Add npm audit resolve command

.gitignore

@@ -21,15 +21,3 @@ npm-debug.log
 .jshintrc
 .eslintrc
 .nyc_output
-
-# dev dependencies
-/node_modules/deep-equal/
-/node_modules/marked/
-/node_modules/marked-man/
-/node_modules/npm-registry-couchapp/
-/node_modules/npm-registry-mock/
-/node_modules/require-inject/
-/node_modules/sprintf-js/
-/node_modules/standard/
-/node_modules/tap/
-/node_modules/tacks/

.npmignore

@@ -1,6 +1,7 @@
 *.swp
 .*.swp
 npm-debug.log
+/.github
 /test
 node_modules/marked
 node_modules/ronn

.npmrc

@@ -1 +0,0 @@
-legacy-bundling = true

AUTHORS

@@ -570,3 +570,12 @@ Tieme van Veen <[email protected]>
 Finn Pauls <[email protected]>
 Jeremy Kahn <[email protected]>
 Mertcan Mermerkaya <[email protected]>
+Will Yardley <[email protected]>
+Matt Travi <[email protected]>
+Solomon Victorino <[email protected]>
+Rich Trott <[email protected]>
+Maksym Kobieliev <[email protected]>
+Thomas Reggi <[email protected]>
+David Gilbertson <[email protected]>
+Rob Lourens <[email protected]>
+Karan Thakkar <[email protected]>

CHANGELOG.md

@@ -1,3 +1,150 @@
+## v6.2.0 (2018-07-05):
+
+This is a quick patch to the release to fix an issue that was preventing users
+from installing `npm@next`.
+
+* [`ecdcbd745`](https://github.com/npm/npm/commit/ecdcbd745ae1edd9bdd102dc3845a7bc76e1c5fb)
+  [#21129](https://github.com/npm/npm/pull/21129)
+  Remove postinstall script that depended on source files, thus preventing
+  `npm@next` from being installable from the registry.
+  ([@zkat](https://github.com/zkat))
+
+## v6.2.0-next.0 (2018-06-28):
+
+### NEW FEATURES
+
+* [`ce0793358`](https://github.com/npm/npm/commit/ce07933588ec2da1cc1980f93bdaa485d6028ae2)
+  [#20750](https://github.com/npm/npm/pull/20750)
+  You can now disable the update notifier entirely by using
+  `--no-update-notifier` or setting it in your config with `npm config set
+  update-notifier false`.
+  ([@travi](https://github.com/travi))
+* [`d2ad776f6`](https://github.com/npm/npm/commit/d2ad776f6dcd92ae3937465736dcbca171131343)
+  [#20879](https://github.com/npm/npm/pull/20879)
+  When `npm run-script <script>` fails due to a typo or missing script, npm will
+  now do a "did you mean?..." for scripts that do exist.
+  ([@watilde](https://github.com/watilde))
+
+### BUGFIXES
+
+* [`8f033d72d`](https://github.com/npm/npm/commit/8f033d72da3e84a9dbbabe3a768693817af99912)
+  [#20948](https://github.com/npm/npm/pull/20948)
+  Fix the regular expression matching in `xcode_emulation` in `node-gyp` to also
+  handle version numbers with multiple-digit major versions which would
+  otherwise break under use of XCode 10.
+  ([@Trott](https://github.com/Trott))
+* [`c8ba7573a`](https://github.com/npm/npm/commit/c8ba7573a4ea95789f674ce038762d6a77a8b047)
+  Stop trying to hoist/dedupe bundles dependencies.
+  ([@iarna](https://github.com/iarna))
+* [`cd698f068`](https://github.com/npm/npm/commit/cd698f06840b7c9407ac802efa96d16464722a7d)
+  [#20762](https://github.com/npm/npm/pull/20762)
+  Add synopsis to brief help for `npm audit` and suppress trailing newline.
+  ([@wyardley](https://github.com/wyardley))
+* [`6808ee3bd`](https://github.com/npm/npm/commit/6808ee3bd59560b1334a18aa6c6e0120094b03c0)
+  [#20881](https://github.com/npm/npm/pull/20881)
+  Exclude /.github directory from npm tarball.
+  ([@styfle](https://github.com/styfle))
+* [`177cbb476`](https://github.com/npm/npm/commit/177cbb4762c1402bfcbf0636c4bc4905fd684fc1)
+  [#21105](https://github.com/npm/npm/pull/21105)
+  Add suggestion to use a temporary cache instead of `npm cache clear --force`.
+  ([@karanjthakkar](https://github.com/karanjthakkar))
+
+### DOCS
+
+* [`7ba3fca00`](https://github.com/npm/npm/commit/7ba3fca00554b884eb47f2ed661693faf2630b27)
+  [#20855](https://github.com/npm/npm/pull/20855)
+  Direct people to npm.community instead of the GitHub issue tracker on error.
+  ([@zkat](https://github.com/zkat))
+* [`88efbf6b0`](https://github.com/npm/npm/commit/88efbf6b0b403c5107556ff9e1bb7787a410d14d)
+  [#20859](https://github.com/npm/npm/pull/20859)
+  Fix typo in registry docs.
+  ([@strugee](https://github.com/strugee))
+* [`61bf827ae`](https://github.com/npm/npm/commit/61bf827aea6f98bba08a54e60137d4df637788f9)
+  [#20947](https://github.com/npm/npm/pull/20947)
+  Fixed a small grammar error in the README.
+  ([@bitsol](https://github.com/bitsol))
+* [`f5230c90a`](https://github.com/npm/npm/commit/f5230c90afef40f445bf148cbb16d6129a2dcc19)
+  [#21018](https://github.com/npm/npm/pull/21018)
+  Small typo fix in CONTRIBUTING.md.
+  ([@reggi](https://github.com/reggi))
+* [`833efe4b2`](https://github.com/npm/npm/commit/833efe4b2abcef58806f823d77ab8bb8f4f781c6)
+  [#20986](https://github.com/npm/npm/pull/20986)
+  Document current structure/expectations around package tarballs.
+  ([@Maximaximum](https://github.com/Maximaximum))
+* [`9fc0dc4f5`](https://github.com/npm/npm/commit/9fc0dc4f58d728bac6a8db7143d04863d7b653db)
+  [#21019](https://github.com/npm/npm/pull/21019)
+  Clarify behavior of `npm link ../path` shorthand.
+  ([@davidgilbertson](https://github.com/davidgilbertson))
+* [`3924c72d0`](https://github.com/npm/npm/commit/3924c72d06b9216ac2b6a9d951fd565a1d5eda89)
+  [#21064](https://github.com/npm/npm/pull/21064)
+  Add missing "if"
+  ([@roblourens](https://github.com/roblourens))
+
+### DEPENDENCY SHUFFLE!
+
+We did some reshuffling and moving around of npm's own dependencies. This
+significantly reduces the total bundle size of the npm pack, from 8MB to 4.8MB
+for the distributed tarball! We also moved around what we actually commit to the
+repo as far as devDeps go.
+
+* [`0483f5c5d`](https://github.com/npm/npm/commit/0483f5c5deaf18c968a128657923103e49f4e67a)
+  Flatten and dedupe our dependencies!
+  ([@iarna](https://github.com/iarna))
+* [`ef9fa1ceb`](https://github.com/npm/npm/commit/ef9fa1ceb5f9d175fd453138b1a26d45a5071dfd)
+  Remove unused direct dependency `ansi-regex`.
+  ([@iarna](https://github.com/iarna))
+* [`0d14b0bc5`](https://github.com/npm/npm/commit/0d14b0bc59812f4e33798194e11ffacbea3c0493)
+  Reshuffle ansi-regex for better deduping.
+  ([@iarna](https://github.com/iarna))
+* [`68a101859`](https://github.com/npm/npm/commit/68a101859b2b6f78b2e7c3a936492acdb15f7c4a)
+  Reshuffle strip-ansi for better deduping.
+  ([@iarna](https://github.com/iarna))
+* [`0d5251f97`](https://github.com/npm/npm/commit/0d5251f97dc8b8b143064869e530d465c757ffbb)
+  Reshuffle is-fullwidth-code-point for better deduping.
+  ([@iarna](https://github.com/iarna))
+* [`2d0886632`](https://github.com/npm/npm/commit/2d08866327013522fc5fbe61ed872b8f30e92775)
+  Add fake-registry, npm-registry-mock replacement.
+  ([@iarna](https://github.com/iarna))
+
+### DEPENDENCIES
+
+* [`8cff8eea7`](https://github.com/npm/npm/commit/8cff8eea75dc34c9c1897a7a6f65d7232bb0c64c)
+  `[email protected]`
+  ([@zkat](https://github.com/zkat))
+* [`bfc4f873b`](https://github.com/npm/npm/commit/bfc4f873bd056b7e3aee389eda4ecd8a2e175923)
+  `[email protected]`
+  ([@zkat](https://github.com/zkat))
+* [`532096163`](https://github.com/npm/npm/commit/53209616329119be8fcc29db86a43cc8cf73454d)
+  `[email protected]`
+  ([@zkat](https://github.com/zkat))
+* [`4a512771b`](https://github.com/npm/npm/commit/4a512771b67aa06505a0df002a9027c16a238c71)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`b7cc48dee`](https://github.com/npm/npm/commit/b7cc48deee45da1feab49aa1dd4d92e33c9bcac8)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`bae657c28`](https://github.com/npm/npm/commit/bae657c280f6ea8e677509a9576e1b47c65c5441)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`3d46e5c4e`](https://github.com/npm/npm/commit/3d46e5c4e3c5fecd9bf05a7425a16f2e8ad5c833)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`d0a905daf`](https://github.com/npm/npm/commit/d0a905dafc7e3fcd304e8053acbe3da40ba22554)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`4fc1f815f`](https://github.com/npm/npm/commit/4fc1f815fec5a7f6f057cf305e01d4126331d1f2)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`f72202944`](https://github.com/npm/npm/commit/f722029441a088d03df94bdfdeeec51cfd318659)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`bdce96eb3`](https://github.com/npm/npm/commit/bdce96eb3c30fcff873aa3f1190e8ae4928d690b)
+  `[email protected]`
+  ([@iarna](https://github.com/iarna))
+* [`fe4240e85`](https://github.com/npm/npm/commit/fe4240e852144770bf76d7b1952056ca5baa63cf)
+  `[email protected]`
+  ([@zkat](https://github.com/zkat))
+
 ## v6.1.0 (2018-05-17):
 
 ### FIX WRITE AFTER END ERROR

CONTRIBUTING.md

@@ -6,7 +6,7 @@
 * [Roles](#roles)
   * [Community Members](#community-members)
   * [Collaborators](#collaborators)
-  * [npm, Inc Employeees](#npm-inc-employees)
+  * [npm, Inc Employees](#npm-inc-employees)
 
 
 ## Introduction

README.md

@@ -7,7 +7,7 @@ npm(1) -- a JavaScript package manager
 
 This is just enough info to get you up and running.
 
-Much more info available via `npm help` once it's installed.
+Much more info will be available via `npm help` once it's installed.
 
 ## IMPORTANT
 

bin/npm-cli.js

@@ -74,7 +74,10 @@
   conf._exit = true
   npm.load(conf, function (er) {
     if (er) return errorHandler(er)
-    if (!unsupported.checkVersion(process.version).unsupported) {
+    if (
+      npm.config.get('update-notifier') &&
+      !unsupported.checkVersion(process.version).unsupported
+    ) {
       const pkg = require('../package.json')
       let notifier = require('update-notifier')({pkg})
       if (

doc/cli/npm-audit.md

@@ -3,8 +3,9 @@ npm-audit(1) -- Run a security audit
 
 ## SYNOPSIS
 
-    npm audit [--json]
+    npm audit [--json|--parseable]
     npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
+    npm audit resolve
 
 ## EXAMPLES
 
@@ -48,6 +49,18 @@ Get the detailed audit report in JSON format:
 $ npm audit --json
 ```
 
+Get the detailed audit report in plain text result, separated by tab characters, allowing for
+future reuse in scripting or command line post processing, like for example, selecting
+some of the columns printed:
+```
+$ npm audit --parseable
+```
+
+To parse columns, you can use for example `awk`, and just print some of them:
+```
+$ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
+```
+
 ## DESCRIPTION
 
 The audit command submits a description of the dependencies configured in

doc/cli/npm-dist-tag.md

@@ -15,7 +15,7 @@ Add, remove, and enumerate distribution tags on a package:
 
 * add:
   Tags the specified version of the package with the specified tag, or the
-  `--tag` config if not specified. The tag you're adding is `latest` and you
+  `--tag` config if not specified. If the tag you're adding is `latest` and you
   have two-factor authentication on auth-and-writes then you'll need to include
   an otp on the command line with `--otp`.
 

doc/cli/npm-install.md

@@ -69,8 +69,13 @@ after packing it up into a tarball (b).
 
     Install a package that is sitting on the filesystem.  Note: if you just want
     to link a dev directory into your npm root, you can do this more easily by
-    using `npm link`. The filename *must* use `.tar`, `.tar.gz`, or `.tgz` as
+    using `npm link`. 
+
+    Tarball requirements:
+    * The filename *must* use `.tar`, `.tar.gz`, or `.tgz` as
     the extension.
+    * The package contents should reside in a subfolder inside the tarball (usually it is called `package/`). npm strips one directory layer when installing the package (an equivalent of `tar x --strip-components=1` is run).
+    * The package must contain a `package.json` file with `name` and `version` properties.
 
     Example:
 

doc/cli/npm-link.md

@@ -53,11 +53,14 @@ above use-case in a shorter way:
 The second line is the equivalent of doing:
 
     (cd ../node-redis; npm link)
-    npm link node-redis
+    npm link redis
 
 That is, it first creates a global link, and then links the global
 installation target into your project's `node_modules` folder.
 
+Note that in this case, you are referring to the directory name, `node-redis`,
+rather than the package name `redis`.
+
 If your linked package is scoped (see `npm-scope(7)`) your link command must
 include that scope, e.g.
 

doc/cli/npm-unpublish.md

@@ -28,9 +28,10 @@ version combination can never be reused.  In order to publish the
 package again, a new version number must be used.
 
 With the default registry (`registry.npmjs.org`), unpublish is
-only allowed with versions published in the last 24 hours. If you
-are trying to unpublish a version published longer ago than that,
-contact [email protected].
+only allowed with versions published in the last 72 hours.  Similarly,
+new versions of unpublished packages may not be republished until 72 hours
+have passed. If you are trying to unpublish a version published longer
+ago than that, contact [email protected].
 
 The scope is optional and follows the usual rules for `npm-scope(7)`.
 

doc/misc/npm-config.md

@@ -1034,6 +1034,17 @@ will also prevent _writing_ `npm-shrinkwrap.json` if `save` is true.
 
 This option is an alias for `--package-lock`.
 
+### sign-git-commit
+
+* Default: false
+* Type: Boolean
+
+If set to true, then the `npm version` command will commit the new package
+version using `-S` to add a signature.
+
+Note that git requires you to have set up GPG keys in your git configs
+for this to work properly.
+
 ### sign-git-tag
 
 * Default: false
@@ -1130,6 +1141,14 @@ Set to true to suppress the UID/GID switching when running package
 scripts.  If set explicitly to false, then installing as a non-root user
 will fail.
 
+### update-notifier
+
+* Default: true
+* Type: Boolean
+
+Set to false to suppress the update notification when using an older
+version of npm than the latest.
+
 ### usage
 
 * Default: false

doc/misc/npm-disputes.md

@@ -39,7 +39,7 @@ some other user wants to use that name. Here are some common ways that happens
    really has to be updated. Alice works for Foo Inc, the makers of the
    critically acclaimed and widely-marketed `foo` JavaScript toolkit framework.
    They publish it to npm as `foojs`, but people are routinely confused when
-   `npm install `foo`` is some different thing.
+   `npm install foo` is some different thing.
 4. Yusuf writes a parser for the widely-known `foo` file format, because he
    needs it for work. Then, he gets a new job, and never updates the prototype.
    Later on, Alice writes a much more complete `foo` parser, but can't publish,

doc/misc/npm-registry.md

@@ -41,8 +41,8 @@ about your environment:
   This is used to gather better metrics on how npm is used by humans, versus
   build farms.
 
-The npm registry does not to correlate the information in these headers with
-any authenticated accounts that may be used in the same requests.
+The npm registry does not try to correlate the information in these headers
+with any authenticated accounts that may be used in the same requests.
 
 ## Can I run my own private registry?