (@RomainLK)
- [#601](https://github.com/request/request/pull/601) Fixed a small typo (@michalstanko)
@@ -574,7 +595,7 @@
- [#290](https://github.com/request/request/pull/290) A test for #289 (@isaacs)
- [#280](https://github.com/request/request/pull/280) Like in node.js print options if NODE_DEBUG contains the word request (@Filirom1)
- [#207](https://github.com/request/request/pull/207) Fix #206 Change HTTP/HTTPS agent when redirecting between protocols (@isaacs)
-- [#214](https://github.com/request/request/pull/214) documenting additional behavior of json option (@jphaas)
+- [#214](https://github.com/request/request/pull/214) documenting additional behavior of json option (@jphaas, @vpulim)
- [#272](https://github.com/request/request/pull/272) Boundary begins with CRLF? (@elspoono, @timshadel, @naholyr, @nanodocumet, @TehShrike)
- [#284](https://github.com/request/request/pull/284) Remove stray `console.log()` call in multipart generator. (@bcherry)
- [#241](https://github.com/request/request/pull/241) Composability updates suggested by issue #239 (@polotek)
@@ -592,10 +613,10 @@
- [#246](https://github.com/request/request/pull/246) Fixing the set-cookie header (@jeromegn)
- [#243](https://github.com/request/request/pull/243) Dynamic boundary (@zephrax)
- [#240](https://github.com/request/request/pull/240) don't error when null is passed for options (@polotek)
-- [#211](https://github.com/request/request/pull/211) Replace all occurrences of special chars in RFC3986 (@chriso)
+- [#211](https://github.com/request/request/pull/211) Replace all occurrences of special chars in RFC3986 (@chriso, @vpulim)
- [#224](https://github.com/request/request/pull/224) Multipart content-type change (@janjongboom)
- [#217](https://github.com/request/request/pull/217) need to use Authorization (titlecase) header with Tumblr OAuth (@visnup)
-- [#203](https://github.com/request/request/pull/203) Fix cookie and redirect bugs and add auth support for HTTPS tunnel (@milewise)
+- [#203](https://github.com/request/request/pull/203) Fix cookie and redirect bugs and add auth support for HTTPS tunnel (@vpulim)
- [#199](https://github.com/request/request/pull/199) Tunnel (@isaacs)
- [#198](https://github.com/request/request/pull/198) Bugfix on forever usage of util.inherits (@isaacs)
- [#197](https://github.com/request/request/pull/197) Make ForeverAgent work with HTTPS (@isaacs)
diff --git a/deps/npm/node_modules/request/CONTRIBUTING.md b/deps/npm/node_modules/request/CONTRIBUTING.md
deleted file mode 100644
index 8aa6999acd820e..00000000000000
--- a/deps/npm/node_modules/request/CONTRIBUTING.md
+++ /dev/null
@@ -1,81 +0,0 @@
-
-# Contributing to Request
-
-:+1::tada: First off, thanks for taking the time to contribute! :tada::+1:
-
-The following is a set of guidelines for contributing to Request and its packages, which are hosted in the [Request Organization](https://github.com/request) on GitHub.
-These are just guidelines, not rules, use your best judgment and feel free to propose changes to this document in a pull request.
-
-
-## Submitting an Issue
-
-1. Provide a small self **sufficient** code example to **reproduce** the issue.
-2. Run your test code using [request-debug](https://github.com/request/request-debug) and copy/paste the results inside the issue.
-3. You should **always** use fenced code blocks when submitting code examples or any other formatted output:
-
- ```js
- put your javascript code here
- ```
-
- ```
- put any other formatted output here,
- like for example the one returned from using request-debug
- ```
-
-
-If the problem cannot be reliably reproduced, the issue will be marked as `Not enough info (see CONTRIBUTING.md)`.
-
-If the problem is not related to request the issue will be marked as `Help (please use Stackoverflow)`.
-
-
-## Submitting a Pull Request
-
-1. In almost all of the cases your PR **needs tests**. Make sure you have any.
-2. Run `npm test` locally. Fix any errors before pushing to GitHub.
-3. After submitting the PR a build will be triggered on TravisCI. Wait for it to ends and make sure all jobs are passing.
-
-
------------------------------------------
-
-
-## Becoming a Contributor
-
-Individuals making significant and valuable contributions are given
-commit-access to the project to contribute as they see fit. This project is
-more like an open wiki than a standard guarded open source project.
-
-
-## Rules
-
-There are a few basic ground-rules for contributors:
-
-1. **No `--force` pushes** or modifying the Git history in any way.
-1. **Non-master branches** ought to be used for ongoing work.
-1. **Any** change should be added through Pull Request.
-1. **External API changes and significant modifications** ought to be subject
- to an **internal pull-request** to solicit feedback from other contributors.
-1. Internal pull-requests to solicit feedback are *encouraged* for any other
- non-trivial contribution but left to the discretion of the contributor.
-1. For significant changes wait a full 24 hours before merging so that active
- contributors who are distributed throughout the world have a chance to weigh
- in.
-1. Contributors should attempt to adhere to the prevailing code-style.
-1. Run `npm test` locally before submitting your PR, to catch any easy to miss
- style & testing issues. To diagnose test failures, there are two ways to
- run a single test file:
- - `node_modules/.bin/taper tests/test-file.js` - run using the default
- [`taper`](https://github.com/nylen/taper) test reporter.
- - `node tests/test-file.js` - view the raw
- [tap](https://testanything.org/) output.
-
-
-## Releases
-
-Declaring formal releases remains the prerogative of the project maintainer.
-
-
-## Changes to this arrangement
-
-This is an experiment and feedback is welcome! This document may also be
-subject to pull-requests or changes by contributors where you believe you have
-something valuable to add or change.
diff --git a/deps/npm/node_modules/request/README.md b/deps/npm/node_modules/request/README.md
index 6eaaa0547ffc43..2ddfe72c5307dd 100644
--- a/deps/npm/node_modules/request/README.md
+++ b/deps/npm/node_modules/request/README.md
@@ -755,13 +755,14 @@ The first argument can be either a `url` or an `options` object. The only requir
- `auth` - A hash containing values `user` || `username`, `pass` || `password`, and `sendImmediately` (optional). See documentation above.
- `oauth` - Options for OAuth HMAC-SHA1 signing. See documentation above.
- `hawk` - Options for [Hawk signing](https://github.com/hueniverse/hawk). The `credentials` key must contain the necessary signing info, [see hawk docs for details](https://github.com/hueniverse/hawk#usage-example).
-- `aws` - `object` containing AWS signing information. Should have the properties `key`, `secret`. Also requires the property `bucket`, unless you’re specifying your `bucket` as part of the path, or the request doesn’t use a bucket (i.e. GET Services). If you want to use AWS sign version 4 use the parameter `sign_version` with value `4` otherwise the default is version 2. **Note:** you need to `npm install aws4` first.
+- `aws` - `object` containing AWS signing information. Should have the properties `key`, `secret`, and optionally `session` (note that this only works for services that require session as part of the canonical string). Also requires the property `bucket`, unless you’re specifying your `bucket` as part of the path, or the request doesn’t use a bucket (i.e. GET Services). If you want to use AWS sign version 4 use the parameter `sign_version` with value `4` otherwise the default is version 2. **Note:** you need to `npm install aws4` first.
- `httpSignature` - Options for the [HTTP Signature Scheme](https://github.com/joyent/node-http-signature/blob/master/http_signing.md) using [Joyent's library](https://github.com/joyent/node-http-signature). The `keyId` and `key` properties must be specified. See the docs for other options.
---
- `followRedirect` - follow HTTP 3xx responses as redirects (default: `true`). This property can also be implemented as function which gets `response` object as a single argument and should return `true` if redirects should continue or `false` otherwise.
- `followAllRedirects` - follow non-GET HTTP 3xx responses as redirects (default: `false`)
+- `followOriginalHttpMethod` - by default we redirect to HTTP method GET. you can enable this property to redirect to the original HTTP method (default: `false`)
- `maxRedirects` - the maximum number of redirects to follow (default: `10`)
- `removeRefererHeader` - removes the referer header when a redirect happens (default: `false`). **Note:** if true, referer header set in the initial request is preserved during redirect chain.
diff --git a/deps/npm/node_modules/request/codecov.yml b/deps/npm/node_modules/request/codecov.yml
deleted file mode 100644
index acd3f33ceb5d2b..00000000000000
--- a/deps/npm/node_modules/request/codecov.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-
-comment: false
diff --git a/deps/npm/node_modules/request/index.js b/deps/npm/node_modules/request/index.js
index 911a90dbb5a5cb..9ec65ea268123b 100755
--- a/deps/npm/node_modules/request/index.js
+++ b/deps/npm/node_modules/request/index.js
@@ -18,8 +18,7 @@ var extend = require('extend')
, cookies = require('./lib/cookies')
, helpers = require('./lib/helpers')
-var isFunction = helpers.isFunction
- , paramsHaveRequestBody = helpers.paramsHaveRequestBody
+var paramsHaveRequestBody = helpers.paramsHaveRequestBody
// organize params for patch, post, put, head, del
@@ -95,7 +94,7 @@ function wrapRequestMethod (method, options, requester, verb) {
target.method = verb.toUpperCase()
}
- if (isFunction(requester)) {
+ if (typeof requester === 'function') {
method = requester
}
diff --git a/deps/npm/node_modules/request/lib/auth.js b/deps/npm/node_modules/request/lib/auth.js
index 1cb695216f6b16..559ca57be9d3ad 100644
--- a/deps/npm/node_modules/request/lib/auth.js
+++ b/deps/npm/node_modules/request/lib/auth.js
@@ -1,7 +1,7 @@
'use strict'
var caseless = require('caseless')
- , uuid = require('node-uuid')
+ , uuid = require('uuid')
, helpers = require('./helpers')
var md5 = helpers.md5
diff --git a/deps/npm/node_modules/request/lib/helpers.js b/deps/npm/node_modules/request/lib/helpers.js
index 356ff748e2f941..f9d727e382ad0b 100644
--- a/deps/npm/node_modules/request/lib/helpers.js
+++ b/deps/npm/node_modules/request/lib/helpers.js
@@ -3,17 +3,9 @@
var jsonSafeStringify = require('json-stringify-safe')
, crypto = require('crypto')
-function deferMethod() {
- if (typeof setImmediate === 'undefined') {
- return process.nextTick
- }
-
- return setImmediate
-}
-
-function isFunction(value) {
- return typeof value === 'function'
-}
+var defer = typeof setImmediate === 'undefined'
+ ? process.nextTick
+ : setImmediate
function paramsHaveRequestBody(params) {
return (
@@ -63,7 +55,6 @@ function version () {
}
}
-exports.isFunction = isFunction
exports.paramsHaveRequestBody = paramsHaveRequestBody
exports.safeStringify = safeStringify
exports.md5 = md5
@@ -71,4 +62,4 @@ exports.isReadStream = isReadStream
exports.toBase64 = toBase64
exports.copy = copy
exports.version = version
-exports.defer = deferMethod()
+exports.defer = defer
diff --git a/deps/npm/node_modules/request/lib/multipart.js b/deps/npm/node_modules/request/lib/multipart.js
index c1281726187b6a..3b605bd47b89a4 100644
--- a/deps/npm/node_modules/request/lib/multipart.js
+++ b/deps/npm/node_modules/request/lib/multipart.js
@@ -1,6 +1,6 @@
'use strict'
-var uuid = require('node-uuid')
+var uuid = require('uuid')
, CombinedStream = require('combined-stream')
, isstream = require('isstream')
diff --git a/deps/npm/node_modules/request/lib/oauth.js b/deps/npm/node_modules/request/lib/oauth.js
index c24209b897a857..56b39b0f5100de 100644
--- a/deps/npm/node_modules/request/lib/oauth.js
+++ b/deps/npm/node_modules/request/lib/oauth.js
@@ -3,7 +3,7 @@
var url = require('url')
, qs = require('qs')
, caseless = require('caseless')
- , uuid = require('node-uuid')
+ , uuid = require('uuid')
, oauth = require('oauth-sign')
, crypto = require('crypto')
diff --git a/deps/npm/node_modules/request/lib/redirect.js b/deps/npm/node_modules/request/lib/redirect.js
index 040dfe0e03d335..f8604491f3e7a4 100644
--- a/deps/npm/node_modules/request/lib/redirect.js
+++ b/deps/npm/node_modules/request/lib/redirect.js
@@ -8,6 +8,7 @@ function Redirect (request) {
this.followRedirect = true
this.followRedirects = true
this.followAllRedirects = false
+ this.followOriginalHttpMethod = false
this.allowRedirect = function () {return true}
this.maxRedirects = 10
this.redirects = []
@@ -36,6 +37,9 @@ Redirect.prototype.onRequest = function (options) {
if (options.removeRefererHeader !== undefined) {
self.removeRefererHeader = options.removeRefererHeader
}
+ if (options.followOriginalHttpMethod !== undefined) {
+ self.followOriginalHttpMethod = options.followOriginalHttpMethod
+ }
}
Redirect.prototype.redirectTo = function (response) {
@@ -115,7 +119,7 @@ Redirect.prototype.onResponse = function (response) {
)
if (self.followAllRedirects && request.method !== 'HEAD'
&& response.statusCode !== 401 && response.statusCode !== 307) {
- request.method = 'GET'
+ request.method = self.followOriginalHttpMethod ? request.method : 'GET'
}
// request.method = 'GET' // Force all redirects to use GET || commented out fixes #215
delete request.src
diff --git a/deps/npm/node_modules/request/node_modules/aws4/README.md b/deps/npm/node_modules/request/node_modules/aws4/README.md
index 6c55da80528c74..6b002d02f752a6 100644
--- a/deps/npm/node_modules/request/node_modules/aws4/README.md
+++ b/deps/npm/node_modules/request/node_modules/aws4/README.md
@@ -434,6 +434,15 @@ request(aws4.sign({
/*
(HTTP 202, empty response)
*/
+
+// Generate CodeCommit Git access password
+var signer = new aws4.RequestSigner({
+ service: 'codecommit',
+ host: 'git-codecommit.us-east-1.amazonaws.com',
+ method: 'GIT',
+ path: '/v1/repos/MyAwesomeRepo',
+})
+var password = signer.getDateTime() + 'Z' + signer.signature()
```
API
diff --git a/deps/npm/node_modules/request/node_modules/aws4/aws4.js b/deps/npm/node_modules/request/node_modules/aws4/aws4.js
index cbe5dc90494efe..a54318065b3ed3 100644
--- a/deps/npm/node_modules/request/node_modules/aws4/aws4.js
+++ b/deps/npm/node_modules/request/node_modules/aws4/aws4.js
@@ -52,6 +52,8 @@ function RequestSigner(request, credentials) {
}
if (!request.hostname && !request.host)
request.hostname = headers.Host || headers.host
+
+ this.isCodeCommitGit = this.service === 'codecommit' && request.method === 'GIT'
}
RequestSigner.prototype.matchHost = function(host) {
@@ -109,7 +111,7 @@ RequestSigner.prototype.prepareRequest = function() {
} else {
- if (!request.doNotModifyHeaders) {
+ if (!request.doNotModifyHeaders && !this.isCodeCommitGit) {
if (request.body && !headers['Content-Type'] && !headers['content-type'])
headers['Content-Type'] = 'application/x-www-form-urlencoded; charset=utf-8'
@@ -153,6 +155,9 @@ RequestSigner.prototype.getDateTime = function() {
date = new Date(headers.Date || headers.date || new Date)
this.datetime = date.toISOString().replace(/[:\-]|\.\d{3}/g, '')
+
+ // Remove the trailing 'Z' on the timestamp string for CodeCommit git access
+ if (this.isCodeCommitGit) this.datetime = this.datetime.slice(0, -1)
}
return this.datetime
}
@@ -202,8 +207,8 @@ RequestSigner.prototype.canonicalString = function() {
decodePath = this.service === 's3' || this.request.doNotEncodePath,
decodeSlashesInPath = this.service === 's3',
firstValOnly = this.service === 's3',
- bodyHash = this.service === 's3' && this.request.signQuery ?
- 'UNSIGNED-PAYLOAD' : hash(this.request.body || '', 'hex')
+ bodyHash = this.service === 's3' && this.request.signQuery ? 'UNSIGNED-PAYLOAD' :
+ (this.isCodeCommitGit ? '' : hash(this.request.body || '', 'hex'))
if (query) {
queryStr = encodeRfc3986(querystring.stringify(Object.keys(query).sort().reduce(function(obj, key) {
diff --git a/deps/npm/node_modules/request/node_modules/aws4/package.json b/deps/npm/node_modules/request/node_modules/aws4/package.json
index 7151d7aae931f2..4e7caf0d301424 100644
--- a/deps/npm/node_modules/request/node_modules/aws4/package.json
+++ b/deps/npm/node_modules/request/node_modules/aws4/package.json
@@ -10,24 +10,23 @@
"spec": ">=1.2.1 <2.0.0",
"type": "range"
},
- "/Users/rebecca/code/npm/node_modules/request"
+ "/Users/ogd/Documents/projects/npm/npm/node_modules/request"
]
],
"_from": "aws4@>=1.2.1 <2.0.0",
- "_id": "aws4@1.4.1",
+ "_id": "aws4@1.5.0",
"_inCache": true,
- "_installable": true,
"_location": "/request/aws4",
- "_nodeVersion": "4.4.3",
+ "_nodeVersion": "4.5.0",
"_npmOperationalInternal": {
- "host": "packages-12-west.internal.npmjs.com",
- "tmp": "tmp/aws4-1.4.1.tgz_1462643218465_0.6527479749638587"
+ "host": "packages-16-east.internal.npmjs.com",
+ "tmp": "tmp/aws4-1.5.0.tgz_1476226259635_0.2796843808609992"
},
"_npmUser": {
"name": "hichaelmart",
"email": "michael.hart.au@gmail.com"
},
- "_npmVersion": "2.15.4",
+ "_npmVersion": "2.15.11",
"_phantomChildren": {},
"_requested": {
"raw": "aws4@^1.2.1",
@@ -41,11 +40,11 @@
"_requiredBy": [
"/request"
],
- "_resolved": "https://registry.npmjs.org/aws4/-/aws4-1.4.1.tgz",
- "_shasum": "fde7d5292466d230e5ee0f4e038d9dfaab08fc61",
+ "_resolved": "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz",
+ "_shasum": "0a29ffb79c31c9e712eeb087e8e7a64b4a56d755",
"_shrinkwrap": null,
"_spec": "aws4@^1.2.1",
- "_where": "/Users/rebecca/code/npm/node_modules/request",
+ "_where": "/Users/ogd/Documents/projects/npm/npm/node_modules/request",
"author": {
"name": "Michael Hart",
"email": "michael.hart.au@gmail.com",
@@ -62,10 +61,10 @@
},
"directories": {},
"dist": {
- "shasum": "fde7d5292466d230e5ee0f4e038d9dfaab08fc61",
- "tarball": "https://registry.npmjs.org/aws4/-/aws4-1.4.1.tgz"
+ "shasum": "0a29ffb79c31c9e712eeb087e8e7a64b4a56d755",
+ "tarball": "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz"
},
- "gitHead": "f126d3ff80be1ddde0fc6b50bb51a7f199547e81",
+ "gitHead": "ba136334ee08884c6042c8578a22e376233eef34",
"homepage": "https://github.com/mhart/aws4#readme",
"keywords": [
"amazon",
@@ -137,5 +136,5 @@
"scripts": {
"test": "mocha ./test/fast.js ./test/slow.js -b -t 100s -R list"
},
- "version": "1.4.1"
+ "version": "1.5.0"
}
diff --git a/deps/npm/node_modules/request/node_modules/bl/.jshintrc b/deps/npm/node_modules/request/node_modules/bl/.jshintrc
deleted file mode 100644
index c8ef3ca4097f82..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/.jshintrc
+++ /dev/null
@@ -1,59 +0,0 @@
-{
- "predef": [ ]
- , "bitwise": false
- , "camelcase": false
- , "curly": false
- , "eqeqeq": false
- , "forin": false
- , "immed": false
- , "latedef": false
- , "noarg": true
- , "noempty": true
- , "nonew": true
- , "plusplus": false
- , "quotmark": true
- , "regexp": false
- , "undef": true
- , "unused": true
- , "strict": false
- , "trailing": true
- , "maxlen": 120
- , "asi": true
- , "boss": true
- , "debug": true
- , "eqnull": true
- , "esnext": true
- , "evil": true
- , "expr": true
- , "funcscope": false
- , "globalstrict": false
- , "iterator": false
- , "lastsemic": true
- , "laxbreak": true
- , "laxcomma": true
- , "loopfunc": true
- , "multistr": false
- , "onecase": false
- , "proto": false
- , "regexdash": false
- , "scripturl": true
- , "smarttabs": false
- , "shadow": false
- , "sub": true
- , "supernew": false
- , "validthis": true
- , "browser": true
- , "couch": false
- , "devel": false
- , "dojo": false
- , "mootools": false
- , "node": true
- , "nonstandard": true
- , "prototypejs": false
- , "rhino": false
- , "worker": true
- , "wsh": false
- , "nomen": false
- , "onevar": false
- , "passfail": false
-}
\ No newline at end of file
diff --git a/deps/npm/node_modules/request/node_modules/bl/.npmignore b/deps/npm/node_modules/request/node_modules/bl/.npmignore
deleted file mode 100644
index 40b878db5b1c97..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/.npmignore
+++ /dev/null
@@ -1 +0,0 @@
-node_modules/
\ No newline at end of file
diff --git a/deps/npm/node_modules/request/node_modules/bl/.travis.yml b/deps/npm/node_modules/request/node_modules/bl/.travis.yml
deleted file mode 100644
index 5cb0480b45457a..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/.travis.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-sudo: false
-language: node_js
-node_js:
- - '0.10'
- - '0.12'
- - '4'
- - '5'
-branches:
- only:
- - master
-notifications:
- email:
- - rod@vagg.org
diff --git a/deps/npm/node_modules/request/node_modules/bl/README.md b/deps/npm/node_modules/request/node_modules/bl/README.md
deleted file mode 100644
index f7044db26e8659..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/README.md
+++ /dev/null
@@ -1,200 +0,0 @@
-# bl *(BufferList)*
-
-[](https://travis-ci.org/rvagg/bl)
-
-**A Node.js Buffer list collector, reader and streamer thingy.**
-
-[](https://nodei.co/npm/bl/)
-[](https://nodei.co/npm/bl/)
-
-**bl** is a storage object for collections of Node Buffers, exposing them with the main Buffer readable API. Also works as a duplex stream so you can collect buffers from a stream that emits them and emit buffers to a stream that consumes them!
-
-The original buffers are kept intact and copies are only done as necessary. Any reads that require the use of a single original buffer will return a slice of that buffer only (which references the same memory as the original buffer). Reads that span buffers perform concatenation as required and return the results transparently.
-
-```js
-const BufferList = require('bl')
-
-var bl = new BufferList()
-bl.append(new Buffer('abcd'))
-bl.append(new Buffer('efg'))
-bl.append('hi') // bl will also accept & convert Strings
-bl.append(new Buffer('j'))
-bl.append(new Buffer([ 0x3, 0x4 ]))
-
-console.log(bl.length) // 12
-
-console.log(bl.slice(0, 10).toString('ascii')) // 'abcdefghij'
-console.log(bl.slice(3, 10).toString('ascii')) // 'defghij'
-console.log(bl.slice(3, 6).toString('ascii')) // 'def'
-console.log(bl.slice(3, 8).toString('ascii')) // 'defgh'
-console.log(bl.slice(5, 10).toString('ascii')) // 'fghij'
-
-// or just use toString!
-console.log(bl.toString()) // 'abcdefghij\u0003\u0004'
-console.log(bl.toString('ascii', 3, 8)) // 'defgh'
-console.log(bl.toString('ascii', 5, 10)) // 'fghij'
-
-// other standard Buffer readables
-console.log(bl.readUInt16BE(10)) // 0x0304
-console.log(bl.readUInt16LE(10)) // 0x0403
-```
-
-Give it a callback in the constructor and use it just like **[concat-stream](https://github.com/maxogden/node-concat-stream)**:
-
-```js
-const bl = require('bl')
- , fs = require('fs')
-
-fs.createReadStream('README.md')
- .pipe(bl(function (err, data) { // note 'new' isn't strictly required
- // `data` is a complete Buffer object containing the full data
- console.log(data.toString())
- }))
-```
-
-Note that when you use the *callback* method like this, the resulting `data` parameter is a concatenation of all `Buffer` objects in the list. If you want to avoid the overhead of this concatenation (in cases of extreme performance consciousness), then avoid the *callback* method and just listen to `'end'` instead, like a standard Stream.
-
-Or to fetch a URL using [hyperquest](https://github.com/substack/hyperquest) (should work with [request](http://github.com/mikeal/request) and even plain Node http too!):
-```js
-const hyperquest = require('hyperquest')
- , bl = require('bl')
- , url = 'https://raw.github.com/rvagg/bl/master/README.md'
-
-hyperquest(url).pipe(bl(function (err, data) {
- console.log(data.toString())
-}))
-```
-
-Or, use it as a readable stream to recompose a list of Buffers to an output source:
-
-```js
-const BufferList = require('bl')
- , fs = require('fs')
-
-var bl = new BufferList()
-bl.append(new Buffer('abcd'))
-bl.append(new Buffer('efg'))
-bl.append(new Buffer('hi'))
-bl.append(new Buffer('j'))
-
-bl.pipe(fs.createWriteStream('gibberish.txt'))
-```
-
-## API
-
- * new BufferList([ callback ])
- * bl.length
- * bl.append(buffer)
- * bl.get(index)
- * bl.slice([ start[, end ] ])
- * bl.copy(dest, [ destStart, [ srcStart [, srcEnd ] ] ])
- * bl.duplicate()
- * bl.consume(bytes)
- * bl.toString([encoding, [ start, [ end ]]])
- * bl.readDoubleBE(), bl.readDoubleLE(), bl.readFloatBE(), bl.readFloatLE(), bl.readInt32BE(), bl.readInt32LE(), bl.readUInt32BE(), bl.readUInt32LE(), bl.readInt16BE(), bl.readInt16LE(), bl.readUInt16BE(), bl.readUInt16LE(), bl.readInt8(), bl.readUInt8()
- * Streams
-
---------------------------------------------------------
-
-### new BufferList([ callback | Buffer | Buffer array | BufferList | BufferList array | String ])
-The constructor takes an optional callback, if supplied, the callback will be called with an error argument followed by a reference to the **bl** instance, when `bl.end()` is called (i.e. from a piped stream). This is a convenient method of collecting the entire contents of a stream, particularly when the stream is *chunky*, such as a network stream.
-
-Normally, no arguments are required for the constructor, but you can initialise the list by passing in a single `Buffer` object or an array of `Buffer` object.
-
-`new` is not strictly required, if you don't instantiate a new object, it will be done automatically for you so you can create a new instance simply with:
-
-```js
-var bl = require('bl')
-var myinstance = bl()
-
-// equivilant to:
-
-var BufferList = require('bl')
-var myinstance = new BufferList()
-```
-
---------------------------------------------------------
-
-### bl.length
-Get the length of the list in bytes. This is the sum of the lengths of all of the buffers contained in the list, minus any initial offset for a semi-consumed buffer at the beginning. Should accurately represent the total number of bytes that can be read from the list.
-
---------------------------------------------------------
-
-### bl.append(Buffer | Buffer array | BufferList | BufferList array | String)
-`append(buffer)` adds an additional buffer or BufferList to the internal list. `this` is returned so it can be chained.
-
---------------------------------------------------------
-
-### bl.get(index)
-`get()` will return the byte at the specified index.
-
---------------------------------------------------------
-
-### bl.slice([ start, [ end ] ])
-`slice()` returns a new `Buffer` object containing the bytes within the range specified. Both `start` and `end` are optional and will default to the beginning and end of the list respectively.
-
-If the requested range spans a single internal buffer then a slice of that buffer will be returned which shares the original memory range of that Buffer. If the range spans multiple buffers then copy operations will likely occur to give you a uniform Buffer.
-
---------------------------------------------------------
-
-### bl.copy(dest, [ destStart, [ srcStart [, srcEnd ] ] ])
-`copy()` copies the content of the list in the `dest` buffer, starting from `destStart` and containing the bytes within the range specified with `srcStart` to `srcEnd`. `destStart`, `start` and `end` are optional and will default to the beginning of the `dest` buffer, and the beginning and end of the list respectively.
-
---------------------------------------------------------
-
-### bl.duplicate()
-`duplicate()` performs a **shallow-copy** of the list. The internal Buffers remains the same, so if you change the underlying Buffers, the change will be reflected in both the original and the duplicate. This method is needed if you want to call `consume()` or `pipe()` and still keep the original list.Example:
-
-```js
-var bl = new BufferList()
-
-bl.append('hello')
-bl.append(' world')
-bl.append('\n')
-
-bl.duplicate().pipe(process.stdout, { end: false })
-
-console.log(bl.toString())
-```
-
---------------------------------------------------------
-
-### bl.consume(bytes)
-`consume()` will shift bytes *off the start of the list*. The number of bytes consumed don't need to line up with the sizes of the internal Buffers—initial offsets will be calculated accordingly in order to give you a consistent view of the data.
-
---------------------------------------------------------
-
-### bl.toString([encoding, [ start, [ end ]]])
-`toString()` will return a string representation of the buffer. The optional `start` and `end` arguments are passed on to `slice()`, while the `encoding` is passed on to `toString()` of the resulting Buffer. See the [Buffer#toString()](http://nodejs.org/docs/latest/api/buffer.html#buffer_buf_tostring_encoding_start_end) documentation for more information.
-
---------------------------------------------------------
-
-### bl.readDoubleBE(), bl.readDoubleLE(), bl.readFloatBE(), bl.readFloatLE(), bl.readInt32BE(), bl.readInt32LE(), bl.readUInt32BE(), bl.readUInt32LE(), bl.readInt16BE(), bl.readInt16LE(), bl.readUInt16BE(), bl.readUInt16LE(), bl.readInt8(), bl.readUInt8()
-
-All of the standard byte-reading methods of the `Buffer` interface are implemented and will operate across internal Buffer boundaries transparently.
-
-See the [Buffer](http://nodejs.org/docs/latest/api/buffer.html) documentation for how these work.
-
---------------------------------------------------------
-
-### Streams
-**bl** is a Node **[Duplex Stream](http://nodejs.org/docs/latest/api/stream.html#stream_class_stream_duplex)**, so it can be read from and written to like a standard Node stream. You can also `pipe()` to and from a **bl** instance.
-
---------------------------------------------------------
-
-## Contributors
-
-**bl** is brought to you by the following hackers:
-
- * [Rod Vagg](https://github.com/rvagg)
- * [Matteo Collina](https://github.com/mcollina)
- * [Jarett Cruger](https://github.com/jcrugzz)
-
-=======
-
-
-## License & copyright
-
-Copyright (c) 2013-2014 bl contributors (listed above).
-
-bl is licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.
diff --git a/deps/npm/node_modules/request/node_modules/bl/bl.js b/deps/npm/node_modules/request/node_modules/bl/bl.js
deleted file mode 100644
index f585df1721798f..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/bl.js
+++ /dev/null
@@ -1,243 +0,0 @@
-var DuplexStream = require('readable-stream/duplex')
- , util = require('util')
-
-
-function BufferList (callback) {
- if (!(this instanceof BufferList))
- return new BufferList(callback)
-
- this._bufs = []
- this.length = 0
-
- if (typeof callback == 'function') {
- this._callback = callback
-
- var piper = function piper (err) {
- if (this._callback) {
- this._callback(err)
- this._callback = null
- }
- }.bind(this)
-
- this.on('pipe', function onPipe (src) {
- src.on('error', piper)
- })
- this.on('unpipe', function onUnpipe (src) {
- src.removeListener('error', piper)
- })
- } else {
- this.append(callback)
- }
-
- DuplexStream.call(this)
-}
-
-
-util.inherits(BufferList, DuplexStream)
-
-
-BufferList.prototype._offset = function _offset (offset) {
- var tot = 0, i = 0, _t
- for (; i < this._bufs.length; i++) {
- _t = tot + this._bufs[i].length
- if (offset < _t)
- return [ i, offset - tot ]
- tot = _t
- }
-}
-
-
-BufferList.prototype.append = function append (buf) {
- var i = 0
- , newBuf
-
- if (Array.isArray(buf)) {
- for (; i < buf.length; i++)
- this.append(buf[i])
- } else if (buf instanceof BufferList) {
- // unwrap argument into individual BufferLists
- for (; i < buf._bufs.length; i++)
- this.append(buf._bufs[i])
- } else if (buf != null) {
- // coerce number arguments to strings, since Buffer(number) does
- // uninitialized memory allocation
- if (typeof buf == 'number')
- buf = buf.toString()
-
- newBuf = Buffer.isBuffer(buf) ? buf : new Buffer(buf)
- this._bufs.push(newBuf)
- this.length += newBuf.length
- }
-
- return this
-}
-
-
-BufferList.prototype._write = function _write (buf, encoding, callback) {
- this.append(buf)
-
- if (typeof callback == 'function')
- callback()
-}
-
-
-BufferList.prototype._read = function _read (size) {
- if (!this.length)
- return this.push(null)
-
- size = Math.min(size, this.length)
- this.push(this.slice(0, size))
- this.consume(size)
-}
-
-
-BufferList.prototype.end = function end (chunk) {
- DuplexStream.prototype.end.call(this, chunk)
-
- if (this._callback) {
- this._callback(null, this.slice())
- this._callback = null
- }
-}
-
-
-BufferList.prototype.get = function get (index) {
- return this.slice(index, index + 1)[0]
-}
-
-
-BufferList.prototype.slice = function slice (start, end) {
- return this.copy(null, 0, start, end)
-}
-
-
-BufferList.prototype.copy = function copy (dst, dstStart, srcStart, srcEnd) {
- if (typeof srcStart != 'number' || srcStart < 0)
- srcStart = 0
- if (typeof srcEnd != 'number' || srcEnd > this.length)
- srcEnd = this.length
- if (srcStart >= this.length)
- return dst || new Buffer(0)
- if (srcEnd <= 0)
- return dst || new Buffer(0)
-
- var copy = !!dst
- , off = this._offset(srcStart)
- , len = srcEnd - srcStart
- , bytes = len
- , bufoff = (copy && dstStart) || 0
- , start = off[1]
- , l
- , i
-
- // copy/slice everything
- if (srcStart === 0 && srcEnd == this.length) {
- if (!copy) // slice, just return a full concat
- return Buffer.concat(this._bufs)
-
- // copy, need to copy individual buffers
- for (i = 0; i < this._bufs.length; i++) {
- this._bufs[i].copy(dst, bufoff)
- bufoff += this._bufs[i].length
- }
-
- return dst
- }
-
- // easy, cheap case where it's a subset of one of the buffers
- if (bytes <= this._bufs[off[0]].length - start) {
- return copy
- ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes)
- : this._bufs[off[0]].slice(start, start + bytes)
- }
-
- if (!copy) // a slice, we need something to copy in to
- dst = new Buffer(len)
-
- for (i = off[0]; i < this._bufs.length; i++) {
- l = this._bufs[i].length - start
-
- if (bytes > l) {
- this._bufs[i].copy(dst, bufoff, start)
- } else {
- this._bufs[i].copy(dst, bufoff, start, start + bytes)
- break
- }
-
- bufoff += l
- bytes -= l
-
- if (start)
- start = 0
- }
-
- return dst
-}
-
-BufferList.prototype.toString = function toString (encoding, start, end) {
- return this.slice(start, end).toString(encoding)
-}
-
-BufferList.prototype.consume = function consume (bytes) {
- while (this._bufs.length) {
- if (bytes >= this._bufs[0].length) {
- bytes -= this._bufs[0].length
- this.length -= this._bufs[0].length
- this._bufs.shift()
- } else {
- this._bufs[0] = this._bufs[0].slice(bytes)
- this.length -= bytes
- break
- }
- }
- return this
-}
-
-
-BufferList.prototype.duplicate = function duplicate () {
- var i = 0
- , copy = new BufferList()
-
- for (; i < this._bufs.length; i++)
- copy.append(this._bufs[i])
-
- return copy
-}
-
-
-BufferList.prototype.destroy = function destroy () {
- this._bufs.length = 0
- this.length = 0
- this.push(null)
-}
-
-
-;(function () {
- var methods = {
- 'readDoubleBE' : 8
- , 'readDoubleLE' : 8
- , 'readFloatBE' : 4
- , 'readFloatLE' : 4
- , 'readInt32BE' : 4
- , 'readInt32LE' : 4
- , 'readUInt32BE' : 4
- , 'readUInt32LE' : 4
- , 'readInt16BE' : 2
- , 'readInt16LE' : 2
- , 'readUInt16BE' : 2
- , 'readUInt16LE' : 2
- , 'readInt8' : 1
- , 'readUInt8' : 1
- }
-
- for (var m in methods) {
- (function (m) {
- BufferList.prototype[m] = function (offset) {
- return this.slice(offset, offset + methods[m])[m](0)
- }
- }(m))
- }
-}())
-
-
-module.exports = BufferList
diff --git a/deps/npm/node_modules/request/node_modules/bl/package.json b/deps/npm/node_modules/request/node_modules/bl/package.json
deleted file mode 100644
index 47862b0b623691..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/package.json
+++ /dev/null
@@ -1,100 +0,0 @@
-{
- "_args": [
- [
- {
- "raw": "bl@~1.1.2",
- "scope": null,
- "escapedName": "bl",
- "name": "bl",
- "rawSpec": "~1.1.2",
- "spec": ">=1.1.2 <1.2.0",
- "type": "range"
- },
- "/Users/rebecca/code/npm/node_modules/request"
- ]
- ],
- "_from": "bl@>=1.1.2 <1.2.0",
- "_id": "bl@1.1.2",
- "_inCache": true,
- "_installable": true,
- "_location": "/request/bl",
- "_nodeVersion": "5.3.0",
- "_npmOperationalInternal": {
- "host": "packages-9-west.internal.npmjs.com",
- "tmp": "tmp/bl-1.1.2.tgz_1455246621698_0.6300242957659066"
- },
- "_npmUser": {
- "name": "rvagg",
- "email": "rod@vagg.org"
- },
- "_npmVersion": "3.3.12",
- "_phantomChildren": {
- "inherits": "2.0.1"
- },
- "_requested": {
- "raw": "bl@~1.1.2",
- "scope": null,
- "escapedName": "bl",
- "name": "bl",
- "rawSpec": "~1.1.2",
- "spec": ">=1.1.2 <1.2.0",
- "type": "range"
- },
- "_requiredBy": [
- "/request"
- ],
- "_resolved": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz",
- "_shasum": "fdca871a99713aa00d19e3bbba41c44787a65398",
- "_shrinkwrap": null,
- "_spec": "bl@~1.1.2",
- "_where": "/Users/rebecca/code/npm/node_modules/request",
- "authors": [
- "Rod Vagg (https://github.com/rvagg)",
- "Matteo Collina (https://github.com/mcollina)",
- "Jarett Cruger (https://github.com/jcrugzz)"
- ],
- "bugs": {
- "url": "https://github.com/rvagg/bl/issues"
- },
- "dependencies": {
- "readable-stream": "~2.0.5"
- },
- "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!",
- "devDependencies": {
- "faucet": "0.0.1",
- "hash_file": "~0.1.1",
- "tape": "~4.4.0"
- },
- "directories": {},
- "dist": {
- "shasum": "fdca871a99713aa00d19e3bbba41c44787a65398",
- "tarball": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz"
- },
- "gitHead": "ea42021059dc65fc60d7f4b9217c73431f09d23d",
- "homepage": "https://github.com/rvagg/bl",
- "keywords": [
- "buffer",
- "buffers",
- "stream",
- "awesomesauce"
- ],
- "license": "MIT",
- "main": "bl.js",
- "maintainers": [
- {
- "name": "rvagg",
- "email": "rod@vagg.org"
- }
- ],
- "name": "bl",
- "optionalDependencies": {},
- "readme": "ERROR: No README data found!",
- "repository": {
- "type": "git",
- "url": "git+https://github.com/rvagg/bl.git"
- },
- "scripts": {
- "test": "node test/test.js | faucet"
- },
- "version": "1.1.2"
-}
diff --git a/deps/npm/node_modules/request/node_modules/bl/test/test.js b/deps/npm/node_modules/request/node_modules/bl/test/test.js
deleted file mode 100644
index c95b1ba4844ef7..00000000000000
--- a/deps/npm/node_modules/request/node_modules/bl/test/test.js
+++ /dev/null
@@ -1,640 +0,0 @@
-var tape = require('tape')
- , crypto = require('crypto')
- , fs = require('fs')
- , hash = require('hash_file')
- , BufferList = require('../')
-
- , encodings =
- ('hex utf8 utf-8 ascii binary base64'
- + (process.browser ? '' : ' ucs2 ucs-2 utf16le utf-16le')).split(' ')
-
-tape('single bytes from single buffer', function (t) {
- var bl = new BufferList()
- bl.append(new Buffer('abcd'))
-
- t.equal(bl.length, 4)
-
- t.equal(bl.get(0), 97)
- t.equal(bl.get(1), 98)
- t.equal(bl.get(2), 99)
- t.equal(bl.get(3), 100)
-
- t.end()
-})
-
-tape('single bytes from multiple buffers', function (t) {
- var bl = new BufferList()
- bl.append(new Buffer('abcd'))
- bl.append(new Buffer('efg'))
- bl.append(new Buffer('hi'))
- bl.append(new Buffer('j'))
-
- t.equal(bl.length, 10)
-
- t.equal(bl.get(0), 97)
- t.equal(bl.get(1), 98)
- t.equal(bl.get(2), 99)
- t.equal(bl.get(3), 100)
- t.equal(bl.get(4), 101)
- t.equal(bl.get(5), 102)
- t.equal(bl.get(6), 103)
- t.equal(bl.get(7), 104)
- t.equal(bl.get(8), 105)
- t.equal(bl.get(9), 106)
- t.end()
-})
-
-tape('multi bytes from single buffer', function (t) {
- var bl = new BufferList()
- bl.append(new Buffer('abcd'))
-
- t.equal(bl.length, 4)
-
- t.equal(bl.slice(0, 4).toString('ascii'), 'abcd')
- t.equal(bl.slice(0, 3).toString('ascii'), 'abc')
- t.equal(bl.slice(1, 4).toString('ascii'), 'bcd')
-
- t.end()
-})
-
-tape('multiple bytes from multiple buffers', function (t) {
- var bl = new BufferList()
-
- bl.append(new Buffer('abcd'))
- bl.append(new Buffer('efg'))
- bl.append(new Buffer('hi'))
- bl.append(new Buffer('j'))
-
- t.equal(bl.length, 10)
-
- t.equal(bl.slice(0, 10).toString('ascii'), 'abcdefghij')
- t.equal(bl.slice(3, 10).toString('ascii'), 'defghij')
- t.equal(bl.slice(3, 6).toString('ascii'), 'def')
- t.equal(bl.slice(3, 8).toString('ascii'), 'defgh')
- t.equal(bl.slice(5, 10).toString('ascii'), 'fghij')
-
- t.end()
-})
-
-tape('multiple bytes from multiple buffer lists', function (t) {
- var bl = new BufferList()
-
- bl.append(new BufferList([ new Buffer('abcd'), new Buffer('efg') ]))
- bl.append(new BufferList([ new Buffer('hi'), new Buffer('j') ]))
-
- t.equal(bl.length, 10)
-
- t.equal(bl.slice(0, 10).toString('ascii'), 'abcdefghij')
-
- t.equal(bl.slice(3, 10).toString('ascii'), 'defghij')
- t.equal(bl.slice(3, 6).toString('ascii'), 'def')
- t.equal(bl.slice(3, 8).toString('ascii'), 'defgh')
- t.equal(bl.slice(5, 10).toString('ascii'), 'fghij')
-
- t.end()
-})
-
-// same data as previous test, just using nested constructors
-tape('multiple bytes from crazy nested buffer lists', function (t) {
- var bl = new BufferList()
-
- bl.append(new BufferList([
- new BufferList([
- new BufferList(new Buffer('abc'))
- , new Buffer('d')
- , new BufferList(new Buffer('efg'))
- ])
- , new BufferList([ new Buffer('hi') ])
- , new BufferList(new Buffer('j'))
- ]))
-
- t.equal(bl.length, 10)
-
- t.equal(bl.slice(0, 10).toString('ascii'), 'abcdefghij')
-
- t.equal(bl.slice(3, 10).toString('ascii'), 'defghij')
- t.equal(bl.slice(3, 6).toString('ascii'), 'def')
- t.equal(bl.slice(3, 8).toString('ascii'), 'defgh')
- t.equal(bl.slice(5, 10).toString('ascii'), 'fghij')
-
- t.end()
-})
-
-tape('append accepts arrays of Buffers', function (t) {
- var bl = new BufferList()
- bl.append(new Buffer('abc'))
- bl.append([ new Buffer('def') ])
- bl.append([ new Buffer('ghi'), new Buffer('jkl') ])
- bl.append([ new Buffer('mnop'), new Buffer('qrstu'), new Buffer('vwxyz') ])
- t.equal(bl.length, 26)
- t.equal(bl.slice().toString('ascii'), 'abcdefghijklmnopqrstuvwxyz')
- t.end()
-})
-
-tape('append accepts arrays of BufferLists', function (t) {
- var bl = new BufferList()
- bl.append(new Buffer('abc'))
- bl.append([ new BufferList('def') ])
- bl.append(new BufferList([ new Buffer('ghi'), new BufferList('jkl') ]))
- bl.append([ new Buffer('mnop'), new BufferList([ new Buffer('qrstu'), new Buffer('vwxyz') ]) ])
- t.equal(bl.length, 26)
- t.equal(bl.slice().toString('ascii'), 'abcdefghijklmnopqrstuvwxyz')
- t.end()
-})
-
-tape('append chainable', function (t) {
- var bl = new BufferList()
- t.ok(bl.append(new Buffer('abcd')) === bl)
- t.ok(bl.append([ new Buffer('abcd') ]) === bl)
- t.ok(bl.append(new BufferList(new Buffer('abcd'))) === bl)
- t.ok(bl.append([ new BufferList(new Buffer('abcd')) ]) === bl)
- t.end()
-})
-
-tape('append chainable (test results)', function (t) {
- var bl = new BufferList('abc')
- .append([ new BufferList('def') ])
- .append(new BufferList([ new Buffer('ghi'), new BufferList('jkl') ]))
- .append([ new Buffer('mnop'), new BufferList([ new Buffer('qrstu'), new Buffer('vwxyz') ]) ])
-
- t.equal(bl.length, 26)
- t.equal(bl.slice().toString('ascii'), 'abcdefghijklmnopqrstuvwxyz')
- t.end()
-})
-
-tape('consuming from multiple buffers', function (t) {
- var bl = new BufferList()
-
- bl.append(new Buffer('abcd'))
- bl.append(new Buffer('efg'))
- bl.append(new Buffer('hi'))
- bl.append(new Buffer('j'))
-
- t.equal(bl.length, 10)
-
- t.equal(bl.slice(0, 10).toString('ascii'), 'abcdefghij')
-
- bl.consume(3)
- t.equal(bl.length, 7)
- t.equal(bl.slice(0, 7).toString('ascii'), 'defghij')
-
- bl.consume(2)
- t.equal(bl.length, 5)
- t.equal(bl.slice(0, 5).toString('ascii'), 'fghij')
-
- bl.consume(1)
- t.equal(bl.length, 4)
- t.equal(bl.slice(0, 4).toString('ascii'), 'ghij')
-
- bl.consume(1)
- t.equal(bl.length, 3)
- t.equal(bl.slice(0, 3).toString('ascii'), 'hij')
-
- bl.consume(2)
- t.equal(bl.length, 1)
- t.equal(bl.slice(0, 1).toString('ascii'), 'j')
-
- t.end()
-})
-
-tape('complete consumption', function (t) {
- var bl = new BufferList()
-
- bl.append(new Buffer('a'))
- bl.append(new Buffer('b'))
-
- bl.consume(2)
-
- t.equal(bl.length, 0)
- t.equal(bl._bufs.length, 0)
-
- t.end()
-})
-
-tape('test readUInt8 / readInt8', function (t) {
- var buf1 = new Buffer(1)
- , buf2 = new Buffer(3)
- , buf3 = new Buffer(3)
- , bl = new BufferList()
-
- buf2[1] = 0x3
- buf2[2] = 0x4
- buf3[0] = 0x23
- buf3[1] = 0x42
-
- bl.append(buf1)
- bl.append(buf2)
- bl.append(buf3)
-
- t.equal(bl.readUInt8(2), 0x3)
- t.equal(bl.readInt8(2), 0x3)
- t.equal(bl.readUInt8(3), 0x4)
- t.equal(bl.readInt8(3), 0x4)
- t.equal(bl.readUInt8(4), 0x23)
- t.equal(bl.readInt8(4), 0x23)
- t.equal(bl.readUInt8(5), 0x42)
- t.equal(bl.readInt8(5), 0x42)
- t.end()
-})
-
-tape('test readUInt16LE / readUInt16BE / readInt16LE / readInt16BE', function (t) {
- var buf1 = new Buffer(1)
- , buf2 = new Buffer(3)
- , buf3 = new Buffer(3)
- , bl = new BufferList()
-
- buf2[1] = 0x3
- buf2[2] = 0x4
- buf3[0] = 0x23
- buf3[1] = 0x42
-
- bl.append(buf1)
- bl.append(buf2)
- bl.append(buf3)
-
- t.equal(bl.readUInt16BE(2), 0x0304)
- t.equal(bl.readUInt16LE(2), 0x0403)
- t.equal(bl.readInt16BE(2), 0x0304)
- t.equal(bl.readInt16LE(2), 0x0403)
- t.equal(bl.readUInt16BE(3), 0x0423)
- t.equal(bl.readUInt16LE(3), 0x2304)
- t.equal(bl.readInt16BE(3), 0x0423)
- t.equal(bl.readInt16LE(3), 0x2304)
- t.equal(bl.readUInt16BE(4), 0x2342)
- t.equal(bl.readUInt16LE(4), 0x4223)
- t.equal(bl.readInt16BE(4), 0x2342)
- t.equal(bl.readInt16LE(4), 0x4223)
- t.end()
-})
-
-tape('test readUInt32LE / readUInt32BE / readInt32LE / readInt32BE', function (t) {
- var buf1 = new Buffer(1)
- , buf2 = new Buffer(3)
- , buf3 = new Buffer(3)
- , bl = new BufferList()
-
- buf2[1] = 0x3
- buf2[2] = 0x4
- buf3[0] = 0x23
- buf3[1] = 0x42
-
- bl.append(buf1)
- bl.append(buf2)
- bl.append(buf3)
-
- t.equal(bl.readUInt32BE(2), 0x03042342)
- t.equal(bl.readUInt32LE(2), 0x42230403)
- t.equal(bl.readInt32BE(2), 0x03042342)
- t.equal(bl.readInt32LE(2), 0x42230403)
- t.end()
-})
-
-tape('test readFloatLE / readFloatBE', function (t) {
- var buf1 = new Buffer(1)
- , buf2 = new Buffer(3)
- , buf3 = new Buffer(3)
- , bl = new BufferList()
-
- buf2[1] = 0x00
- buf2[2] = 0x00
- buf3[0] = 0x80
- buf3[1] = 0x3f
-
- bl.append(buf1)
- bl.append(buf2)
- bl.append(buf3)
-
- t.equal(bl.readFloatLE(2), 0x01)
- t.end()
-})
-
-tape('test readDoubleLE / readDoubleBE', function (t) {
- var buf1 = new Buffer(1)
- , buf2 = new Buffer(3)
- , buf3 = new Buffer(10)
- , bl = new BufferList()
-
- buf2[1] = 0x55
- buf2[2] = 0x55
- buf3[0] = 0x55
- buf3[1] = 0x55
- buf3[2] = 0x55
- buf3[3] = 0x55
- buf3[4] = 0xd5
- buf3[5] = 0x3f
-
- bl.append(buf1)
- bl.append(buf2)
- bl.append(buf3)
-
- t.equal(bl.readDoubleLE(2), 0.3333333333333333)
- t.end()
-})
-
-tape('test toString', function (t) {
- var bl = new BufferList()
-
- bl.append(new Buffer('abcd'))
- bl.append(new Buffer('efg'))
- bl.append(new Buffer('hi'))
- bl.append(new Buffer('j'))
-
- t.equal(bl.toString('ascii', 0, 10), 'abcdefghij')
- t.equal(bl.toString('ascii', 3, 10), 'defghij')
- t.equal(bl.toString('ascii', 3, 6), 'def')
- t.equal(bl.toString('ascii', 3, 8), 'defgh')
- t.equal(bl.toString('ascii', 5, 10), 'fghij')
-
- t.end()
-})
-
-tape('test toString encoding', function (t) {
- var bl = new BufferList()
- , b = new Buffer('abcdefghij\xff\x00')
-
- bl.append(new Buffer('abcd'))
- bl.append(new Buffer('efg'))
- bl.append(new Buffer('hi'))
- bl.append(new Buffer('j'))
- bl.append(new Buffer('\xff\x00'))
-
- encodings.forEach(function (enc) {
- t.equal(bl.toString(enc), b.toString(enc), enc)
- })
-
- t.end()
-})
-
-!process.browser && tape('test stream', function (t) {
- var random = crypto.randomBytes(65534)
- , rndhash = hash(random, 'md5')
- , md5sum = crypto.createHash('md5')
- , bl = new BufferList(function (err, buf) {
- t.ok(Buffer.isBuffer(buf))
- t.ok(err === null)
- t.equal(rndhash, hash(bl.slice(), 'md5'))
- t.equal(rndhash, hash(buf, 'md5'))
-
- bl.pipe(fs.createWriteStream('/tmp/bl_test_rnd_out.dat'))
- .on('close', function () {
- var s = fs.createReadStream('/tmp/bl_test_rnd_out.dat')
- s.on('data', md5sum.update.bind(md5sum))
- s.on('end', function() {
- t.equal(rndhash, md5sum.digest('hex'), 'woohoo! correct hash!')
- t.end()
- })
- })
-
- })
-
- fs.writeFileSync('/tmp/bl_test_rnd.dat', random)
- fs.createReadStream('/tmp/bl_test_rnd.dat').pipe(bl)
-})
-
-tape('instantiation with Buffer', function (t) {
- var buf = crypto.randomBytes(1024)
- , buf2 = crypto.randomBytes(1024)
- , b = BufferList(buf)
-
- t.equal(buf.toString('hex'), b.slice().toString('hex'), 'same buffer')
- b = BufferList([ buf, buf2 ])
- t.equal(b.slice().toString('hex'), Buffer.concat([ buf, buf2 ]).toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('test String appendage', function (t) {
- var bl = new BufferList()
- , b = new Buffer('abcdefghij\xff\x00')
-
- bl.append('abcd')
- bl.append('efg')
- bl.append('hi')
- bl.append('j')
- bl.append('\xff\x00')
-
- encodings.forEach(function (enc) {
- t.equal(bl.toString(enc), b.toString(enc))
- })
-
- t.end()
-})
-
-tape('test Number appendage', function (t) {
- var bl = new BufferList()
- , b = new Buffer('1234567890')
-
- bl.append(1234)
- bl.append(567)
- bl.append(89)
- bl.append(0)
-
- encodings.forEach(function (enc) {
- t.equal(bl.toString(enc), b.toString(enc))
- })
-
- t.end()
-})
-
-tape('write nothing, should get empty buffer', function (t) {
- t.plan(3)
- BufferList(function (err, data) {
- t.notOk(err, 'no error')
- t.ok(Buffer.isBuffer(data), 'got a buffer')
- t.equal(0, data.length, 'got a zero-length buffer')
- t.end()
- }).end()
-})
-
-tape('unicode string', function (t) {
- t.plan(2)
- var inp1 = '\u2600'
- , inp2 = '\u2603'
- , exp = inp1 + ' and ' + inp2
- , bl = BufferList()
- bl.write(inp1)
- bl.write(' and ')
- bl.write(inp2)
- t.equal(exp, bl.toString())
- t.equal(new Buffer(exp).toString('hex'), bl.toString('hex'))
-})
-
-tape('should emit finish', function (t) {
- var source = BufferList()
- , dest = BufferList()
-
- source.write('hello')
- source.pipe(dest)
-
- dest.on('finish', function () {
- t.equal(dest.toString('utf8'), 'hello')
- t.end()
- })
-})
-
-tape('basic copy', function (t) {
- var buf = crypto.randomBytes(1024)
- , buf2 = new Buffer(1024)
- , b = BufferList(buf)
-
- b.copy(buf2)
- t.equal(b.slice().toString('hex'), buf2.toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('copy after many appends', function (t) {
- var buf = crypto.randomBytes(512)
- , buf2 = new Buffer(1024)
- , b = BufferList(buf)
-
- b.append(buf)
- b.copy(buf2)
- t.equal(b.slice().toString('hex'), buf2.toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('copy at a precise position', function (t) {
- var buf = crypto.randomBytes(1004)
- , buf2 = new Buffer(1024)
- , b = BufferList(buf)
-
- b.copy(buf2, 20)
- t.equal(b.slice().toString('hex'), buf2.slice(20).toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('copy starting from a precise location', function (t) {
- var buf = crypto.randomBytes(10)
- , buf2 = new Buffer(5)
- , b = BufferList(buf)
-
- b.copy(buf2, 0, 5)
- t.equal(b.slice(5).toString('hex'), buf2.toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('copy in an interval', function (t) {
- var rnd = crypto.randomBytes(10)
- , b = BufferList(rnd) // put the random bytes there
- , actual = new Buffer(3)
- , expected = new Buffer(3)
-
- rnd.copy(expected, 0, 5, 8)
- b.copy(actual, 0, 5, 8)
-
- t.equal(actual.toString('hex'), expected.toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('copy an interval between two buffers', function (t) {
- var buf = crypto.randomBytes(10)
- , buf2 = new Buffer(10)
- , b = BufferList(buf)
-
- b.append(buf)
- b.copy(buf2, 0, 5, 15)
-
- t.equal(b.slice(5, 15).toString('hex'), buf2.toString('hex'), 'same buffer')
- t.end()
-})
-
-tape('duplicate', function (t) {
- t.plan(2)
-
- var bl = new BufferList('abcdefghij\xff\x00')
- , dup = bl.duplicate()
-
- t.equal(bl.prototype, dup.prototype)
- t.equal(bl.toString('hex'), dup.toString('hex'))
-})
-
-tape('destroy no pipe', function (t) {
- t.plan(2)
-
- var bl = new BufferList('alsdkfja;lsdkfja;lsdk')
- bl.destroy()
-
- t.equal(bl._bufs.length, 0)
- t.equal(bl.length, 0)
-})
-
-!process.browser && tape('destroy with pipe before read end', function (t) {
- t.plan(2)
-
- var bl = new BufferList()
- fs.createReadStream(__dirname + '/test.js')
- .pipe(bl)
-
- bl.destroy()
-
- t.equal(bl._bufs.length, 0)
- t.equal(bl.length, 0)
-
-})
-
-!process.browser && tape('destroy with pipe before read end with race', function (t) {
- t.plan(2)
-
- var bl = new BufferList()
- fs.createReadStream(__dirname + '/test.js')
- .pipe(bl)
-
- setTimeout(function () {
- bl.destroy()
- setTimeout(function () {
- t.equal(bl._bufs.length, 0)
- t.equal(bl.length, 0)
- }, 500)
- }, 500)
-})
-
-!process.browser && tape('destroy with pipe after read end', function (t) {
- t.plan(2)
-
- var bl = new BufferList()
- fs.createReadStream(__dirname + '/test.js')
- .on('end', onEnd)
- .pipe(bl)
-
- function onEnd () {
- bl.destroy()
-
- t.equal(bl._bufs.length, 0)
- t.equal(bl.length, 0)
- }
-})
-
-!process.browser && tape('destroy with pipe while writing to a destination', function (t) {
- t.plan(4)
-
- var bl = new BufferList()
- , ds = new BufferList()
-
- fs.createReadStream(__dirname + '/test.js')
- .on('end', onEnd)
- .pipe(bl)
-
- function onEnd () {
- bl.pipe(ds)
-
- setTimeout(function () {
- bl.destroy()
-
- t.equals(bl._bufs.length, 0)
- t.equals(bl.length, 0)
-
- ds.destroy()
-
- t.equals(bl._bufs.length, 0)
- t.equals(bl.length, 0)
-
- }, 100)
- }
-})
-
-!process.browser && tape('handle error', function (t) {
- t.plan(2)
- fs.createReadStream('/does/not/exist').pipe(BufferList(function (err, data) {
- t.ok(err instanceof Error, 'has error')
- t.notOk(data, 'no data')
- }))
-})
diff --git a/deps/npm/node_modules/request/node_modules/form-data/Readme.md b/deps/npm/node_modules/request/node_modules/form-data/Readme.md
index 5864d82db56862..642a9d14a800b7 100644
--- a/deps/npm/node_modules/request/node_modules/form-data/Readme.md
+++ b/deps/npm/node_modules/request/node_modules/form-data/Readme.md
@@ -6,11 +6,11 @@ The API of this library is inspired by the [XMLHttpRequest-2 FormData Interface]
[xhr2-fd]: http://dev.w3.org/2006/webapi/XMLHttpRequest-2/Overview.html#the-formdata-interface
-[](https://travis-ci.org/form-data/form-data)
-[](https://travis-ci.org/form-data/form-data)
-[](https://ci.appveyor.com/project/alexindigo/form-data)
+[](https://travis-ci.org/form-data/form-data)
+[](https://travis-ci.org/form-data/form-data)
+[](https://ci.appveyor.com/project/alexindigo/form-data)
-[](https://coveralls.io/github/form-data/form-data?branch=master)
+[](https://coveralls.io/github/form-data/form-data?branch=master)
[](https://david-dm.org/form-data/form-data)
[](https://www.bithound.io/github/form-data/form-data)
diff --git a/deps/npm/node_modules/request/node_modules/form-data/lib/browser.js b/deps/npm/node_modules/request/node_modules/form-data/lib/browser.js
index f42221cd63da73..09e7c70e6e9d78 100644
--- a/deps/npm/node_modules/request/node_modules/form-data/lib/browser.js
+++ b/deps/npm/node_modules/request/node_modules/form-data/lib/browser.js
@@ -1,2 +1,2 @@
/* eslint-env browser */
-module.exports = window.FormData;
+module.exports = typeof self == 'object' ? self.FormData : window.FormData;
diff --git a/deps/npm/node_modules/request/node_modules/form-data/lib/form_data.js b/deps/npm/node_modules/request/node_modules/form-data/lib/form_data.js
index 8252e6588d4949..d2cc924918b353 100644
--- a/deps/npm/node_modules/request/node_modules/form-data/lib/form_data.js
+++ b/deps/npm/node_modules/request/node_modules/form-data/lib/form_data.js
@@ -325,7 +325,7 @@ FormData.prototype.getLengthSync = function() {
}
// https://github.com/form-data/form-data/issues/40
- if (this._valuesToMeasure.length) {
+ if (!this.hasKnownLength()) {
// Some async length retrievers are present
// therefore synchronous length calculation is false.
// Please use getLength(callback) to get proper length
@@ -335,6 +335,19 @@ FormData.prototype.getLengthSync = function() {
return knownLength;
};
+// Public API to check if length of added values is known
+// https://github.com/form-data/form-data/issues/196
+// https://github.com/form-data/form-data/issues/262
+FormData.prototype.hasKnownLength = function() {
+ var hasKnownLength = true;
+
+ if (this._valuesToMeasure.length) {
+ hasKnownLength = false;
+ }
+
+ return hasKnownLength;
+};
+
FormData.prototype.getLength = function(cb) {
var knownLength = this._overheadLength + this._valueLength;
diff --git a/deps/npm/node_modules/request/node_modules/form-data/package.json b/deps/npm/node_modules/request/node_modules/form-data/package.json
index a8b4839b7c7e69..96fd69e80f180d 100644
--- a/deps/npm/node_modules/request/node_modules/form-data/package.json
+++ b/deps/npm/node_modules/request/node_modules/form-data/package.json
@@ -2,49 +2,49 @@
"_args": [
[
{
- "raw": "form-data@~2.0.0",
+ "raw": "form-data@~2.1.1",
"scope": null,
"escapedName": "form-data",
"name": "form-data",
- "rawSpec": "~2.0.0",
- "spec": ">=2.0.0 <2.1.0",
+ "rawSpec": "~2.1.1",
+ "spec": ">=2.1.1 <2.2.0",
"type": "range"
},
- "/Users/rebecca/code/npm/node_modules/request"
+ "/Users/zkat/Documents/code/npm/node_modules/request"
]
],
- "_from": "form-data@>=2.0.0 <2.1.0",
- "_id": "form-data@2.0.0",
+ "_from": "form-data@>=2.1.1 <2.2.0",
+ "_id": "form-data@2.1.2",
"_inCache": true,
"_location": "/request/form-data",
- "_nodeVersion": "4.5.0",
+ "_nodeVersion": "6.4.0",
"_npmOperationalInternal": {
"host": "packages-12-west.internal.npmjs.com",
- "tmp": "tmp/form-data-2.0.0.tgz_1474092617403_0.5404838663525879"
+ "tmp": "tmp/form-data-2.1.2.tgz_1478577739404_0.6574864208232611"
},
"_npmUser": {
"name": "alexindigo",
"email": "iam@alexindigo.com"
},
- "_npmVersion": "2.15.9",
+ "_npmVersion": "3.10.3",
"_phantomChildren": {},
"_requested": {
- "raw": "form-data@~2.0.0",
+ "raw": "form-data@~2.1.1",
"scope": null,
"escapedName": "form-data",
"name": "form-data",
- "rawSpec": "~2.0.0",
- "spec": ">=2.0.0 <2.1.0",
+ "rawSpec": "~2.1.1",
+ "spec": ">=2.1.1 <2.2.0",
"type": "range"
},
"_requiredBy": [
"/request"
],
- "_resolved": "https://registry.npmjs.org/form-data/-/form-data-2.0.0.tgz",
- "_shasum": "6f0aebadcc5da16c13e1ecc11137d85f9b883b25",
+ "_resolved": "https://registry.npmjs.org/form-data/-/form-data-2.1.2.tgz",
+ "_shasum": "89c3534008b97eada4cbb157d58f6f5df025eae4",
"_shrinkwrap": null,
- "_spec": "form-data@~2.0.0",
- "_where": "/Users/rebecca/code/npm/node_modules/request",
+ "_spec": "form-data@~2.1.1",
+ "_where": "/Users/zkat/Documents/code/npm/node_modules/request",
"author": {
"name": "Felix Geisendörfer",
"email": "felix@debuggable.com",
@@ -57,33 +57,38 @@
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.5",
- "mime-types": "^2.1.11"
+ "mime-types": "^2.1.12"
},
"description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.",
"devDependencies": {
- "coveralls": "^2.11.13",
- "cross-spawn": "^4.0.0",
- "eslint": "^3.5.0",
+ "browserify": "^13.1.1",
+ "browserify-istanbul": "^2.0.0",
+ "coveralls": "^2.11.14",
+ "cross-spawn": "^4.0.2",
+ "eslint": "^3.9.1",
"fake": "^0.2.2",
"far": "^0.0.7",
"formidable": "^1.0.17",
"in-publish": "^2.0.0",
"is-node-modern": "^1.0.0",
"istanbul": "^0.4.5",
+ "obake": "^0.1.2",
+ "phantomjs-prebuilt": "^2.1.13",
"pkgfiles": "^2.3.0",
"pre-commit": "^1.1.3",
- "request": "^2.74.0",
- "rimraf": "^2.5.4"
+ "request": "2.76.0",
+ "rimraf": "^2.5.4",
+ "tape": "^4.6.2"
},
"directories": {},
"dist": {
- "shasum": "6f0aebadcc5da16c13e1ecc11137d85f9b883b25",
- "tarball": "https://registry.npmjs.org/form-data/-/form-data-2.0.0.tgz"
+ "shasum": "89c3534008b97eada4cbb157d58f6f5df025eae4",
+ "tarball": "https://registry.npmjs.org/form-data/-/form-data-2.1.2.tgz"
},
"engines": {
"node": ">= 0.12"
},
- "gitHead": "652b16ff5b9077bdf65eb66b67286c823c2a1040",
+ "gitHead": "03444d21961a7a44cdc2eae11ee3630f6969023d",
"homepage": "https://github.com/form-data/form-data#readme",
"license": "MIT",
"main": "./lib/form_data",
@@ -109,7 +114,7 @@
"optionalDependencies": {},
"pre-commit": [
"lint",
- "test",
+ "ci-test",
"check"
],
"readme": "ERROR: No README data found!",
@@ -118,8 +123,10 @@
"url": "git://github.com/form-data/form-data.git"
},
"scripts": {
+ "browser": "browserify -t browserify-istanbul test/run-browser.js | obake --coverage",
"check": "istanbul check-coverage coverage/coverage*.json",
- "ci-lint": "is-node-modern && npm run lint || is-node-not-modern",
+ "ci-lint": "is-node-modern 6 && npm run lint || is-node-not-modern 6",
+ "ci-test": "npm run test && npm run browser && npm run report",
"debug": "verbose=1 ./test/run.js",
"files": "pkgfiles --sort=name",
"get-version": "node -e \"console.log(require('./package.json').version)\"",
@@ -129,9 +136,10 @@
"predebug": "rimraf coverage test/tmp",
"prepublish": "in-publish && npm run update-readme || not-in-publish",
"pretest": "rimraf coverage test/tmp",
+ "report": "istanbul report lcov text",
"restore-readme": "mv README.md.bak README.md",
"test": "istanbul cover test/run.js",
"update-readme": "sed -i.bak 's/\\/master\\.svg/\\/v'$(npm --silent run get-version)'.svg/g' README.md"
},
- "version": "2.0.0"
+ "version": "2.1.2"
}
diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/dashdash/CHANGES.md b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/dashdash/CHANGES.md
new file mode 100644
index 00000000000000..d7c8f4ebe18de5
--- /dev/null
+++ b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/dashdash/CHANGES.md
@@ -0,0 +1,364 @@
+# node-dashdash changelog
+
+## not yet released
+
+(nothing yet)
+
+## 1.14.1
+
+- [issue #30] Change the output used by dashdash's Bash completion support to
+ indicate "there are no completions for this argument" to cope with different
+ sorting rules on different Bash/platforms. For example:
+
+ $ triton -v -p test2 package get # before
+ ##-no -tritonpackage- completions-##
+
+ $ triton -v -p test2 package get # after
+ ##-no-completion- -results-##
+
+## 1.14.0
+
+- New `synopsisFromOpt(
+7.4.0 7.3.0 7.2.1 7.2.0
@@ -24,6 +25,165 @@
* [io.js](CHANGELOG_IOJS.md)
* [Archive](CHANGELOG_ARCHIVE.md)
+
+## 2017-01-04, Version 7.4.0 (Current), @evanlucas
+
+### Notable changes
+
+* **buffer**:
+ - Improve performance of Buffer allocation by ~11%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
+ - Improve performance of Buffer.from() by ~50%. (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
+* **events**: Improve performance of `EventEmitter.once()` by ~27%. (Brian White) [#10445](https://github.com/nodejs/node/pull/10445)
+* **fs**: Allow passing Uint8Array to fs methods where Buffers are supported. (Anna Henningsen) [#10382](https://github.com/nodejs/node/pull/10382)
+* **http**: Improve performance of http server by ~7%. (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* **npm**: Upgrade to v4.0.5 (Kat Marchán) [#10330](https://github.com/nodejs/node/pull/10330)
+
+### Commits
+
+* [[`d1843ec3a7`](https://github.com/nodejs/node/commit/d1843ec3a7)] - **async_wrap**: clear destroy_ids vector (Trevor Norris) [#10400](https://github.com/nodejs/node/pull/10400)
+* [[`6a4e6e9a42`](https://github.com/nodejs/node/commit/6a4e6e9a42)] - **benchmark**: allow benchmarks to specify flags (Joyee Cheung) [#10448](https://github.com/nodejs/node/pull/10448)
+* [[`0b2bc5e27b`](https://github.com/nodejs/node/commit/0b2bc5e27b)] - **benchmark**: add benchmark for WHATWG URL properties (Joyee Cheung) [#10408](https://github.com/nodejs/node/pull/10408)
+* [[`10b3297e8f`](https://github.com/nodejs/node/commit/10b3297e8f)] - **benchmark**: use commas in non-csv rate output (Brian White) [#10360](https://github.com/nodejs/node/pull/10360)
+* [[`6d15e7b528`](https://github.com/nodejs/node/commit/6d15e7b528)] - **benchmark**: refactor buffer benchmarks (Troy Connor) [#10175](https://github.com/nodejs/node/pull/10175)
+* [[`797495a84a`](https://github.com/nodejs/node/commit/797495a84a)] - **buffer**: improve allocation performance (Brian White) [#10443](https://github.com/nodejs/node/pull/10443)
+* [[`ad5ae922ce`](https://github.com/nodejs/node/commit/ad5ae922ce)] - **build**: add /opt/freeware/... to AIX library path (Stewart X Addison) [#10128](https://github.com/nodejs/node/pull/10128)
+* [[`cff57be2b6`](https://github.com/nodejs/node/commit/cff57be2b6)] - **build**: add (not) cross-compiled configure flags (Jesús Leganés-Combarro 'piranna) [#10287](https://github.com/nodejs/node/pull/10287)
+* [[`80e798e324`](https://github.com/nodejs/node/commit/80e798e324)] - **crypto**: use CHECK_NE instead of ABORT or abort (Sam Roberts) [#10413](https://github.com/nodejs/node/pull/10413)
+* [[`92eacdb5c6`](https://github.com/nodejs/node/commit/92eacdb5c6)] - **(SEMVER-MINOR)** **deps**: upgrade npm to 4.0.5 (Kat Marchán) [#10330](https://github.com/nodejs/node/pull/10330)
+* [[`785975d922`](https://github.com/nodejs/node/commit/785975d922)] - **deps**: ICU 58.2 bump download URL (Steven R. Loomis) [#10206](https://github.com/nodejs/node/pull/10206)
+* [[`bce0013dd8`](https://github.com/nodejs/node/commit/bce0013dd8)] - **deps**: ICU 58.2 bump (Steven R. Loomis) [#10206](https://github.com/nodejs/node/pull/10206)
+* [[`dcc20f12a6`](https://github.com/nodejs/node/commit/dcc20f12a6)] - **doc**: clarify the statement in vm.createContext() (AnnaMag) [#10519](https://github.com/nodejs/node/pull/10519)
+* [[`8e78953c88`](https://github.com/nodejs/node/commit/8e78953c88)] - **doc**: add joyeecheung to collaborators (Joyee Cheung) [#10603](https://github.com/nodejs/node/pull/10603)
+* [[`d08463a9e3`](https://github.com/nodejs/node/commit/d08463a9e3)] - **doc**: unify dirname and filename description (Sam Roberts) [#10527](https://github.com/nodejs/node/pull/10527)
+* [[`7ad0f7bc32`](https://github.com/nodejs/node/commit/7ad0f7bc32)] - **doc**: redirect 'Start a Working Group' to TSC repo (William Kapke) [#9655](https://github.com/nodejs/node/pull/9655)
+* [[`deb0917f76`](https://github.com/nodejs/node/commit/deb0917f76)] - **doc**: warn about unvalidated input in child_process (Matthew Garrett) [#10466](https://github.com/nodejs/node/pull/10466)
+* [[`96c3c65a86`](https://github.com/nodejs/node/commit/96c3c65a86)] - **doc**: require two-factor authentication (Rich Trott) [#10529](https://github.com/nodejs/node/pull/10529)
+* [[`a7c12fef6c`](https://github.com/nodejs/node/commit/a7c12fef6c)] - **doc**: add Working Group dissolution text (William Kapke) [#9656](https://github.com/nodejs/node/pull/9656)
+* [[`e86bf27fe8`](https://github.com/nodejs/node/commit/e86bf27fe8)] - **doc**: improve rinfo object documentation (Matt Crummey) [#10050](https://github.com/nodejs/node/pull/10050)
+* [[`5b7b457643`](https://github.com/nodejs/node/commit/5b7b457643)] - **doc**: add tls.DEFAULT_ECDH_CURVE (Sam Roberts) [#10264](https://github.com/nodejs/node/pull/10264)
+* [[`cf3f75f6f0`](https://github.com/nodejs/node/commit/cf3f75f6f0)] - **doc**: fixup errors in stream.md (Fumiya KARASAWA) [#10411](https://github.com/nodejs/node/pull/10411)
+* [[`89fb82214f`](https://github.com/nodejs/node/commit/89fb82214f)] - **doc**: use "Node.js" in V8 guide (Rich Trott) [#10438](https://github.com/nodejs/node/pull/10438)
+* [[`aabaef0aa7`](https://github.com/nodejs/node/commit/aabaef0aa7)] - **doc**: more efficient example in the console.md (Vse Mozhet Byt) [#10451](https://github.com/nodejs/node/pull/10451)
+* [[`3d181ce4fd`](https://github.com/nodejs/node/commit/3d181ce4fd)] - **doc**: var -> const / let in the console.md (Vse Mozhet Byt) [#10451](https://github.com/nodejs/node/pull/10451)
+* [[`9ce28ec3c5`](https://github.com/nodejs/node/commit/9ce28ec3c5)] - **doc**: add the valid link for curl(1) in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`cffbfba4df`](https://github.com/nodejs/node/commit/cffbfba4df)] - **doc**: replace anonymous functions in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`f281b190d5`](https://github.com/nodejs/node/commit/f281b190d5)] - **doc**: fix a function name in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`b8e2711ddd`](https://github.com/nodejs/node/commit/b8e2711ddd)] - **doc**: fix an output example in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`ae61232493`](https://github.com/nodejs/node/commit/ae61232493)] - **doc**: white space unification in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`37cb971c65`](https://github.com/nodejs/node/commit/37cb971c65)] - **doc**: var => let / const in repl.md (Vse Mozhet Byt) [#10244](https://github.com/nodejs/node/pull/10244)
+* [[`6f8c6133e3`](https://github.com/nodejs/node/commit/6f8c6133e3)] - **doc**: update CONTRIBUTING.MD with link to V8 guide (sarahmeyer) [#10070](https://github.com/nodejs/node/pull/10070)
+* [[`8a9d68ad7c`](https://github.com/nodejs/node/commit/8a9d68ad7c)] - **doc**: improve common.mustCall() explanation (Rich Trott) [#10390](https://github.com/nodejs/node/pull/10390)
+* [[`4365bb45b8`](https://github.com/nodejs/node/commit/4365bb45b8)] - **doc**: consistent 'Returns:' part two (Myles Borins) [#10391](https://github.com/nodejs/node/pull/10391)
+* [[`21fca4bdda`](https://github.com/nodejs/node/commit/21fca4bdda)] - **doc**: require() tries first core not native modules (Vicente Jimenez Aguilar) [#10324](https://github.com/nodejs/node/pull/10324)
+* [[`6284d83092`](https://github.com/nodejs/node/commit/6284d83092)] - **doc**: clarify macosx-firewall suggestion BUILDING (Chase Starr) [#10311](https://github.com/nodejs/node/pull/10311)
+* [[`0c4cf24f70`](https://github.com/nodejs/node/commit/0c4cf24f70)] - **doc**: update process.versions.modules documentation (Kevin Zurawel) [#9901](https://github.com/nodejs/node/pull/9901)
+* [[`b67879f6f4`](https://github.com/nodejs/node/commit/b67879f6f4)] - **doc**: clarify the review and landing process (Joyee Cheung) [#10202](https://github.com/nodejs/node/pull/10202)
+* [[`9044423bb6`](https://github.com/nodejs/node/commit/9044423bb6)] - **doc**: modernize code examples in the cluster.md (Vse Mozhet Byt) [#10270](https://github.com/nodejs/node/pull/10270)
+* [[`2eec9afdb1`](https://github.com/nodejs/node/commit/2eec9afdb1)] - **doc**: add Michaël Zasso to the CTC (Michaël Zasso)
+* [[`85d2a2abcf`](https://github.com/nodejs/node/commit/85d2a2abcf)] - **doc**: update writable.write return value (Tanuja-Sawant) [#9468](https://github.com/nodejs/node/pull/9468)
+* [[`37563fafca`](https://github.com/nodejs/node/commit/37563fafca)] - **doc**: fix broken link in COLLABORATOR_GUIDE.md (Emanuel Buholzer) [#10337](https://github.com/nodejs/node/pull/10337)
+* [[`f9a5c13ff3`](https://github.com/nodejs/node/commit/f9a5c13ff3)] - **dtrace**: resolve conversion warnings from SLURP_INT (Christopher J. Brody) [#10143](https://github.com/nodejs/node/pull/10143)
+* [[`bc379fda75`](https://github.com/nodejs/node/commit/bc379fda75)] - **events**: optimize arrayClone by copying forward (Benedikt Meurer) [#10571](https://github.com/nodejs/node/pull/10571)
+* [[`7ece950ffe`](https://github.com/nodejs/node/commit/7ece950ffe)] - **events**: improve once() performance (Brian White) [#10445](https://github.com/nodejs/node/pull/10445)
+* [[`6629f8f83f`](https://github.com/nodejs/node/commit/6629f8f83f)] - **fs**: cache non-symlinks in realpathSync. (Jeremy Yallop) [#10253](https://github.com/nodejs/node/pull/10253)
+* [[`abde7644a5`](https://github.com/nodejs/node/commit/abde7644a5)] - **(SEMVER-MINOR)** **fs**: support Uint8Array input to methods (Anna Henningsen) [#10382](https://github.com/nodejs/node/pull/10382)
+* [[`32b6bcdd83`](https://github.com/nodejs/node/commit/32b6bcdd83)] - **http**: optimize headers iteration (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`a760d707ad`](https://github.com/nodejs/node/commit/a760d707ad)] - **http**: simplify boolean checks (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`c8ad127abc`](https://github.com/nodejs/node/commit/c8ad127abc)] - **http**: extract validation functions (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`8a2a763f13`](https://github.com/nodejs/node/commit/8a2a763f13)] - **http**: improve validation performance (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`df8b8b257d`](https://github.com/nodejs/node/commit/df8b8b257d)] - **http**: refactor server connection handling (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`1f0fd7b35d`](https://github.com/nodejs/node/commit/1f0fd7b35d)] - **http**: misc cleanup and minor optimizations (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`b094b49659`](https://github.com/nodejs/node/commit/b094b49659)] - **http**: reuse existing headers array for raw values (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`4bed9475d1`](https://github.com/nodejs/node/commit/4bed9475d1)] - **inspector**: fix Coverity defects (Eugene Ostroukhov) [#10240](https://github.com/nodejs/node/pull/10240)
+* [[`023956187e`](https://github.com/nodejs/node/commit/023956187e)] - **inspector**: split HTTP/WS server from the inspector (Eugene Ostroukhov) [#9630](https://github.com/nodejs/node/pull/9630)
+* [[`aed5e27451`](https://github.com/nodejs/node/commit/aed5e27451)] - **lib**: avoid recompilation of anonymous functions (Brian White) [#6533](https://github.com/nodejs/node/pull/6533)
+* [[`064607be58`](https://github.com/nodejs/node/commit/064607be58)] - **meta**: modify pull request template for prepending (Rich Trott) [#10484](https://github.com/nodejs/node/pull/10484)
+* [[`75efdeb635`](https://github.com/nodejs/node/commit/75efdeb635)] - **os**: fix os.release() for aix and add test (jBarz) [#10245](https://github.com/nodejs/node/pull/10245)
+* [[`6796bf4829`](https://github.com/nodejs/node/commit/6796bf4829)] - **repl**: allow autocompletion for scoped packages (Evan Lucas) [#10296](https://github.com/nodejs/node/pull/10296)
+* [[`11ed8007df`](https://github.com/nodejs/node/commit/11ed8007df)] - **src**: describe what NODE_MODULE_VERSION is for (Sam Roberts) [#10414](https://github.com/nodejs/node/pull/10414)
+* [[`5e5b1f8b89`](https://github.com/nodejs/node/commit/5e5b1f8b89)] - **src**: return early if nextTickQueue is empty (Trevor Norris) [#10274](https://github.com/nodejs/node/pull/10274)
+* [[`5852336207`](https://github.com/nodejs/node/commit/5852336207)] - **test**: add tests for clearBuffer state machine (Safia Abdalla) [#9922](https://github.com/nodejs/node/pull/9922)
+* [[`6ec798bdd6`](https://github.com/nodejs/node/commit/6ec798bdd6)] - **test**: update test-cluster-shared-handle-bind-error (cjihrig) [#10547](https://github.com/nodejs/node/pull/10547)
+* [[`32401b5069`](https://github.com/nodejs/node/commit/32401b5069)] - **test**: avoid assigning this to variables (cjihrig) [#10548](https://github.com/nodejs/node/pull/10548)
+* [[`e1fbd72ae7`](https://github.com/nodejs/node/commit/e1fbd72ae7)] - **test**: s/ASSERT/assert/ (cjihrig) [#10544](https://github.com/nodejs/node/pull/10544)
+* [[`05b0092230`](https://github.com/nodejs/node/commit/05b0092230)] - **test**: refactor test-debugger-remote (Sakthipriyan Vairamani (thefourtheye)) [#10455](https://github.com/nodejs/node/pull/10455)
+* [[`82575f9341`](https://github.com/nodejs/node/commit/82575f9341)] - **test**: refactor test-stream-unshift-read-race (Rich Trott) [#10532](https://github.com/nodejs/node/pull/10532)
+* [[`4d984ecadb`](https://github.com/nodejs/node/commit/4d984ecadb)] - **test**: refactor test-stream-pipe-error-handling (Rich Trott) [#10530](https://github.com/nodejs/node/pull/10530)
+* [[`2619236212`](https://github.com/nodejs/node/commit/2619236212)] - **test**: refactor test-tls-alert-handling (Rich Trott) [#10482](https://github.com/nodejs/node/pull/10482)
+* [[`8ac9d07805`](https://github.com/nodejs/node/commit/8ac9d07805)] - **test**: fix flaky test-http-client-timeout-with-data (Rich Trott) [#10431](https://github.com/nodejs/node/pull/10431)
+* [[`ef5a43a0e3`](https://github.com/nodejs/node/commit/ef5a43a0e3)] - **test**: improve test-http-allow-req-after-204-res (Adrian Estrada) [#10503](https://github.com/nodejs/node/pull/10503)
+* [[`4a16f9b054`](https://github.com/nodejs/node/commit/4a16f9b054)] - **test**: improve test-fs-empty-readStream.js (Adrian Estrada) [#10479](https://github.com/nodejs/node/pull/10479)
+* [[`5fc93ee841`](https://github.com/nodejs/node/commit/5fc93ee841)] - **test**: refactor the code in test-http-connect (Adrian Estrada) [#10397](https://github.com/nodejs/node/pull/10397)
+* [[`78e8aa81c9`](https://github.com/nodejs/node/commit/78e8aa81c9)] - **test**: refactor test-stream-pipe-after-end (Rich Trott) [#10483](https://github.com/nodejs/node/pull/10483)
+* [[`0a0c190db5`](https://github.com/nodejs/node/commit/0a0c190db5)] - **test**: use strictEqual in test-http-server (Fabrice Tatieze) [#10478](https://github.com/nodejs/node/pull/10478)
+* [[`04d82a5122`](https://github.com/nodejs/node/commit/04d82a5122)] - **test**: refactor test-stdin-from-file (Rob Adelmann) [#10331](https://github.com/nodejs/node/pull/10331)
+* [[`00f791af74`](https://github.com/nodejs/node/commit/00f791af74)] - **test**: refactor test-stream2-unpipe-drain (Chris Story) [#10033](https://github.com/nodejs/node/pull/10033)
+* [[`eb1adbb48e`](https://github.com/nodejs/node/commit/eb1adbb48e)] - **test**: refactor the code in test-dns-ipv4 (Adrian Estrada) [#10200](https://github.com/nodejs/node/pull/10200)
+* [[`dff48af67f`](https://github.com/nodejs/node/commit/dff48af67f)] - **test**: add regex to text-crypto-random (Nate) [#10020](https://github.com/nodejs/node/pull/10020)
+* [[`5164b56224`](https://github.com/nodejs/node/commit/5164b56224)] - **test**: add test for SIGWINCH handling by stdio.js (Sarah Meyer) [#10063](https://github.com/nodejs/node/pull/10063)
+* [[`1aa3ab1ec6`](https://github.com/nodejs/node/commit/1aa3ab1ec6)] - **test**: refactor the code in test-fs-chmod (Adrian Estrada) [#10440](https://github.com/nodejs/node/pull/10440)
+* [[`4f1d9452de`](https://github.com/nodejs/node/commit/4f1d9452de)] - **test**: swap var for let/const throughout (Paul Graham) [#10177](https://github.com/nodejs/node/pull/10177)
+* [[`f6ed233546`](https://github.com/nodejs/node/commit/f6ed233546)] - **test**: improve the code in test-pipe.js (Adrian Estrada) [#10452](https://github.com/nodejs/node/pull/10452)
+* [[`011bd4675a`](https://github.com/nodejs/node/commit/011bd4675a)] - **test**: improve code in test-fs-readfile-error (Adrian Estrada) [#10367](https://github.com/nodejs/node/pull/10367)
+* [[`98fcb221d5`](https://github.com/nodejs/node/commit/98fcb221d5)] - **test**: improve code in test-vm-preserves-property (Adrian Estrada) [#10428](https://github.com/nodejs/node/pull/10428)
+* [[`cdf028c5a6`](https://github.com/nodejs/node/commit/cdf028c5a6)] - **test**: improve code in test-vm-symbols (Adrian Estrada) [#10429](https://github.com/nodejs/node/pull/10429)
+* [[`94a894acf2`](https://github.com/nodejs/node/commit/94a894acf2)] - **test**: fix and improve debugger-client test (Sakthipriyan Vairamani (thefourtheye)) [#10371](https://github.com/nodejs/node/pull/10371)
+* [[`d4c888df88`](https://github.com/nodejs/node/commit/d4c888df88)] - **test**: basic functionality of readUIntLE() (larissayvette) [#10359](https://github.com/nodejs/node/pull/10359)
+* [[`a5b8d097c5`](https://github.com/nodejs/node/commit/a5b8d097c5)] - **test**: clean up repl-reset-event file (Kailean Courtney) [#9931](https://github.com/nodejs/node/pull/9931)
+* [[`599a2a956b`](https://github.com/nodejs/node/commit/599a2a956b)] - **test**: refactor test-child-process-ipc (malen) [#9990](https://github.com/nodejs/node/pull/9990)
+* [[`d33e560929`](https://github.com/nodejs/node/commit/d33e560929)] - **test**: fix and improve debug-break-on-uncaught (Sakthipriyan Vairamani (thefourtheye)) [#10370](https://github.com/nodejs/node/pull/10370)
+* [[`9349f086d9`](https://github.com/nodejs/node/commit/9349f086d9)] - **test**: refactor test-internal-modules (Christy Leung) [#10016](https://github.com/nodejs/node/pull/10016)
+* [[`2ad9faa19e`](https://github.com/nodejs/node/commit/2ad9faa19e)] - **test**: add second argument to assert.throws() (Ken Russo) [#9987](https://github.com/nodejs/node/pull/9987)
+* [[`4bfd9c0a35`](https://github.com/nodejs/node/commit/4bfd9c0a35)] - **test**: refactor test-pipe-file-to-http (Josh Mays) [#10054](https://github.com/nodejs/node/pull/10054)
+* [[`1b9f548e7d`](https://github.com/nodejs/node/commit/1b9f548e7d)] - **test**: refactor test-tls-interleave (Brian Chirgwin) [#10017](https://github.com/nodejs/node/pull/10017)
+* [[`db3ac5d6e7`](https://github.com/nodejs/node/commit/db3ac5d6e7)] - **test**: refactor test-tls-client-getephemeralkeyinfo (Harish Tejwani) [#9954](https://github.com/nodejs/node/pull/9954)
+* [[`bbe618d3e2`](https://github.com/nodejs/node/commit/bbe618d3e2)] - **test**: refactor test-cluster-send-handle-twice.js (Amar Zavery) [#10049](https://github.com/nodejs/node/pull/10049)
+* [[`5d64f3d76f`](https://github.com/nodejs/node/commit/5d64f3d76f)] - **test**: update test-tls-check-server-identity.js (Kevin Cox) [#9986](https://github.com/nodejs/node/pull/9986)
+* [[`e6702d6d9b`](https://github.com/nodejs/node/commit/e6702d6d9b)] - **test**: fix flaky test-https-timeout (Rich Trott) [#10404](https://github.com/nodejs/node/pull/10404)
+* [[`44f4d6001f`](https://github.com/nodejs/node/commit/44f4d6001f)] - **test**: improve test-cluster-net-listen.js (Rico Cai) [#9953](https://github.com/nodejs/node/pull/9953)
+* [[`d3bef30b5f`](https://github.com/nodejs/node/commit/d3bef30b5f)] - **test**: refactor test-child-process-stdin (Segu Riluvan) [#10420](https://github.com/nodejs/node/pull/10420)
+* [[`e9b2325d68`](https://github.com/nodejs/node/commit/e9b2325d68)] - **test**: test error messages in test-dns-regress-7070 (Wallace Zhang) [#10058](https://github.com/nodejs/node/pull/10058)
+* [[`826decf8e5`](https://github.com/nodejs/node/commit/826decf8e5)] - **test**: basic functionality of readUIntBE() (larissayvette) [#10417](https://github.com/nodejs/node/pull/10417)
+* [[`91a2dc216d`](https://github.com/nodejs/node/commit/91a2dc216d)] - **test**: improve test-cluster-worker-constructor.js (Adrian Estrada) [#10396](https://github.com/nodejs/node/pull/10396)
+* [[`a82be5d44c`](https://github.com/nodejs/node/commit/a82be5d44c)] - **test**: refactor test-init.js (Sakthipriyan Vairamani (thefourtheye)) [#10384](https://github.com/nodejs/node/pull/10384)
+* [[`ed76bfa7ba`](https://github.com/nodejs/node/commit/ed76bfa7ba)] - **test**: refactor code in test-cluster-http-pipe (Adrian Estrada) [#10297](https://github.com/nodejs/node/pull/10297)
+* [[`9a0711d37f`](https://github.com/nodejs/node/commit/9a0711d37f)] - **test**: improve code in test-http-bind-twice.js (Adrian Estrada) [#10318](https://github.com/nodejs/node/pull/10318)
+* [[`9d0220c4de`](https://github.com/nodejs/node/commit/9d0220c4de)] - **test**: fix linter error in whatwg-url-parsing (Sakthipriyan Vairamani (thefourtheye)) [#10421](https://github.com/nodejs/node/pull/10421)
+* [[`bee7d7e32c`](https://github.com/nodejs/node/commit/bee7d7e32c)] - **test**: change var declarations, add mustCall check (Daniel Sims) [#9962](https://github.com/nodejs/node/pull/9962)
+* [[`a2ec794d3b`](https://github.com/nodejs/node/commit/a2ec794d3b)] - **test**: added validation regex argument to test (Avery, Frank) [#9918](https://github.com/nodejs/node/pull/9918)
+* [[`14826d0569`](https://github.com/nodejs/node/commit/14826d0569)] - **test**: refactoring test-cluster-worker-constructor (Christopher Rokita) [#9956](https://github.com/nodejs/node/pull/9956)
+* [[`274eef4da0`](https://github.com/nodejs/node/commit/274eef4da0)] - **test**: refactoring test-pipe-head (Travis Bretton) [#10036](https://github.com/nodejs/node/pull/10036)
+* [[`7c406e819b`](https://github.com/nodejs/node/commit/7c406e819b)] - **test**: refactor test-stdin-script-child (Emanuel Buholzer) [#10321](https://github.com/nodejs/node/pull/10321)
+* [[`501165f0c1`](https://github.com/nodejs/node/commit/501165f0c1)] - **test**: fix timers-same-timeout-wrong-list-deleted (Rich Trott) [#10362](https://github.com/nodejs/node/pull/10362)
+* [[`ba63363512`](https://github.com/nodejs/node/commit/ba63363512)] - **test**: refactor test-stream2-writable (Rich Trott) [#10353](https://github.com/nodejs/node/pull/10353)
+* [[`a5a738cca7`](https://github.com/nodejs/node/commit/a5a738cca7)] - **test**: refactor test-tls-0-dns-altname (Richard Karmazin) [#9948](https://github.com/nodejs/node/pull/9948)
+* [[`12a3b189da`](https://github.com/nodejs/node/commit/12a3b189da)] - **test**: refactor test-cluster-net-listen (Segu Riluvan) [#10047](https://github.com/nodejs/node/pull/10047)
+* [[`18a75a085d`](https://github.com/nodejs/node/commit/18a75a085d)] - **test**: test: refactor test-sync-fileread (Jason Wohlgemuth) [#9941](https://github.com/nodejs/node/pull/9941)
+* [[`815b5bdcf4`](https://github.com/nodejs/node/commit/815b5bdcf4)] - **test**: change assert.strict to assert.strictEqual() (Ashita Nagesh) [#9988](https://github.com/nodejs/node/pull/9988)
+* [[`f1cc0a4d26`](https://github.com/nodejs/node/commit/f1cc0a4d26)] - **test**: add regex check in test-buffer-bad-overload (Sam Shull) [#10038](https://github.com/nodejs/node/pull/10038)
+* [[`0684211d12`](https://github.com/nodejs/node/commit/0684211d12)] - **test**: refactor the code in test-http-keep-alive (Adrian Estrada) [#10350](https://github.com/nodejs/node/pull/10350)
+* [[`a815a23631`](https://github.com/nodejs/node/commit/a815a23631)] - **test**: improve domain-top-level-error-handler-throw (CodeVana) [#9950](https://github.com/nodejs/node/pull/9950)
+* [[`3448e8e522`](https://github.com/nodejs/node/commit/3448e8e522)] - **test**: use strictEqual in test-cwd-enoent-repl.js (Neeraj Sharma) [#9952](https://github.com/nodejs/node/pull/9952)
+* [[`fc2fd920ab`](https://github.com/nodejs/node/commit/fc2fd920ab)] - **test**: refactor test-net-reconnect-error (Duy Le) [#9903](https://github.com/nodejs/node/pull/9903)
+* [[`a7c9c5685e`](https://github.com/nodejs/node/commit/a7c9c5685e)] - **test**: add test-require-invalid-package (Duy Le) [#9903](https://github.com/nodejs/node/pull/9903)
+* [[`d1b4c5dc61`](https://github.com/nodejs/node/commit/d1b4c5dc61)] - **test**: refactor test-child-process-kill (Duy Le) [#9903](https://github.com/nodejs/node/pull/9903)
+* [[`2f92945a70`](https://github.com/nodejs/node/commit/2f92945a70)] - **test**: use consistent block spacing (Rich Trott) [#10377](https://github.com/nodejs/node/pull/10377)
+* [[`9a9e530291`](https://github.com/nodejs/node/commit/9a9e530291)] - **test**: add known_issues test for #5350 (AnnaMag) [#10319](https://github.com/nodejs/node/pull/10319)
+* [[`76b0e5bfbe`](https://github.com/nodejs/node/commit/76b0e5bfbe)] - **test**: refactor test-timers-this (Rich Trott) [#10315](https://github.com/nodejs/node/pull/10315)
+* [[`797d9a8e79`](https://github.com/nodejs/node/commit/797d9a8e79)] - **tools**: refactor json.js (Rich Trott) [#10442](https://github.com/nodejs/node/pull/10442)
+* [[`05332942e2`](https://github.com/nodejs/node/commit/05332942e2)] - **tools**: enforce linebreak after ternary operators (Michaël Zasso) [#10213](https://github.com/nodejs/node/pull/10213)
+* [[`3a7b63b81b`](https://github.com/nodejs/node/commit/3a7b63b81b)] - **tools**: enable block-spacing rule in .eslintrc (Rich Trott) [#10377](https://github.com/nodejs/node/pull/10377)
+* [[`3195fb45ae`](https://github.com/nodejs/node/commit/3195fb45ae)] - **url**: set toStringTag for the URL class (James M Snell) [#10562](https://github.com/nodejs/node/pull/10562)
+* [[`659d522d7c`](https://github.com/nodejs/node/commit/659d522d7c)] - **url**: fix accidental filemode change (James M Snell) [#10549](https://github.com/nodejs/node/pull/10549)
+* [[`6977224059`](https://github.com/nodejs/node/commit/6977224059)] - **url**: fix URL query update if searchParams changes (Michaël Zasso) [#10486](https://github.com/nodejs/node/pull/10486)
+* [[`78e867492a`](https://github.com/nodejs/node/commit/78e867492a)] - **url**: improve spec compliance of WHATWG URL (Michaël Zasso) [#10317](https://github.com/nodejs/node/pull/10317)
+* [[`2b98ea0dec`](https://github.com/nodejs/node/commit/2b98ea0dec)] - **url**: move originFor, domainToAscii and domainToUnicode (James M Snell) [#10512](https://github.com/nodejs/node/pull/10512)
+* [[`e210efad9e`](https://github.com/nodejs/node/commit/e210efad9e)] - **url**: performance improvement in URL implementation (James M Snell) [#10469](https://github.com/nodejs/node/pull/10469)
+* [[`7fbd12f876`](https://github.com/nodejs/node/commit/7fbd12f876)] - **url**: make WHATWG URL properties spec compliant (Joyee Cheung) [#10408](https://github.com/nodejs/node/pull/10408)
+* [[`495213e545`](https://github.com/nodejs/node/commit/495213e545)] - **url**: mark ignored return value in node::url::Parse(...) (Christopher J. Brody) [#10141](https://github.com/nodejs/node/pull/10141)
+* [[`ba46374cb9`](https://github.com/nodejs/node/commit/ba46374cb9)] - **watchdog**: add flag to mark handler as disabled (Bartosz Sosnowski) [#10248](https://github.com/nodejs/node/pull/10248)
+
+
## 2016-12-20, Version 7.3.0 (Current), @cjihrig
diff --git a/doc/guides/maintaining-V8.md b/doc/guides/maintaining-V8.md
index 82312cf6bcf4d1..19ee61fe20c5d7 100644
--- a/doc/guides/maintaining-V8.md
+++ b/doc/guides/maintaining-V8.md
@@ -1,10 +1,17 @@
-# Maintaining V8 in Node
+# Maintaining V8 in Node.js
# Background
-V8 follows the Chromium release schedule. The support horizon for Chromium is very different from the support horizon that Node.js needs to provide to its users. As a result Node.js needs to support a version of V8 for quite a bit longer than what upstream needs to support. Since V8 doesn't have an LTS supported branch, there is no official process around how the V8 branches in Node are maintained.
+V8 follows the Chromium release schedule. The support horizon for Chromium is
+very different from the support horizon that Node.js needs to provide to its
+users. As a result Node.js needs to support a version of V8 for quite a bit
+longer than what upstream needs to support. Since V8 doesn't have an LTS
+supported branch, there is no official process around how the V8 branches in
+Node.js are maintained.
-This document attempts to document the current processes and proposes a workflow for maintaining the V8 branches in Node.js LTS and Current releases and how the Node and V8 teams at Google can help.
+This document attempts to document the current processes and proposes a workflow
+for maintaining the V8 branches in Node.js LTS and Current releases and how the
+Node.js and V8 teams at Google can help.
# V8 Release Schedule
@@ -16,7 +23,8 @@ For example, at the time of this writing:
* **Beta**: V8 5.5 is currently in beta. It will be promoted to stable next; approximately 6 weeks after V8 5.4 shipped as stable.
* **Master**: V8 tip-of-tree corresponds to V8 5.6. This branch gets regularly released as part of the Chromium **canary** builds. This branch will be promoted to beta next when V8 5.5 ships as stable.
-All older branches are considered **abandoned**, and are not maintained by the V8 team.
+All older branches are considered **abandoned**, and are not maintained by the
+V8 team.
## V8 merge process overview
@@ -29,9 +37,11 @@ The process for backporting bug fixes to active branches is officially documente
* Merge requests to an abandoned branch will be rejected.
* Only bug fixes are accepted for backporting.
-# Node Support Requirements
+# Node.js Support Requirements
-At any given time Node needs to be maintaining a few different V8 branches for the various Current, LTS, and nightly releases. At present this list includes the following branches1:
+At any given time Node.js needs to be maintaining a few different V8 branches
+for the various Current, LTS, and nightly releases. At present this list
+includes the following branches1:
@@ -49,7 +59,7 @@ At any given time Node needs to be maintaining a few different V8 branches for t
-
Node v4.x
+
Node.js v4.x
2015-10-01
@@ -63,7 +73,7 @@ At any given time Node needs to be maintaining a few different V8 branches for t
-
Node v6.x
+
Node.js v6.x
2016-04-01
@@ -77,7 +87,7 @@ At any given time Node needs to be maintaining a few different V8 branches for t
-
Node v7.x
+
Node.js v7.x
2016-10-01
@@ -107,17 +117,22 @@ At any given time Node needs to be maintaining a few different V8 branches for t
-The versions of V8 used in Node v4.x and v6.x have already been abandoned by upstream V8. However, Node.js needs to continue supporting these branches for many months (Current branches) or several years (LTS branches).
+The versions of V8 used in Node.js v4.x and v6.x have already been abandoned by
+upstream V8. However, Node.js needs to continue supporting these branches for
+many months (Current branches) or several years (LTS branches).
# Maintenance Process
-Once a bug in Node.js has been identified to be caused by V8, the first step is to identify the versions of Node and V8 affected. The bug may be present in multiple different locations, each of which follows a slightly different process.
+Once a bug in Node.js has been identified to be caused by V8, the first step is
+to identify the versions of Node.js and V8 affected. The bug may be present in
+multiple different locations, each of which follows a slightly different
+process.
* Unfixed bugs. The bug exists in the V8 master branch.
* Fixed, but needs backport. The bug may need porting to one or more branches.
* Backporting to active branches.
* Backporting to abandoned branches.
-* Backports identified by the V8 team. Bugs identified by upstream V8 that we haven't encountered in Node yet.
+* Backports identified by the V8 team. Bugs identified by upstream V8 that we haven't encountered in Node.js yet.
## Unfixed Upstream Bugs
@@ -127,7 +142,7 @@ If the bug can be reproduced on the [`vee-eight-lkgr` branch](https://github.com
* Make sure to include a link to the corresponding Node.js issue (if one exists).
* If the fix is simple enough, you may fix it yourself; [contributions](https://github.com/v8/v8/wiki/Contributing) are welcome.
* V8's build waterfall tests your change.
-* Once the bug is fixed it may still need backporting, if it exists in other V8 branches that are still active or are branches that Node cares about. Follow the process for backporting below.
+* Once the bug is fixed it may still need backporting, if it exists in other V8 branches that are still active or are branches that Node.js cares about. Follow the process for backporting below.
## Backporting to Active Branches
@@ -142,23 +157,28 @@ If the bug exists in any of the active V8 branches, we may need to get the fix b
* Attach *merge-request-x.x* labels to the bug for any active branches that still contain the bug. (e.g. merge-request-5.3, merge-request-5.4)
* Add ofrobots-at-google.com to the cc list.
* Once the merge has been approved, it should be merged using the [merge script documented in the V8 wiki](https://github.com/v8/v8/wiki/Merging%20&%20Patching). Merging requires commit access to the V8 repository. If you don't have commit access you can indicate someone on the V8 team can do the merge for you.
-* It is possible that the merge request may not get approved, for example if it is considered to be a feature or otherwise too risky for V8 stable. In such cases we float the patch on the Node side. See the process on 'Backporting to Abandoned branches'.
+* It is possible that the merge request may not get approved, for example if it is considered to be a feature or otherwise too risky for V8 stable. In such cases we float the patch on the Node.js side. See the process on 'Backporting to Abandoned branches'.
* Once the fix has been merged upstream, it can be picked up during an update of the V8 branch, (see below).
## Backporting to Abandoned Branches
-Abandoned V8 branches are supported in the Node.js V8 repository. The fix needs to be cherry-picked in the Node.js repository and V8-CI must test the change.
+Abandoned V8 branches are supported in the Node.js V8 repository. The fix needs
+to be cherry-picked in the Node.js repository and V8-CI must test the change.
* For each abandoned V8 branch corresponding to an LTS branch that is affected by the bug:
* Open a cherry-pick PR on nodejs/node targeting the appropriate *vY.x-staging* branch (e.g. *v6.x-staging* to fix an issue in V8-5.1).
* Increase the patch level version in v8-version.h. This will not cause any problems with versioning because V8 will not publish other patches for this branch, so Node.js can effectively bump the patch version.
* In some cases the patch may require extra effort to merge in case V8 has changed substantially. For important issues we may be able to lean on the V8 team to get help with reimplementing the patch.
- * Run Node's [V8-CI](https://ci.nodejs.org/job/node-test-commit-v8-linux/) in addition to the [Node CI](https://ci.nodejs.org/job/node-test-pull-request/).
+ * Run the Node.js [V8-CI](https://ci.nodejs.org/job/node-test-commit-v8-linux/) in addition to the [Node.js CI](https://ci.nodejs.org/job/node-test-pull-request/).
-An example for workflow how to cherry-pick consider the following bug: https://crbug.com/v8/5199. From the bug we can see that it was merged by V8 into 5.2 and 5.3, and not into V8 5.1 (since it was already abandoned). Since Node.js `v6.x` uses V8 5.1, the fix needed to cherry-picked. To cherry-pick, here's an example workflow:
+An example for workflow how to cherry-pick consider the following bug:
+https://crbug.com/v8/5199. From the bug we can see that it was merged by V8 into
+5.2 and 5.3, and not into V8 5.1 (since it was already abandoned). Since Node.js
+`v6.x` uses V8 5.1, the fix needed to cherry-picked. To cherry-pick, here's an
+example workflow:
* Download and apply the commit linked-to in the issue (in this case a51f429). `curl -L https://github.com/v8/v8/commit/a51f429.patch | git apply --directory=deps/v8`. If the branches have diverged significantly, this may not apply cleanly. It may help to try to cherry-pick the merge to the oldest branch that was done upstream in V8. In this example, this would be the patch from the merge to 5.2. The hope is that this would be closer to the V8 5.1, and has a better chance of applying cleanly. If you're stuck, feel free to ping @ofrobots for help.
-* Modify the commit message to match the format we use for V8 backports. You may want to add extra description if necessary to indicate the impact of the fix on Node. In this case the original issue was descriptive enough. Example:
+* Modify the commit message to match the format we use for V8 backports. You may want to add extra description if necessary to indicate the impact of the fix on Node.js. In this case the original issue was descriptive enough. Example:
```
deps: cherry-pick a51f429 from V8 upstream
@@ -182,24 +202,38 @@ PR-URL:
## Backports Identified by the V8 team
-For bugs found through the browser or other channels, the V8 team marks bugs that might be applicable to the abandoned branches in use by Node.js. This is done through manual tagging by the V8 team and through an automated process that tags any fix that gets backported to the stable branch (as it is likely candidate for backporting further).
+For bugs found through the browser or other channels, the V8 team marks bugs
+that might be applicable to the abandoned branches in use by Node.js. This is
+done through manual tagging by the V8 team and through an automated process that
+tags any fix that gets backported to the stable branch (as it is likely
+candidate for backporting further).
Such fixes are tagged with the following labels in the V8 issue tracker:
-* `NodeJS-Backport-Review` ([V8](https://bugs.chromium.org/p/v8/issues/list?can=1&q=label%3ANodeJS-Backport-Review), [Chromium](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ANodeJS-Backport-Review)): to be reviewed if this is applicable to abandoned branches in use by Node.js. This list if regularly reviewed by the node team at Google to determine applicability to Node.js.
+* `NodeJS-Backport-Review` ([V8](https://bugs.chromium.org/p/v8/issues/list?can=1&q=label%3ANodeJS-Backport-Review), [Chromium](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ANodeJS-Backport-Review)): to be reviewed if this is applicable to abandoned branches in use by Node.js. This list if regularly reviewed by the Node.js team at Google to determine applicability to Node.js.
* `NodeJS-Backport-Approved` ([V8](https://bugs.chromium.org/p/v8/issues/list?can=1&q=label%3ANodeJS-Backport-Approved), [Chromium](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ANodeJS-Backport-Approved)): marks bugs that are deemed relevant to Node.js and should be backported.
* `NodeJS-Backport-Done` ([V8](https://bugs.chromium.org/p/v8/issues/list?can=1&q=label%3ANodeJS-Backport-Done), [Chromium](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ANodeJS-Backport-Done)): Backport for Node.js has been performed already.
* `NodeJS-Backport-Rejected` ([V8](https://bugs.chromium.org/p/v8/issues/list?can=1&q=label%3ANodeJS-Backport-Rejected), [Chromium](https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ANodeJS-Backport-Rejected)): Backport for Node.js is not desired.
-The backlog of issues with such is regularly reviewed by the node-team at Google to shepherd through the backport process. External contributors are welcome to collaborate on the backport process as well. Note that some of the bugs may be security issues and will not be visible to external collaborators.
+The backlog of issues with such is regularly reviewed by the node-team at Google
+to shepherd through the backport process. External contributors are welcome to
+collaborate on the backport process as well. Note that some of the bugs may be
+security issues and will not be visible to external collaborators.
# Updating V8
-Node keeps a vendored copy of V8 inside of deps/ directory. In addition Node may need to float patches that do not exist upstream. This means that some care may need to be taken to update the vendored copy of V8.
+Node.js keeps a vendored copy of V8 inside of deps/ directory. In addition
+Node.js may need to float patches that do not exist upstream. This means that
+some care may need to be taken to update the vendored copy of V8.
## Minor updates (patch level)
-Because there may be floating patches on the version of V8 in Node.js, it is safest to apply the patch level updates as a patch. For example, imagine that upstream V8 is at 5.0.71.47 and Node.js is at 5.0.71.32. It would be best to compute the diff between these tags on the V8 repository, and then apply that patch on the copy of V8 in Node.js. This should preserve the patches/backports that Node.js may be floating (or else cause a merge conflict).
+Because there may be floating patches on the version of V8 in Node.js, it is
+safest to apply the patch level updates as a patch. For example, imagine that
+upstream V8 is at 5.0.71.47 and Node.js is at 5.0.71.32. It would be best to
+compute the diff between these tags on the V8 repository, and then apply that
+patch on the copy of V8 in Node.js. This should preserve the patches/backports
+that Node.js may be floating (or else cause a merge conflict).
The rough outline of the process is:
@@ -216,14 +250,17 @@ curl -L https://github.com/v8/v8/compare/${V8_OLD_VERSION}...${V8_NEW_VERSION}.p
# You may want to amend the commit message to describe the nature of the update
```
-V8 also keeps tags of the form *5.4-lkgr* which point to the *Last Known Good Revision* from the 5.4 branch that can be useful in the update process above.
+V8 also keeps tags of the form *5.4-lkgr* which point to the *Last Known Good
+Revision* from the 5.4 branch that can be useful in the update process above.
## Major Updates
-We upgrade the version of V8 in Node.js master whenever a V8 release goes stable upstream, that is, whenever a new release of Chrome comes out.
+We upgrade the version of V8 in Node.js master whenever a V8 release goes stable
+upstream, that is, whenever a new release of Chrome comes out.
-Upgrading major versions would be much harder to do with the patch mechanism above. A better strategy is to
+Upgrading major versions would be much harder to do with the patch mechanism
+above. A better strategy is to
1. Audit the current master branch and look at the patches that have been floated since the last major V8 update.
1. Replace the copy of V8 in Node.js with a fresh checkout of the latest stable V8 branch. Special care must be taken to recursively update the DEPS that V8 has a compile time dependency on (at the moment of this writing, these are only trace_event and gtest_prod.h)
@@ -235,7 +272,7 @@ To audit for floating patches:
git log --oneline deps/v8
```
-To replace the copy of V8 in Node, use the '[update-v8](https://gist.github.com/targos/8da405e96e98fdff01a395bed365b816)' script2. For example, if you want to replace the copy of V8 in Node.js with the branch-head for V8 5.1 branch:
+To replace the copy of V8 in Node.js, use the '[update-v8](https://gist.github.com/targos/8da405e96e98fdff01a395bed365b816)' script2. For example, if you want to replace the copy of V8 in Node.js with the branch-head for V8 5.1 branch:
```shell
cd $NODE_DIR
@@ -243,13 +280,17 @@ rm -rf deps/v8
path/to/update-v8 branch-heads/5.1
```
-You may want to look at the commits created by the above scripts, and squash them once you have reviewed them.
+You may want to look at the commits created by the above scripts, and squash
+them once you have reviewed them.
This should be followed up with manual refloating of all relevant patches.
# Proposal: Using a fork repo to track upstream V8
-The fact that Node.js keeps a vendored, potentially edited copy of V8 in deps/ makes the above processes a bit complicated. An alternative proposal would be to create a fork of V8 at nodejs/v8 that would be used to maintain the V8 branches. This has several benefits:
+The fact that Node.js keeps a vendored, potentially edited copy of V8 in deps/
+makes the above processes a bit complicated. An alternative proposal would be to
+create a fork of V8 at nodejs/v8 that would be used to maintain the V8 branches.
+This has several benefits:
* The process to update the version of V8 in Node.js could be automated to track the tips of various V8 branches in nodejs/v8.
* It would simplify cherry-picking and porting of fixes between branches as the version bumps in v8-version.h would happen as part of this update instead of on every change.
@@ -259,17 +300,27 @@ The fact that Node.js keeps a vendored, potentially edited copy of V8 in deps/ m
This would require some tooling to:
-* A script that would update the V8 in a specific Node branch with V8 from upstream (dependent on branch abandoned vs. active).
+* A script that would update the V8 in a specific Node.js branch with V8 from upstream (dependent on branch abandoned vs. active).
* We need a script to bump V8 version numbers when a new version of V8 is promoted from nodejs/v8 to nodejs/node.
* Enabled the V8-CI build in Jenkins to build from the nodejs/v8 fork.
# Proposal: Dealing with the need to float patches to a stable/beta
-Sometimes upstream V8 may not want to merge a fix to their stable branches, but we might. An example of this would be a fix for a performance regression that only affects Node.js and not the browser. At the moment we don't have a mechanism to deal with this situation. If we float a patch and bump the V8 version, we might run into a problem if upstream releases a fix with the same version number.
-
-One idea we have been kicking around is that we could move to a 5-place version number in V8, e.g.: 5.4.500.30.${embedder}. The ${embedder} represents the number of patches an embedder is floating on top of an official V8 version. This would also help with auditing the floating patches in the Node commit history.
-
-We are trying this out in https://github.com/nodejs/node/pull/9754. If this ends up working, we will investigate making this change upstream.
+Sometimes upstream V8 may not want to merge a fix to their stable branches, but
+we might. An example of this would be a fix for a performance regression that
+only affects Node.js and not the browser. At the moment we don't have a
+mechanism to deal with this situation. If we float a patch and bump the V8
+version, we might run into a problem if upstream releases a fix with the same
+version number.
+
+One idea we have been kicking around is that we could move to a 5-place version
+number in V8, e.g.: 5.4.500.30.${embedder}. The ${embedder} represents the
+number of patches an embedder is floating on top of an official V8 version. This
+would also help with auditing the floating patches in the Node.js commit
+history.
+
+We are trying this out in https://github.com/nodejs/node/pull/9754. If this ends
+up working, we will investigate making this change upstream.
## Notes
diff --git a/doc/onboarding.md b/doc/onboarding.md
index 665890da968699..dbe3dfd569b7ae 100644
--- a/doc/onboarding.md
+++ b/doc/onboarding.md
@@ -5,14 +5,19 @@ onboarding session.
## One week before the onboarding session
-* Ask the new Collaborator if they are using two-factor authentication on their
- GitHub account. If they are not, suggest that they enable it as their account
- will have elevated privileges in many of the Node.js repositories.
+* Confirm that the new Collaborator is using two-factor authentication on their
+ GitHub account. Unless two-factor authentication is enabled, do not give an
+ account elevated privileges such as the ability to land code in the main
+ repository or to start continuous integration (CI) jobs.
## Fifteen minutes before the onboarding session
-* Prior to the onboarding session, add the new Collaborators to
-[the Collaborators team](https://github.com/orgs/nodejs/teams/collaborators).
+* Prior to the onboarding session, add the new Collaborator to
+ [the Collaborators team](https://github.com/orgs/nodejs/teams/collaborators).
+ Note that this is the step that gives the account elevated privileges, so
+ do not perform this step (or any subsequent steps) unless two-factor
+ authentication is enabled on the new Collaborator's GitHub account.
+
## Onboarding session
diff --git a/lib/_http_common.js b/lib/_http_common.js
index 46408077316207..2ce523fe6298bd 100644
--- a/lib/_http_common.js
+++ b/lib/_http_common.js
@@ -198,7 +198,6 @@ function freeParser(parser, req, socket) {
parser[kOnExecute] = null;
if (parsers.free(parser) === false)
parser.close();
- parser = null;
}
if (req) {
req.parser = null;
@@ -247,44 +246,44 @@ exports.httpSocketSetup = httpSocketSetup;
* so take care when making changes to the implementation so that the source
* code size does not exceed v8's default max_inlined_source_size setting.
**/
-function isValidTokenChar(ch) {
- if (ch >= 94 && ch <= 122)
- return true;
- if (ch >= 65 && ch <= 90)
- return true;
- if (ch === 45)
- return true;
- if (ch >= 48 && ch <= 57)
- return true;
- if (ch === 34 || ch === 40 || ch === 41 || ch === 44)
+var validTokens = [
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0 - 15
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31
+ 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, // 32 - 47
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, // 48 - 63
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, // 80 - 95
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, // 112 - 127
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 128 ...
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 // ... 255
+];
+function checkIsHttpToken(val) {
+ if (typeof val !== 'string' || val.length === 0)
+ return false;
+ if (!validTokens[val.charCodeAt(0)])
return false;
- if (ch >= 33 && ch <= 46)
+ if (val.length < 2)
return true;
- if (ch === 124 || ch === 126)
+ if (!validTokens[val.charCodeAt(1)])
+ return false;
+ if (val.length < 3)
return true;
- return false;
-}
-function checkIsHttpToken(val) {
- if (typeof val !== 'string' || val.length === 0)
+ if (!validTokens[val.charCodeAt(2)])
return false;
- if (!isValidTokenChar(val.charCodeAt(0)))
+ if (val.length < 4)
+ return true;
+ if (!validTokens[val.charCodeAt(3)])
return false;
- const len = val.length;
- if (len > 1) {
- if (!isValidTokenChar(val.charCodeAt(1)))
+ for (var i = 4; i < val.length; ++i) {
+ if (!validTokens[val.charCodeAt(i)])
return false;
- if (len > 2) {
- if (!isValidTokenChar(val.charCodeAt(2)))
- return false;
- if (len > 3) {
- if (!isValidTokenChar(val.charCodeAt(3)))
- return false;
- for (var i = 4; i < len; i++) {
- if (!isValidTokenChar(val.charCodeAt(i)))
- return false;
- }
- }
- }
}
return true;
}
@@ -300,26 +299,44 @@ exports._checkIsHttpToken = checkIsHttpToken;
* so take care when making changes to the implementation so that the source
* code size does not exceed v8's default max_inlined_source_size setting.
**/
+var validHdrChars = [
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, // 0 - 15
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 32 - 47
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 48 - 63
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 80 - 95
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, // 112 - 127
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 128 ...
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 // ... 255
+];
function checkInvalidHeaderChar(val) {
val += '';
if (val.length < 1)
return false;
- var c = val.charCodeAt(0);
- if ((c <= 31 && c !== 9) || c > 255 || c === 127)
+ if (!validHdrChars[val.charCodeAt(0)])
return true;
if (val.length < 2)
return false;
- c = val.charCodeAt(1);
- if ((c <= 31 && c !== 9) || c > 255 || c === 127)
+ if (!validHdrChars[val.charCodeAt(1)])
return true;
if (val.length < 3)
return false;
- c = val.charCodeAt(2);
- if ((c <= 31 && c !== 9) || c > 255 || c === 127)
+ if (!validHdrChars[val.charCodeAt(2)])
+ return true;
+ if (val.length < 4)
+ return false;
+ if (!validHdrChars[val.charCodeAt(3)])
return true;
- for (var i = 3; i < val.length; ++i) {
- c = val.charCodeAt(i);
- if ((c <= 31 && c !== 9) || c > 255 || c === 127)
+ for (var i = 4; i < val.length; ++i) {
+ if (!validHdrChars[val.charCodeAt(i)])
return true;
}
return false;
diff --git a/lib/_http_incoming.js b/lib/_http_incoming.js
index 5c04ab9dfe3331..d02f19424c0442 100644
--- a/lib/_http_incoming.js
+++ b/lib/_http_incoming.js
@@ -103,21 +103,17 @@ IncomingMessage.prototype.destroy = function destroy(error) {
IncomingMessage.prototype._addHeaderLines = _addHeaderLines;
function _addHeaderLines(headers, n) {
if (headers && headers.length) {
- var raw, dest;
+ var dest;
if (this.complete) {
- raw = this.rawTrailers;
+ this.rawTrailers = headers;
dest = this.trailers;
} else {
- raw = this.rawHeaders;
+ this.rawHeaders = headers;
dest = this.headers;
}
for (var i = 0; i < n; i += 2) {
- var k = headers[i];
- var v = headers[i + 1];
- raw.push(k);
- raw.push(v);
- this._addHeaderLine(k, v, dest);
+ this._addHeaderLine(headers[i], headers[i + 1], dest);
}
}
}
diff --git a/lib/_http_outgoing.js b/lib/_http_outgoing.js
index b85e3c54074d82..67a8d6f8bb8233 100644
--- a/lib/_http_outgoing.js
+++ b/lib/_http_outgoing.js
@@ -7,6 +7,8 @@ const util = require('util');
const internalUtil = require('internal/util');
const Buffer = require('buffer').Buffer;
const common = require('_http_common');
+const checkIsHttpToken = common._checkIsHttpToken;
+const checkInvalidHeaderChar = common._checkInvalidHeaderChar;
const CRLF = common.CRLF;
const trfrEncChunkExpression = common.chunkExpression;
@@ -207,23 +209,31 @@ function _storeHeader(firstLine, headers) {
messageHeader: firstLine
};
- if (headers) {
- var keys = Object.keys(headers);
- var isArray = Array.isArray(headers);
- var field, value;
-
- for (var i = 0, l = keys.length; i < l; i++) {
- var key = keys[i];
- if (isArray) {
- field = headers[key][0];
- value = headers[key][1];
+ var i;
+ var j;
+ var field;
+ var value;
+ if (headers instanceof Array) {
+ for (i = 0; i < headers.length; ++i) {
+ field = headers[i][0];
+ value = headers[i][1];
+
+ if (value instanceof Array) {
+ for (j = 0; j < value.length; j++) {
+ storeHeader(this, state, field, value[j]);
+ }
} else {
- field = key;
- value = headers[key];
+ storeHeader(this, state, field, value);
}
+ }
+ } else if (headers) {
+ var keys = Object.keys(headers);
+ for (i = 0; i < keys.length; ++i) {
+ field = keys[i];
+ value = headers[field];
- if (Array.isArray(value)) {
- for (var j = 0; j < value.length; j++) {
+ if (value instanceof Array) {
+ for (j = 0; j < value.length; j++) {
storeHeader(this, state, field, value[j]);
}
} else {
@@ -237,7 +247,7 @@ function _storeHeader(firstLine, headers) {
this.upgrading = true;
// Date header
- if (this.sendDate === true && state.sentDateHeader === false) {
+ if (this.sendDate && !state.sentDateHeader) {
state.messageHeader += 'Date: ' + utcDate() + CRLF;
}
@@ -253,8 +263,7 @@ function _storeHeader(firstLine, headers) {
// of creating security liabilities, so suppress the zero chunk and force
// the connection to close.
var statusCode = this.statusCode;
- if ((statusCode === 204 || statusCode === 304) &&
- this.chunkedEncoding === true) {
+ if ((statusCode === 204 || statusCode === 304) && this.chunkedEncoding) {
debug(statusCode + ' response should not use chunked encoding,' +
' closing connection.');
this.chunkedEncoding = false;
@@ -265,7 +274,7 @@ function _storeHeader(firstLine, headers) {
if (this._removedHeader.connection) {
this._last = true;
this.shouldKeepAlive = false;
- } else if (state.sentConnectionHeader === false) {
+ } else if (!state.sentConnectionHeader) {
var shouldSendKeepAlive = this.shouldKeepAlive &&
(state.sentContentLengthHeader ||
this.useChunkedEncodingByDefault ||
@@ -278,8 +287,7 @@ function _storeHeader(firstLine, headers) {
}
}
- if (state.sentContentLengthHeader === false &&
- state.sentTransferEncodingHeader === false) {
+ if (!state.sentContentLengthHeader && !state.sentTransferEncodingHeader) {
if (!this._hasBody) {
// Make sure we don't end the 0\r\n\r\n at the end of the message.
this.chunkedEncoding = false;
@@ -312,11 +320,11 @@ function _storeHeader(firstLine, headers) {
}
function storeHeader(self, state, field, value) {
- if (!common._checkIsHttpToken(field)) {
+ if (!checkIsHttpToken(field)) {
throw new TypeError(
'Header name must be a valid HTTP Token ["' + field + '"]');
}
- if (common._checkInvalidHeaderChar(value) === true) {
+ if (checkInvalidHeaderChar(value)) {
debug('Header "%s" contains invalid characters', field);
throw new TypeError('The header content contains invalid characters');
}
@@ -350,14 +358,14 @@ function storeHeader(self, state, field, value) {
OutgoingMessage.prototype.setHeader = function setHeader(name, value) {
- if (!common._checkIsHttpToken(name))
+ if (!checkIsHttpToken(name))
throw new TypeError(
'Header name must be a valid HTTP Token ["' + name + '"]');
if (value === undefined)
throw new Error('"value" required in setHeader("' + name + '", value)');
if (this._header)
throw new Error('Can\'t set headers after they are sent.');
- if (common._checkInvalidHeaderChar(value) === true) {
+ if (checkInvalidHeaderChar(value)) {
debug('Header "%s" contains invalid characters', name);
throw new TypeError('The header content contains invalid characters');
}
@@ -380,8 +388,7 @@ OutgoingMessage.prototype.getHeader = function getHeader(name) {
if (!this._headers) return;
- var key = name.toLowerCase();
- return this._headers[key];
+ return this._headers[name.toLowerCase()];
};
@@ -531,11 +538,11 @@ OutgoingMessage.prototype.addTrailers = function addTrailers(headers) {
field = key;
value = headers[key];
}
- if (!common._checkIsHttpToken(field)) {
+ if (!checkIsHttpToken(field)) {
throw new TypeError(
'Trailer name must be a valid HTTP Token ["' + field + '"]');
}
- if (common._checkInvalidHeaderChar(value) === true) {
+ if (checkInvalidHeaderChar(value)) {
debug('Trailer "%s" contains invalid characters', field);
throw new TypeError('The trailer content contains invalid characters');
}
@@ -546,6 +553,9 @@ OutgoingMessage.prototype.addTrailers = function addTrailers(headers) {
const crlf_buf = Buffer.from('\r\n');
+function onFinish(outmsg) {
+ outmsg.emit('finish');
+}
OutgoingMessage.prototype.end = function end(data, encoding, callback) {
if (typeof data === 'function') {
@@ -585,7 +595,6 @@ OutgoingMessage.prototype.end = function end(data, encoding, callback) {
if (this.connection && data)
this.connection.cork();
- var ret;
if (data) {
// Normal body write.
this.write(data, encoding);
@@ -594,10 +603,9 @@ OutgoingMessage.prototype.end = function end(data, encoding, callback) {
if (typeof callback === 'function')
this.once('finish', callback);
- const finish = () => {
- this.emit('finish');
- };
+ var finish = onFinish.bind(undefined, this);
+ var ret;
if (this._hasBody && this.chunkedEncoding) {
ret = this._send('0\r\n' + this._trailer + '\r\n', 'latin1', finish);
} else {
@@ -677,8 +685,7 @@ OutgoingMessage.prototype._flushOutput = function _flushOutput(socket) {
var outputCallbacks = this.outputCallbacks;
socket.cork();
for (var i = 0; i < outputLength; i++) {
- ret = socket.write(output[i], outputEncodings[i],
- outputCallbacks[i]);
+ ret = socket.write(output[i], outputEncodings[i], outputCallbacks[i]);
}
socket.uncork();
diff --git a/lib/_http_server.js b/lib/_http_server.js
index c5f92d52d54d9b..21113fc37a9f5b 100644
--- a/lib/_http_server.js
+++ b/lib/_http_server.js
@@ -88,6 +88,8 @@ function ServerResponse(req) {
if (req.method === 'HEAD') this._hasBody = false;
this.sendDate = true;
+ this._sent100 = false;
+ this._expect_continue = false;
if (req.httpVersionMajor < 1 || req.httpVersionMinor < 1) {
this.useChunkedEncodingByDefault = chunkExpression.test(req.headers.te);
@@ -195,8 +197,7 @@ function writeHead(statusCode, reason, obj) {
if (common._checkInvalidHeaderChar(this.statusMessage))
throw new Error('Invalid character in statusMessage.');
- var statusLine = 'HTTP/1.1 ' + statusCode.toString() + ' ' +
- this.statusMessage + CRLF;
+ var statusLine = 'HTTP/1.1 ' + statusCode + ' ' + this.statusMessage + CRLF;
if (statusCode === 204 || statusCode === 304 ||
(100 <= statusCode && statusCode <= 199)) {
@@ -232,7 +233,7 @@ function Server(requestListener) {
net.Server.call(this, { allowHalfOpen: true });
if (requestListener) {
- this.addListener('request', requestListener);
+ this.on('request', requestListener);
}
/* eslint-disable max-len */
@@ -242,7 +243,7 @@ function Server(requestListener) {
/* eslint-enable max-len */
this.httpAllowHalfOpen = false;
- this.addListener('connection', connectionListener);
+ this.on('connection', connectionListener);
this.timeout = 2 * 60 * 1000;
@@ -263,40 +264,6 @@ exports.Server = Server;
function connectionListener(socket) {
- var self = this;
- var outgoing = [];
- var incoming = [];
- var outgoingData = 0;
-
- function updateOutgoingData(delta) {
- // `outgoingData` is an approximate amount of bytes queued through all
- // inactive responses. If more data than the high watermark is queued - we
- // need to pause TCP socket/HTTP parser, and wait until the data will be
- // sent to the client.
- outgoingData += delta;
- if (socket._paused && outgoingData < socket._writableState.highWaterMark)
- return socketOnDrain();
- }
-
- function abortIncoming() {
- while (incoming.length) {
- var req = incoming.shift();
- req.emit('aborted');
- req.emit('close');
- }
- // abort socket._httpMessage ?
- }
-
- function serverSocketCloseListener() {
- debug('server socket close');
- // mark this parser as reusable
- if (this.parser) {
- freeParser(this.parser, null, this);
- }
-
- abortIncoming();
- }
-
debug('SERVER new http connection');
httpSocketSetup(socket);
@@ -304,18 +271,9 @@ function connectionListener(socket) {
// If the user has added a listener to the server,
// request, or response, then it's their responsibility.
// otherwise, destroy on timeout by default
- if (self.timeout)
- socket.setTimeout(self.timeout);
- socket.on('timeout', function() {
- var req = socket.parser && socket.parser.incoming;
- var reqTimeout = req && !req.complete && req.emit('timeout', socket);
- var res = socket._httpMessage;
- var resTimeout = res && res.emit('timeout', socket);
- var serverTimeout = self.emit('timeout', socket);
-
- if (!reqTimeout && !resTimeout && !serverTimeout)
- socket.destroy();
- });
+ if (this.timeout)
+ socket.setTimeout(this.timeout);
+ socket.on('timeout', socketOnTimeout.bind(undefined, this, socket));
var parser = parsers.alloc();
parser.reinitialize(HTTPParser.REQUEST);
@@ -331,17 +289,34 @@ function connectionListener(socket) {
parser.maxHeaderPairs = 2000;
}
- socket.addListener('error', socketOnError);
- socket.addListener('close', serverSocketCloseListener);
- parser.onIncoming = parserOnIncoming;
- socket.on('end', socketOnEnd);
- socket.on('data', socketOnData);
+ var state = {
+ onData: null,
+ onError: null,
+ onEnd: null,
+ onClose: null,
+ outgoing: [],
+ incoming: [],
+ // `outgoingData` is an approximate amount of bytes queued through all
+ // inactive responses. If more data than the high watermark is queued - we
+ // need to pause TCP socket/HTTP parser, and wait until the data will be
+ // sent to the client.
+ outgoingData: 0
+ };
+ state.onData = socketOnData.bind(undefined, this, socket, parser, state);
+ state.onError = socketOnError.bind(undefined, this, socket, state);
+ state.onEnd = socketOnEnd.bind(undefined, this, socket, parser, state);
+ state.onClose = socketOnClose.bind(undefined, socket, state);
+ socket.on('data', state.onData);
+ socket.on('error', state.onError);
+ socket.on('end', state.onEnd);
+ socket.on('close', state.onClose);
+ parser.onIncoming = parserOnIncoming.bind(undefined, this, socket, state);
// We are consuming socket, so it won't get any actual data
socket.on('resume', onSocketResume);
socket.on('pause', onSocketPause);
- socket.on('drain', socketOnDrain);
+ socket.on('drain', socketOnDrain.bind(undefined, socket, state));
// Override on to unconsume on `data`, `readable` listeners
socket.on = socketOnWrap;
@@ -351,205 +326,243 @@ function connectionListener(socket) {
parser._consumed = true;
parser.consume(external);
}
- external = null;
- parser[kOnExecute] = onParserExecute;
+ parser[kOnExecute] =
+ onParserExecute.bind(undefined, this, socket, parser, state);
- // TODO(isaacs): Move all these functions out of here
- function socketOnError(e) {
- // Ignore further errors
- this.removeListener('error', socketOnError);
- this.on('error', () => {});
+ socket._paused = false;
+}
+exports._connectionListener = connectionListener;
- if (!self.emit('clientError', e, this))
- this.destroy(e);
+function updateOutgoingData(socket, state, delta) {
+ state.outgoingData += delta;
+ if (socket._paused &&
+ state.outgoingData < socket._writableState.highWaterMark) {
+ return socketOnDrain(socket, state);
}
+}
- function socketOnData(d) {
- assert(!socket._paused);
- debug('SERVER socketOnData %d', d.length);
- var ret = parser.execute(d);
+function socketOnDrain(socket, state) {
+ var needPause = state.outgoingData > socket._writableState.highWaterMark;
- onParserExecuteCommon(ret, d);
+ // If we previously paused, then start reading again.
+ if (socket._paused && !needPause) {
+ socket._paused = false;
+ if (socket.parser)
+ socket.parser.resume();
+ socket.resume();
}
+}
+
+function socketOnTimeout(server, socket) {
+ var req = socket.parser && socket.parser.incoming;
+ var reqTimeout = req && !req.complete && req.emit('timeout', socket);
+ var res = socket._httpMessage;
+ var resTimeout = res && res.emit('timeout', socket);
+ var serverTimeout = server.emit('timeout', socket);
+
+ if (!reqTimeout && !resTimeout && !serverTimeout)
+ socket.destroy();
+}
- function onParserExecute(ret, d) {
- socket._unrefTimer();
- debug('SERVER socketOnParserExecute %d', ret);
- onParserExecuteCommon(ret, undefined);
+function socketOnClose(socket, state) {
+ debug('server socket close');
+ // mark this parser as reusable
+ if (socket.parser) {
+ freeParser(socket.parser, null, socket);
}
- function onParserExecuteCommon(ret, d) {
- if (ret instanceof Error) {
- debug('parse error');
- socketOnError.call(socket, ret);
- } else if (parser.incoming && parser.incoming.upgrade) {
- // Upgrade or CONNECT
- var bytesParsed = ret;
- var req = parser.incoming;
- debug('SERVER upgrade or connect', req.method);
-
- if (!d)
- d = parser.getCurrentBuffer();
-
- socket.removeListener('data', socketOnData);
- socket.removeListener('end', socketOnEnd);
- socket.removeListener('close', serverSocketCloseListener);
- unconsume(parser, socket);
- parser.finish();
- freeParser(parser, req, null);
- parser = null;
-
- var eventName = req.method === 'CONNECT' ? 'connect' : 'upgrade';
- if (self.listenerCount(eventName) > 0) {
- debug('SERVER have listener for %s', eventName);
- var bodyHead = d.slice(bytesParsed, d.length);
-
- // TODO(isaacs): Need a way to reset a stream to fresh state
- // IE, not flowing, and not explicitly paused.
- socket._readableState.flowing = null;
- self.emit(eventName, req, socket, bodyHead);
- } else {
- // Got upgrade header or CONNECT method, but have no handler.
- socket.destroy();
- }
- }
+ abortIncoming(state.incoming);
+}
- if (socket._paused && socket.parser) {
- // onIncoming paused the socket, we should pause the parser as well
- debug('pause parser');
- socket.parser.pause();
- }
+function abortIncoming(incoming) {
+ while (incoming.length) {
+ var req = incoming.shift();
+ req.emit('aborted');
+ req.emit('close');
}
+ // abort socket._httpMessage ?
+}
- function socketOnEnd() {
- var socket = this;
- var ret = parser.finish();
+function socketOnEnd(server, socket, parser, state) {
+ var ret = parser.finish();
- if (ret instanceof Error) {
- debug('parse error');
- socketOnError.call(socket, ret);
- return;
- }
+ if (ret instanceof Error) {
+ debug('parse error');
+ state.onError(ret);
+ return;
+ }
- if (!self.httpAllowHalfOpen) {
- abortIncoming();
- if (socket.writable) socket.end();
- } else if (outgoing.length) {
- outgoing[outgoing.length - 1]._last = true;
- } else if (socket._httpMessage) {
- socket._httpMessage._last = true;
- } else {
- if (socket.writable) socket.end();
- }
+ if (!server.httpAllowHalfOpen) {
+ abortIncoming(state.incoming);
+ if (socket.writable) socket.end();
+ } else if (state.outgoing.length) {
+ state.outgoing[state.outgoing.length - 1]._last = true;
+ } else if (socket._httpMessage) {
+ socket._httpMessage._last = true;
+ } else {
+ if (socket.writable) socket.end();
}
+}
+function socketOnData(server, socket, parser, state, d) {
+ assert(!socket._paused);
+ debug('SERVER socketOnData %d', d.length);
+ var ret = parser.execute(d);
- // The following callback is issued after the headers have been read on a
- // new message. In this callback we setup the response object and pass it
- // to the user.
+ onParserExecuteCommon(server, socket, parser, state, ret, d);
+}
- socket._paused = false;
- function socketOnDrain() {
- var needPause = outgoingData > socket._writableState.highWaterMark;
-
- // If we previously paused, then start reading again.
- if (socket._paused && !needPause) {
- socket._paused = false;
- if (socket.parser)
- socket.parser.resume();
- socket.resume();
+function onParserExecute(server, socket, parser, state, ret, d) {
+ socket._unrefTimer();
+ debug('SERVER socketOnParserExecute %d', ret);
+ onParserExecuteCommon(server, socket, parser, state, ret, undefined);
+}
+
+function socketOnError(server, socket, state, e) {
+ // Ignore further errors
+ socket.removeListener('error', state.onError);
+ socket.on('error', () => {});
+
+ if (!server.emit('clientError', e, socket))
+ socket.destroy(e);
+}
+
+function onParserExecuteCommon(server, socket, parser, state, ret, d) {
+ if (ret instanceof Error) {
+ debug('parse error');
+ state.onError(ret);
+ } else if (parser.incoming && parser.incoming.upgrade) {
+ // Upgrade or CONNECT
+ var bytesParsed = ret;
+ var req = parser.incoming;
+ debug('SERVER upgrade or connect', req.method);
+
+ if (!d)
+ d = parser.getCurrentBuffer();
+
+ socket.removeListener('data', state.onData);
+ socket.removeListener('end', state.onEnd);
+ socket.removeListener('close', state.onClose);
+ unconsume(parser, socket);
+ parser.finish();
+ freeParser(parser, req, null);
+ parser = null;
+
+ var eventName = req.method === 'CONNECT' ? 'connect' : 'upgrade';
+ if (server.listenerCount(eventName) > 0) {
+ debug('SERVER have listener for %s', eventName);
+ var bodyHead = d.slice(bytesParsed, d.length);
+
+ // TODO(isaacs): Need a way to reset a stream to fresh state
+ // IE, not flowing, and not explicitly paused.
+ socket._readableState.flowing = null;
+ server.emit(eventName, req, socket, bodyHead);
+ } else {
+ // Got upgrade header or CONNECT method, but have no handler.
+ socket.destroy();
}
}
- function parserOnIncoming(req, shouldKeepAlive) {
- incoming.push(req);
-
- // If the writable end isn't consuming, then stop reading
- // so that we don't become overwhelmed by a flood of
- // pipelined requests that may never be resolved.
- if (!socket._paused) {
- var needPause = socket._writableState.needDrain ||
- outgoingData >= socket._writableState.highWaterMark;
- if (needPause) {
- socket._paused = true;
- // We also need to pause the parser, but don't do that until after
- // the call to execute, because we may still be processing the last
- // chunk.
- socket.pause();
- }
- }
+ if (socket._paused && socket.parser) {
+ // onIncoming paused the socket, we should pause the parser as well
+ debug('pause parser');
+ socket.parser.pause();
+ }
+}
- var res = new ServerResponse(req);
- res._onPendingData = updateOutgoingData;
+function resOnFinish(req, res, socket, state) {
+ // Usually the first incoming element should be our request. it may
+ // be that in the case abortIncoming() was called that the incoming
+ // array will be empty.
+ assert(state.incoming.length === 0 || state.incoming[0] === req);
- res.shouldKeepAlive = shouldKeepAlive;
- DTRACE_HTTP_SERVER_REQUEST(req, socket);
- LTTNG_HTTP_SERVER_REQUEST(req, socket);
- COUNTER_HTTP_SERVER_REQUEST();
+ state.incoming.shift();
- if (socket._httpMessage) {
- // There are already pending outgoing res, append.
- outgoing.push(res);
- } else {
- res.assignSocket(socket);
+ // if the user never called req.read(), and didn't pipe() or
+ // .resume() or .on('data'), then we call req._dump() so that the
+ // bytes will be pulled off the wire.
+ if (!req._consuming && !req._readableState.resumeScheduled)
+ req._dump();
+
+ res.detachSocket(socket);
+
+ if (res._last) {
+ socket.destroySoon();
+ } else {
+ // start sending the next message
+ var m = state.outgoing.shift();
+ if (m) {
+ m.assignSocket(socket);
}
+ }
+}
- // When we're finished writing the response, check if this is the last
- // response, if so destroy the socket.
- res.on('finish', resOnFinish);
- function resOnFinish() {
- // Usually the first incoming element should be our request. it may
- // be that in the case abortIncoming() was called that the incoming
- // array will be empty.
- assert(incoming.length === 0 || incoming[0] === req);
+// The following callback is issued after the headers have been read on a
+// new message. In this callback we setup the response object and pass it
+// to the user.
+function parserOnIncoming(server, socket, state, req, keepAlive) {
+ state.incoming.push(req);
+
+ // If the writable end isn't consuming, then stop reading
+ // so that we don't become overwhelmed by a flood of
+ // pipelined requests that may never be resolved.
+ if (!socket._paused) {
+ var needPause = socket._writableState.needDrain ||
+ state.outgoingData >= socket._writableState.highWaterMark;
+ if (needPause) {
+ socket._paused = true;
+ // We also need to pause the parser, but don't do that until after
+ // the call to execute, because we may still be processing the last
+ // chunk.
+ socket.pause();
+ }
+ }
- incoming.shift();
+ var res = new ServerResponse(req);
+ res._onPendingData = updateOutgoingData.bind(undefined, socket, state);
- // if the user never called req.read(), and didn't pipe() or
- // .resume() or .on('data'), then we call req._dump() so that the
- // bytes will be pulled off the wire.
- if (!req._consuming && !req._readableState.resumeScheduled)
- req._dump();
+ res.shouldKeepAlive = keepAlive;
+ DTRACE_HTTP_SERVER_REQUEST(req, socket);
+ LTTNG_HTTP_SERVER_REQUEST(req, socket);
+ COUNTER_HTTP_SERVER_REQUEST();
- res.detachSocket(socket);
+ if (socket._httpMessage) {
+ // There are already pending outgoing res, append.
+ state.outgoing.push(res);
+ } else {
+ res.assignSocket(socket);
+ }
- if (res._last) {
- socket.destroySoon();
- } else {
- // start sending the next message
- var m = outgoing.shift();
- if (m) {
- m.assignSocket(socket);
- }
- }
- }
+ // When we're finished writing the response, check if this is the last
+ // response, if so destroy the socket.
+ var finish =
+ resOnFinish.bind(undefined, req, res, socket, state);
+ res.on('finish', finish);
+
+ if (req.headers.expect !== undefined &&
+ (req.httpVersionMajor === 1 && req.httpVersionMinor === 1)) {
+ if (continueExpression.test(req.headers.expect)) {
+ res._expect_continue = true;
- if (req.headers.expect !== undefined &&
- (req.httpVersionMajor === 1 && req.httpVersionMinor === 1)) {
- if (continueExpression.test(req.headers.expect)) {
- res._expect_continue = true;
-
- if (self.listenerCount('checkContinue') > 0) {
- self.emit('checkContinue', req, res);
- } else {
- res.writeContinue();
- self.emit('request', req, res);
- }
+ if (server.listenerCount('checkContinue') > 0) {
+ server.emit('checkContinue', req, res);
} else {
- if (self.listenerCount('checkExpectation') > 0) {
- self.emit('checkExpectation', req, res);
- } else {
- res.writeHead(417);
- res.end();
- }
+ res.writeContinue();
+ server.emit('request', req, res);
}
} else {
- self.emit('request', req, res);
+ if (server.listenerCount('checkExpectation') > 0) {
+ server.emit('checkExpectation', req, res);
+ } else {
+ res.writeHead(417);
+ res.end();
+ }
}
- return false; // Not a HEAD response. (Not even a response!)
+ } else {
+ server.emit('request', req, res);
}
+ return false; // Not a HEAD response. (Not even a response!)
}
-exports._connectionListener = connectionListener;
function onSocketResume() {
// It may seem that the socket is resumed, but this is an enemy's trick to
diff --git a/lib/_stream_readable.js b/lib/_stream_readable.js
index 0844604d960258..d6af8589f3bc85 100644
--- a/lib/_stream_readable.js
+++ b/lib/_stream_readable.js
@@ -876,9 +876,9 @@ function fromListPartial(n, list, hasStrings) {
ret = list.shift();
} else {
// result spans more than one buffer
- ret = (hasStrings
- ? copyFromBufferString(n, list)
- : copyFromBuffer(n, list));
+ ret = (hasStrings ?
+ copyFromBufferString(n, list) :
+ copyFromBuffer(n, list));
}
return ret;
}
diff --git a/lib/_stream_writable.js b/lib/_stream_writable.js
index 06499fc947fe30..b20fe8d2ea91ed 100644
--- a/lib/_stream_writable.js
+++ b/lib/_stream_writable.js
@@ -86,9 +86,7 @@ function WritableState(options, stream) {
this.bufferProcessing = false;
// the callback that's passed to _write(chunk,cb)
- this.onwrite = function(er) {
- onwrite(stream, er);
- };
+ this.onwrite = onwrite.bind(undefined, stream);
// the callback that the user supplies to write(chunk,encoding,cb)
this.writecb = null;
@@ -538,20 +536,21 @@ function endWritable(stream, state, cb) {
function CorkedRequest(state) {
this.next = null;
this.entry = null;
+ this.finish = onCorkedFinish.bind(undefined, this, state);
+}
- this.finish = (err) => {
- var entry = this.entry;
- this.entry = null;
- while (entry) {
- var cb = entry.callback;
- state.pendingcb--;
- cb(err);
- entry = entry.next;
- }
- if (state.corkedRequestsFree) {
- state.corkedRequestsFree.next = this;
- } else {
- state.corkedRequestsFree = this;
- }
- };
+function onCorkedFinish(corkReq, state, err) {
+ var entry = corkReq.entry;
+ corkReq.entry = null;
+ while (entry) {
+ var cb = entry.callback;
+ state.pendingcb--;
+ cb(err);
+ entry = entry.next;
+ }
+ if (state.corkedRequestsFree) {
+ state.corkedRequestsFree.next = corkReq;
+ } else {
+ state.corkedRequestsFree = corkReq;
+ }
}
diff --git a/lib/buffer.js b/lib/buffer.js
index 557ac867e2e0fc..a6a0d59f74f52f 100644
--- a/lib/buffer.js
+++ b/lib/buffer.js
@@ -108,6 +108,9 @@ Buffer.from = function(value, encodingOrOffset, length) {
Object.setPrototypeOf(Buffer, Uint8Array);
+// The 'assertSize' method will remove itself from the callstack when an error
+// occurs. This is done simply to keep the internal details of the
+// implementation from bleeding out to users.
function assertSize(size) {
let err = null;
@@ -117,9 +120,6 @@ function assertSize(size) {
err = new RangeError('"size" argument must not be negative');
if (err) {
- // The following hides the 'assertSize' method from the
- // callstack. This is done simply to hide the internal
- // details of the implementation from bleeding out to users.
Error.captureStackTrace(err, assertSize);
throw err;
}
@@ -258,7 +258,7 @@ function fromObject(obj) {
}
if (obj) {
- if ('length' in obj || isArrayBuffer(obj.buffer) ||
+ if (obj.length !== undefined || isArrayBuffer(obj.buffer) ||
isSharedArrayBuffer(obj.buffer)) {
if (typeof obj.length !== 'number' || obj.length !== obj.length) {
return new FastBuffer();
diff --git a/lib/events.js b/lib/events.js
index e7202bfedd0c55..6a8345ab7bc516 100644
--- a/lib/events.js
+++ b/lib/events.js
@@ -283,17 +283,20 @@ EventEmitter.prototype.prependListener =
return _addListener(this, type, listener, true);
};
-function _onceWrap(target, type, listener) {
- var fired = false;
- function g() {
- target.removeListener(type, g);
- if (!fired) {
- fired = true;
- listener.apply(target, arguments);
- }
+function onceWrapper() {
+ this.target.removeListener(this.type, this.wrapFn);
+ if (!this.fired) {
+ this.fired = true;
+ this.listener.apply(this.target, arguments);
}
- g.listener = listener;
- return g;
+}
+
+function _onceWrap(target, type, listener) {
+ var state = { fired: false, wrapFn: undefined, target, type, listener };
+ var wrapped = onceWrapper.bind(state);
+ wrapped.listener = listener;
+ state.wrapFn = wrapped;
+ return wrapped;
}
EventEmitter.prototype.once = function once(type, listener) {
@@ -474,9 +477,9 @@ function spliceOne(list, index) {
list.pop();
}
-function arrayClone(arr, i) {
- var copy = new Array(i);
- while (i--)
+function arrayClone(arr, n) {
+ var copy = new Array(n);
+ for (var i = 0; i < n; ++i)
copy[i] = arr[i];
return copy;
}
diff --git a/lib/fs.js b/lib/fs.js
index 52f392d749364c..d407cf1479eac0 100644
--- a/lib/fs.js
+++ b/lib/fs.js
@@ -6,6 +6,7 @@
const constants = process.binding('constants').fs;
const util = require('util');
const pathModule = require('path');
+const { isUint8Array } = process.binding('util');
const binding = process.binding('fs');
const fs = exports;
@@ -559,7 +560,7 @@ fs.openSync = function(path, flags, mode) {
var readWarned = false;
fs.read = function(fd, buffer, offset, length, position, callback) {
- if (!(buffer instanceof Buffer)) {
+ if (!isUint8Array(buffer)) {
// legacy string interface (fd, length, position, encoding, callback)
if (!readWarned) {
readWarned = true;
@@ -623,7 +624,7 @@ fs.readSync = function(fd, buffer, offset, length, position) {
var legacy = false;
var encoding;
- if (!(buffer instanceof Buffer)) {
+ if (!isUint8Array(buffer)) {
// legacy string interface (fd, length, position, encoding, callback)
if (!readSyncWarned) {
readSyncWarned = true;
@@ -674,7 +675,7 @@ fs.write = function(fd, buffer, offset, length, position, callback) {
var req = new FSReqWrap();
req.oncomplete = wrapper;
- if (buffer instanceof Buffer) {
+ if (isUint8Array(buffer)) {
callback = maybeCallback(callback || position || length || offset);
if (typeof offset !== 'number') {
offset = 0;
@@ -708,7 +709,7 @@ fs.write = function(fd, buffer, offset, length, position, callback) {
// OR
// fs.writeSync(fd, string[, position[, encoding]]);
fs.writeSync = function(fd, buffer, offset, length, position) {
- if (buffer instanceof Buffer) {
+ if (isUint8Array(buffer)) {
if (position === undefined)
position = null;
if (typeof offset !== 'number')
@@ -1206,7 +1207,7 @@ fs.writeFile = function(path, data, options, callback) {
});
function writeFd(fd, isUserFd) {
- var buffer = (data instanceof Buffer) ?
+ var buffer = isUint8Array(data) ?
data : Buffer.from('' + data, options.encoding || 'utf8');
var position = /a/.test(flag) ? null : 0;
@@ -1221,7 +1222,7 @@ fs.writeFileSync = function(path, data, options) {
var isUserFd = isFd(path); // file descriptor ownership
var fd = isUserFd ? path : fs.openSync(path, flag, options.mode);
- if (!(data instanceof Buffer)) {
+ if (!isUint8Array(data)) {
data = Buffer.from('' + data, options.encoding || 'utf8');
}
var offset = 0;
@@ -1531,6 +1532,7 @@ fs.realpathSync = function realpathSync(p, options) {
var stat = fs.lstatSync(base);
if (!stat.isSymbolicLink()) {
knownHard[base] = true;
+ if (cache) cache.set(base, base);
continue;
}
diff --git a/lib/internal/url.js b/lib/internal/url.js
index ba54aa8c233354..e1e1c515f842d2 100644
--- a/lib/internal/url.js
+++ b/lib/internal/url.js
@@ -67,385 +67,193 @@ class TupleOrigin {
}
toString(unicode = false) {
- var result = this.scheme;
+ var result = this[kScheme];
result += '://';
- result += unicode ? URL.domainToUnicode(this.host) : this.host;
- if (this.port !== undefined && this.port !== null)
- result += `:${this.port}`;
+ result += unicode ? domainToUnicode(this[kHost]) : this[kHost];
+ if (this[kPort] !== undefined && this[kPort] !== null)
+ result += `:${this[kPort]}`;
return result;
}
inspect() {
return `TupleOrigin {
- scheme: ${this.scheme},
- host: ${this.host},
- port: ${this.port},
- domain: ${this.domain}
+ scheme: ${this[kScheme]},
+ host: ${this[kHost]},
+ port: ${this[kPort]},
+ domain: ${this[kDomain]}
}`;
}
}
-class URL {
- constructor(input, base) {
- if (base !== undefined && !(base instanceof URL))
- base = new URL(String(base));
- input = String(input);
- const base_context = base ? base[context] : undefined;
- this[context] = new StorageObject();
- binding.parse(input.trim(), -1, base_context, undefined,
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- throw new TypeError('Invalid URL');
- this[context].flags = flags;
- this[context].scheme = protocol;
- this[context].username = username;
- this[context].password = password;
- this[context].port = port;
- this[context].path = path;
- this[context].query = query;
- this[context].fragment = fragment;
- this[context].host = host;
- this[searchParams] = new URLSearchParams(query);
- this[searchParams][context] = this;
- });
- }
-
- get origin() {
- return URL.originFor(this).toString(true);
- }
+function onParseComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ throw new TypeError('Invalid URL');
+ var ctx = this[context];
+ ctx.flags = flags;
+ ctx.scheme = protocol;
+ ctx.username = username;
+ ctx.password = password;
+ ctx.port = port;
+ ctx.path = path;
+ ctx.query = query;
+ ctx.fragment = fragment;
+ ctx.host = host;
+ if (this[searchParams]) { // invoked from href setter
+ initSearchParams(this[searchParams], query);
+ } else {
+ this[searchParams] = new URLSearchParams(query);
+ }
+ this[searchParams][context] = this;
+}
- get [special]() {
- return (this[context].flags & binding.URL_FLAGS_SPECIAL) != 0;
+// Reused by URL constructor and URL#href setter.
+function parse(url, input, base) {
+ input = String(input);
+ const base_context = base ? base[context] : undefined;
+ url[context] = new StorageObject();
+ binding.parse(input.trim(), -1,
+ base_context, undefined,
+ onParseComplete.bind(url));
+}
+
+function onParseProtocolComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const newIsSpecial = (flags & binding.URL_FLAGS_SPECIAL) !== 0;
+ const s = this[special];
+ const ctx = this[context];
+ if ((s && !newIsSpecial) || (!s && newIsSpecial)) {
+ return;
}
+ if (newIsSpecial) {
+ ctx.flags |= binding.URL_FLAGS_SPECIAL;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_SPECIAL;
+ }
+ if (protocol) {
+ ctx.scheme = protocol;
+ ctx.flags |= binding.URL_FLAGS_HAS_SCHEME;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_SCHEME;
+ }
+}
- get [cannotBeBase]() {
- return (this[context].flags & binding.URL_FLAGS_CANNOT_BE_BASE) != 0;
- }
-
- get protocol() {
- return this[context].scheme;
- }
-
- get searchParams() {
- return this[searchParams];
- }
-
- set protocol(scheme) {
- scheme = String(scheme);
- if (scheme.length === 0)
- return;
- binding.parse(scheme,
- binding.kSchemeStart,
- null,
- this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- const newIsSpecial = (flags & binding.URL_FLAGS_SPECIAL) != 0;
- if ((this[special] && !newIsSpecial) ||
- (!this[special] && newIsSpecial) ||
- (newIsSpecial && !this[special] &&
- this[context].host === undefined)) {
- return;
- }
- if (newIsSpecial) {
- this[context].flags |= binding.URL_FLAGS_SPECIAL;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_SPECIAL;
- }
- if (protocol) {
- this[context].scheme = protocol;
- this[context].flags |= binding.URL_FLAGS_HAS_SCHEME;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_SCHEME;
- }
- });
+function onParseHostComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const ctx = this[context];
+ if (host) {
+ ctx.host = host;
+ ctx.flags |= binding.URL_FLAGS_HAS_HOST;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_HOST;
+ }
+ if (port !== undefined)
+ ctx.port = port;
+}
+
+function onParseHostnameComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const ctx = this[context];
+ if (host) {
+ ctx.host = host;
+ ctx.flags |= binding.URL_FLAGS_HAS_HOST;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_HOST;
}
+}
+
+function onParsePortComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ this[context].port = port;
+}
- get username() {
- return this[context].username || '';
+function onParsePathComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const ctx = this[context];
+ if (path) {
+ ctx.path = path;
+ ctx.flags |= binding.URL_FLAGS_HAS_PATH;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_PATH;
}
+}
- set username(username) {
- username = String(username);
- if (!this.hostname)
- return;
- if (!username) {
- this[context].username = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_USERNAME;
- return;
- }
- this[context].username = binding.encodeAuth(username);
- this[context].flags |= binding.URL_FLAGS_HAS_USERNAME;
+function onParseSearchComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const ctx = this[context];
+ if (query) {
+ ctx.query = query;
+ ctx.flags |= binding.URL_FLAGS_HAS_QUERY;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_QUERY;
}
+}
- get password() {
- return this[context].password || '';
+function onParseHashComplete(flags, protocol, username, password,
+ host, port, path, query, fragment) {
+ if (flags & binding.URL_FLAGS_FAILED)
+ return;
+ const ctx = this[context];
+ if (fragment) {
+ ctx.fragment = fragment;
+ ctx.flags |= binding.URL_FLAGS_HAS_FRAGMENT;
+ } else {
+ ctx.flags &= ~binding.URL_FLAGS_HAS_FRAGMENT;
}
+}
- set password(password) {
- password = String(password);
- if (!this.hostname)
- return;
- if (!password) {
- this[context].password = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_PASSWORD;
- return;
- }
- this[context].password = binding.encodeAuth(password);
- this[context].flags |= binding.URL_FLAGS_HAS_PASSWORD;
+class URL {
+ constructor(input, base) {
+ if (base !== undefined && !(base instanceof URL))
+ base = new URL(String(base));
+ parse(this, input, base);
}
- get host() {
- var ret = this[context].host || '';
- if (this[context].port !== undefined)
- ret += `:${this[context].port}`;
- return ret;
+ get [Symbol.toStringTag]() {
+ return this instanceof URL ? 'URL' : 'URLPrototype';
}
- set host(host) {
- host = String(host);
- if (this[cannotBeBase] ||
- (this[special] && host.length === 0)) {
- // Cannot set the host if cannot-be-base is set or
- // scheme is special and host length is zero
- return;
- }
- if (!host) {
- this[context].host = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_HOST;
- return;
- }
- binding.parse(host, binding.kHost, null, this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- if (host) {
- this[context].host = host;
- this[context].flags |= binding.URL_FLAGS_HAS_HOST;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_HOST;
- }
- if (port !== undefined)
- this[context].port = port;
- });
- }
-
- get hostname() {
- return this[context].host || '';
- }
-
- set hostname(host) {
- host = String(host);
- if (this[cannotBeBase] ||
- (this[special] && host.length === 0)) {
- // Cannot set the host if cannot-be-base is set or
- // scheme is special and host length is zero
- return;
- }
- if (!host) {
- this[context].host = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_HOST;
- return;
- }
- binding.parse(host,
- binding.kHostname,
- null,
- this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- if (host) {
- this[context].host = host;
- this[context].flags |= binding.URL_FLAGS_HAS_HOST;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_HOST;
- }
- });
+ get [special]() {
+ return (this[context].flags & binding.URL_FLAGS_SPECIAL) !== 0;
}
- get port() {
- const port = this[context].port;
- return port === undefined ? '' : String(port);
- }
-
- set port(port) {
- if (!this[context].host || this[cannotBeBase] || this.protocol === 'file:')
- return;
- port = String(port);
- if (port === '') {
- // Currently, if port number is empty, left unchanged.
- // TODO(jasnell): This might be changing in the spec
- return;
- }
- binding.parse(port, binding.kPort, null, this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- this[context].port = port;
- });
- }
-
- get pathname() {
- if (this[cannotBeBase])
- return this[context].path[0];
- return this[context].path !== undefined ?
- `/${this[context].path.join('/')}` : '';
- }
-
- set pathname(path) {
- if (this[cannotBeBase])
- return;
- path = String(path);
- binding.parse(path,
- binding.kPathStart,
- null,
- this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- if (path) {
- this[context].path = path;
- this[context].flags |= binding.URL_FLAGS_HAS_PATH;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_PATH;
- }
- });
- }
-
- get search() {
- return !this[context].query ? '' : `?${this[context].query}`;
- }
-
- set search(search) {
- search = String(search);
- if (search[0] === '?') search = search.slice(1);
- if (!search) {
- this[context].query = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_QUERY;
- this[searchParams][searchParams] = {};
- return;
- }
- this[context].query = '';
- binding.parse(search,
- binding.kQuery,
- null,
- this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- if (query) {
- this[context].query = query;
- this[context].flags |= binding.URL_FLAGS_HAS_QUERY;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_QUERY;
- }
- });
- this[searchParams][searchParams] = querystring.parse(search);
- }
-
- get hash() {
- return !this[context].fragment ? '' : `#${this[context].fragment}`;
- }
-
- set hash(hash) {
- hash = String(hash);
- if (this.protocol === 'javascript:')
- return;
- if (!hash) {
- this[context].fragment = null;
- this[context].flags &= ~binding.URL_FLAGS_HAS_FRAGMENT;
- return;
- }
- if (hash[0] === '#') hash = hash.slice(1);
- this[context].fragment = '';
- binding.parse(hash,
- binding.kFragment,
- null,
- this[context],
- (flags, protocol, username, password,
- host, port, path, query, fragment) => {
- if (flags & binding.URL_FLAGS_FAILED)
- return;
- if (fragment) {
- this[context].fragment = fragment;
- this[context].flags |= binding.URL_FLAGS_HAS_FRAGMENT;
- } else {
- this[context].flags &= ~binding.URL_FLAGS_HAS_FRAGMENT;
- }
- });
- }
-
- get href() {
- return this.toString();
- }
-
- toString(options) {
- options = options || {};
- const fragment =
- options.fragment !== undefined ?
- !!options.fragment : true;
- const unicode = !!options.unicode;
- var ret;
- if (this.protocol)
- ret = this.protocol;
- if (this[context].host !== undefined) {
- ret += '//';
- const has_username = typeof this[context].username === 'string';
- const has_password = typeof this[context].password === 'string';
- if (has_username || has_password) {
- if (has_username)
- ret += this[context].username;
- if (has_password)
- ret += `:${this[context].password}`;
- ret += '@';
- }
- if (unicode) {
- ret += punycode.toUnicode(this.hostname);
- if (this.port !== undefined)
- ret += `:${this.port}`;
- } else {
- ret += this.host;
- }
- } else if (this[context].scheme === 'file:') {
- ret += '//';
- }
- if (this.pathname)
- ret += this.pathname;
- if (typeof this[context].query === 'string')
- ret += `?${this[context].query}`;
- if (fragment & typeof this[context].fragment === 'string')
- ret += `#${this[context].fragment}`;
- return ret;
+ get [cannotBeBase]() {
+ return (this[context].flags & binding.URL_FLAGS_CANNOT_BE_BASE) !== 0;
}
inspect(depth, opts) {
+ const ctx = this[context];
var ret = 'URL {\n';
ret += ` href: ${this.href}\n`;
- if (this[context].scheme !== undefined)
+ if (ctx.scheme !== undefined)
ret += ` protocol: ${this.protocol}\n`;
- if (this[context].username !== undefined)
+ if (ctx.username !== undefined)
ret += ` username: ${this.username}\n`;
- if (this[context].password !== undefined) {
- const pwd = opts.showHidden ? this[context].password : '--------';
+ if (ctx.password !== undefined) {
+ const pwd = opts.showHidden ? ctx.password : '--------';
ret += ` password: ${pwd}\n`;
}
- if (this[context].host !== undefined)
+ if (ctx.host !== undefined)
ret += ` hostname: ${this.hostname}\n`;
- if (this[context].port !== undefined)
+ if (ctx.port !== undefined)
ret += ` port: ${this.port}\n`;
- if (this[context].path !== undefined)
+ if (ctx.path !== undefined)
ret += ` pathname: ${this.pathname}\n`;
- if (this[context].query !== undefined)
+ if (ctx.query !== undefined)
ret += ` search: ${this.search}\n`;
- if (this[context].fragment !== undefined)
+ if (ctx.fragment !== undefined)
ret += ` hash: ${this.hash}\n`;
if (opts.showHidden) {
ret += ` cannot-be-base: ${this[cannotBeBase]}\n`;
@@ -456,7 +264,270 @@ class URL {
}
}
-var hexTable = new Array(256);
+Object.defineProperties(URL.prototype, {
+ toString: {
+ // https://heycam.github.io/webidl/#es-stringifier
+ writable: true,
+ enumerable: true,
+ configurable: true,
+ // eslint-disable-next-line func-name-matching
+ value: function toString(options) {
+ options = options || {};
+ const fragment =
+ options.fragment !== undefined ?
+ !!options.fragment : true;
+ const unicode = !!options.unicode;
+ const ctx = this[context];
+ var ret;
+ if (this.protocol)
+ ret = this.protocol;
+ if (ctx.host !== undefined) {
+ ret += '//';
+ const has_username = typeof ctx.username === 'string';
+ const has_password = typeof ctx.password === 'string';
+ if (has_username || has_password) {
+ if (has_username)
+ ret += ctx.username;
+ if (has_password)
+ ret += `:${ctx.password}`;
+ ret += '@';
+ }
+ if (unicode) {
+ ret += punycode.toUnicode(this.hostname);
+ if (this.port !== undefined)
+ ret += `:${this.port}`;
+ } else {
+ ret += this.host;
+ }
+ } else if (ctx.scheme === 'file:') {
+ ret += '//';
+ }
+ if (this.pathname)
+ ret += this.pathname;
+ if (typeof ctx.query === 'string')
+ ret += `?${ctx.query}`;
+ if (fragment & typeof ctx.fragment === 'string')
+ ret += `#${ctx.fragment}`;
+ return ret;
+ }
+ },
+ href: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this.toString();
+ },
+ set(input) {
+ parse(this, input);
+ }
+ },
+ origin: { // readonly
+ enumerable: true,
+ configurable: true,
+ get() {
+ return originFor(this).toString(true);
+ }
+ },
+ protocol: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this[context].scheme;
+ },
+ set(scheme) {
+ scheme = String(scheme);
+ if (scheme.length === 0)
+ return;
+ binding.parse(scheme, binding.kSchemeStart, null, this[context],
+ onParseProtocolComplete.bind(this));
+ }
+ },
+ username: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this[context].username || '';
+ },
+ set(username) {
+ username = String(username);
+ if (!this.hostname)
+ return;
+ const ctx = this[context];
+ if (!username) {
+ ctx.username = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_USERNAME;
+ return;
+ }
+ ctx.username = binding.encodeAuth(username);
+ ctx.flags |= binding.URL_FLAGS_HAS_USERNAME;
+ }
+ },
+ password: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this[context].password || '';
+ },
+ set(password) {
+ password = String(password);
+ if (!this.hostname)
+ return;
+ const ctx = this[context];
+ if (!password) {
+ ctx.password = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_PASSWORD;
+ return;
+ }
+ ctx.password = binding.encodeAuth(password);
+ ctx.flags |= binding.URL_FLAGS_HAS_PASSWORD;
+ }
+ },
+ host: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ const ctx = this[context];
+ var ret = ctx.host || '';
+ if (ctx.port !== undefined)
+ ret += `:${ctx.port}`;
+ return ret;
+ },
+ set(host) {
+ const ctx = this[context];
+ host = String(host);
+ if (this[cannotBeBase] ||
+ (this[special] && host.length === 0)) {
+ // Cannot set the host if cannot-be-base is set or
+ // scheme is special and host length is zero
+ return;
+ }
+ if (!host) {
+ ctx.host = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_HOST;
+ return;
+ }
+ binding.parse(host, binding.kHost, null, ctx,
+ onParseHostComplete.bind(this));
+ }
+ },
+ hostname: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this[context].host || '';
+ },
+ set(host) {
+ const ctx = this[context];
+ host = String(host);
+ if (this[cannotBeBase] ||
+ (this[special] && host.length === 0)) {
+ // Cannot set the host if cannot-be-base is set or
+ // scheme is special and host length is zero
+ return;
+ }
+ if (!host) {
+ ctx.host = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_HOST;
+ return;
+ }
+ binding.parse(host, binding.kHostname, null, ctx,
+ onParseHostnameComplete.bind(this));
+ }
+ },
+ port: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ const port = this[context].port;
+ return port === undefined ? '' : String(port);
+ },
+ set(port) {
+ const ctx = this[context];
+ if (!ctx.host || this[cannotBeBase] ||
+ this.protocol === 'file:')
+ return;
+ port = String(port);
+ if (port === '') {
+ ctx.port = undefined;
+ return;
+ }
+ binding.parse(port, binding.kPort, null, ctx,
+ onParsePortComplete.bind(this));
+ }
+ },
+ pathname: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ const ctx = this[context];
+ if (this[cannotBeBase])
+ return ctx.path[0];
+ return ctx.path !== undefined ? `/${ctx.path.join('/')}` : '';
+ },
+ set(path) {
+ if (this[cannotBeBase])
+ return;
+ binding.parse(String(path), binding.kPathStart, null, this[context],
+ onParsePathComplete.bind(this));
+ }
+ },
+ search: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ const ctx = this[context];
+ return !ctx.query ? '' : `?${ctx.query}`;
+ },
+ set(search) {
+ const ctx = this[context];
+ search = String(search);
+ if (!search) {
+ ctx.query = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_QUERY;
+ this[searchParams][searchParams] = {};
+ return;
+ }
+ if (search[0] === '?') search = search.slice(1);
+ ctx.query = '';
+ binding.parse(search, binding.kQuery, null, ctx,
+ onParseSearchComplete.bind(this));
+ this[searchParams][searchParams] = querystring.parse(search);
+ }
+ },
+ searchParams: { // readonly
+ enumerable: true,
+ configurable: true,
+ get() {
+ return this[searchParams];
+ }
+ },
+ hash: {
+ enumerable: true,
+ configurable: true,
+ get() {
+ const ctx = this[context];
+ return !ctx.fragment ? '' : `#${ctx.fragment}`;
+ },
+ set(hash) {
+ const ctx = this[context];
+ hash = String(hash);
+ if (this.protocol === 'javascript:')
+ return;
+ if (!hash) {
+ ctx.fragment = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_FRAGMENT;
+ return;
+ }
+ if (hash[0] === '#') hash = hash.slice(1);
+ ctx.fragment = '';
+ binding.parse(hash, binding.kFragment, null, ctx,
+ onParseHashComplete.bind(this));
+ }
+ }
+});
+
+const hexTable = new Array(256);
+
for (var i = 0; i < 256; ++i)
hexTable[i] = '%' + ((i < 16 ? '0' : '') + i.toString(16)).toUpperCase();
function encodeAuth(str) {
@@ -526,7 +597,15 @@ function update(url, params) {
if (!url)
return;
- url[context].query = params.toString();
+ const ctx = url[context];
+ const serializedParams = params.toString();
+ if (serializedParams) {
+ ctx.query = serializedParams;
+ ctx.flags |= binding.URL_FLAGS_HAS_QUERY;
+ } else {
+ ctx.query = null;
+ ctx.flags &= ~binding.URL_FLAGS_HAS_QUERY;
+ }
}
function getSearchParamPairs(target) {
@@ -546,6 +625,12 @@ function getSearchParamPairs(target) {
return values;
}
+// Reused by the URL parse function invoked by
+// the href setter, and the URLSearchParams constructor
+function initSearchParams(url, init) {
+ url[searchParams] = querystring.parse(init);
+}
+
class URLSearchParams {
constructor(init = '') {
if (init instanceof URLSearchParams) {
@@ -554,20 +639,16 @@ class URLSearchParams {
} else {
init = String(init);
if (init[0] === '?') init = init.slice(1);
- this[searchParams] = querystring.parse(init);
+ initSearchParams(this, init);
}
// "associated url object"
this[context] = null;
+ }
- // Class string for an instance of URLSearchParams. This is different from
- // the class string of the prototype object (set below).
- Object.defineProperty(this, Symbol.toStringTag, {
- value: 'URLSearchParams',
- writable: false,
- enumerable: false,
- configurable: true
- });
+ get [Symbol.toStringTag]() {
+ return this instanceof URLSearchParams ?
+ 'URLSearchParams' : 'URLSearchParamsPrototype';
}
append(name, value) {
@@ -722,12 +803,6 @@ class URLSearchParams {
}
// https://heycam.github.io/webidl/#es-iterable-entries
URLSearchParams.prototype[Symbol.iterator] = URLSearchParams.prototype.entries;
-Object.defineProperty(URLSearchParams.prototype, Symbol.toStringTag, {
- value: 'URLSearchParamsPrototype',
- writable: false,
- enumerable: false,
- configurable: true
-});
// https://heycam.github.io/webidl/#dfn-default-iterator-object
function createSearchParamsIterator(target, kind) {
@@ -790,7 +865,7 @@ Object.defineProperty(URLSearchParamsIteratorPrototype, Symbol.toStringTag, {
configurable: true
});
-URL.originFor = function(url, base) {
+function originFor(url, base) {
if (!(url instanceof URL))
url = new URL(url, base);
var origin;
@@ -822,14 +897,18 @@ URL.originFor = function(url, base) {
origin = new OpaqueOrigin();
}
return origin;
-};
+}
-URL.domainToASCII = function(domain) {
+function domainToASCII(domain) {
return binding.domainToASCII(String(domain));
-};
-URL.domainToUnicode = function(domain) {
+}
+
+function domainToUnicode(domain) {
return binding.domainToUnicode(String(domain));
-};
+}
exports.URL = URL;
+exports.originFor = originFor;
+exports.domainToASCII = domainToASCII;
+exports.domainToUnicode = domainToUnicode;
exports.encodeAuth = encodeAuth;
diff --git a/lib/repl.js b/lib/repl.js
index 2bb25e8ca3391b..858ccd883850d3 100644
--- a/lib/repl.js
+++ b/lib/repl.js
@@ -433,13 +433,12 @@ function REPLServer(prompt,
self.lines.level = [];
// Figure out which "complete" function to use.
- self.completer = (typeof options.completer === 'function')
- ? options.completer
- : completer;
+ self.completer = (typeof options.completer === 'function') ?
+ options.completer : completer;
function completer(text, cb) {
- complete.call(self, text, self.editorMode
- ? self.completeOnEditorMode(cb) : cb);
+ complete.call(self, text, self.editorMode ?
+ self.completeOnEditorMode(cb) : cb);
}
Interface.call(this, {
@@ -795,7 +794,7 @@ ArrayStream.prototype.writable = true;
ArrayStream.prototype.resume = function() {};
ArrayStream.prototype.write = function() {};
-const requireRE = /\brequire\s*\(['"](([\w./-]+\/)?([\w./-]*))/;
+const requireRE = /\brequire\s*\(['"](([\w@./-]+\/)?([\w@./-]*))/;
const simpleExpressionRE =
/(([a-zA-Z_$](?:\w|\$)*)\.)*([a-zA-Z_$](?:\w|\$)*)\.?$/;
diff --git a/lib/url.js b/lib/url.js
index 75f4967ad2b6d3..1dfab2eaaf7fca 100644
--- a/lib/url.js
+++ b/lib/url.js
@@ -17,6 +17,9 @@ exports.resolve = urlResolve;
exports.resolveObject = urlResolveObject;
exports.format = urlFormat;
exports.URL = internalUrl.URL;
+exports.originFor = internalUrl.originFor;
+exports.domainToASCII = internalUrl.domainToASCII;
+exports.domainToUnicode = internalUrl.domainToUnicode;
exports.Url = Url;
@@ -381,9 +384,9 @@ Url.prototype.parse = function(url, parseQueryString, slashesDenoteHost) {
}
var firstIdx = (questionIdx !== -1 &&
- (hashIdx === -1 || questionIdx < hashIdx)
- ? questionIdx
- : hashIdx);
+ (hashIdx === -1 || questionIdx < hashIdx) ?
+ questionIdx :
+ hashIdx);
if (firstIdx === -1) {
if (rest.length > 0)
this.pathname = rest;
diff --git a/node.gyp b/node.gyp
index f59037737c905a..2b720a46791b73 100644
--- a/node.gyp
+++ b/node.gyp
@@ -318,8 +318,10 @@
'sources': [
'src/inspector_agent.cc',
'src/inspector_socket.cc',
- 'src/inspector_socket.h',
+ 'src/inspector_socket_server.cc',
'src/inspector_agent.h',
+ 'src/inspector_socket.h',
+ 'src/inspector_socket_server.h',
],
'dependencies': [
'deps/v8_inspector/src/inspector/inspector.gyp:standalone_inspector',
@@ -868,7 +870,8 @@
'dependencies': [ 'deps/gtest/gtest.gyp:gtest' ],
'include_dirs': [
'src',
- 'deps/v8/include'
+ 'deps/v8/include',
+ '<(SHARED_INTERMEDIATE_DIR)'
],
'defines': [
# gtest's ASSERT macros conflict with our own.
@@ -886,9 +889,21 @@
'conditions': [
['v8_inspector=="true"', {
+ 'defines': [
+ 'HAVE_INSPECTOR=1',
+ ],
+ 'dependencies': [
+ 'deps/zlib/zlib.gyp:zlib',
+ 'v8_inspector_compress_protocol_json#host'
+ ],
+ 'include_dirs': [
+ '<(SHARED_INTERMEDIATE_DIR)'
+ ],
'sources': [
'src/inspector_socket.cc',
- 'test/cctest/test_inspector_socket.cc'
+ 'src/inspector_socket_server.cc',
+ 'test/cctest/test_inspector_socket.cc',
+ 'test/cctest/test_inspector_socket_server.cc'
],
'conditions': [
[ 'node_shared_openssl=="false"', {
@@ -936,6 +951,16 @@
}, {
'type': 'executable',
}],
+ ['target_arch=="ppc64"', {
+ 'ldflags': [
+ '-Wl,-blibpath:/usr/lib:/lib:/opt/freeware/lib/pthread/ppc64'
+ ],
+ }],
+ ['target_arch=="ppc"', {
+ 'ldflags': [
+ '-Wl,-blibpath:/usr/lib:/lib:/opt/freeware/lib/pthread'
+ ],
+ }]
],
'dependencies': ['<(node_core_target_name)', 'node_exp'],
diff --git a/src/async-wrap.cc b/src/async-wrap.cc
index 42463bd22b31f4..a0780566db72d8 100644
--- a/src/async-wrap.cc
+++ b/src/async-wrap.cc
@@ -199,7 +199,9 @@ void AsyncWrap::DestroyIdsCb(uv_idle_t* handle) {
TryCatch try_catch(env->isolate());
- for (auto current_id : *env->destroy_ids_list()) {
+ std::vector destroy_ids_list;
+ destroy_ids_list.swap(*env->destroy_ids_list());
+ for (auto current_id : destroy_ids_list) {
// Want each callback to be cleaned up after itself, instead of cleaning
// them all up after the while() loop completes.
HandleScope scope(env->isolate());
@@ -212,6 +214,8 @@ void AsyncWrap::DestroyIdsCb(uv_idle_t* handle) {
FatalException(env->isolate(), try_catch);
}
}
+
+ env->destroy_ids_list()->clear();
}
diff --git a/src/inspector_agent.cc b/src/inspector_agent.cc
index ec713942f50e7e..fc478c49a09d61 100644
--- a/src/inspector_agent.cc
+++ b/src/inspector_agent.cc
@@ -1,6 +1,6 @@
#include "inspector_agent.h"
-#include "inspector_socket.h"
+#include "inspector_socket_server.h"
#include "env.h"
#include "env-inl.h"
#include "node.h"
@@ -37,84 +37,6 @@ static const uint8_t PROTOCOL_JSON[] = {
#include "v8_inspector_protocol_json.h" // NOLINT(build/include_order)
};
-std::string GetWsUrl(int port, const std::string& id) {
- char buf[1024];
- snprintf(buf, sizeof(buf), "127.0.0.1:%d/%s", port, id.c_str());
- return buf;
-}
-
-void PrintDebuggerReadyMessage(int port, const std::string& id) {
- fprintf(stderr, "Debugger listening on port %d.\n"
- "Warning: This is an experimental feature and could change at any time.\n"
- "To start debugging, open the following URL in Chrome:\n"
- " chrome-devtools://devtools/bundled/inspector.html?"
- "experiments=true&v8only=true&ws=%s\n",
- port, GetWsUrl(port, id).c_str());
- fflush(stderr);
-}
-
-std::string MapToString(const std::map object) {
- std::ostringstream json;
- json << "[ {\n";
- bool first = true;
- for (const auto& name_value : object) {
- if (!first)
- json << ",\n";
- json << " \"" << name_value.first << "\": \"";
- json << name_value.second << "\"";
- first = false;
- }
- json << "\n} ]\n\n";
- return json.str();
-}
-
-void Escape(std::string* string) {
- for (char& c : *string) {
- c = (c == '\"' || c == '\\') ? '_' : c;
- }
-}
-
-void DisposeInspector(InspectorSocket* socket, int status) {
- delete socket;
-}
-
-void DisconnectAndDisposeIO(InspectorSocket* socket) {
- if (socket) {
- inspector_close(socket, DisposeInspector);
- }
-}
-
-void OnBufferAlloc(uv_handle_t* handle, size_t len, uv_buf_t* buf) {
- buf->base = new char[len];
- buf->len = len;
-}
-
-void SendHttpResponse(InspectorSocket* socket, const char* response,
- size_t size) {
- const char HEADERS[] = "HTTP/1.0 200 OK\r\n"
- "Content-Type: application/json; charset=UTF-8\r\n"
- "Cache-Control: no-cache\r\n"
- "Content-Length: %zu\r\n"
- "\r\n";
- char header[sizeof(HEADERS) + 20];
- int header_len = snprintf(header, sizeof(header), HEADERS, size);
- inspector_write(socket, header, header_len);
- inspector_write(socket, response, size);
-}
-
-void SendHttpResponse(InspectorSocket* socket, const std::string& response) {
- SendHttpResponse(socket, response.data(), response.size());
-}
-
-void SendVersionResponse(InspectorSocket* socket) {
- static const char response[] =
- "{\n"
- " \"Browser\": \"node.js/" NODE_VERSION "\",\n"
- " \"Protocol-Version\": \"1.1\"\n"
- "}\n";
- SendHttpResponse(socket, response, sizeof(response) - 1);
-}
-
std::string GetProcessTitle() {
// uv_get_process_title will trim the title if it is too long.
char title[2048];
@@ -126,36 +48,6 @@ std::string GetProcessTitle() {
}
}
-void SendProtocolJson(InspectorSocket* socket) {
- z_stream strm;
- strm.zalloc = Z_NULL;
- strm.zfree = Z_NULL;
- strm.opaque = Z_NULL;
- CHECK_EQ(Z_OK, inflateInit(&strm));
- static const size_t kDecompressedSize =
- PROTOCOL_JSON[0] * 0x10000u +
- PROTOCOL_JSON[1] * 0x100u +
- PROTOCOL_JSON[2];
- strm.next_in = const_cast(PROTOCOL_JSON + 3);
- strm.avail_in = sizeof(PROTOCOL_JSON) - 3;
- std::string data(kDecompressedSize, '\0');
- strm.next_out = reinterpret_cast(&data[0]);
- strm.avail_out = data.size();
- CHECK_EQ(Z_STREAM_END, inflate(&strm, Z_FINISH));
- CHECK_EQ(0, strm.avail_out);
- CHECK_EQ(Z_OK, inflateEnd(&strm));
- SendHttpResponse(socket, data);
-}
-
-const char* match_path_segment(const char* path, const char* expected) {
- size_t len = strlen(expected);
- if (StringEqualNoCaseN(path, expected, len)) {
- if (path[len] == '/') return path + len + 1;
- if (path[len] == '\0') return path + len;
- }
- return nullptr;
-}
-
// UUID RFC: https://www.ietf.org/rfc/rfc4122.txt
// Used ver 4 - with numbers
std::string GenerateID() {
@@ -201,17 +93,39 @@ std::string StringViewToUtf8(const StringView& view) {
return result;
}
-std::unique_ptr Utf8ToStringView(const char* source,
- size_t length) {
- UnicodeString utf16 = UnicodeString::fromUTF8(StringPiece(source, length));
+std::unique_ptr Utf8ToStringView(const std::string& message) {
+ UnicodeString utf16 =
+ UnicodeString::fromUTF8(StringPiece(message.data(), message.length()));
StringView view(reinterpret_cast(utf16.getBuffer()),
utf16.length());
return StringBuffer::create(view);
}
+
} // namespace
class V8NodeInspector;
+class InspectorAgentDelegate: public node::inspector::SocketServerDelegate {
+ public:
+ InspectorAgentDelegate(AgentImpl* agent, const std::string& script_path,
+ const std::string& script_name, bool wait);
+ bool StartSession(int session_id, const std::string& target_id) override;
+ void MessageReceived(int session_id, const std::string& message) override;
+ void EndSession(int session_id) override;
+ std::vector GetTargetIds() override;
+ std::string GetTargetTitle(const std::string& id) override;
+ std::string GetTargetUrl(const std::string& id) override;
+ bool IsConnected() { return connected_; }
+ private:
+ AgentImpl* agent_;
+ bool connected_;
+ int session_id_;
+ const std::string script_name_;
+ const std::string script_path_;
+ const std::string target_id_;
+ bool waiting_;
+};
+
class AgentImpl {
public:
explicit AgentImpl(node::Environment* env);
@@ -223,42 +137,37 @@ class AgentImpl {
void Stop();
bool IsStarted();
- bool IsConnected() { return state_ == State::kConnected; }
+ bool IsConnected();
void WaitForDisconnect();
void FatalException(v8::Local error,
v8::Local message);
+ void PostIncomingMessage(int session_id, const std::string& message);
+ void ResumeStartup() {
+ uv_sem_post(&start_sem_);
+ }
+
private:
using MessageQueue =
std::vector>>;
enum class State { kNew, kAccepting, kConnected, kDone, kError };
static void ThreadCbIO(void* agent);
- static void OnSocketConnectionIO(uv_stream_t* server, int status);
- static bool OnInspectorHandshakeIO(InspectorSocket* socket,
- enum inspector_handshake_event state,
- const std::string& path);
static void WriteCbIO(uv_async_t* async);
void InstallInspectorOnProcess();
void WorkerRunIO();
- void OnInspectorConnectionIO(InspectorSocket* socket);
- void OnRemoteDataIO(InspectorSocket* stream, ssize_t read,
- const uv_buf_t* b);
void SetConnected(bool connected);
void DispatchMessages();
void Write(int session_id, const StringView& message);
bool AppendMessage(MessageQueue* vector, int session_id,
std::unique_ptr buffer);
void SwapBehindLock(MessageQueue* vector1, MessageQueue* vector2);
- void PostIncomingMessage(const char* message, size_t len);
void WaitForFrontendMessage();
void NotifyMessageReceived();
State ToState(State state);
- void SendListResponse(InspectorSocket* socket);
- bool RespondToGet(InspectorSocket* socket, const std::string& path);
uv_sem_t start_sem_;
ConditionVariable incoming_message_cond_;
@@ -266,6 +175,8 @@ class AgentImpl {
uv_thread_t thread_;
uv_loop_t child_loop_;
+ InspectorAgentDelegate* delegate_;
+
int port_;
bool wait_;
bool shutting_down_;
@@ -274,18 +185,15 @@ class AgentImpl {
uv_async_t* data_written_;
uv_async_t io_thread_req_;
- InspectorSocket* client_socket_;
V8NodeInspector* inspector_;
v8::Platform* platform_;
MessageQueue incoming_message_queue_;
MessageQueue outgoing_message_queue_;
bool dispatching_messages_;
- int frontend_session_id_;
- int backend_session_id_;
+ int session_id_;
+ InspectorSocketServer* server_;
std::string script_name_;
- std::string script_path_;
- const std::string id_;
friend class ChannelImpl;
friend class DispatchOnInspectorBackendTask;
@@ -300,11 +208,6 @@ void InterruptCallback(v8::Isolate*, void* agent) {
static_cast(agent)->DispatchMessages();
}
-void DataCallback(uv_stream_t* stream, ssize_t read, const uv_buf_t* buf) {
- InspectorSocket* socket = inspector_from_stream(stream);
- static_cast(socket->data)->OnRemoteDataIO(socket, read, buf);
-}
-
class DispatchOnInspectorBackendTask : public v8::Task {
public:
explicit DispatchOnInspectorBackendTask(AgentImpl* agent) : agent_(agent) {}
@@ -333,7 +236,7 @@ class ChannelImpl final : public v8_inspector::V8Inspector::Channel {
void flushProtocolNotifications() override { }
void sendMessageToFrontend(const StringView& message) {
- agent_->Write(agent_->frontend_session_id_, message);
+ agent_->Write(agent_->session_id_, message);
}
AgentImpl* const agent_;
@@ -414,19 +317,18 @@ class V8NodeInspector : public v8_inspector::V8InspectorClient {
std::unique_ptr session_;
};
-AgentImpl::AgentImpl(Environment* env) : port_(0),
+AgentImpl::AgentImpl(Environment* env) : delegate_(nullptr),
+ port_(0),
wait_(false),
shutting_down_(false),
state_(State::kNew),
parent_env_(env),
data_written_(new uv_async_t()),
- client_socket_(nullptr),
inspector_(nullptr),
platform_(nullptr),
dispatching_messages_(false),
- frontend_session_id_(0),
- backend_session_id_(0),
- id_(GenerateID()) {
+ session_id_(0),
+ server_(nullptr) {
CHECK_EQ(0, uv_sem_init(&start_sem_, 0));
memset(&io_thread_req_, 0, sizeof(io_thread_req_));
CHECK_EQ(0, uv_async_init(env->event_loop(), data_written_, nullptr));
@@ -543,6 +445,10 @@ void AgentImpl::Stop() {
delete inspector_;
}
+bool AgentImpl::IsConnected() {
+ return delegate_ != nullptr && delegate_->IsConnected();
+}
+
bool AgentImpl::IsStarted() {
return !!platform_;
}
@@ -550,6 +456,9 @@ bool AgentImpl::IsStarted() {
void AgentImpl::WaitForDisconnect() {
if (state_ == State::kConnected) {
shutting_down_ = true;
+ // Gives a signal to stop accepting new connections
+ // TODO(eugeneo): Introduce an API with explicit request names.
+ Write(0, StringView());
fprintf(stderr, "Waiting for the debugger to disconnect...\n");
fflush(stderr);
inspector_->runMessageLoopOnPause(0);
@@ -621,181 +530,59 @@ void AgentImpl::ThreadCbIO(void* agent) {
static_cast(agent)->WorkerRunIO();
}
-// static
-void AgentImpl::OnSocketConnectionIO(uv_stream_t* server, int status) {
- if (status == 0) {
- InspectorSocket* socket = new InspectorSocket();
- socket->data = server->data;
- if (inspector_accept(server, socket,
- AgentImpl::OnInspectorHandshakeIO) != 0) {
- delete socket;
- }
- }
-}
-
-// static
-bool AgentImpl::OnInspectorHandshakeIO(InspectorSocket* socket,
- enum inspector_handshake_event state,
- const std::string& path) {
- AgentImpl* agent = static_cast(socket->data);
- switch (state) {
- case kInspectorHandshakeHttpGet:
- return agent->RespondToGet(socket, path);
- case kInspectorHandshakeUpgrading:
- return path.length() == agent->id_.length() + 1 &&
- path.find(agent->id_) == 1;
- case kInspectorHandshakeUpgraded:
- agent->OnInspectorConnectionIO(socket);
- return true;
- case kInspectorHandshakeFailed:
- delete socket;
- return false;
- default:
- UNREACHABLE();
- return false;
- }
-}
-
-void AgentImpl::OnRemoteDataIO(InspectorSocket* socket,
- ssize_t read,
- const uv_buf_t* buf) {
- if (read > 0) {
- // TODO(pfeldman): Instead of blocking execution while debugger
- // engages, node should wait for the run callback from the remote client
- // and initiate its startup. This is a change to node.cc that should be
- // upstreamed separately.
- if (wait_) {
- std::string message(buf->base, read);
- if (message.find("\"Runtime.runIfWaitingForDebugger\"") !=
- std::string::npos) {
- wait_ = false;
- uv_sem_post(&start_sem_);
- }
- }
- PostIncomingMessage(buf->base, read);
- } else {
- // EOF
- if (client_socket_ == socket) {
- client_socket_ = nullptr;
- PostIncomingMessage(TAG_DISCONNECT, sizeof(TAG_DISCONNECT) - 1);
- }
- DisconnectAndDisposeIO(socket);
- }
- if (buf) {
- delete[] buf->base;
- }
-}
-
-void AgentImpl::SendListResponse(InspectorSocket* socket) {
- std::map response;
- response["description"] = "node.js instance";
- response["faviconUrl"] = "https://nodejs.org/static/favicon.ico";
- response["id"] = id_;
- response["title"] = script_name_.empty() ? GetProcessTitle() : script_name_;
- Escape(&response["title"]);
- response["type"] = "node";
- // This attribute value is a "best effort" URL that is passed as a JSON
- // string. It is not guaranteed to resolve to a valid resource.
- response["url"] = "file://" + script_path_;
- Escape(&response["url"]);
-
- if (!client_socket_) {
- std::string address = GetWsUrl(port_, id_);
-
- std::ostringstream frontend_url;
- frontend_url << "chrome-devtools://devtools/bundled";
- frontend_url << "/inspector.html?experiments=true&v8only=true&ws=";
- frontend_url << address;
-
- response["devtoolsFrontendUrl"] += frontend_url.str();
- response["webSocketDebuggerUrl"] = "ws://" + address;
- }
- SendHttpResponse(socket, MapToString(response));
-}
-
-bool AgentImpl::RespondToGet(InspectorSocket* socket, const std::string& path) {
- const char* command = match_path_segment(path.c_str(), "/json");
- if (command == nullptr)
- return false;
-
- if (match_path_segment(command, "list") || command[0] == '\0') {
- SendListResponse(socket);
- return true;
- } else if (match_path_segment(command, "protocol")) {
- SendProtocolJson(socket);
- return true;
- } else if (match_path_segment(command, "version")) {
- SendVersionResponse(socket);
- return true;
- } else if (const char* pid = match_path_segment(command, "activate")) {
- if (pid != id_)
- return false;
- SendHttpResponse(socket, "Target activated");
- return true;
- }
- return false;
-}
-
// static
void AgentImpl::WriteCbIO(uv_async_t* async) {
AgentImpl* agent = static_cast(async->data);
- InspectorSocket* socket = agent->client_socket_;
- if (socket) {
- MessageQueue outgoing_messages;
- agent->SwapBehindLock(&agent->outgoing_message_queue_, &outgoing_messages);
- for (const MessageQueue::value_type& outgoing : outgoing_messages) {
- if (outgoing.first == agent->frontend_session_id_) {
- StringView message = outgoing.second->string();
- std::string utf8Message = StringViewToUtf8(message);
- inspector_write(socket, utf8Message.c_str(), utf8Message.length());
- }
+ MessageQueue outgoing_messages;
+ agent->SwapBehindLock(&agent->outgoing_message_queue_, &outgoing_messages);
+ for (const MessageQueue::value_type& outgoing : outgoing_messages) {
+ StringView view = outgoing.second->string();
+ if (view.length() == 0) {
+ agent->server_->Stop(nullptr);
+ } else {
+ agent->server_->Send(outgoing.first,
+ StringViewToUtf8(outgoing.second->string()));
}
}
}
void AgentImpl::WorkerRunIO() {
- sockaddr_in addr;
- uv_tcp_t server;
int err = uv_loop_init(&child_loop_);
CHECK_EQ(err, 0);
err = uv_async_init(&child_loop_, &io_thread_req_, AgentImpl::WriteCbIO);
CHECK_EQ(err, 0);
io_thread_req_.data = this;
+ std::string script_path;
if (!script_name_.empty()) {
uv_fs_t req;
if (0 == uv_fs_realpath(&child_loop_, &req, script_name_.c_str(), nullptr))
- script_path_ = std::string(reinterpret_cast(req.ptr));
+ script_path = std::string(reinterpret_cast(req.ptr));
uv_fs_req_cleanup(&req);
}
- uv_tcp_init(&child_loop_, &server);
- uv_ip4_addr("0.0.0.0", port_, &addr);
- server.data = this;
- err = uv_tcp_bind(&server,
- reinterpret_cast(&addr), 0);
- if (err == 0) {
- err = uv_listen(reinterpret_cast(&server), 1,
- OnSocketConnectionIO);
- }
- if (err != 0) {
+ InspectorAgentDelegate delegate(this, script_path, script_name_, wait_);
+ delegate_ = &delegate;
+ InspectorSocketServer server(&delegate, port_);
+ if (!server.Start(&child_loop_)) {
fprintf(stderr, "Unable to open devtools socket: %s\n", uv_strerror(err));
state_ = State::kError; // Safe, main thread is waiting on semaphore
uv_close(reinterpret_cast(&io_thread_req_), nullptr);
- uv_close(reinterpret_cast(&server), nullptr);
uv_loop_close(&child_loop_);
uv_sem_post(&start_sem_);
return;
}
- PrintDebuggerReadyMessage(port_, id_);
+ server_ = &server;
if (!wait_) {
uv_sem_post(&start_sem_);
}
uv_run(&child_loop_, UV_RUN_DEFAULT);
uv_close(reinterpret_cast(&io_thread_req_), nullptr);
- uv_close(reinterpret_cast(&server), nullptr);
- DisconnectAndDisposeIO(client_socket_);
+ server.Stop(nullptr);
+ server.TerminateConnections(nullptr);
uv_run(&child_loop_, UV_RUN_NOWAIT);
err = uv_loop_close(&child_loop_);
CHECK_EQ(err, 0);
+ delegate_ = nullptr;
+ server_ = nullptr;
}
bool AgentImpl::AppendMessage(MessageQueue* queue, int session_id,
@@ -811,9 +598,10 @@ void AgentImpl::SwapBehindLock(MessageQueue* vector1, MessageQueue* vector2) {
vector1->swap(*vector2);
}
-void AgentImpl::PostIncomingMessage(const char* message, size_t len) {
- if (AppendMessage(&incoming_message_queue_, frontend_session_id_,
- Utf8ToStringView(message, len))) {
+void AgentImpl::PostIncomingMessage(int session_id,
+ const std::string& message) {
+ if (AppendMessage(&incoming_message_queue_, session_id,
+ Utf8ToStringView(message))) {
v8::Isolate* isolate = parent_env_->isolate();
platform_->CallOnForegroundThread(isolate,
new DispatchOnInspectorBackendTask(this));
@@ -834,17 +622,6 @@ void AgentImpl::NotifyMessageReceived() {
incoming_message_cond_.Broadcast(scoped_lock);
}
-void AgentImpl::OnInspectorConnectionIO(InspectorSocket* socket) {
- if (client_socket_) {
- DisconnectAndDisposeIO(socket);
- return;
- }
- client_socket_ = socket;
- inspector_read_start(socket, OnBufferAlloc, DataCallback);
- frontend_session_id_++;
- PostIncomingMessage(TAG_CONNECT, sizeof(TAG_CONNECT) - 1);
-}
-
void AgentImpl::DispatchMessages() {
// This function can be reentered if there was an incoming message while
// V8 was processing another inspector request (e.g. if the user is
@@ -867,7 +644,7 @@ void AgentImpl::DispatchMessages() {
if (tag == TAG_CONNECT) {
CHECK_EQ(State::kAccepting, state_);
- backend_session_id_++;
+ session_id_ = pair.first;
state_ = State::kConnected;
fprintf(stderr, "Debugger attached.\n");
inspector_->connectFrontend();
@@ -876,7 +653,6 @@ void AgentImpl::DispatchMessages() {
if (shutting_down_) {
state_ = State::kDone;
} else {
- PrintDebuggerReadyMessage(port_, id_);
state_ = State::kAccepting;
}
inspector_->quitMessageLoopOnPause();
@@ -930,6 +706,60 @@ void Agent::FatalException(v8::Local error,
impl->FatalException(error, message);
}
+InspectorAgentDelegate::InspectorAgentDelegate(AgentImpl* agent,
+ const std::string& script_path,
+ const std::string& script_name,
+ bool wait)
+ : agent_(agent),
+ connected_(false),
+ session_id_(0),
+ script_name_(script_name),
+ script_path_(script_path),
+ target_id_(GenerateID()),
+ waiting_(wait) { }
+
+
+bool InspectorAgentDelegate::StartSession(int session_id,
+ const std::string& target_id) {
+ if (connected_)
+ return false;
+ connected_ = true;
+ agent_->PostIncomingMessage(session_id, TAG_CONNECT);
+ return true;
+}
+
+void InspectorAgentDelegate::MessageReceived(int session_id,
+ const std::string& message) {
+ // TODO(pfeldman): Instead of blocking execution while debugger
+ // engages, node should wait for the run callback from the remote client
+ // and initiate its startup. This is a change to node.cc that should be
+ // upstreamed separately.
+ if (waiting_) {
+ if (message.find("\"Runtime.runIfWaitingForDebugger\"") !=
+ std::string::npos) {
+ waiting_ = false;
+ agent_->ResumeStartup();
+ }
+ }
+ agent_->PostIncomingMessage(session_id, message);
+}
+
+void InspectorAgentDelegate::EndSession(int session_id) {
+ connected_ = false;
+ agent_->PostIncomingMessage(session_id, TAG_DISCONNECT);
+}
+
+std::vector InspectorAgentDelegate::GetTargetIds() {
+ return { target_id_ };
+}
+
+std::string InspectorAgentDelegate::GetTargetTitle(const std::string& id) {
+ return script_name_.empty() ? GetProcessTitle() : script_name_;
+}
+
+std::string InspectorAgentDelegate::GetTargetUrl(const std::string& id) {
+ return "file://" + script_path_;
+}
} // namespace inspector
} // namespace node
diff --git a/src/inspector_agent.h b/src/inspector_agent.h
index 3607cffba5d21f..b31c77496b3d70 100644
--- a/src/inspector_agent.h
+++ b/src/inspector_agent.h
@@ -1,6 +1,8 @@
#ifndef SRC_INSPECTOR_AGENT_H_
#define SRC_INSPECTOR_AGENT_H_
+#include
+
#if !HAVE_INSPECTOR
#error("This header can only be used when inspector is enabled")
#endif
@@ -36,7 +38,6 @@ class Agent {
bool IsStarted();
bool IsConnected();
void WaitForDisconnect();
-
void FatalException(v8::Local error,
v8::Local message);
private:
diff --git a/src/inspector_socket_server.cc b/src/inspector_socket_server.cc
new file mode 100644
index 00000000000000..4bd35ae8bed4fb
--- /dev/null
+++ b/src/inspector_socket_server.cc
@@ -0,0 +1,473 @@
+#include "inspector_socket_server.h"
+
+#include "node.h"
+#include "uv.h"
+#include "zlib.h"
+
+#include
+#include
