deps: upgrade to npm 2.10.1

PR-URL: nodejs/node#1763
Reviewed-By: Jeremiah Senkpiel <[email protected]>

Author: iarna

deps/npm/.eslintrc

@@ -272,3 +272,10 @@ Jakob Krigovsky <[email protected]>
 Charmander <[email protected]>
 erik wienhold <[email protected]>
 James Butler <[email protected]>
+Kevin Kragenbrink <[email protected]>
+Arnaud Rinquin <[email protected]>
+Mike MacCana <[email protected]>
+Antti Mattila <[email protected]>
+laiso <[email protected]>
+Matt Zorn <[email protected]>
+Kyle Mitchell <[email protected]>

deps/npm/AUTHORS

@@ -1,3 +1,255 @@
+### v2.10.1 (2015-05-14):
+
+#### BUG FIXES & DOCUMENTATION TWEAKS
+
+* [`dc77520`](https://github.com/npm/npm/commit/dc7752013ffce13a3d3f13e518a0052c22fc1158)
+  When getting back a 404 from a request to a private registry that uses a
+  registry path that extends past the root
+  (`http://registry.enterprise.co/path/to/registry`), display the name of the
+  nonexistent package, rather than the first element in the registry API path.
+  Sorry, Artifactory users! ([@hayes](https://github.com/hayes))
+* [`f70dea9`](https://github.com/npm/npm/commit/f70dea9b4766f6eaa55012c3e8087e9cb04fd4ce)
+  Make clearer that `--registry` can be used on a per-publish basis to push a
+  package to a non-default registry. ([@mischkl](https://github.com/mischkl))
+* [`a3e26f5`](https://github.com/npm/npm/commit/a3e26f5b4465991a941a325468ab7725670d2a94)
+  Did you know that GitHub shortcuts can have commit-ishes included
+  (`org/repo#branch`)? They can! ([@iarna](https://github.com/iarna))
+* [`0e2c091`](https://github.com/npm/npm/commit/0e2c091a539b61fdc60423b6bbaaf30c24e4b1b8)
+  Some errors from `readPackage` were being swallowed, potentially leading to
+  invalid package trees on disk. ([@smikes](https://github.com/smikes))
+
+#### DEPENDENCY UPDATES! STILL! MORE! AGAIN!
+
+* [`0b901ad`](https://github.com/npm/npm/commit/0b901ad0811d84dda6ca0755a9adc8d47825edd0)
+  `[email protected]`: Removed some cruft from the published package.
+  ([@isaacs](https://github.com/isaacs))
+* [`d713e0b`](https://github.com/npm/npm/commit/d713e0b14930c563e3fdb6ac6323bae2a8924652)
+  `[email protected]`: Made compliant with `standard`, dropped support for Node 0.6,
+  added (Travis) support for Node 0.12 and io.js.
+  ([@isaacs](https://github.com/isaacs))
+* [`a2d6578`](https://github.com/npm/npm/commit/a2d6578b6554c5c9d48fe2006751759f4da57520)
+  `[email protected]`: Updated to use `tap@1`. ([@isaacs](https://github.com/isaacs))
+* [`64cd1a5`](https://github.com/npm/npm/commit/64cd1a570aaa5f24ccba190948ec9456297c97f5)
+  `fstream@ 1.0.6`: Made compliant with [`standard`](http://npm.im/standard)
+  (done by [@othiym23](https://github.com/othiym23), and then debugged and
+  fixed by [@iarna](https://github.com/iarna)), and license changed to ISC.
+  ([@othiym23](https://github.com/othiym23) /
+  [@iarna](https://github.com/iarna))
+* [`b527a7c`](https://github.com/npm/npm/commit/b527a7c2ba3c4002f443dd2c536ff4ff41a38b86)
+  `[email protected]`: Callers can pass in their own `PATH` instead of relying on
+  `process.env`. ([@isaacs](https://github.com/isaacs))
+
+### v2.10.0 (2015-05-8):
+
+#### THE IMPLICATIONS ARE MORE PROFOUND THAN THEY APPEAR
+
+If you've done much development in The Enterprise®™, you know that keeping
+track of software licenses is far more important than one might expect / hope /
+fear. Tracking licenses is a hassle, and while many (if not most) of us have
+(reluctantly) gotten around to setting a license to use by default with all our
+new projects (even if it's just WTFPL), that's about as far as most of us think
+about it. In big enterprise shops, ensuring that projects don't inadvertently
+use software with unacceptably encumbered licenses is serious business, and
+developers spend a surprising (and appalling) amount of time ensuring that
+licensing is covered by writing automated checkers and other license auditing
+tools.
+
+The Linux Foundation has been working on a machine-parseable syntax for license
+expressions in the form of [SPDX](https://spdx.org/), an appropriately
+enterprisey acronym. IP attorney and JavaScript culture hero [Kyle
+Mitchell](http://kemitchell.com/) has put a considerable amount of effort into
+bringing SPDX to JavaScript and Node. He's written
+[`spdx.js`](https://github.com/kemitchell/spdx.js), a JavaScript SPDX
+expression parser, and has integrated it into npm in a few different ways.
+
+For you as a user of npm, this means:
+
+* npm now has proper support for dual licensing in `package.json`, due to
+  SPDX's compound expression syntax. Run `npm help package.json` for details.
+* npm will warn you if the `package.json` for your project is either missing a
+  `"license"` field, or if the value of that field isn't a valid SPDX
+  expression (pro tip: `"BSD"` becomes `"BSD-2-Clause"` in SPDX (unless you
+  really want one of its variants); `"MIT"` and `"ISC"` are fine as-is; the
+  [full list](https://github.com/shinnn/spdx-license-ids/blob/master/spdx-license-ids.json)
+  is its own package).
+* `npm init` now demands that you use a valid SPDX expression when using it
+  interactively (pro tip: I mostly use `npm init -y`, having previously run
+  `npm config set init.license=MIT` / `npm config set init.author.email=foo` /
+  `npm config set init.author.name=me`).
+* The documentation for `package.json` has been updated to tell you how to use
+  the `"license"` field properly with SPDX.
+
+In general, this shouldn't be a big deal for anybody other than people trying
+to run their own automated license validators, but in the long run, if
+everybody switches to this format, many people's lives will be made much
+simpler. I think this is an important improvement for npm and am very thankful
+to Kyle for taking the lead on this. Also, even if you think all of this is
+completely stupid, just [choose a license](http://en.wikipedia.org/wiki/License-free_software)
+anyway. Future you will thank past you someday, unless you are
+[djb](http://cr.yp.to/), in which case you are djb, and more power to you.
+
+* [`8669f7d`](https://github.com/npm/npm/commit/8669f7d88c472ccdd60e140106ac43cca636a648)
+  [#8179](https://github.com/npm/npm/issues/8179) Document how to use SPDX in
+  `license` stanzas in `package.json`, including how to migrate from old busted
+  license declaration arrays to fancy new compound-license clauses.
+  ([@kemitchell](https://github.com/kemitchell))
+* [`98ad98c`](https://github.com/npm/npm/commit/98ad98cb11f3d3ba29a488ef1ab050b066d9c7f6)
+  [#8197](https://github.com/npm/npm/issues/8197) `[email protected]`
+  Ensure that packages bootstrapped with `npm init` use an SPDX-compliant
+  license expression. ([@kemitchell](https://github.com/kemitchell))
+* [`2ad3905`](https://github.com/npm/npm/commit/2ad3905e9139b0be2b22accf707b814469de813e)
+  [#8197](https://github.com/npm/npm/issues/8197)
+  `[email protected]`: Warn when a package is missing a license
+  declaration, or using a license expression that isn't valid SPDX.
+  ([@kemitchell](https://github.com/kemitchell))
+* [`127bb73`](https://github.com/npm/npm/commit/127bb73ccccc59a1267851c702d8ebd3f3a97e81)
+  [#8197](https://github.com/npm/npm/issues/8197) `[email protected]`: Switch from
+  `BSD` to `ISC` for license, where the latter is valid SPDX.
+  ([@othiym23](https://github.com/othiym23))
+* [`e9a933a`](https://github.com/npm/npm/commit/e9a933a9148180d9d799f99f4154f5110ff2cace)
+  [#8197](https://github.com/npm/npm/issues/8197) `[email protected]`: Switch from
+  `BSD` to `ISC` for license, where the latter is valid SPDX.
+  ([@othiym23](https://github.com/othiym23))
+* [`412401f`](https://github.com/npm/npm/commit/412401fb6a19b18f3e02d97a24d4dafed650c186)
+  [#8197](https://github.com/npm/npm/issues/8197) `[email protected]`: Switch from
+  `BSD` to `ISC` for license, where the latter is valid SPDX.
+  ([@othiym23](https://github.com/othiym23))
+
+As a corollary to the previous changes, I've put some work into making `npm
+install` spew out fewer pointless warnings about missing values in transitive
+dependencies. From now on, npm will only warn you about missing READMEs,
+license fields, and the like for top-level projects (including packages you
+directly install into your application, but we may relax that eventually).
+
+Practically _nobody_ liked having those warnings displayed for child
+dependencies, for the simple reason that there was very little that anybody
+could _do_ about those warnings, unless they happened to be the maintainers of
+those dependencies themselves. Since many, many projects don't have
+SPDX-compliant licenses, the number of warnings reached a level where they ran
+the risk of turning into a block of visual noise that developers (read: me, and
+probably you) would ignore forever.
+
+So I fixed it. If you still want to see the messages about child dependencies,
+they're still there, but have been pushed down a logging level to `info`. You
+can display them by running `npm install -d` or `npm install --loglevel=info`.
+
+* [`eb18245`](https://github.com/npm/npm/commit/eb18245f55fb4cd62a36867744bcd1b7be0a33e2)
+  Only warn on normalization errors for top-level dependencies. Transitive
+  dependency validation warnings are logged at `info` level.
+  ([@othiym23](https://github.com/othiym23))
+
+#### BUG FIXES
+
+* [`e40e809`](https://github.com/npm/npm/commit/e40e8095d2bc9fa4eb8f01aa22067e0068fa8a54)
+  `[email protected]`: TAP: The Next Generation. Fix up many tests to they work
+  properly with the new major version of `node-tap`. Look at all the colors!
+  ([@isaacs](https://github.com/isaacs))
+* [`f9314e9`](https://github.com/npm/npm/commit/f9314e97d26532c0ef2b03e98f3ed300b7cd5026)
+  `[email protected]`: Minor tweaks and bug fixes. ([@pgte](https://github.com/pgte))
+* [`45c2b1a`](https://github.com/npm/npm/commit/45c2b1aaa051733fa352074994ae6e569fd51e8b)
+  [#8187](https://github.com/npm/npm/issues/8187) `npm ls` wasn't properly
+  recognizing dependencies installed from GitHub repositories as git
+  dependencies, and so wasn't displaying them as such.
+  ([@zornme](https://github.com/zornme))
+* [`1ab57c3`](https://github.com/npm/npm/commit/1ab57c38116c0403965c92bf60121f0f251433e4)
+  In some cases, `npm help` was using something that looked like a regular
+  expression where a glob pattern should be used, and vice versa.
+  ([@isaacs](https://github.com/isaacs))
+
+### v2.9.1 (2015-04-30):
+
+#### WOW! MORE GIT FIXES! YOU LOVE THOSE!
+
+The first item below is actually a pretty big deal, as it fixes (with a
+one-word change and a much, much longer test case (thanks again,
+[@iarna](https://github.com/iarna))) a regression that's been around for months
+now. If you're depending on multiple branches of a single git dependency in a
+single project, you probably want to check out `[email protected]` and verify that
+things (again?) work correctly in your project.
+
+* [`178a6ad`](https://github.com/npm/npm/commit/178a6ad540215820d16217465a5f220d8c95a313)
+  [#7202](https://github.com/npm/npm/issues/7202) When caching git
+  dependencies, do so by the whole URL, including the branch name, so that if a
+  single application depends on multiple branches from the same repository (in
+  practice, multiple version tags), every install is of the correct version,
+  instead of reusing whichever branch the caching process happened to check out
+  first.  ([@iarna](https://github.com/iarna))
+* [`63b79cc`](https://github.com/npm/npm/commit/63b79ccde092a9cb3b1f34abe43e1d2ba69c0dbf)
+  [#8084](https://github.com/npm/npm/issues/8084) Ensure that Bitbucket,
+  GitHub, and Gitlab dependencies are installed the same way as non-hosted git
+  dependencies, fixing `npm install --link`.
+  ([@laiso](https://github.com/laiso))
+
+#### DOCUMENTATION FIXES AND TWEAKS
+
+These changes may seem simple and small (except Lin's fix to the package name
+restrictions, which was more an egregious oversight on our part), but cleaner
+documentation makes npm significantly more pleasant to use. I really appreciate
+all the typo fixes, clarifications, and formatting tweaks people send us, and
+am delighted that we get so many of these pull requests. Thanks, everybody!
+
+* [`ca478dc`](https://github.com/npm/npm/commit/ca478dcaa29b8f07cd6fe515a3c4518166819291)
+  [#8137](https://github.com/npm/npm/issues/8137) Somehow, we had failed to
+  clearly document the full restrictions on package names.
+  [@linclark](https://github.com/linclark) has now fixed that, although we will
+  take with us to our graves the reasons why the maximum package name length is 214
+  characters (well, OK, it was that that was the longest name in the registry
+  when we decided to put a cap on the name length).
+  ([@linclark](https://github.com/linclark))
+* [`b574076`](https://github.com/npm/npm/commit/b5740767c320c1eff3576a8d63952534a0fbb936)
+  [#8079](https://github.com/npm/npm/issues/8079) Make the `npm shrinkwrap`
+  documentation use code formatting for examples consistently. It would be
+  great to do this for more commands HINT HINT.
+  ([@RichardLitt](https://github.com/RichardLitt))
+* [`1ff636e`](https://github.com/npm/npm/commit/1ff636e2db3852a53e38c866fed7eafdacd307fc)
+  [#8105](https://github.com/npm/npm/issues/8105) Document that the global
+  `npmrc` goes in `$PREFIX/etc/npmrc`, instead of `$PREFIX/npmrc`.
+  ([@anttti](https://github.com/anttti))
+* [`c3f2f7c`](https://github.com/npm/npm/commit/c3f2f7c299342e1c1eccc55a976a63c607f51621)
+  [#8127](https://github.com/npm/npm/issues/8127) Document how to use `npm run
+  build` directly (hint: it's different from `npm build`!).
+  ([@mikemaccana](https://github.com/mikemaccana))
+* [`873e467`](https://github.com/npm/npm/commit/873e46757e1986761b15353f94580a071adcb383)
+  [#8069](https://github.com/npm/npm/issues/8069) Take the old, dead npm
+  mailing list address out of `package.json`. It seems that people don't have
+  much trouble figuring out how to report errors to npm.
+  ([@robertkowalski](https://github.com/robertkowalski))
+
+#### ENROBUSTIFICATIONMENT
+
+* [`5abfc9c`](https://github.com/npm/npm/commit/5abfc9c9017da714e47a3aece750836b4f9af6a9)
+  [#7973](https://github.com/npm/npm/issues/7973) `npm run-script` completion
+  will only suggest run scripts, instead of including dependencies. If for some
+  reason you still wanted it to suggest dependencies, let us know.
+  ([@mantoni](https://github.com/mantoni))
+* [`4b564f0`](https://github.com/npm/npm/commit/4b564f0ce979dc74c09604f4d46fd25a2ee63804)
+  [#8081](https://github.com/npm/npm/issues/8081) Use `osenv` to parse the
+  environment's `PATH` in a platform-neutral way.
+  ([@watilde](https://github.com/watilde))
+* [`a4b6238`](https://github.com/npm/npm/commit/a4b62387b41848818973eeed056fd5c6570274f3)
+  [#8094](https://github.com/npm/npm/issues/8094) When we refactored the
+  configuration code to split out checking for IPv4 local addresses, we
+  inadvertently completely broke it by failing to return the values. In
+  addition, just the call to `os.getInterfaces()` could throw on systems where
+  querying the network configuration requires elevated privileges (e.g. Amazon
+  Lambda). Add the return, and trap errors so they don't cause npm to explode.
+  Thanks to [@mhart](https://github.com/mhart) for bringing this to our
+  attention! ([@othiym23](https://github.com/othiym23))
+
+#### DEPENDENCY UPDATES WAIT FOR NO SOPHONT
+
+* [`000cd8b`](https://github.com/npm/npm/commit/000cd8b52104942ac3404f0ad0651d82f573da37)
+  `[email protected]`: More informative assertions on argument validation failure.
+  ([@isaacs](https://github.com/isaacs))
+* [`530a2e3`](https://github.com/npm/npm/commit/530a2e369128270f3e098f0e9be061533003b0eb)
+  `[email protected]`: Revert to old key access-time behavior, as it was correct
+  all along. ([@isaacs](https://github.com/isaacs))
+* [`d88958c`](https://github.com/npm/npm/commit/d88958ca02ce81b027b9919aec539d0145875a59)
+  `[email protected]`: Feature detection and test improvements.
+  ([@isaacs](https://github.com/isaacs))
+* [`3fa39e4`](https://github.com/npm/npm/commit/3fa39e4d492609d5d045033896dcd99f7b875329)
+  `[email protected]` ([@pgte](https://github.com/pgte))
+
 ### v2.9.0 (2015-04-23):
 
 This week was kind of a breather to concentrate on fixing up the tests on the

deps/npm/CHANGELOG.md

@@ -235,7 +235,7 @@ authors:
 	git add AUTHORS &&\
 	git commit -m "update AUTHORS" || true
 
-publish: link doc authors
+publish: authors link doc
 	@git push origin :v$(shell npm -v) 2>&1 || true
 	git clean -fd &&\
 	git push origin $(BRANCH) &&\

deps/npm/Makefile

@@ -12,7 +12,10 @@ npm-build(1) -- Build a package
 
 This is the plumbing command called by `npm link` and `npm install`.
 
-It should generally not be called directly.
+It should generally be called during installation, but if you need to run it
+directly, run:
+
+    npm run-script build
 
 ## SEE ALSO