deps: upgrade npm in LTS to 2.15.4

PR-URL: #6663
Reviewed-By: Myles Borins <myles.borins@gmail.com>

Author: iarna

deps/npm/AUTHORS

@@ -357,3 +357,8 @@ doug.wade <doug.wade@redfin.com>
 rhgb <kaiserdaemon@gmail.com>
 Yael <yaelz@users.noreply.github.com>
 Yann Odeyer <yann@odeyer.com>
+James Monger <jameskmonger@hotmail.co.uk>
+Paul Irish <paul.irish@gmail.com>
+Paul O'Leary McCann <polm@dampfkraft.com>
+Francis Gulotta <wizard@roborooter.com>
+Rachel Evans <git@rve.org.uk>

deps/npm/CHANGELOG.md

@@ -1,3 +1,122 @@
+### v2.15.4 (2016-04-21):
+
+Gosh, it's been a peaceful couple of weeks!
+
+Overall, the CLI team has been focused on the project to [get the test suite
+passing on Windows](https://github.com/npm/npm/pull/11444). Our efforts should
+be paying off soon -- there's only a couple of tests left!
+
+It's very unlikely those particular changes will make their way into our current
+`npm@2` LTS release, I think, but it will help `npm@3` a lot, as well as
+whatever version makes it into [`node@6`, which will eventually be the next
+Node.js LTS](https://github.com/nodejs/node/pull/6155).
+
+As far as this week goes, we've got a couple of dep updates and doc fixes.
+Always happy to see community contributions flying in. 💚
+
+#### DEP UPDATE MAGIC
+
+* [`b178c4a`](https://github.com/npm/npm/commit/b178c4ac9ce91c0a0794526a38b553c759132d18)
+  `spdx-license-ids@1.2.1`:
+  Minor project-related tweaks -- no license changes.
+  ([@shinnn](https://github.com/shinnn))
+* [`1adf179`](https://github.com/npm/npm/commit/1adf179948ab8cb97dfb2f46a61e9f37d944c42a)
+  `normalize-git-url@3.0.2`:
+  Fixes `file://` URLs on Windows. Turns out stuff like `file://C:\hello` is
+  actually fairly weird for a URL (it's not actually a valid URL, but we're just
+  gonna pretend.😉)
+  ([@zkat](https://github.com/zkat))
+* [`9cfd56c`](https://github.com/npm/npm/commit/9cfd56cdadc040c0b2fa7654cdb5e7d22dbef7cb)
+  `fs-vacuum@1.2.9`:
+  This one goes out to our fans at Big Blue: There was an AIX-specific issue
+  where `fs.rmDir` was failing with `EEXIST` instead of `ENOTEMPTY` with
+  non-empty directories.
+  ([@richardlau](https://github.com/richardlau))
+
+#### HOORAY DOC CONTRIBUTIONS
+
+No seriously, we love these. Keep 'em comin'!
+
+* [`2afe8bf`](https://github.com/npm/npm/commit/2afe8bf415a159baa181a8102f72c96e1d189bc9)
+  [#12415](https://github.com/npm/npm/pull/12415)
+  Clarify that the `--cert` and `--key` options are actual certs and keys, not
+  paths to files containing them.
+  ([@rvedotrc](https://github.com/rvedotrc))
+* [`3522560`](https://github.com/npm/npm/commit/3522560b0a4bb6c9717a34f9728f156fd9760cad)
+  [#12107](https://github.com/npm/npm/pull/12107)
+  Document `npm login` as an alias to `npm adduser`. People are still surprised
+  by this so often.
+  ([@gnerkus](https://github.com/gnerkus))
+
+### v2.15.3 (2016-03-31):
+
+Hiiiiiii!~👋
+
+We're really happy to be getting more and more community contributions! Keep it
+up! We really appreciate folks trying to help us, and we'll do our best to help
+point you in the right direction. Even things like documentation are a huge
+help. And remember -- you get socks for it, too!🎁
+
+This week is as quiet as usual, aside from fixing a regression to `npm
+deprecate` you might want to pay attention to! Other than that, just docs and
+deps, as any good LTS release train should be. 🙆
+
+#### FIXME
+
+* [`6e0b66e`](https://github.com/npm/npm/commit/6e0b66e282aa27d1b5371e2babaa859924121730)
+  [#11884](https://github.com/npm/npm/pull/11884)
+  Include `node_modules` in the list of files and directories that npm won't
+  include in packages ordinarily. (Modules listed in `bundledDependencies` and
+  things that those modules rely on, ARE included of course.)
+  ([@Jameskmonger](https://github.com/Jameskmonger))
+* [`9896290`](https://github.com/npm/npm/commit/98962909b160364030705575202ad133971033c1)
+  [#12079](https://github.com/npm/npm/pull/12079)
+  Back in `npm@2.13.1` we included [a patch that made it so `npm install pkg`
+  was basically `npm install pkg@latest` instead of
+  `pkg@*`](https://github.com/npm/npm/pull/9170) This is probably what most
+  users expected, but it also ended up [breaking `npm
+  deprecate`](https://github.com/npm/npm/pull/9170) when no version was provided
+  for a package. In that case, we were using `*` to mean "deprecate all
+  versions" and relying on the `pkg` -> `pkg@*` conversion. This patch fixes
+  `npm deprecate pkg` to work as it used to by special casing that particular
+  command's behavior.
+  ([@polm](https://github.com/polm))
+* [`6c1628f`](https://github.com/npm/npm/commit/6c1628f62b657db6c116be13849d00933a3388cd)
+  [#12146](https://github.com/npm/npm/pull/12146)
+  Adds `make doc-clean` to `prepublish` script, to clear out previously built
+  docs before publishing a new npm version.
+  ([@watilde](https://github.com/watilde))
+* [`6d3017e`](https://github.com/npm/npm/commit/6d3017e6eed8a771b395d10130ac1f498e2d3211)
+  [#12146](https://github.com/npm/npm/pull/12146)
+  Adds `doc-clean` phony target to `make publish`.
+  ([@watilde](https://github.com/watilde))
+
+#### DOCS
+
+* [`d43921c`](https://github.com/npm/npm/commit/d43921c546617cdb94bbee444d7d67ef55f38dc5)
+  [#12147](https://github.com/npm/npm/pull/12147)
+  Document that the current behavior of `engines` is just to warn if the node
+  platform is incompatible.
+  ([@reconbot](https://github.com/reconbot))
+* [`3cfe99e`](https://github.com/npm/npm/commit/3cfe99e3a757c5d8cbb1c2789410e9802563abac)
+  [#12093](https://github.com/npm/npm/pull/12093)
+  Update `bugs` url in `package.json` to use the `https` URL for Github.
+  ([@watilde](https://github.com/watilde))
+* [`ecf865f`](https://github.com/npm/npm/commit/ecf865f4eed1419c75442e0d52bc34ba1647de15)
+  [#12075](https://github.com/npm/npm/pull/12075)
+  Add the `--ignore-scripts` flag to the `npm install` docs.
+  ([@paulirish](https://github.com/paulirish))
+* [`f0e6db3`](https://github.com/npm/npm/commit/f0e6db32827d88680ef2320e60c0863754a4fbc5)
+  [#12063](https://github.com/npm/npm/pull/12063)
+  Various minor fixes to the html docs homepage.
+  ([@watilde](https://github.com/watilde))
+
+#### DEPS
+
+* [`e2660de`](https://github.com/npm/npm/commit/e2660de1c08ed68a1c6fc4ee75d10376595979be)
+  `npmlog@2.0.3`
+  ([@iarna](https://github.com/iarna))
+
 ### v2.15.2 (2016-03-24):
 
 It's always nice to see new contributors. 💚
@@ -44,9 +163,62 @@ we'll link to that in the (near?) future, when it's ready to roll out.
 
 ### v2.15.1 (2016-03-17):
 
-It's another one of those releases again! Docs and tests, it turns out, have a
-pretty easy time getting into LTS releases, and boring is exactly how LTS should
-be. 💁
+#### SECURITY ADVISORY: BEARER TOKEN DISCLOSURE
+
+This release includes [the fix for a
+vulnerability](https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401)
+that could cause the unintentional leakage of bearer tokens.
+
+Here are details on this vulnerability and how it affects you.
+
+##### DETAILS
+
+Since 2014, npm’s registry has used HTTP bearer tokens to authenticate requests
+from the npm’s command-line interface. A design flaw meant that the CLI was
+sending these bearer tokens with _every_ request made by logged-in users,
+regardless of the destination of their request. (The bearers only should have
+been included for requests made against a registry or registries used for the
+current install.)
+
+An attacker could exploit this flaw by setting up an HTTP server that could
+collect authentication information, then use this authentication information to
+impersonate the users whose tokens they collected. This impersonation would
+allow them to do anything the compromised users could do, including publishing
+new versions of packages.
+
+With the fixes we’ve released, the CLI will only send bearer tokens with
+requests made against a registry.
+
+##### THINK YOU'RE AT RISK? REGENERATE YOUR TOKENS
+
+If you believe that your bearer token may have been leaked, [invalidate your
+current npm bearer tokens](https://www.npmjs.com/settings/tokens) and rerun
+`npm login` to generate new tokens. Keep in mind that this may cause continuous
+integration builds in services like Travis to break, in which case you’ll need
+to update the tokens in your CI server’s configuration.
+
+##### WILL THIS BREAK MY CURRENT SETUP?
+
+Maybe.
+
+npm’s CLI team believes that the fix won’t break any existing registry setups.
+Due to the large number of registry software suites out in the wild, though,
+it’s possible our change will be breaking in some cases.
+
+If so, please [file an issue](https://github.com/npm/npm/issues/new) describing
+the software you’re using and how it broke. Our team will work with you to
+mitigate the breakage.
+
+##### CREDIT & THANKS
+
+Thanks to Mitar, Will White & the team at Mapbox, Max Motovilov, and James
+Taylor for reporting this vulnerability to npm.
+
+### BACK TO YOUR REGULARLY SCHEDULED PROGRAMMING
+
+Aside from that, it's another one of those releases again! Docs and tests, it
+turns out, have a pretty easy time getting into LTS releases, and boring is
+exactly how LTS should be. 💁
 
 #### DOCS
 

deps/npm/Makefile

@@ -176,7 +176,7 @@ test: doc
 tag:
 	npm tag npm@$(PUBLISHTAG) latest
 
-publish: link doc
+publish: link doc-clean doc
 	@git push origin :v$(shell npm -v) 2>&1 || true
 	git clean -fd &&\
 	git push origin $(BRANCH) &&\

deps/npm/doc/cli/npm-install.md

@@ -250,6 +250,9 @@ local copy exists on disk.
 The `--global` argument will cause npm to install the package globally
 rather than locally.  See `npm-folders(5)`.
 
+The `--ignore-scripts` argument will cause npm to not execute any
+scripts defined in the package.json. See `npm-scripts(7)`.
+
 The `--link` argument will cause npm to link global installs into the
 local space in some cases.
 

deps/npm/doc/files/package.json.md

@@ -204,6 +204,7 @@ Conversely, some files are always ignored:
 * `._*`
 * `npm-debug.log`
 * `.npmrc`
+* `node_modules`
 
 ## main
 
@@ -644,8 +645,8 @@ are capable of properly installing your program.  For example:
 
     { "engines" : { "npm" : "~1.0.20" } }
 
-Note that, unless the user has set the `engine-strict` config flag, this
-field is advisory only.
+Unless the user has set the `engine-strict` config flag, this
+field is advisory only will produce warnings when your package is installed as a dependency.
 
 ## engineStrict
 

deps/npm/doc/misc/npm-config.md

@@ -228,7 +228,12 @@ explicitly used, and that only GET requests use the cache.
 * Default: `null`
 * Type: String
 
-A client certificate to pass when accessing the registry.
+A client certificate to pass when accessing the registry.  Values should be in
+PEM format with newlines replaced by the string "\n". For example:
+
+    cert="-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----"
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
 
 ### color
 
@@ -470,7 +475,12 @@ change.  Only the output from `npm ls --json` is currently valid.
 * Default: `null`
 * Type: String
 
-A client key to pass when accessing the registry.
+A client key to pass when accessing the registry.  Values should be in PEM
+format with newlines replaced by the string "\n". For example:
+
+    key="-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----"
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
 
 ### link
 

deps/npm/html/doc/README.html

@@ -127,5 +127,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@2.15.2</p>
+<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-bin.html

@@ -28,5 +28,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bin &mdash; npm@2.15.2</p>
+<p id="footer">npm-bin &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-bugs.html

@@ -33,5 +33,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bugs &mdash; npm@2.15.2</p>
+<p id="footer">npm-bugs &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-cache.html

@@ -42,5 +42,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-cache &mdash; npm@2.15.2</p>
+<p id="footer">npm-cache &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-commands.html

@@ -36,5 +36,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-commands &mdash; npm@2.15.2</p>
+<p id="footer">npm-commands &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-config.html

@@ -57,5 +57,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-config &mdash; npm@2.15.2</p>
+<p id="footer">npm-config &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-deprecate.html

@@ -47,5 +47,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-deprecate &mdash; npm@2.15.2</p>
+<p id="footer">npm-deprecate &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-docs.html

@@ -33,5 +33,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-docs &mdash; npm@2.15.2</p>
+<p id="footer">npm-docs &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-edit.html

@@ -36,5 +36,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-edit &mdash; npm@2.15.2</p>
+<p id="footer">npm-edit &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-explore.html

@@ -31,5 +31,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-explore &mdash; npm@2.15.2</p>
+<p id="footer">npm-explore &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-help-search.html

@@ -44,5 +44,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-help-search &mdash; npm@2.15.2</p>
+<p id="footer">npm-help-search &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-init.html

@@ -39,5 +39,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-init &mdash; npm@2.15.2</p>
+<p id="footer">npm-init &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-install.html

@@ -32,5 +32,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-install &mdash; npm@2.15.2</p>
+<p id="footer">npm-install &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-link.html

@@ -42,5 +42,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-link &mdash; npm@2.15.2</p>
+<p id="footer">npm-link &mdash; npm@2.15.4</p>
 

deps/npm/html/doc/api/npm-load.html

@@ -37,5 +37,5 @@ <h2 id="synopsis">SYNOPSIS</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-load &mdash; npm@2.15.2</p>
+<p id="footer">npm-load &mdash; npm@2.15.4</p>