deps: upgrade npm to 5.0.0

PR-URL: https://github.com/nodejs/node/pull/13276 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
8 years ago · c58cea5a16
230 changed files with 7639 additions and 3413 deletions
--- a/deps/npm/CHANGELOG.md
+++ b/deps/npm/CHANGELOG.md
--- a/deps/npm/TODO.org
+++ b/deps/npm/TODO.org
@ -1,4 +1,18 @@
 * Finished
  * [COMPLETED] npm: remove packageIntegrity
  * [COMPLETED] npm: fix lifecycle stuff
    * pack:
      * pre-: immediately before tarball contents are packed. Need to re-read package.json immediately after
      * pack: No pack lifecycle
      * post-: immediately after tarball reaches its final destination (not immediately after packaging)
    * prepare: `npm install`, immediately before `postinstall`, and immediately before `prepack`, never if `--prod`, after prepublish, before prepublishOnly
    * prepublish: alias for `prepare`
    * prepublishOnly: ONLY on `npm publish` (never on `npm pack`), runs before prepack (which takes care of re-reading package.json), re-reads package.json immediately after
  * [COMPLETED] pacote: fix always-auth bug
  * [COMPLETED] pacote: figure out why cache is being written as root
  * [COMPLETED] npm: make `npm update` save files as the right type
  * [COMPLETED] npm: update docs with npm5 changes
  * [COMPLETED] npm: don't write "problems" into package-lock
  * [COMPLETED] npm: add `created-with`, `shrinkwrap-version`, and `package-integrity`
  * [COMPLETED] npm: warn on incompatible package-lock version
  * [COMPLETED] npm: warn if both shrinkwrap and package-lock are there
@ -46,6 +60,12 @@
  * [COMPLETED] npm: fix bundle replacement issues (see: npm i nyc warning spam)
    * need fromBundle attribute on shrinkwrap and pass it through. the sw.version && sw.integrity-based fake node needs to have this there.
 * Backlog
  * [TODO] make-fetch-happen: integrity failures are being thrown
  * [TODO] write-file-atomic: review https://github.com/npm/write-file-atomic/pull/22
  * [TODO] pacote: write tests for git handlers
    * https://github.com/zkat/pacote/issues/70
  * [TODO] pacote: offline feature support for git deps
  * [TODO] npm: get logging working during the recalculateMetadata spam
  * [TODO] pacote: opts.extraHeaders
    * https://github.com/zkat/pacote/issues/79
  * [TODO] pacote: ECONNRESET recovery
@ -59,14 +79,8 @@
    * https://github.com/zkat/make-fetch-happen/issues/16
  * [TODO] make-fetch-happen: retry notification
    * https://github.com/zkat/make-fetch-happen/issues/21
-  * [TODO] npm: move addBundled call from inflate-shrinkwrap to extract
+  * [TODO] npm: more informative logging when building git deps
    * fix the fucking bundling thing while at it
 * Needed for npm@5
  * [TODO] pacote: write tests for git handlers
    * https://github.com/zkat/pacote/issues/70
  * [TODO] pacote: offline feature support for git deps
  * [TODO] npm: get logging working during the recalculateMetadata spam
  * [TODO] write-file-atomic: review https://github.com/npm/write-file-atomic/pull/22
 * Active
-  * [TODO] npm: make `npm update` save files as the right type
+  * [TODO] npm: figure out https://github.com/npm/npm/issues/16665
-  * [TODO] node: track down lifecycle signal failure
+  * [TODO] npm: first-run notice about npm5 still having known issues
--- a/deps/npm/appveyor.yml
+++ b/deps/npm/appveyor.yml
@ -15,7 +15,6 @@ install:
  - ps: Install-Product node $env:nodejs_version $env:platform
  - npm config set spin false
  - npm rebuild
  - npm i -g "npm/npm#release-beta-5"
  - node . install -g .
  - set "PATH=%APPDATA%\npm;C:\Program Files\Git\mingw64\libexec;%PATH%"
  - npm install --loglevel=http
--- a/deps/npm/changelogs/CHANGELOG-4.md
+++ b/deps/npm/changelogs/CHANGELOG-4.md
--- a/deps/npm/doc/cli/npm-cache.md
+++ b/deps/npm/doc/cli/npm-cache.md
@ -8,11 +8,11 @@ npm-cache(1) -- Manipulates packages cache
    npm cache add <tarball url>
    npm cache add <name>@<version>
    npm cache ls [<path>]
    npm cache clean [<path>]
    aliases: npm cache clear, npm cache rm
    npm cache verify
 ## DESCRIPTION
 Used to add, list, or clean the npm cache folder.
@ -22,35 +22,45 @@ Used to add, list, or clean the npm cache folder.
  intended to be used internally by npm, but it can provide a way to
  add data to the local installation cache explicitly.
 * ls:
  Show the data in the cache.  Argument is a path to show in the cache
  folder.  Works a bit like the `find` program, but limited by the
  `depth` config.
 * clean:
-  Delete data out of the cache folder.  If an argument is provided, then
+  Delete all data out of the cache folder.
-  it specifies a subpath to delete.  If no argument is provided, then
+
-  the entire cache is deleted.
+* verify:
  Verify the contents of the cache folder, garbage collecting any unneeded data,
  and verifying the integrity of the cache index and all cached data.
 ## DETAILS
-npm stores cache data in the directory specified in `npm config get cache`.
+npm stores cache data in an opaque directory within the configured `cache`,
-For each package that is added to the cache, three pieces of information are
+named `_cacache`. This directory is a `cacache`-based content-addressable cache
-stored in `{cache}/{name}/{version}`:
+that stores all http request data as well as other package-related data. This
 directory is primarily accessed through `pacote`, the library responsible for
 all package fetching as of npm@5.
 All data that passes through the cache is fully verified for integrity on both
 insertion and extraction. Cache corruption will either trigger an error, or
 signal to `pacote` that the data must be refetched, which it will do
 automatically. For this reason, it should never be necessary to clear the cache
 for any reason other than reclaiming disk space, thus why `clean` now requires
 `--force` to run.
 There is currently no method exposed through npm to inspect or directly manage
 the contents of this cache. In order to access it, `cacache` must be used
 directly.
 npm will not remove data by itself: the cache will grow as new packages are
 installed.
-* .../package/package.json:
+## A NOTE ABOUT THE CACHE'S DESIGN
  The package.json file, as npm sees it.
 * .../package.tgz:
  The tarball for that version.
-Additionally, whenever a registry request is made, a `.cache.json` file
+The npm cache is strictly a cache: it should not be relied upon as a persistent
-is placed at the corresponding URI, to store the ETag and the requested
+and reliable data store for package data. npm makes no guarantee that a
-data.  This is stored in `{cache}/{hostname}/{path}/.cache.json`.
+previously-cached piece of data will be available later, and will automatically
 delete corrupted contents. The primary guarantee that the cache makes is that,
 if it does return data, that data will be exactly the data that was inserted.
-Commands that make non-essential registry requests (such as `search` and
+To run an offline verification of existing cache contents, use `npm cache
-`view`, or the completion scripts) generally specify a minimum timeout.
+verify`.
 If the `.cache.json` file is younger than the specified timeout, then
 they do not make an HTTP request to the registry.
 ## CONFIGURATION
@ -69,3 +79,5 @@ The root cache folder.
 * npm-install(1)
 * npm-publish(1)
 * npm-pack(1)
 * https://npm.im/cacache
 * https://npm.im/pacote
--- a/deps/npm/doc/cli/npm-install.md
+++ b/deps/npm/doc/cli/npm-install.md
@ -8,18 +8,21 @@ npm-install(1) -- Install a package
    npm install [<@scope>/]<name>@<tag>
    npm install [<@scope>/]<name>@<version>
    npm install [<@scope>/]<name>@<version range>
    npm install <git-host>:<git-user>/<repo-name>
    npm install <git repo url>
    npm install <tarball file>
    npm install <tarball url>
    npm install <folder>
    alias: npm i
-    common options: [-S|--save|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--dry-run]
+    common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run]
 ## DESCRIPTION
 This command installs a package, and any packages that it depends on. If the
-package has a shrinkwrap file, the installation of dependencies will be driven
+package has a package-lock or shrinkwrap file, the installation of dependencies
-by that. See npm-shrinkwrap(1).
+will be driven by that, with an `npm-shrinkwrap.json` taking precedence if both
 files exist. See package-lock.json(5) and npm-shrinkwrap(1).
 A `package` is:
@ -54,13 +57,17 @@ after packing it up into a tarball (b).
 * `npm install <folder>`:
-    Install a package that is sitting in a folder on the filesystem.
+    Install the package in the directory as a symlink in the current project.
    Its dependencies will be installed before it's linked. If `<folder>` sits
    inside the root of your project, its dependencies may be hoisted to the
    toplevel `node_modules` as they would for other types of dependencies.
 * `npm install <tarball file>`:
    Install a package that is sitting on the filesystem.  Note: if you just want
    to link a dev directory into your npm root, you can do this more easily by
-    using `npm link`.
+    using `npm link`. The filename *must* use `.tar`, `.tar.gz`, or `.tgz` as
    the extension.
    Example:
@ -75,27 +82,31 @@ after packing it up into a tarball (b).
          npm install https://github.com/indexzero/forever/tarball/v0.5.6
-* `npm install [<@scope>/]<name> [-S|--save|-D|--save-dev|-O|--save-optional]`:
+* `npm install [<@scope>/]<name>`:
    Do a `<name>@<tag>` install, where `<tag>` is the "tag" config. (See
    `npm-config(7)`. The config's default value is `latest`.)
-    In most cases, this will install the latest version
+    In most cases, this will install the version of the modules tagged as
-    of the module published on npm.
+    `latest` on the npm registry.
    Example:
          npm install sax
-    `npm install` takes 3 exclusive, optional flags which save or update
+    `npm install` saves any specified packages into `dependencies` by default.
-    the package version in your main package.json:
+    Additionally, you can control where and how they get saved with some
    additional flags:
-    * `-S, --save`: Package will appear in your `dependencies`.
+    * `-P, --save-prod`: Package will appear in your `dependencies`. This is the
                         default unless `-D` or `-O` are present.
    * `-D, --save-dev`: Package will appear in your `devDependencies`.
    * `-O, --save-optional`: Package will appear in your `optionalDependencies`.
    * `--no-save`: Prevents saving to `dependencies`.
    When using any of the above options to save dependencies to your
    package.json, there are two additional, optional flags:
@ -105,8 +116,8 @@ after packing it up into a tarball (b).
    * `-B, --save-bundle`: Saved dependencies will also be added to your `bundleDependencies` list.
-    Further, if you have an `npm-shrinkwrap.json` then it will be updated as
+    Further, if you have an `npm-shrinkwrap.json` or `package-lock.json` then it
-    well.
+    will be updated as well.
    `<scope>` is optional. The package will be downloaded from the registry
    associated with the specified scope. If no registry is associated with
@ -118,13 +129,13 @@ after packing it up into a tarball (b).
    Examples:
-          npm install sax --save
+          npm install sax
          npm install githubname/reponame
          npm install @myorg/privatepackage
          npm install node-tap --save-dev
          npm install dtrace-provider --save-optional
-          npm install readable-stream --save --save-exact
+          npm install readable-stream --save-exact
-          npm install ansi-regex --save --save-bundle
+          npm install ansi-regex --save-bundle
    **Note**: If there is a file or folder named `<name>` in the current
@ -167,20 +178,30 @@ after packing it up into a tarball (b).
 * `npm install <git remote url>`:
-    Installs the package from the hosted git provider, cloning it with
+    Installs the package from the hosted git provider, cloning it with `git`.
-    `git`. First it tries via the https (git with github) and if that fails, via ssh.
+    For a full git remote url, only that URL will be attempted.
          <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish> | #semver:<semver>]
    `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`, or
    `git+file`.
-          <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>[#<commit-ish>]
+    If `#<commit-ish>` is provided, it will be used to clone exactly that
    commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can
    be any valid semver range or exact version, and npm will look for any tags
    or refs matching that range in the remote repository, much as it would for a
    registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is
    specified, then `master` is used.
-    `<protocol>` is one of `git`, `git+ssh`, `git+http`, `git+https`,
+    If the repository makes use of submodules, those submodules will be cloned
-    or `git+file`.
+    as well.
    If no `<commit-ish>` is specified, then `master` is used.
-    If the repository makes use of submodules, those submodules will
+    If the package being installed contains a `prepare` script, its
-    be cloned as well.
+    `dependencies` and `devDependencies` will be installed, and the prepare
    script will be run, before the package is packaged and installed.
-    The following git environment variables are recognized by npm and will be added
+    The following git environment variables are recognized by npm and will be
-    to the environment when running git:
+    added to the environment when running git:
    * `GIT_ASKPASS`
    * `GIT_EXEC_PATH`
@ -195,6 +216,7 @@ after packing it up into a tarball (b).
    Examples:
          npm install git+ssh://git@github.com:npm/npm.git#v1.0.27
          npm install git+ssh://git@github.com:npm/npm#semver:^5.0
          npm install git+https://isaacs@github.com/npm/npm.git
          npm install git://github.com/npm/npm.git#v1.0.27
          GIT_SSH_COMMAND='ssh -i ~/.ssh/custom_ident' npm install git+ssh://git@github.com:npm/npm.git
@ -205,20 +227,31 @@ after packing it up into a tarball (b).
    Install the package at `https://github.com/githubname/githubrepo` by
    attempting to clone it using `git`.
-    If you don't specify a *commit-ish* then `master` will be used.
+    If `#<commit-ish>` is provided, it will be used to clone exactly that
    commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can
    be any valid semver range or exact version, and npm will look for any tags
    or refs matching that range in the remote repository, much as it would for a
    registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is
    specified, then `master` is used.
    As with regular git dependencies, `dependencies` and `devDependencies` will
    be installed if the package has a `prepare` script, before the package is
    done installing.
    Examples:
          npm install mygithubuser/myproject
          npm install github:mygithubuser/myproject
-* `npm install gist:[<githubname>/]<gistID>[#<commit-ish>]`:
+* `npm install gist:[<githubname>/]<gistID>[#<commit-ish>|#semver:<semver>]`:
    Install the package at `https://gist.github.com/gistID` by attempting to
    clone it using `git`. The GitHub username associated with the gist is
-    optional and will not be saved in `package.json` if `-S` or `--save` is used.
+    optional and will not be saved in `package.json`.
-    If you don't specify a *commit-ish* then `master` will be used.
+    As with regular git dependencies, `dependencies` and `devDependencies` will
    be installed if the package has a `prepare` script, before the package is
    done installing.
    Example:
@ -229,7 +262,16 @@ after packing it up into a tarball (b).
    Install the package at `https://bitbucket.org/bitbucketname/bitbucketrepo`
    by attempting to clone it using `git`.
-    If you don't specify a *commit-ish* then `master` will be used.
+    If `#<commit-ish>` is provided, it will be used to clone exactly that
    commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can
    be any valid semver range or exact version, and npm will look for any tags
    or refs matching that range in the remote repository, much as it would for a
    registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is
    specified, then `master` is used.
    As with regular git dependencies, `dependencies` and `devDependencies` will
    be installed if the package has a `prepare` script, before the package is
    done installing.
    Example:
@ -240,11 +282,21 @@ after packing it up into a tarball (b).
    Install the package at `https://gitlab.com/gitlabname/gitlabrepo`
    by attempting to clone it using `git`.
-    If you don't specify a *commit-ish* then `master` will be used.
+    If `#<commit-ish>` is provided, it will be used to clone exactly that
    commit. If the commit-ish has the format `#semver:<semver>`, `<semver>` can
    be any valid semver range or exact version, and npm will look for any tags
    or refs matching that range in the remote repository, much as it would for a
    registry dependency. If neither `#<commit-ish>` or `#semver:<semver>` is
    specified, then `master` is used.
    As with regular git dependencies, `dependencies` and `devDependencies` will
    be installed if the package has a `prepare` script, before the package is
    done installing.
    Example:
          npm install gitlab:mygitlabuser/myproject
          npm install gitlab:myusr/myproj#semver:^5.0
 You may combine multiple arguments, and even multiple types of arguments.
 For example:
@ -289,7 +341,7 @@ The `--no-optional` argument will prevent optional dependencies from
 being installed.
 The `--no-shrinkwrap` argument, which will ignore an available
-shrinkwrap file and use the package.json instead.
+package lock or shrinkwrap file and use the package.json instead.
 The `--nodedir=/path/to/node/source` argument will allow npm to find the
 node source code so that npm can compile native modules.
@ -336,7 +388,9 @@ For `A{B,C}, B{C,D@1}, C{D@2}`, this algorithm produces:
    +-- D@1
 Because B's D@1 will be installed in the top level, C now has to install D@2
-privately for itself.
+privately for itself. This algorithm is deterministic, but different trees may
 be produced if two dependencies are requested for installation in a different
 order.
 See npm-folders(5) for a more detailed description of the specific
 folder structures that npm creates.
--- a/deps/npm/doc/cli/npm-publish.md
+++ b/deps/npm/doc/cli/npm-publish.md
@ -48,6 +48,10 @@ Once a package is published with a given name and version, that
 specific name and version combination can never be used again, even if
 it is removed with npm-unpublish(1).
 As of `npm@5`, both a sha1sum and an integrity field with a sha512sum of the
 tarball will be submitted to the registry during publication. Subsequent
 installs will use the strongest supported algorithm to verify downloads.
 For a "dry run" that does everything except actually publishing to the
 registry, see `npm-pack(1)`, which figures out the files to be included and
 packs them into a tarball to be uploaded to the registry.
--- a/deps/npm/doc/cli/npm-shrinkwrap.md
+++ b/deps/npm/doc/cli/npm-shrinkwrap.md
@ -1,4 +1,4 @@
-npm-shrinkwrap(1) -- Lock down dependency versions
+npm-shrinkwrap(1) -- Lock down dependency versions for publication
 =====================================================
 ## SYNOPSIS
@ -7,181 +7,11 @@ npm-shrinkwrap(1) -- Lock down dependency versions
 ## DESCRIPTION
-This command locks down the versions of a package's dependencies so
+This command repurposes `package-lock.json` into a publishable
-that you can control exactly which versions of each dependency will be
+`npm-shrinkwrap.json` or simply creates a new one. The file created and updated
-used when your package is installed. The `package.json` file is still
+by this command will then take precedence over any other existing or future
-required if you want to use `npm install`.
+`package-lock.json` files. For a detailed explanation of the design and purpose
-
+of package locks in npm, see npm-package-locks(5).
 By default, `npm install` recursively installs the target's
 dependencies (as specified in `package.json`), choosing the latest
 available version that satisfies the dependency's semver pattern. In
 some situations, particularly when shipping software where each change
 is tightly managed, it's desirable to fully specify each version of
 each dependency recursively so that subsequent builds and deploys do
 not inadvertently pick up newer versions of a dependency that satisfy
 the semver pattern. Specifying specific semver patterns in each
 dependency's `package.json` would facilitate this, but that's not always
 possible or desirable, as when another author owns the npm package.
 It's also possible to check dependencies directly into source control,
 but that may be undesirable for other reasons.
 As an example, consider package A:
    {
      "name": "A",
      "version": "0.1.0",
      "dependencies": {
        "B": "<0.1.0"
      }
    }
 package B:
    {
      "name": "B",
      "version": "0.0.1",
      "dependencies": {
        "C": "<0.1.0"
      }
    }
 and package C:
    {
      "name": "C",
      "version": "0.0.1"
    }
 If these are the only versions of A, B, and C available in the
 registry, then a normal `npm install A` will install:
    A@0.1.0
    `-- B@0.0.1
        `-- C@0.0.1
 However, if B@0.0.2 is published, then a fresh `npm install A` will
 install:
    A@0.1.0
    `-- B@0.0.2
        `-- C@0.0.1
 assuming the new version did not modify B's dependencies. Of course,
 the new version of B could include a new version of C and any number
 of new dependencies. If such changes are undesirable, the author of A
 could specify a dependency on B@0.0.1. However, if A's author and B's
 author are not the same person, there's no way for A's author to say
 that he or she does not want to pull in newly published versions of C
 when B hasn't changed at all.
 In this case, A's author can run
    npm shrinkwrap
 This generates `npm-shrinkwrap.json`, which will look something like this:
    {
      "name": "A",
      "version": "0.1.0",
      "dependencies": {
        "B": {
          "version": "0.0.1",
          "from": "B@^0.0.1",
          "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz",
          "dependencies": {
            "C": {
              "version": "0.0.1",
              "from": "org/C#v0.0.1",
              "resolved": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4"
            }
          }
        }
      }
    }
 The shrinkwrap command has locked down the dependencies based on what's
 currently installed in `node_modules`.  The installation behavior is changed to:
 1. The module tree described by the shrinkwrap is reproduced. This means
 reproducing the structure described in the file, using the specific files
 referenced in "resolved" if available, falling back to normal package
 resolution using "version" if one isn't.
 2. The tree is walked and any missing dependencies are installed in the usual fashion.
 If `preshrinkwrap`, `shrinkwrap` or `postshrinkwrap` are in the `scripts` property of the
 `package.json`, they will be executed by running `npm shrinkwrap`.
 `preshrinkwrap` and `shrinkwrap` are executed before the shrinkwrap, `postshrinkwrap` is
 executed afterwards. For example to run some postprocessing on the generated file:
    "scripts": { "postshrinkwrap": "node fix-shrinkwrap.js" }
 ### Using shrinkwrapped packages
 Using a shrinkwrapped package is no different than using any other
 package: you can `npm install` it by hand, or add a dependency to your
 `package.json` file and `npm install` it.
 ### Building shrinkwrapped packages
 To shrinkwrap an existing package:
 1. Run `npm install` in the package root to install the current
   versions of all dependencies.
 2. Validate that the package works as expected with these versions.
 3. Run `npm shrinkwrap`, add `npm-shrinkwrap.json` to git, and publish
   your package.
 To add or update a dependency in a shrinkwrapped package:
 1. Run `npm install` in the package root to install the current
   versions of all dependencies.
 2. Add or update dependencies. `npm install --save` or `npm install --save-dev`
   each new or updated package individually to update the `package.json` and
   the shrinkwrap. Note that they must be explicitly named in order to be
   installed: running `npm install` with no arguments will merely reproduce
   the existing shrinkwrap.
 3. Validate that the package works as expected with the new
   dependencies.
 4. Commit the new `npm-shrinkwrap.json`, and publish your package.
 You can use npm-outdated(1) to view dependencies with newer versions
 available.
 ### Other Notes
 A shrinkwrap file must be consistent with the package's `package.json`
 file. `npm shrinkwrap` will fail if required dependencies are not
 already installed, since that would result in a shrinkwrap that
 wouldn't actually work. Similarly, the command will fail if there are
 extraneous packages (not referenced by `package.json`), since that would
 indicate that `package.json` is not correct.
 Starting with npm v4.0.1, `devDependencies` are included when you run
 `npm shrinkwrap` and follow the usual rules as to when they're installed.
 As of npm v3.10.8, if you run `npm install --only=production` or
 `npm install --production` with a shrinkwrap including your development
 dependencies they won't be installed. Similarly, if the environment
 variable `NODE_ENV` is `production` then they won't be installed. If you
 need compatibility with versions of npm prior to v3.10.8 or otherwise
 don't want them in your shrinkwrap you can exclude development
 dependencies with:
 `npm shrinkwrap --only=prod` or `npm shrinkwrap --production`.
 If shrinkwrapped package A depends on shrinkwrapped package B, B's
 shrinkwrap will not be used as part of the installation of A. However,
 because A's shrinkwrap is constructed from a valid installation of B
 and recursively specifies all dependencies, the contents of B's
 shrinkwrap will implicitly be included in A's shrinkwrap.
 ### Caveats
 If you wish to lock down the specific bytes included in a package, for
 example to have 100% confidence in being able to reproduce a
 deployment or build, then you ought to check your dependencies into
 source control, or pursue some other mechanism that can verify
 contents rather than versions.
 ## SEE ALSO
@ -189,4 +19,7 @@ contents rather than versions.
 * npm-run-script(1)
 * npm-scripts(7)
 * package.json(5)
 * npm-package-locks(5)
 * package-lock.json(5)
 * npm-shrinkwrap.json(5)
 * npm-ls(1)
--- a/deps/npm/doc/files/npm-package-locks.md
+++ b/deps/npm/doc/files/npm-package-locks.md
@ -0,0 +1,145 @@
 npm-package-locks(5) -- An explanation of npm lockfiles
 =====================================================
 ## DESCRIPTION
 Conceptually, the "input" to npm-install(1) is a package.json(5), while its
 "output" is a fully-formed `node_modules` tree: a representation of the
 dependencies you declared. In an ideal world, npm would work like a pure
 function: the same `package.json` should produce the exact same `node_modules`
 tree, any time. In some cases, this is indeed true. But in many others, npm is
 unable to do this. There are multiple reasons for this:
 * different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms.
 * a new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used.
 * A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (`1.2.3` instead of `^1.2.3`)
 * The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now.
 As an example, consider package A:
    {
      "name": "A",
      "version": "0.1.0",
      "dependencies": {
        "B": "<0.1.0"
      }
    }
 package B:
    {
      "name": "B",
      "version": "0.0.1",
      "dependencies": {
        "C": "<0.1.0"
      }
    }
 and package C:
    {
      "name": "C",
      "version": "0.0.1"
    }
 If these are the only versions of A, B, and C available in the
 registry, then a normal `npm install A` will install:
    A@0.1.0
    `-- B@0.0.1
        `-- C@0.0.1
 However, if B@0.0.2 is published, then a fresh `npm install A` will
 install:
    A@0.1.0
    `-- B@0.0.2
        `-- C@0.0.1
 assuming the new version did not modify B's dependencies. Of course,
 the new version of B could include a new version of C and any number
 of new dependencies. If such changes are undesirable, the author of A
 could specify a dependency on B@0.0.1. However, if A's author and B's
 author are not the same person, there's no way for A's author to say
 that he or she does not want to pull in newly published versions of C
 when B hasn't changed at all.
 To prevent this potential issue, npm uses package-lock.json(5) or, if present,
 npm-shrinkwrap.json(5). These files are called package locks, or lockfiles.
 Whenever you run `npm install`, npm generates or updates your package lock,
 which will look something like this:
    {
      "name": "A",
      "version": "0.1.0",
      ...metadata fields...
      "dependencies": {
        "B": {
          "version": "0.0.1",
          "resolved": "https://registry.npmjs.org/B/-/B-0.0.1.tgz",
          "integrity": "sha512-DeAdb33F+"
          "dependencies": {
            "C": {
              "version": "git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4"
            }
          }
        }
      }
    }
 This file describes an *exact*, and more importantly *reproducible*
 `node_modules` tree. Once it's present, and future installation will base its
 work off this file, instead of recalculating dependency versions off
 package.json(5).
 The presence of a package lock changes the installation behavior such that:
 1. The module tree described by the package lock is reproduced. This means
 reproducing the structure described in the file, using the specific files
 referenced in "resolved" if available, falling back to normal package resolution
 using "version" if one isn't.
 2. The tree is walked and any missing dependencies are installed in the usual
 fashion.
 If `preshrinkwrap`, `shrinkwrap` or `postshrinkwrap` are in the `scripts`
 property of the `package.json`, they will be executed in order. `preshrinkwrap`
 and `shrinkwrap` are executed before the shrinkwrap, `postshrinkwrap` is
 executed afterwards. These scripts run for both `package-lock.json` and
 `npm-shrinkwrap.json`. For example to run some postprocessing on the generated
 file:
    "scripts": {
      "postshrinkwrap": "json -I -e \"this.myMetadata = $MY_APP_METADATA\""
    }
 ### Using locked packages
 Using a locked package is no different than using any package without a package
 lock: any commands that update `node_modules` and/or `package.json`'s
 dependencies will automatically sync the existing lockfile. This includes `npm
 install`, `npm rm`, `npm update`, etc. To prevent this update from happening,
 you can use the `--no-save` option to prevent saving altogether, or
 `--no-shrinkwrap` to allow `package.json` to be updated while leaving
 `package-lock.json` or `npm-shrinkwrap.json` intact.
 It is highly recommended you commit the generated package lock to source
 control: this will allow anyone else on your team, your deployments, your
 CI/continuous integration, and anyone else who runs `npm install` in your
 package source to get the exact same dependency tree that you were developing
 on. Additionally, the diffs from these changes are human-readable and will
 inform you of any changes npm has made to your `node_modules`, so you can notice
 if any transitive dependencies were updated, hoisted, etc.
 ## SEE ALSO
 * https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527
 * package.json(5)
 * package-lock.json(5)
 * npm-shrinkwrap.json(5)
 * npm-shrinkwrap(1)
--- a/deps/npm/doc/files/npm-shrinkwrap.json.md
+++ b/deps/npm/doc/files/npm-shrinkwrap.json.md
@ -0,0 +1,27 @@
 npm-shrinkwrap.json(5) -- A publishable lockfile
 =====================================================
 ## DESCRIPTION
 `npm-shrinkwrap.json` is a file created by npm-shrinkwrap(1). It is identical to
 `package-lock.json`, with one major caveat: Unlike `package-lock.json`,
 `npm-shrinwkrap.json` may be included when publishing a package.
 The recommended use-case for `npm-shrinkwrap.json` is applications deployed
 through the publishing process on the registry: for example, daemons and
 command-line tools intended as global installs or `devDependencies`. It's
 strongly discouraged for library authors to publish this file, since that would
 prevent end users from having control over transitive dependency updates.
 Additionally, if both `package-lock.json` and `npm-shrinwkrap.json` are present
 in a package root, `package-lock.json` will be ignored in favor of this file.
 For full details and description of the `npm-shrinkwrap.json` file format, refer
 to the manual page for package-lock.json(5).
 ## SEE ALSO
 * npm-shrinkwrap(1)
 * package-lock.json(5)
 * package.json(5)
 * npm-install(1)
--- a/deps/npm/doc/files/package-lock.json.md
+++ b/deps/npm/doc/files/package-lock.json.md
@ -0,0 +1,132 @@
 package-lock.json(5) -- A manifestation of the manifest
 =====================================================
 ## DESCRIPTION
 `package-lock.json` is automatically generated for any operations where npm
 modifies either the `node_modules` tree, or `package.json`. It describes the
 exact tree that was generated, such that subsequent installs are able to
 generate identical trees, regardless of intermediate dependency updates.
 This file is intended to be committed into source repositories, and serves
 various purposes:
 * Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
 * Provide a facility for users to "time-travel" to previous states of `node_modules` without having to commit the directory itself.
 * To facilitate greater visibility of tree changes through readable source control diffs.
 * And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
 One key detail about `package-lock.json` is that it cannot be published, and it
 will be ignored if found in any place other than the toplevel package. It shares
 a format with npm-shrinkwrap.json(5), which is essentially the same file, but
 allows publication. This is not recommended unless deploying a CLI tool or
 otherwise using the publication process for producing production packages.
 If both `package-lock.json` and `npm-shrinkwrap.json` are present in the root of
 a package, `package-lock.json` will be completely ignored.
 ## FILE FORMAT
 ### name
 The name of the package this is a package-lock for. This must match what's in
 `package.json`.
 ### version
 The version of the package this is a package-lock for. This must match what's in
 `package.json`.
 ### lockfileVersion
 An integer version, starting at `1` with the version number of this document
 whose semantics were used when generating this `package-lock.json`.
 ### packageIntegrity
 This is a [subresource
 integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) value
 created from the `pacakge.json`. No preprocessing of the `package.json` should
 be done. Subresource integrity strings can be produced by modules like
 [`ssri`](https://www.npmjs.com/package/ssri).
 ### preserveSymlinks
 Indicates that the install was done with the environment variable
 `NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of
 this property match that environment variable.
 ### dependencies
 A mapping of package name to dependency object.  Dependency objects have the
 following properties:
 #### version
 This is a specifier that uniquely identifies this package and should be
 usable in fetching a new copy of it.
 * bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.
 * registry sources: This is a version number. (eg, `1.2.3`)
 * git sources: This is a git specifier with resolved committish. (eg, `git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e`)
 * http tarball sources: This is the URL of the tarball. (eg, `https://example.com/example-1.3.0.tgz`)
 * local tarball sources: This is the file URL of the tarball. (eg `file:///opt/storage/example-1.3.0.tgz`)
 * local link sources: This is the file URL of the link. (eg `file:libs/our-module`)
 #### integrity
 This is a [Standard Subresource
 Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) for this
 resource.
 * For bundled dependencies this is not included, regardless of source.
 * For registry sources, this is the `integrity` that the registry provided, or if one wasn't provided the SHA1 in `shasum`.
 * For git sources this is the specific commit hash we cloned from.
 * For remote tarball sources this is an integrity based on a SHA512 of
  the file.
 * For local tarball sources: This is an integrity field based on the SHA512 of the file.
 #### resolved
 * For bundled dependencies this is not included, regardless of source.
 * For registry sources this is path of the tarball relative to the registry
  URL.  If the tarball URL isn't on the same server as the registry URL then
  this is a complete URL.
 #### bundled
 If true, this is the bundled dependency and will be installed by the parent
 module.  When installing, this module will be extracted from the parent
 module during the extract phase, not installed as a separate dependency.
 #### dev
 If true then this dependency is either a development dependency ONLY of the
 top level module or a transitive dependency of one.  This is false for
 dependencies that are both a development dependency of the top level and a
 transitive dependency of a non-development dependency of the top level.
 #### optional
 If true then this dependency is either an optional dependency ONLY of the
 top level module or a transitive dependency of one.  This is false for
 dependencies that are both an optional dependency of the top level and a
 transitive dependency of a non-optional dependency of the top level.
 All optional dependencies should be included even if they're uninstallable
 on the current platform.
 #### dependencies
 The dependencies of this dependency, exactly as at the top level.
 ## SEE ALSO
 * npm-shrinkwrap(1)
 * package-lock.json(5)
 * package.json(5)
 * npm-install(1)
--- a/deps/npm/doc/misc/npm-config.md
+++ b/deps/npm/doc/misc/npm-config.md
@ -63,6 +63,7 @@ The following shorthands are parsed on the command-line:
 * `-f`: `--force`
 * `-desc`: `--description`
 * `-S`: `--save`
 * `-P`: `--save-prod`
 * `-D`: `--save-dev`
 * `-O`: `--save-optional`
 * `-B`: `--save-bundle`
@ -682,6 +683,16 @@ Attempt to install packages in the `optionalDependencies` object.  Note
 that if these packages fail to install, the overall installation
 process is not aborted.
 ### package-lock
 * Default: true
 * Type: Boolean
 If set to false, then ignore `package-lock.json` files when installing. This
 will also prevent _writing_ `package-lock.json` if `save` is true.
 This option is an alias for `--shrinkwrap`.
 ### parseable
 * Default: false
@ -803,6 +814,17 @@ If a package would be saved at install time by the use of `--save`,
 When used with the `npm rm` command, it removes it from the
 bundledDependencies list.
 ### save-prod
 * Default: false
 * Type: Boolean
 Makes sure that a package will be saved into `dependencies` specifically. This
 is useful if a package already exists in `devDependencies` or
 `optionalDependencies`, but you want to move it to be a production dep. This is
 also the default behavior if `--save` is true, and neither `--save-dev` or
 `--save-optional` are true.
 ### save-dev
 * Default: false
@ -934,8 +956,10 @@ The shell to run for the `npm explore` command.
 * Default: true
 * Type: Boolean
-If set to false, then ignore `npm-shrinkwrap.json` files when
+If set to false, then ignore `npm-shrinkwrap.json` files when installing. This
-installing.
+will also prevent _writing_ `npm-shrinkwrap.json` if `save` is true.
 This option is an alias for `--package-lock`.
 ### sign-git-tag
--- a/deps/npm/doc/misc/npm-index.md
+++ b/deps/npm/doc/misc/npm-index.md
@ -163,7 +163,7 @@ Search for packages
 ### npm-shrinkwrap(1)
-Lock down dependency versions
+Lock down dependency versions for publication
 ### npm-star(1)
@ -225,10 +225,22 @@ File system structures npm uses
 Folder Structures Used by npm
 ### npm-package-locks(5)
 An explanation of npm lockfiles
 ### npm-shrinkwrap.json(5)
 A publishable lockfile
 ### npmrc(5)
 The npm config files
 ### package-lock.json(5)
 A manifestation of the manifest
 ### package.json(5)
 Specifics of npm's package.json handling
--- a/deps/npm/doc/misc/npm-scripts.md
+++ b/deps/npm/doc/misc/npm-scripts.md
@ -7,14 +7,20 @@ npm supports the "scripts" property of the package.json script, for the
 following scripts:
 * prepublish:
-  Run BEFORE the package is published.  (Also run on local `npm
+  Run BEFORE the package is packed and published, as well as on local `npm
-  install` without any arguments. See below.)
+  install` without any arguments. (See below)
 * prepare:
-  Run both BEFORE the package is published, and on local `npm
+  Run both BEFORE the package is packed and published, and on local `npm
-  install` without any arguments. (See below.) This is run
+  install` without any arguments (See below). This is run
  AFTER `prepublish`, but BEFORE `prepublishOnly`.
 * prepublishOnly:
-  Run BEFORE the package is published. (See below.)
+  Run BEFORE the package is prepared and packed, ONLY on `npm publish`. (See
  below.)
 * prepack:
  run BEFORE a tarball is packed (on `npm pack`, `npm publish`, and when
  installing git dependencies)
 * postpack:
  Run AFTER the tarball has been generated and moved to its final destination.
 * publish, postpublish:
  Run AFTER the package is published.
 * preinstall:
--- a/deps/npm/html/doc/README.html
+++ b/deps/npm/html/doc/README.html
@ -126,5 +126,5 @@ will no doubt tell you to put the output in a gist or email.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@5.0.0-beta.56</p>
+<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-access.html
+++ b/deps/npm/html/doc/cli/npm-access.html
@ -84,5 +84,5 @@ with an HTTP 402 status code (logically enough), unless you use
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-access &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-access &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-adduser.html
+++ b/deps/npm/html/doc/cli/npm-adduser.html
@ -81,5 +81,5 @@ username/password entry in legacy npm.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-adduser &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-adduser &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-bin.html
+++ b/deps/npm/html/doc/cli/npm-bin.html
@ -35,5 +35,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bin &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-bin &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-bugs.html
+++ b/deps/npm/html/doc/cli/npm-bugs.html
@ -55,5 +55,5 @@ a <code>package.json</code> in the current folder and use the <code>name</code>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bugs &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-bugs &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-build.html
+++ b/deps/npm/html/doc/cli/npm-build.html
@ -40,5 +40,5 @@ directly, run:</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-build &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-build &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-bundle.html
+++ b/deps/npm/html/doc/cli/npm-bundle.html
@ -31,5 +31,5 @@ install packages into the local space.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bundle &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-bundle &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-cache.html
+++ b/deps/npm/html/doc/cli/npm-cache.html
@ -16,10 +16,10 @@ npm cache add &lt;folder&gt;
 npm cache add &lt;tarball url&gt;
 npm cache add &lt;name&gt;@&lt;version&gt;
 npm cache ls [&lt;path&gt;]
 npm cache clean [&lt;path&gt;]
 aliases: npm cache clear, npm cache rm
 npm cache verify
 </code></pre><h2 id="description">DESCRIPTION</h2>
 <p>Used to add, list, or clean the npm cache folder.</p>
 <ul>
@ -28,34 +28,39 @@ Add the specified package to the local cache.  This command is primarily
 intended to be used internally by npm, but it can provide a way to
 add data to the local installation cache explicitly.</p>
 </li>
 <li><p>ls:
 Show the data in the cache.  Argument is a path to show in the cache
 folder.  Works a bit like the <code>find</code> program, but limited by the
 <code>depth</code> config.</p>
 </li>
 <li><p>clean:
-Delete data out of the cache folder.  If an argument is provided, then
+Delete all data out of the cache folder.</p>
-it specifies a subpath to delete.  If no argument is provided, then
+</li>
-the entire cache is deleted.</p>
+<li><p>verify:
 Verify the contents of the cache folder, garbage collecting any unneeded data,
 and verifying the integrity of the cache index and all cached data.</p>
 </li>
 </ul>
 <h2 id="details">DETAILS</h2>
-<p>npm stores cache data in the directory specified in <code>npm config get cache</code>.
+<p>npm stores cache data in an opaque directory within the configured <code>cache</code>,
-For each package that is added to the cache, three pieces of information are
+named <code>_cacache</code>. This directory is a <code>cacache</code>-based content-addressable cache
-stored in <code>{cache}/{name}/{version}</code>:</p>
+that stores all http request data as well as other package-related data. This
-<ul>
+directory is primarily accessed through <code>pacote</code>, the library responsible for
-<li>.../package/package.json:
+all package fetching as of npm@5.</p>
-The package.json file, as npm sees it.</li>
+<p>All data that passes through the cache is fully verified for integrity on both
-<li>.../package.tgz:
+insertion and extraction. Cache corruption will either trigger an error, or
-The tarball for that version.</li>
+signal to <code>pacote</code> that the data must be refetched, which it will do
-</ul>
+automatically. For this reason, it should never be necessary to clear the cache
-<p>Additionally, whenever a registry request is made, a <code>.cache.json</code> file
+for any reason other than reclaiming disk space, thus why <code>clean</code> now requires
-is placed at the corresponding URI, to store the ETag and the requested
+<code>--force</code> to run.</p>
-data.  This is stored in <code>{cache}/{hostname}/{path}/.cache.json</code>.</p>
+<p>There is currently no method exposed through npm to inspect or directly manage
-<p>Commands that make non-essential registry requests (such as <code>search</code> and
+the contents of this cache. In order to access it, <code>cacache</code> must be used
-<code>view</code>, or the completion scripts) generally specify a minimum timeout.
+directly.</p>
-If the <code>.cache.json</code> file is younger than the specified timeout, then
+<p>npm will not remove data by itself: the cache will grow as new packages are
-they do not make an HTTP request to the registry.</p>
+installed.</p>
 <h2 id="a-note-about-the-cache-s-design">A NOTE ABOUT THE CACHE&#39;S DESIGN</h2>
 <p>The npm cache is strictly a cache: it should not be relied upon as a persistent
 and reliable data store for package data. npm makes no guarantee that a
 previously-cached piece of data will be available later, and will automatically
 delete corrupted contents. The primary guarantee that the cache makes is that,
 if it does return data, that data will be exactly the data that was inserted.</p>
 <p>To run an offline verification of existing cache contents, use <code>npm cache
 verify</code>.</p>
 <h2 id="configuration">CONFIGURATION</h2>
 <h3 id="cache">cache</h3>
 <p>Default: <code>~/.npm</code> on Posix, or <code>%AppData%/npm-cache</code> on Windows.</p>
@ -69,6 +74,8 @@ they do not make an HTTP request to the registry.</p>
 <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
 <li><a href="../cli/npm-publish.html">npm-publish(1)</a></li>
 <li><a href="../cli/npm-pack.html">npm-pack(1)</a></li>
 <li><a href="https://npm.im/cacache">https://npm.im/cacache</a></li>
 <li><a href="https://npm.im/pacote">https://npm.im/pacote</a></li>
 </ul>
 </div>
@ -82,5 +89,5 @@ they do not make an HTTP request to the registry.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-cache &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-cache &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-completion.html
+++ b/deps/npm/html/doc/cli/npm-completion.html
@ -43,5 +43,5 @@ completions based on the arguments.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-completion &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-completion &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-config.html
+++ b/deps/npm/html/doc/cli/npm-config.html
@ -67,5 +67,5 @@ global config.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-config &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-config &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-dedupe.html
+++ b/deps/npm/html/doc/cli/npm-dedupe.html
@ -61,5 +61,5 @@ result in new modules being installed.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-dedupe &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-dedupe &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-deprecate.html
+++ b/deps/npm/html/doc/cli/npm-deprecate.html
@ -38,5 +38,5 @@ something like this:</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-deprecate &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-deprecate &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-dist-tag.html
+++ b/deps/npm/html/doc/cli/npm-dist-tag.html
@ -86,5 +86,5 @@ begin with a number or the letter <code>v</code>.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-dist-tag &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-dist-tag &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-docs.html
+++ b/deps/npm/html/doc/cli/npm-docs.html
@ -56,5 +56,5 @@ the current folder and use the <code>name</code> property.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-docs &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-docs &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-doctor.html
+++ b/deps/npm/html/doc/cli/npm-doctor.html
@ -103,4 +103,4 @@ cache, you should probably run <code>npm cache clean</code> and reset the cache.
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-doctor &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-doctor &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-edit.html
+++ b/deps/npm/html/doc/cli/npm-edit.html
@ -49,5 +49,5 @@ or <code>&quot;notepad&quot;</code> on Windows.</li>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-edit &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-edit &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-explore.html
+++ b/deps/npm/html/doc/cli/npm-explore.html
@ -49,5 +49,5 @@ Windows</li>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-explore &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-explore &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-help-search.html
+++ b/deps/npm/html/doc/cli/npm-help-search.html
@ -45,5 +45,5 @@ where the terms were found in the documentation.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-help-search &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-help-search &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-help.html
+++ b/deps/npm/html/doc/cli/npm-help.html
@ -50,5 +50,5 @@ matches are equivalent to specifying a topic name.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-help &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-help &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-init.html
+++ b/deps/npm/html/doc/cli/npm-init.html
@ -48,5 +48,5 @@ defaults and not prompt you for any options.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-init &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-init &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-install-test.html
+++ b/deps/npm/html/doc/cli/npm-install-test.html
@ -42,5 +42,5 @@ takes exactly the same arguments as <code>npm install</code>.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-install-test &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-install-test &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-install.html
+++ b/deps/npm/html/doc/cli/npm-install.html
@ -16,16 +16,19 @@ npm install [&lt;@scope&gt;/]&lt;name&gt;
 npm install [&lt;@scope&gt;/]&lt;name&gt;@&lt;tag&gt;
 npm install [&lt;@scope&gt;/]&lt;name&gt;@&lt;version&gt;
 npm install [&lt;@scope&gt;/]&lt;name&gt;@&lt;version range&gt;
 npm install &lt;git-host&gt;:&lt;git-user&gt;/&lt;repo-name&gt;
 npm install &lt;git repo url&gt;
 npm install &lt;tarball file&gt;
 npm install &lt;tarball url&gt;
 npm install &lt;folder&gt;
 alias: npm i
-common options: [-S|--save|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--dry-run]
+common options: [-P|--save-prod|-D|--save-dev|-O|--save-optional] [-E|--save-exact] [-B|--save-bundle] [--no-save] [--dry-run]
 </code></pre><h2 id="description">DESCRIPTION</h2>
 <p>This command installs a package, and any packages that it depends on. If the
-package has a shrinkwrap file, the installation of dependencies will be driven
+package has a package-lock or shrinkwrap file, the installation of dependencies
-by that. See <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>.</p>
+will be driven by that, with an <code>npm-shrinkwrap.json</code> taking precedence if both
 files exist. See <a href="../files/package-lock.json.html">package-lock.json(5)</a> and <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>.</p>
 <p>A <code>package</code> is:</p>
 <ul>
 <li>a) a folder containing a program described by a <code><a href="../files/package.json.html">package.json(5)</a></code> file</li>
@ -53,12 +56,16 @@ after packing it up into a tarball (b).</p>
  <code>devDependencies</code>.</p>
 </li>
 <li><p><code>npm install &lt;folder&gt;</code>:</p>
-<p>  Install a package that is sitting in a folder on the filesystem.</p>
+<p>  Install the package in the directory as a symlink in the current project.
  Its dependencies will be installed before it&#39;s linked. If <code>&lt;folder&gt;</code> sits
  inside the root of your project, its dependencies may be hoisted to the
  toplevel <code>node_modules</code> as they would for other types of dependencies.</p>
 </li>
 <li><p><code>npm install &lt;tarball file&gt;</code>:</p>
 <p>  Install a package that is sitting on the filesystem.  Note: if you just want
  to link a dev directory into your npm root, you can do this more easily by
-  using <code>npm link</code>.</p>
+  using <code>npm link</code>. The filename <em>must</em> use <code>.tar</code>, <code>.tar.gz</code>, or <code>.tgz</code> as
  the extension.</p>
 <p>  Example:</p>
 <pre><code>    npm install ./package.tgz
 </code></pre></li>
@ -68,21 +75,25 @@ after packing it up into a tarball (b).</p>
 <p>  Example:</p>
 <pre><code>    npm install https://github.com/indexzero/forever/tarball/v0.5.6
 </code></pre></li>
-<li><p><code>npm install [&lt;@scope&gt;/]&lt;name&gt; [-S|--save|-D|--save-dev|-O|--save-optional]</code>:</p>
+<li><p><code>npm install [&lt;@scope&gt;/]&lt;name&gt;</code>:</p>
 <p>  Do a <code>&lt;name&gt;@&lt;tag&gt;</code> install, where <code>&lt;tag&gt;</code> is the &quot;tag&quot; config. (See
  <code><a href="../misc/npm-config.html">npm-config(7)</a></code>. The config&#39;s default value is <code>latest</code>.)</p>
-<p>  In most cases, this will install the latest version
+<p>  In most cases, this will install the version of the modules tagged as
-  of the module published on npm.</p>
+  <code>latest</code> on the npm registry.</p>
 <p>  Example:</p>
 <pre><code>    npm install sax
-</code></pre><p>  <code>npm install</code> takes 3 exclusive, optional flags which save or update
+</code></pre><p>  <code>npm install</code> saves any specified packages into <code>dependencies</code> by default.
-  the package version in your main package.json:</p>
+  Additionally, you can control where and how they get saved with some
  additional flags:</p>
 <ul>
-<li><p><code>-S, --save</code>: Package will appear in your <code>dependencies</code>.</p>
+<li><p><code>-P, --save-prod</code>: Package will appear in your <code>dependencies</code>. This is the</p>
-</li>
+<pre><code>               default unless `-D` or `-O` are present.
 </code></pre></li>
 <li><p><code>-D, --save-dev</code>: Package will appear in your <code>devDependencies</code>.</p>
 </li>
 <li><p><code>-O, --save-optional</code>: Package will appear in your <code>optionalDependencies</code>.</p>
 </li>
 <li><p><code>--no-save</code>: Prevents saving to <code>dependencies</code>.</p>
 <p>When using any of the above options to save dependencies to your
 package.json, there are two additional, optional flags:</p>
 </li>
@ -91,8 +102,8 @@ exact version rather than using npm&#39;s default semver range
 operator.</p>
 </li>
 <li><p><code>-B, --save-bundle</code>: Saved dependencies will also be added to your <code>bundleDependencies</code> list.</p>
-<p>Further, if you have an <code>npm-shrinkwrap.json</code> then it will be updated as
+<p>Further, if you have an <code>npm-shrinkwrap.json</code> or <code>package-lock.json</code> then it
-well.</p>
+will be updated as well.</p>
 <p><code>&lt;scope&gt;</code> is optional. The package will be downloaded from the registry
 associated with the specified scope. If no registry is associated with
 the given scope the default registry is assumed. See <code><a href="../misc/npm-scope.html">npm-scope(7)</a></code>.</p>
@ -100,13 +111,13 @@ the given scope the default registry is assumed. See <code><a href="../misc/npm-
 interpret this as a GitHub repository instead, see below. Scopes names
 must also be followed by a slash.</p>
 <p>Examples:</p>
-<pre><code>npm install sax --save
+<pre><code>npm install sax
 npm install githubname/reponame
 npm install @myorg/privatepackage
 npm install node-tap --save-dev
 npm install dtrace-provider --save-optional
-npm install readable-stream --save --save-exact
+npm install readable-stream --save-exact
-npm install ansi-regex --save --save-bundle
+npm install ansi-regex --save-bundle
 </code></pre></li>
 </ul>
 </li>
@ -140,16 +151,24 @@ fetch the package by name if it is not valid.
    npm install @myorg/privatepackage@&quot;&gt;=0.1.0 &lt;0.2.0&quot;
 </code></pre></li>
 <li><p><code>npm install &lt;git remote url&gt;</code>:</p>
-<p>  Installs the package from the hosted git provider, cloning it with
+<p>  Installs the package from the hosted git provider, cloning it with <code>git</code>.
-  <code>git</code>. First it tries via the https (git with github) and if that fails, via ssh.</p>
+  For a full git remote url, only that URL will be attempted.</p>
-<pre><code>    &lt;protocol&gt;://[&lt;user&gt;[:&lt;password&gt;]@]&lt;hostname&gt;[:&lt;port&gt;][:][/]&lt;path&gt;[#&lt;commit-ish&gt;]
+<pre><code>    &lt;protocol&gt;://[&lt;user&gt;[:&lt;password&gt;]@]&lt;hostname&gt;[:&lt;port&gt;][:][/]&lt;path&gt;[#&lt;commit-ish&gt; | #semver:&lt;semver&gt;]
-</code></pre><p>  <code>&lt;protocol&gt;</code> is one of <code>git</code>, <code>git+ssh</code>, <code>git+http</code>, <code>git+https</code>,
+</code></pre><p>  <code>&lt;protocol&gt;</code> is one of <code>git</code>, <code>git+ssh</code>, <code>git+http</code>, <code>git+https</code>, or
-  or <code>git+file</code>.
+  <code>git+file</code>.</p>
-  If no <code>&lt;commit-ish&gt;</code> is specified, then <code>master</code> is used.</p>
+<p>  If <code>#&lt;commit-ish&gt;</code> is provided, it will be used to clone exactly that
-<p>  If the repository makes use of submodules, those submodules will
+  commit. If the commit-ish has the format <code>#semver:&lt;semver&gt;</code>, <code>&lt;semver&gt;</code> can
-  be cloned as well.</p>
+  be any valid semver range or exact version, and npm will look for any tags
-<p>  The following git environment variables are recognized by npm and will be added
+  or refs matching that range in the remote repository, much as it would for a
-  to the environment when running git:</p>
+  registry dependency. If neither <code>#&lt;commit-ish&gt;</code> or <code>#semver:&lt;semver&gt;</code> is
  specified, then <code>master</code> is used.</p>
 <p>  If the repository makes use of submodules, those submodules will be cloned
  as well.</p>
 <p>  If the package being installed contains a <code>prepare</code> script, its
  <code>dependencies</code> and <code>devDependencies</code> will be installed, and the prepare
  script will be run, before the package is packaged and installed.</p>
 <p>  The following git environment variables are recognized by npm and will be
  added to the environment when running git:</p>
 <ul>
 <li><code>GIT_ASKPASS</code></li>
 <li><code>GIT_EXEC_PATH</code></li>
@ -161,6 +180,7 @@ fetch the package by name if it is not valid.
 <p>See the git man page for details.</p>
 <p>Examples:</p>
 <pre><code>npm install git+ssh://git@github.com:npm/npm.git#v1.0.27
 npm install git+ssh://git@github.com:npm/npm#semver:^5.0
 npm install git+https://isaacs@github.com/npm/npm.git
 npm install git://github.com/npm/npm.git#v1.0.27
 GIT_SSH_COMMAND=&#39;ssh -i ~/.ssh/custom_ident&#39; npm install git+ssh://git@github.com:npm/npm.git
@ -172,32 +192,59 @@ GIT_SSH_COMMAND=&#39;ssh -i ~/.ssh/custom_ident&#39; npm install git+ssh://git@g
 <li><p><code>npm install github:&lt;githubname&gt;/&lt;githubrepo&gt;[#&lt;commit-ish&gt;]</code>:</p>
 <p>  Install the package at <code>https://github.com/githubname/githubrepo</code> by
  attempting to clone it using <code>git</code>.</p>
-<p>  If you don&#39;t specify a <em>commit-ish</em> then <code>master</code> will be used.</p>
+<p>  If <code>#&lt;commit-ish&gt;</code> is provided, it will be used to clone exactly that
  commit. If the commit-ish has the format <code>#semver:&lt;semver&gt;</code>, <code>&lt;semver&gt;</code> can
  be any valid semver range or exact version, and npm will look for any tags
  or refs matching that range in the remote repository, much as it would for a
  registry dependency. If neither <code>#&lt;commit-ish&gt;</code> or <code>#semver:&lt;semver&gt;</code> is
  specified, then <code>master</code> is used.</p>
 <p>  As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will
  be installed if the package has a <code>prepare</code> script, before the package is
  done installing.</p>
 <p>  Examples:</p>
 <pre><code>    npm install mygithubuser/myproject
    npm install github:mygithubuser/myproject
 </code></pre></li>
-<li><p><code>npm install gist:[&lt;githubname&gt;/]&lt;gistID&gt;[#&lt;commit-ish&gt;]</code>:</p>
+<li><p><code>npm install gist:[&lt;githubname&gt;/]&lt;gistID&gt;[#&lt;commit-ish&gt;|#semver:&lt;semver&gt;]</code>:</p>
 <p>  Install the package at <code>https://gist.github.com/gistID</code> by attempting to
  clone it using <code>git</code>. The GitHub username associated with the gist is
-  optional and will not be saved in <code>package.json</code> if <code>-S</code> or <code>--save</code> is used.</p>
+  optional and will not be saved in <code>package.json</code>.</p>
-<p>  If you don&#39;t specify a <em>commit-ish</em> then <code>master</code> will be used.</p>
+<p>  As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will
  be installed if the package has a <code>prepare</code> script, before the package is
  done installing.</p>
 <p>  Example:</p>
 <pre><code>    npm install gist:101a11beef
 </code></pre></li>
 <li><p><code>npm install bitbucket:&lt;bitbucketname&gt;/&lt;bitbucketrepo&gt;[#&lt;commit-ish&gt;]</code>:</p>
 <p>  Install the package at <code>https://bitbucket.org/bitbucketname/bitbucketrepo</code>
  by attempting to clone it using <code>git</code>.</p>
-<p>  If you don&#39;t specify a <em>commit-ish</em> then <code>master</code> will be used.</p>
+<p>  If <code>#&lt;commit-ish&gt;</code> is provided, it will be used to clone exactly that
  commit. If the commit-ish has the format <code>#semver:&lt;semver&gt;</code>, <code>&lt;semver&gt;</code> can
  be any valid semver range or exact version, and npm will look for any tags
  or refs matching that range in the remote repository, much as it would for a
  registry dependency. If neither <code>#&lt;commit-ish&gt;</code> or <code>#semver:&lt;semver&gt;</code> is
  specified, then <code>master</code> is used.</p>
 <p>  As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will
  be installed if the package has a <code>prepare</code> script, before the package is
  done installing.</p>
 <p>  Example:</p>
 <pre><code>    npm install bitbucket:mybitbucketuser/myproject
 </code></pre></li>
 <li><p><code>npm install gitlab:&lt;gitlabname&gt;/&lt;gitlabrepo&gt;[#&lt;commit-ish&gt;]</code>:</p>
 <p>  Install the package at <code>https://gitlab.com/gitlabname/gitlabrepo</code>
  by attempting to clone it using <code>git</code>.</p>
-<p>  If you don&#39;t specify a <em>commit-ish</em> then <code>master</code> will be used.</p>
+<p>  If <code>#&lt;commit-ish&gt;</code> is provided, it will be used to clone exactly that
  commit. If the commit-ish has the format <code>#semver:&lt;semver&gt;</code>, <code>&lt;semver&gt;</code> can
  be any valid semver range or exact version, and npm will look for any tags
  or refs matching that range in the remote repository, much as it would for a
  registry dependency. If neither <code>#&lt;commit-ish&gt;</code> or <code>#semver:&lt;semver&gt;</code> is
  specified, then <code>master</code> is used.</p>
 <p>  As with regular git dependencies, <code>dependencies</code> and <code>devDependencies</code> will
  be installed if the package has a <code>prepare</code> script, before the package is
  done installing.</p>
 <p>  Example:</p>
 <pre><code>    npm install gitlab:mygitlabuser/myproject
    npm install gitlab:myusr/myproj#semver:^5.0
 </code></pre></li>
 </ul>
 <p>You may combine multiple arguments, and even multiple types of arguments.
@ -230,7 +277,7 @@ any binaries the package might contain.</p>
 <p>The <code>--no-optional</code> argument will prevent optional dependencies from
 being installed.</p>
 <p>The <code>--no-shrinkwrap</code> argument, which will ignore an available
-shrinkwrap file and use the package.json instead.</p>
+package lock or shrinkwrap file and use the package.json instead.</p>
 <p>The <code>--nodedir=/path/to/node/source</code> argument will allow npm to find the
 node source code so that npm can compile native modules.</p>
 <p>The <code>--only={prod[uction]|dev[elopment]}</code> argument will cause either only
@ -265,7 +312,9 @@ at the top level because nothing conflicts with it.</p>
   `-- D@2
 +-- D@1
 </code></pre><p>Because B&#39;s D@1 will be installed in the top level, C now has to install D@2
-privately for itself.</p>
+privately for itself. This algorithm is deterministic, but different trees may
 be produced if two dependencies are requested for installation in a different
 order.</p>
 <p>See <a href="../files/npm-folders.html">npm-folders(5)</a> for a more detailed description of the specific
 folder structures that npm creates.</p>
 <h3 id="limitations-of-npm-s-install-algorithm">Limitations of npm&#39;s Install Algorithm</h3>
@ -316,5 +365,5 @@ affects a real use-case, it will be investigated.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-install &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-install &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-link.html
+++ b/deps/npm/html/doc/cli/npm-link.html
@ -74,5 +74,5 @@ include that scope, e.g.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-link &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-link &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-logout.html
+++ b/deps/npm/html/doc/cli/npm-logout.html
@ -51,5 +51,5 @@ it takes precedence.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-logout &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-logout &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-ls.html
+++ b/deps/npm/html/doc/cli/npm-ls.html
@ -21,7 +21,7 @@ installed, as well as their dependencies, in a tree-structure.</p>
 limit the results to only the paths to the packages named.  Note that
 nested packages will <em>also</em> show the paths to the specified packages.
 For example, running <code>npm ls promzard</code> in npm&#39;s source tree will show:</p>
-<pre><code>npm@5.0.0-beta.56 /path/to/npm
+<pre><code>npm@5.0.0 /path/to/npm
 └─┬ init-package-json@0.0.4
  └── promzard@0.1.5
 </code></pre><p>It will print out extraneous, missing, and invalid packages.</p>
@ -104,5 +104,5 @@ project.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-ls &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-ls &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-outdated.html
+++ b/deps/npm/html/doc/cli/npm-outdated.html
@ -116,5 +116,5 @@ project.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-outdated &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-outdated &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-owner.html
+++ b/deps/npm/html/doc/cli/npm-owner.html
@ -51,5 +51,5 @@ that is not implemented at this time.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-owner &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-owner &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-pack.html
+++ b/deps/npm/html/doc/cli/npm-pack.html
@ -41,5 +41,5 @@ overwritten the second time.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-pack &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-pack &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-ping.html
+++ b/deps/npm/html/doc/cli/npm-ping.html
@ -32,5 +32,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-ping &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-ping &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-prefix.html
+++ b/deps/npm/html/doc/cli/npm-prefix.html
@ -38,5 +38,5 @@ to contain a package.json file unless <code>-g</code> is also specified.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-prefix &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-prefix &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-prune.html
+++ b/deps/npm/html/doc/cli/npm-prune.html
@ -40,5 +40,5 @@ negate <code>NODE_ENV</code> being set to <code>production</code>.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-prune &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-prune &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-publish.html
+++ b/deps/npm/html/doc/cli/npm-publish.html
@ -51,6 +51,9 @@ the specified registry.</p>
 <p>Once a package is published with a given name and version, that
 specific name and version combination can never be used again, even if
 it is removed with <a href="../cli/npm-unpublish.html">npm-unpublish(1)</a>.</p>
 <p>As of <code>npm@5</code>, both a sha1sum and an integrity field with a sha512sum of the
 tarball will be submitted to the registry during publication. Subsequent
 installs will use the strongest supported algorithm to verify downloads.</p>
 <p>For a &quot;dry run&quot; that does everything except actually publishing to the
 registry, see <code><a href="../cli/npm-pack.html">npm-pack(1)</a></code>, which figures out the files to be included and
 packs them into a tarball to be uploaded to the registry.</p>
@ -76,5 +79,5 @@ packs them into a tarball to be uploaded to the registry.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-publish &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-publish &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-rebuild.html
+++ b/deps/npm/html/doc/cli/npm-rebuild.html
@ -35,5 +35,5 @@ the new binary.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-rebuild &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-rebuild &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-repo.html
+++ b/deps/npm/html/doc/cli/npm-repo.html
@ -41,5 +41,5 @@ a <code>package.json</code> in the current folder and use the <code>name</code>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-repo &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-repo &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-restart.html
+++ b/deps/npm/html/doc/cli/npm-restart.html
@ -53,5 +53,5 @@ behavior will be accompanied by an increase in major version number</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-restart &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-restart &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-root.html
+++ b/deps/npm/html/doc/cli/npm-root.html
@ -35,5 +35,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-root &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-root &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-run-script.html
+++ b/deps/npm/html/doc/cli/npm-run-script.html
@ -66,5 +66,5 @@ you will be given a warning to run <code>npm install</code>, just in case you&#3
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-run-script &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-run-script &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-search.html
+++ b/deps/npm/html/doc/cli/npm-search.html
@ -109,5 +109,5 @@ setting.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-search &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-search &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-shrinkwrap.html
+++ b/deps/npm/html/doc/cli/npm-shrinkwrap.html
@ -9,163 +9,24 @@
  <body>
    <div id="wrapper">
-<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions</p>
+<h1><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap</a></h1> <p>Lock down dependency versions for publication</p>
 <h2 id="synopsis">SYNOPSIS</h2>
 <pre><code>npm shrinkwrap
 </code></pre><h2 id="description">DESCRIPTION</h2>
-<p>This command locks down the versions of a package&#39;s dependencies so
+<p>This command repurposes <code>package-lock.json</code> into a publishable
-that you can control exactly which versions of each dependency will be
+<code>npm-shrinkwrap.json</code> or simply creates a new one. The file created and updated
-used when your package is installed. The <code>package.json</code> file is still
+by this command will then take precedence over any other existing or future
-required if you want to use <code>npm install</code>.</p>
+<code>package-lock.json</code> files. For a detailed explanation of the design and purpose
-<p>By default, <code>npm install</code> recursively installs the target&#39;s
+of package locks in npm, see <a href="../files/npm-package-locks.html">npm-package-locks(5)</a>.</p>
 dependencies (as specified in <code>package.json</code>), choosing the latest
 available version that satisfies the dependency&#39;s semver pattern. In
 some situations, particularly when shipping software where each change
 is tightly managed, it&#39;s desirable to fully specify each version of
 each dependency recursively so that subsequent builds and deploys do
 not inadvertently pick up newer versions of a dependency that satisfy
 the semver pattern. Specifying specific semver patterns in each
 dependency&#39;s <code>package.json</code> would facilitate this, but that&#39;s not always
 possible or desirable, as when another author owns the npm package.
 It&#39;s also possible to check dependencies directly into source control,
 but that may be undesirable for other reasons.</p>
 <p>As an example, consider package A:</p>
 <pre><code>{
  &quot;name&quot;: &quot;A&quot;,
  &quot;version&quot;: &quot;0.1.0&quot;,
  &quot;dependencies&quot;: {
    &quot;B&quot;: &quot;&lt;0.1.0&quot;
  }
 }
 </code></pre><p>package B:</p>
 <pre><code>{
  &quot;name&quot;: &quot;B&quot;,
  &quot;version&quot;: &quot;0.0.1&quot;,
  &quot;dependencies&quot;: {
    &quot;C&quot;: &quot;&lt;0.1.0&quot;
  }
 }
 </code></pre><p>and package C:</p>
 <pre><code>{
  &quot;name&quot;: &quot;C&quot;,
  &quot;version&quot;: &quot;0.0.1&quot;
 }
 </code></pre><p>If these are the only versions of A, B, and C available in the
 registry, then a normal <code>npm install A</code> will install:</p>
 <pre><code>A@0.1.0
 `-- B@0.0.1
    `-- C@0.0.1
 </code></pre><p>However, if B@0.0.2 is published, then a fresh <code>npm install A</code> will
 install:</p>
 <pre><code>A@0.1.0
 `-- B@0.0.2
    `-- C@0.0.1
 </code></pre><p>assuming the new version did not modify B&#39;s dependencies. Of course,
 the new version of B could include a new version of C and any number
 of new dependencies. If such changes are undesirable, the author of A
 could specify a dependency on B@0.0.1. However, if A&#39;s author and B&#39;s
 author are not the same person, there&#39;s no way for A&#39;s author to say
 that he or she does not want to pull in newly published versions of C
 when B hasn&#39;t changed at all.</p>
 <p>In this case, A&#39;s author can run</p>
 <pre><code>npm shrinkwrap
 </code></pre><p>This generates <code>npm-shrinkwrap.json</code>, which will look something like this:</p>
 <pre><code>{
  &quot;name&quot;: &quot;A&quot;,
  &quot;version&quot;: &quot;0.1.0&quot;,
  &quot;dependencies&quot;: {
    &quot;B&quot;: {
      &quot;version&quot;: &quot;0.0.1&quot;,
      &quot;from&quot;: &quot;B@^0.0.1&quot;,
      &quot;resolved&quot;: &quot;https://registry.npmjs.org/B/-/B-0.0.1.tgz&quot;,
      &quot;dependencies&quot;: {
        &quot;C&quot;: {
          &quot;version&quot;: &quot;0.0.1&quot;,
          &quot;from&quot;: &quot;org/C#v0.0.1&quot;,
          &quot;resolved&quot;: &quot;git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4&quot;
        }
      }
    }
  }
 }
 </code></pre><p>The shrinkwrap command has locked down the dependencies based on what&#39;s
 currently installed in <code>node_modules</code>.  The installation behavior is changed to:</p>
 <ol>
 <li><p>The module tree described by the shrinkwrap is reproduced. This means
 reproducing the structure described in the file, using the specific files
 referenced in &quot;resolved&quot; if available, falling back to normal package
 resolution using &quot;version&quot; if one isn&#39;t.</p>
 </li>
 <li><p>The tree is walked and any missing dependencies are installed in the usual fashion.</p>
 </li>
 </ol>
 <p>If <code>preshrinkwrap</code>, <code>shrinkwrap</code> or <code>postshrinkwrap</code> are in the <code>scripts</code> property of the
 <code>package.json</code>, they will be executed by running <code>npm shrinkwrap</code>.
 <code>preshrinkwrap</code> and <code>shrinkwrap</code> are executed before the shrinkwrap, <code>postshrinkwrap</code> is
 executed afterwards. For example to run some postprocessing on the generated file:</p>
 <pre><code>&quot;scripts&quot;: { &quot;postshrinkwrap&quot;: &quot;node fix-shrinkwrap.js&quot; }
 </code></pre><h3 id="using-shrinkwrapped-packages">Using shrinkwrapped packages</h3>
 <p>Using a shrinkwrapped package is no different than using any other
 package: you can <code>npm install</code> it by hand, or add a dependency to your
 <code>package.json</code> file and <code>npm install</code> it.</p>
 <h3 id="building-shrinkwrapped-packages">Building shrinkwrapped packages</h3>
 <p>To shrinkwrap an existing package:</p>
 <ol>
 <li>Run <code>npm install</code> in the package root to install the current
 versions of all dependencies.</li>
 <li>Validate that the package works as expected with these versions.</li>
 <li>Run <code>npm shrinkwrap</code>, add <code>npm-shrinkwrap.json</code> to git, and publish
 your package.</li>
 </ol>
 <p>To add or update a dependency in a shrinkwrapped package:</p>
 <ol>
 <li>Run <code>npm install</code> in the package root to install the current
 versions of all dependencies.</li>
 <li>Add or update dependencies. <code>npm install --save</code> or <code>npm install --save-dev</code>
 each new or updated package individually to update the <code>package.json</code> and
 the shrinkwrap. Note that they must be explicitly named in order to be
 installed: running <code>npm install</code> with no arguments will merely reproduce
 the existing shrinkwrap.</li>
 <li>Validate that the package works as expected with the new
 dependencies.</li>
 <li>Commit the new <code>npm-shrinkwrap.json</code>, and publish your package.</li>
 </ol>
 <p>You can use <a href="../cli/npm-outdated.html">npm-outdated(1)</a> to view dependencies with newer versions
 available.</p>
 <h3 id="other-notes">Other Notes</h3>
 <p>A shrinkwrap file must be consistent with the package&#39;s <code>package.json</code>
 file. <code>npm shrinkwrap</code> will fail if required dependencies are not
 already installed, since that would result in a shrinkwrap that
 wouldn&#39;t actually work. Similarly, the command will fail if there are
 extraneous packages (not referenced by <code>package.json</code>), since that would
 indicate that <code>package.json</code> is not correct.</p>
 <p>Starting with npm v4.0.1, <code>devDependencies</code> are included when you run
 <code>npm shrinkwrap</code> and follow the usual rules as to when they&#39;re installed.
 As of npm v3.10.8, if you run <code>npm install --only=production</code> or
 <code>npm install --production</code> with a shrinkwrap including your development
 dependencies they won&#39;t be installed. Similarly, if the environment
 variable <code>NODE_ENV</code> is <code>production</code> then they won&#39;t be installed. If you
 need compatibility with versions of npm prior to v3.10.8 or otherwise
 don&#39;t want them in your shrinkwrap you can exclude development
 dependencies with:
 <code>npm shrinkwrap --only=prod</code> or <code>npm shrinkwrap --production</code>.</p>
 <p>If shrinkwrapped package A depends on shrinkwrapped package B, B&#39;s
 shrinkwrap will not be used as part of the installation of A. However,
 because A&#39;s shrinkwrap is constructed from a valid installation of B
 and recursively specifies all dependencies, the contents of B&#39;s
 shrinkwrap will implicitly be included in A&#39;s shrinkwrap.</p>
 <h3 id="caveats">Caveats</h3>
 <p>If you wish to lock down the specific bytes included in a package, for
 example to have 100% confidence in being able to reproduce a
 deployment or build, then you ought to check your dependencies into
 source control, or pursue some other mechanism that can verify
 contents rather than versions.</p>
 <h2 id="see-also">SEE ALSO</h2>
 <ul>
 <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
 <li><a href="../cli/npm-run-script.html">npm-run-script(1)</a></li>
 <li><a href="../misc/npm-scripts.html">npm-scripts(7)</a></li>
 <li><a href="../files/package.json.html">package.json(5)</a></li>
 <li><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></li>
 <li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li>
 <li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li>
 <li><a href="../cli/npm-ls.html">npm-ls(1)</a></li>
 </ul>
@ -180,5 +41,5 @@ contents rather than versions.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-shrinkwrap &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-shrinkwrap &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-star.html
+++ b/deps/npm/html/doc/cli/npm-star.html
@ -36,5 +36,5 @@ a vaguely positive way to show that you care.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-star &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-star &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-stars.html
+++ b/deps/npm/html/doc/cli/npm-stars.html
@ -36,5 +36,5 @@ you will most certainly enjoy this command.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-stars &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-stars &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-start.html
+++ b/deps/npm/html/doc/cli/npm-start.html
@ -39,5 +39,5 @@ more details.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-start &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-start &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-stop.html
+++ b/deps/npm/html/doc/cli/npm-stop.html
@ -34,5 +34,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-stop &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-stop &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-team.html
+++ b/deps/npm/html/doc/cli/npm-team.html
@ -67,5 +67,5 @@ use the <code>npm access</code> command to grant or revoke the appropriate permi
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-team &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-team &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-test.html
+++ b/deps/npm/html/doc/cli/npm-test.html
@ -36,5 +36,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-test &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-test &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-uninstall.html
+++ b/deps/npm/html/doc/cli/npm-uninstall.html
@ -60,5 +60,5 @@ npm uninstall dtrace-provider --save-optional
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-uninstall &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-uninstall &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-unpublish.html
+++ b/deps/npm/html/doc/cli/npm-unpublish.html
@ -51,5 +51,5 @@ contact support@npmjs.com.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-unpublish &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-unpublish &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-update.html
+++ b/deps/npm/html/doc/cli/npm-update.html
@ -118,5 +118,5 @@ be <em>downgraded</em>.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-update &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-update &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-version.html
+++ b/deps/npm/html/doc/cli/npm-version.html
@ -114,5 +114,5 @@ to the same value as the current version.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-version &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-version &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-view.html
+++ b/deps/npm/html/doc/cli/npm-view.html
@ -86,5 +86,5 @@ the field name.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-view &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-view &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm-whoami.html
+++ b/deps/npm/html/doc/cli/npm-whoami.html
@ -33,5 +33,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-whoami &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-whoami &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/cli/npm.html
+++ b/deps/npm/html/doc/cli/npm.html
@ -13,7 +13,7 @@
 <h2 id="synopsis">SYNOPSIS</h2>
 <pre><code>npm &lt;command&gt; [args]
 </code></pre><h2 id="version">VERSION</h2>
-<p>5.0.0-beta.56</p>
+<p>5.0.0</p>
 <h2 id="description">DESCRIPTION</h2>
 <p>npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
@ -126,7 +126,7 @@ will no doubt tell you to put the output in a gist or email.</p>
 <p><a href="http://blog.izs.me/">Isaac Z. Schlueter</a> ::
 <a href="https://github.com/isaacs/">isaacs</a> ::
 <a href="http://twitter.com/izs">@izs</a> ::
-<a href="&#x6d;&#x61;&#105;&#108;&#116;&#111;&#x3a;&#x69;&#64;&#105;&#x7a;&#115;&#46;&#109;&#101;">&#x69;&#64;&#105;&#x7a;&#115;&#46;&#109;&#101;</a></p>
+<a href="&#x6d;&#97;&#105;&#x6c;&#116;&#x6f;&#x3a;&#105;&#64;&#x69;&#122;&#x73;&#x2e;&#x6d;&#101;">&#105;&#64;&#x69;&#122;&#x73;&#x2e;&#x6d;&#101;</a></p>
 <h2 id="see-also">SEE ALSO</h2>
 <ul>
 <li><a href="../cli/npm-help.html">npm-help(1)</a></li>
@ -150,5 +150,5 @@ will no doubt tell you to put the output in a gist or email.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npm-folders.html
+++ b/deps/npm/html/doc/files/npm-folders.html
@ -182,5 +182,5 @@ cannot be found elsewhere.  See <code><a href="../files/package.json.html">packa
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-folders &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-folders &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npm-global.html
+++ b/deps/npm/html/doc/files/npm-global.html
@ -182,5 +182,5 @@ cannot be found elsewhere.  See <code><a href="../files/package.json.html">packa
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-folders &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-folders &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npm-json.html
+++ b/deps/npm/html/doc/files/npm-json.html
@ -586,5 +586,5 @@ ignored.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">package.json &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">package.json &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npm-package-locks.html
+++ b/deps/npm/html/doc/files/npm-package-locks.html
@ -0,0 +1,148 @@
 <!doctype html>
 <html>
  <title>npm-package-locks</title>
  <meta charset="utf-8">
  <link rel="stylesheet" type="text/css" href="../../static/style.css">
  <link rel="canonical" href="https://www.npmjs.org/doc/files/npm-package-locks.html">
  <script async=true src="../../static/toc.js"></script>
  <body>
    <div id="wrapper">
 <h1><a href="../files/npm-package-locks.html">npm-package-locks</a></h1> <p>An explanation of npm lockfiles</p>
 <h2 id="description">DESCRIPTION</h2>
 <p>Conceptually, the &quot;input&quot; to <a href="../cli/npm-install.html">npm-install(1)</a> is a <a href="../files/package.json.html">package.json(5)</a>, while its
 &quot;output&quot; is a fully-formed <code>node_modules</code> tree: a representation of the
 dependencies you declared. In an ideal world, npm would work like a pure
 function: the same <code>package.json</code> should produce the exact same <code>node_modules</code>
 tree, any time. In some cases, this is indeed true. But in many others, npm is
 unable to do this. There are multiple reasons for this:</p>
 <ul>
 <li><p>different versions of npm (or other package managers) may have been used to install a package, each using slightly different installation algorithms.</p>
 </li>
 <li><p>a new version of a direct semver-range package may have been published since the last time your packages were installed, and thus a newer version will be used.</p>
 </li>
 <li><p>A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers (<code>1.2.3</code> instead of <code>^1.2.3</code>)</p>
 </li>
 <li><p>The registry you installed from is no longer available, or allows mutation of versions (unlike the primary npm registry), and a different version of a package exists under the same version number now.</p>
 </li>
 </ul>
 <p>As an example, consider package A:</p>
 <pre><code>{
  &quot;name&quot;: &quot;A&quot;,
  &quot;version&quot;: &quot;0.1.0&quot;,
  &quot;dependencies&quot;: {
    &quot;B&quot;: &quot;&lt;0.1.0&quot;
  }
 }
 </code></pre><p>package B:</p>
 <pre><code>{
  &quot;name&quot;: &quot;B&quot;,
  &quot;version&quot;: &quot;0.0.1&quot;,
  &quot;dependencies&quot;: {
    &quot;C&quot;: &quot;&lt;0.1.0&quot;
  }
 }
 </code></pre><p>and package C:</p>
 <pre><code>{
  &quot;name&quot;: &quot;C&quot;,
  &quot;version&quot;: &quot;0.0.1&quot;
 }
 </code></pre><p>If these are the only versions of A, B, and C available in the
 registry, then a normal <code>npm install A</code> will install:</p>
 <pre><code>A@0.1.0
 `-- B@0.0.1
    `-- C@0.0.1
 </code></pre><p>However, if B@0.0.2 is published, then a fresh <code>npm install A</code> will
 install:</p>
 <pre><code>A@0.1.0
 `-- B@0.0.2
    `-- C@0.0.1
 </code></pre><p>assuming the new version did not modify B&#39;s dependencies. Of course,
 the new version of B could include a new version of C and any number
 of new dependencies. If such changes are undesirable, the author of A
 could specify a dependency on B@0.0.1. However, if A&#39;s author and B&#39;s
 author are not the same person, there&#39;s no way for A&#39;s author to say
 that he or she does not want to pull in newly published versions of C
 when B hasn&#39;t changed at all.</p>
 <p>To prevent this potential issue, npm uses <a href="../files/package-lock.json.html">package-lock.json(5)</a> or, if present,
 n<a href="../files/pm-shrinkwrap.json.html">pm-shrinkwrap.json(5)</a>. These files are called package locks, or lockfiles.</p>
 <p>Whenever you run <code>npm install</code>, npm generates or updates your package lock,
 which will look something like this:</p>
 <pre><code>{
  &quot;name&quot;: &quot;A&quot;,
  &quot;version&quot;: &quot;0.1.0&quot;,
  ...metadata fields...
  &quot;dependencies&quot;: {
    &quot;B&quot;: {
      &quot;version&quot;: &quot;0.0.1&quot;,
      &quot;resolved&quot;: &quot;https://registry.npmjs.org/B/-/B-0.0.1.tgz&quot;,
      &quot;integrity&quot;: &quot;sha512-DeAdb33F+&quot;
      &quot;dependencies&quot;: {
        &quot;C&quot;: {
          &quot;version&quot;: &quot;git://github.com/org/C.git#5c380ae319fc4efe9e7f2d9c78b0faa588fd99b4&quot;
        }
      }
    }
  }
 }
 </code></pre><p>This file describes an <em>exact</em>, and more importantly <em>reproducible</em>
 <code>node_modules</code> tree. Once it&#39;s present, and future installation will base its
 work off this file, instead of recalculating dependency versions off
 p<a href="../files/ackage.json.html">ackage.json(5)</a>.</p>
 <p>The presence of a package lock changes the installation behavior such that:</p>
 <ol>
 <li><p>The module tree described by the package lock is reproduced. This means
 reproducing the structure described in the file, using the specific files
 referenced in &quot;resolved&quot; if available, falling back to normal package resolution
 using &quot;version&quot; if one isn&#39;t.</p>
 </li>
 <li><p>The tree is walked and any missing dependencies are installed in the usual
 fashion.</p>
 </li>
 </ol>
 <p>If <code>preshrinkwrap</code>, <code>shrinkwrap</code> or <code>postshrinkwrap</code> are in the <code>scripts</code>
 property of the <code>package.json</code>, they will be executed in order. <code>preshrinkwrap</code>
 and <code>shrinkwrap</code> are executed before the shrinkwrap, <code>postshrinkwrap</code> is
 executed afterwards. These scripts run for both <code>package-lock.json</code> and
 <code>npm-shrinkwrap.json</code>. For example to run some postprocessing on the generated
 file:</p>
 <pre><code>&quot;scripts&quot;: {
  &quot;postshrinkwrap&quot;: &quot;json -I -e \&quot;this.myMetadata = $MY_APP_METADATA\&quot;&quot;
 }
 </code></pre><h3 id="using-locked-packages">Using locked packages</h3>
 <p>Using a locked package is no different than using any package without a package
 lock: any commands that update <code>node_modules</code> and/or <code>package.json</code>&#39;s
 dependencies will automatically sync the existing lockfile. This includes <code>npm
 install</code>, <code>npm rm</code>, <code>npm update</code>, etc. To prevent this update from happening,
 you can use the <code>--no-save</code> option to prevent saving altogether, or
 <code>--no-shrinkwrap</code> to allow <code>package.json</code> to be updated while leaving
 <code>package-lock.json</code> or <code>npm-shrinkwrap.json</code> intact.</p>
 <p>It is highly recommended you commit the generated package lock to source
 control: this will allow anyone else on your team, your deployments, your
 CI/continuous integration, and anyone else who runs <code>npm install</code> in your
 package source to get the exact same dependency tree that you were developing
 on. Additionally, the diffs from these changes are human-readable and will
 inform you of any changes npm has made to your <code>node_modules</code>, so you can notice
 if any transitive dependencies were updated, hoisted, etc.</p>
 <h2 id="see-also">SEE ALSO</h2>
 <ul>
 <li><a href="https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527">https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527</a></li>
 <li><a href="../files/package.json.html">package.json(5)</a></li>
 <li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li>
 <li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li>
 <li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li>
 </ul>
 </div>
 <table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
 <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18>&nbsp;</td></tr>
 <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td colspan=6 style="width:60px;height:10px;background:#fff">&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td></tr>
 <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2>&nbsp;</td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff" rowspan=2>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff">&nbsp;</td></tr>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
 <p id="footer">npm-package-locks &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npm-shrinkwrap.json.html
+++ b/deps/npm/html/doc/files/npm-shrinkwrap.json.html
@ -0,0 +1,45 @@
 <!doctype html>
 <html>
  <title>npm-shrinkwrap.json</title>
  <meta charset="utf-8">
  <link rel="stylesheet" type="text/css" href="../../static/style.css">
  <link rel="canonical" href="https://www.npmjs.org/doc/files/npm-shrinkwrap.json.html">
  <script async=true src="../../static/toc.js"></script>
  <body>
    <div id="wrapper">
 <h1><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json</a></h1> <p>A publishable lockfile</p>
 <h2 id="description">DESCRIPTION</h2>
 <p><code>npm-shrinkwrap.json</code> is a file created by <a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a>. It is identical to
 <code>package-lock.json</code>, with one major caveat: Unlike <code>package-lock.json</code>,
 <code>npm-shrinwkrap.json</code> may be included when publishing a package.</p>
 <p>The recommended use-case for <code>npm-shrinkwrap.json</code> is applications deployed
 through the publishing process on the registry: for example, daemons and
 command-line tools intended as global installs or <code>devDependencies</code>. It&#39;s
 strongly discouraged for library authors to publish this file, since that would
 prevent end users from having control over transitive dependency updates.</p>
 <p>Additionally, if both <code>package-lock.json</code> and <code>npm-shrinwkrap.json</code> are present
 in a package root, <code>package-lock.json</code> will be ignored in favor of this file.</p>
 <p>For full details and description of the <code>npm-shrinkwrap.json</code> file format, refer
 to the manual page for <a href="../files/package-lock.json.html">package-lock.json(5)</a>.</p>
 <h2 id="see-also">SEE ALSO</h2>
 <ul>
 <li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li>
 <li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li>
 <li><a href="../files/package.json.html">package.json(5)</a></li>
 <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
 </ul>
 </div>
 <table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
 <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18>&nbsp;</td></tr>
 <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td colspan=6 style="width:60px;height:10px;background:#fff">&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td></tr>
 <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2>&nbsp;</td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff" rowspan=2>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff">&nbsp;</td></tr>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
 <p id="footer">npm-shrinkwrap.json &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/npmrc.html
+++ b/deps/npm/html/doc/files/npmrc.html
@ -85,5 +85,5 @@ manner.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npmrc &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npmrc &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/package-lock.json.html
+++ b/deps/npm/html/doc/files/package-lock.json.html
@ -0,0 +1,127 @@
 <!doctype html>
 <html>
  <title>package-lock.json</title>
  <meta charset="utf-8">
  <link rel="stylesheet" type="text/css" href="../../static/style.css">
  <link rel="canonical" href="https://www.npmjs.org/doc/files/package-lock.json.html">
  <script async=true src="../../static/toc.js"></script>
  <body>
    <div id="wrapper">
 <h1><a href="../files/package-lock.json.html">package-lock.json</a></h1> <p>A manifestation of the manifest</p>
 <h2 id="description">DESCRIPTION</h2>
 <p><code>package-lock.json</code> is automatically generated for any operations where npm
 modifies either the <code>node_modules</code> tree, or <code>package.json</code>. It describes the
 exact tree that was generated, such that subsequent installs are able to
 generate identical trees, regardless of intermediate dependency updates.</p>
 <p>This file is intended to be committed into source repositories, and serves
 various purposes:</p>
 <ul>
 <li><p>Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.</p>
 </li>
 <li><p>Provide a facility for users to &quot;time-travel&quot; to previous states of <code>node_modules</code> without having to commit the directory itself.</p>
 </li>
 <li><p>To facilitate greater visibility of tree changes through readable source control diffs.</p>
 </li>
 <li><p>And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.</p>
 </li>
 </ul>
 <p>One key detail about <code>package-lock.json</code> is that it cannot be published, and it
 will be ignored if found in any place other than the toplevel package. It shares
 a format with <a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a>, which is essentially the same file, but
 allows publication. This is not recommended unless deploying a CLI tool or
 otherwise using the publication process for producing production packages.</p>
 <p>If both <code>package-lock.json</code> and <code>npm-shrinkwrap.json</code> are present in the root of
 a package, <code>package-lock.json</code> will be completely ignored.</p>
 <h2 id="file-format">FILE FORMAT</h2>
 <h3 id="name">name</h3>
 <p>The name of the package this is a package-lock for. This must match what&#39;s in
 <code>package.json</code>.</p>
 <h3 id="version">version</h3>
 <p>The version of the package this is a package-lock for. This must match what&#39;s in
 <code>package.json</code>.</p>
 <h3 id="lockfileversion">lockfileVersion</h3>
 <p>An integer version, starting at <code>1</code> with the version number of this document
 whose semantics were used when generating this <code>package-lock.json</code>.</p>
 <h3 id="packageintegrity">packageIntegrity</h3>
 <p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">subresource
 integrity</a> value
 created from the <code>pacakge.json</code>. No preprocessing of the <code>package.json</code> should
 be done. Subresource integrity strings can be produced by modules like
 <a href="https://www.npmjs.com/package/ssri"><code>ssri</code></a>.</p>
 <h3 id="preservesymlinks">preserveSymlinks</h3>
 <p>Indicates that the install was done with the environment variable
 <code>NODE_PRESERVE_SYMLINKS</code> enabled. The installer should insist that the value of
 this property match that environment variable.</p>
 <h3 id="dependencies">dependencies</h3>
 <p>A mapping of package name to dependency object.  Dependency objects have the
 following properties:</p>
 <h4 id="version">version</h4>
 <p>This is a specifier that uniquely identifies this package and should be
 usable in fetching a new copy of it.</p>
 <ul>
 <li>bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.</li>
 <li>registry sources: This is a version number. (eg, <code>1.2.3</code>)</li>
 <li>git sources: This is a git specifier with resolved committish. (eg, <code>git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e</code>)</li>
 <li>http tarball sources: This is the URL of the tarball. (eg, <code>https://example.com/example-1.3.0.tgz</code>)</li>
 <li>local tarball sources: This is the file URL of the tarball. (eg <code>file:///opt/storage/example-1.3.0.tgz</code>)</li>
 <li>local link sources: This is the file URL of the link. (eg <code>file:libs/our-module</code>)</li>
 </ul>
 <h4 id="integrity">integrity</h4>
 <p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">Standard Subresource
 Integrity</a> for this
 resource.</p>
 <ul>
 <li>For bundled dependencies this is not included, regardless of source.</li>
 <li>For registry sources, this is the <code>integrity</code> that the registry provided, or if one wasn&#39;t provided the SHA1 in <code>shasum</code>.</li>
 <li>For git sources this is the specific commit hash we cloned from.</li>
 <li>For remote tarball sources this is an integrity based on a SHA512 of
 the file.</li>
 <li>For local tarball sources: This is an integrity field based on the SHA512 of the file.</li>
 </ul>
 <h4 id="resolved">resolved</h4>
 <ul>
 <li>For bundled dependencies this is not included, regardless of source.</li>
 <li>For registry sources this is path of the tarball relative to the registry
 URL.  If the tarball URL isn&#39;t on the same server as the registry URL then
 this is a complete URL.</li>
 </ul>
 <h4 id="bundled">bundled</h4>
 <p>If true, this is the bundled dependency and will be installed by the parent
 module.  When installing, this module will be extracted from the parent
 module during the extract phase, not installed as a separate dependency.</p>
 <h4 id="dev">dev</h4>
 <p>If true then this dependency is either a development dependency ONLY of the
 top level module or a transitive dependency of one.  This is false for
 dependencies that are both a development dependency of the top level and a
 transitive dependency of a non-development dependency of the top level.</p>
 <h4 id="optional">optional</h4>
 <p>If true then this dependency is either an optional dependency ONLY of the
 top level module or a transitive dependency of one.  This is false for
 dependencies that are both an optional dependency of the top level and a
 transitive dependency of a non-optional dependency of the top level.</p>
 <p>All optional dependencies should be included even if they&#39;re uninstallable
 on the current platform.</p>
 <h4 id="dependencies">dependencies</h4>
 <p>The dependencies of this dependency, exactly as at the top level.</p>
 <h2 id="see-also">SEE ALSO</h2>
 <ul>
 <li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li>
 <li><a href="../files/package-lock.json.html">package-lock.json(5)</a></li>
 <li><a href="../files/package.json.html">package.json(5)</a></li>
 <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
 </ul>
 </div>
 <table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
 <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18>&nbsp;</td></tr>
 <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td><td style="width:40px;height:10px;background:#fff" colspan=4>&nbsp;</td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td><td colspan=6 style="width:60px;height:10px;background:#fff">&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4>&nbsp;</td></tr>
 <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2>&nbsp;</td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:#fff" rowspan=3>&nbsp;</td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff" rowspan=2>&nbsp;</td></tr>
 <tr><td style="width:10px;height:10px;background:#fff">&nbsp;</td></tr>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
 <p id="footer">package-lock.json &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/files/package.json.html
+++ b/deps/npm/html/doc/files/package.json.html
@ -586,5 +586,5 @@ ignored.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">package.json &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">package.json &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/index.html
+++ b/deps/npm/html/doc/index.html
@ -91,7 +91,7 @@
 <h3 id="npm-search-1-"><a href="cli/npm-search.html">npm-search(1)</a></h3>
 <p>Search for packages</p>
 <h3 id="npm-shrinkwrap-1-"><a href="cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></h3>
-<p>Lock down dependency versions</p>
+<p>Lock down dependency versions for publication</p>
 <h3 id="npm-star-1-"><a href="cli/npm-star.html">npm-star(1)</a></h3>
 <p>Mark your favorite packages</p>
 <h3 id="npm-stars-1-"><a href="cli/npm-stars.html">npm-stars(1)</a></h3>
@ -122,8 +122,14 @@
 <p>File system structures npm uses</p>
 <h3 id="npm-folders-5-"><a href="files/npm-folders.html">npm-folders(5)</a></h3>
 <p>Folder Structures Used by npm</p>
 <h3 id="npm-package-locks-5-"><a href="files/npm-package-locks.html">npm-package-locks(5)</a></h3>
 <p>An explanation of npm lockfiles</p>
 <h3 id="npm-shrinkwrap-json-5-"><a href="files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></h3>
 <p>A publishable lockfile</p>
 <h3 id="npmrc-5-"><a href="files/npmrc.html">npmrc(5)</a></h3>
 <p>The npm config files</p>
 <h3 id="package-lock-json-5-"><a href="files/package-lock.json.html">package-lock.json(5)</a></h3>
 <p>A manifestation of the manifest</p>
 <h3 id="package-json-5-"><a href="files/package.json.html">package.json(5)</a></h3>
 <p>Specifics of npm&#39;s package.json handling</p>
 <h2 id="misc">Misc</h2>
@ -162,5 +168,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-index &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-index &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-coding-style.html
+++ b/deps/npm/html/doc/misc/npm-coding-style.html
@ -153,5 +153,5 @@ set to anything.&quot;</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-coding-style &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-coding-style &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-config.html
+++ b/deps/npm/html/doc/misc/npm-config.html
@ -61,6 +61,7 @@ internal to npm, and are defaults if nothing else is specified.</p>
 <li><code>-f</code>: <code>--force</code></li>
 <li><code>-desc</code>: <code>--description</code></li>
 <li><code>-S</code>: <code>--save</code></li>
 <li><code>-P</code>: <code>--save-prod</code></li>
 <li><code>-D</code>: <code>--save-dev</code></li>
 <li><code>-O</code>: <code>--save-optional</code></li>
 <li><code>-B</code>: <code>--save-bundle</code></li>
@ -586,6 +587,14 @@ installed.</p>
 <p>Attempt to install packages in the <code>optionalDependencies</code> object.  Note
 that if these packages fail to install, the overall installation
 process is not aborted.</p>
 <h3 id="package-lock">package-lock</h3>
 <ul>
 <li>Default: true</li>
 <li>Type: Boolean</li>
 </ul>
 <p>If set to false, then ignore <code>package-lock.json</code> files when installing. This
 will also prevent <em>writing</em> <code>package-lock.json</code> if <code>save</code> is true.</p>
 <p>This option is an alias for <code>--shrinkwrap</code>.</p>
 <h3 id="parseable">parseable</h3>
 <ul>
 <li>Default: false</li>
@ -689,6 +698,16 @@ object.</p>
 <code>bundleDependencies</code> list.</p>
 <p>When used with the <code>npm rm</code> command, it removes it from the
 bundledDependencies list.</p>
 <h3 id="save-prod">save-prod</h3>
 <ul>
 <li>Default: false</li>
 <li>Type: Boolean</li>
 </ul>
 <p>Makes sure that a package will be saved into <code>dependencies</code> specifically. This
 is useful if a package already exists in <code>devDependencies</code> or
 <code>optionalDependencies</code>, but you want to move it to be a production dep. This is
 also the default behavior if <code>--save</code> is true, and neither <code>--save-dev</code> or
 <code>--save-optional</code> are true.</p>
 <h3 id="save-dev">save-dev</h3>
 <ul>
 <li>Default: false</li>
@ -800,8 +819,9 @@ Windows</li>
 <li>Default: true</li>
 <li>Type: Boolean</li>
 </ul>
-<p>If set to false, then ignore <code>npm-shrinkwrap.json</code> files when
+<p>If set to false, then ignore <code>npm-shrinkwrap.json</code> files when installing. This
-installing.</p>
+will also prevent <em>writing</em> <code>npm-shrinkwrap.json</code> if <code>save</code> is true.</p>
 <p>This option is an alias for <code>--package-lock</code>.</p>
 <h3 id="sign-git-tag">sign-git-tag</h3>
 <ul>
 <li>Default: false</li>
@ -961,5 +981,5 @@ exit successfully.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-config &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-config &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-developers.html
+++ b/deps/npm/html/doc/misc/npm-developers.html
@ -194,5 +194,5 @@ from a fresh checkout.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-developers &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-developers &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-disputes.html
+++ b/deps/npm/html/doc/misc/npm-disputes.html
@ -20,7 +20,7 @@ Conduct.</p>
 <h2 id="tl-dr">TL;DR</h2>
 <ol>
 <li>Get the author email with <code>npm owner ls &lt;pkgname&gt;</code></li>
-<li>Email the author, CC <a href="&#x6d;&#97;&#105;&#108;&#x74;&#111;&#58;&#115;&#x75;&#x70;&#x70;&#x6f;&#x72;&#x74;&#64;&#x6e;&#112;&#109;&#106;&#x73;&#46;&#99;&#111;&#x6d;">&#115;&#x75;&#x70;&#x70;&#x6f;&#x72;&#x74;&#64;&#x6e;&#112;&#109;&#106;&#x73;&#46;&#99;&#111;&#x6d;</a></li>
+<li>Email the author, CC <a href="&#x6d;&#x61;&#x69;&#x6c;&#116;&#111;&#x3a;&#x73;&#117;&#112;&#x70;&#111;&#114;&#x74;&#x40;&#110;&#112;&#109;&#x6a;&#x73;&#46;&#x63;&#111;&#x6d;">&#x73;&#117;&#112;&#x70;&#111;&#114;&#x74;&#x40;&#110;&#112;&#109;&#x6a;&#x73;&#46;&#x63;&#111;&#x6d;</a></li>
 <li>After a few weeks, if there&#39;s no resolution, we&#39;ll sort it out.</li>
 </ol>
 <p>Don&#39;t squat on package names.  Publish code or move out of the way.</p>
@ -55,12 +55,12 @@ because Yusuf&#39;s <code>foo</code> is in the way.</p>
 </li>
 <li>Alice emails Yusuf, explaining the situation <strong>as respectfully as possible</strong>,
 and what she would like to do with the module name. She adds the npm support
-staff <a href="&#109;&#x61;&#105;&#x6c;&#x74;&#x6f;&#x3a;&#115;&#117;&#112;&#112;&#111;&#x72;&#x74;&#64;&#110;&#x70;&#109;&#106;&#115;&#46;&#x63;&#x6f;&#109;">&#115;&#117;&#112;&#112;&#111;&#x72;&#x74;&#64;&#110;&#x70;&#109;&#106;&#115;&#46;&#x63;&#x6f;&#109;</a> to the CC list of the email. Mention in the email
+staff <a href="&#109;&#97;&#x69;&#x6c;&#116;&#111;&#58;&#115;&#x75;&#x70;&#x70;&#x6f;&#x72;&#x74;&#x40;&#110;&#112;&#109;&#106;&#x73;&#46;&#99;&#111;&#x6d;">&#115;&#x75;&#x70;&#x70;&#x6f;&#x72;&#x74;&#x40;&#110;&#112;&#109;&#106;&#x73;&#46;&#99;&#111;&#x6d;</a> to the CC list of the email. Mention in the email
 that Yusuf can run npm owner <code>add alice foo</code> to add Alice as an owner of the
 foo package.</li>
 <li>After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
 and Alice can&#39;t come to any sort of resolution, email support
-<a href="&#x6d;&#97;&#105;&#x6c;&#x74;&#x6f;&#58;&#x73;&#117;&#112;&#112;&#x6f;&#114;&#116;&#x40;&#x6e;&#112;&#109;&#106;&#x73;&#46;&#x63;&#x6f;&#x6d;">&#x73;&#117;&#112;&#112;&#x6f;&#114;&#116;&#x40;&#x6e;&#112;&#109;&#106;&#x73;&#46;&#x63;&#x6f;&#x6d;</a> and we&#39;ll sort it out. (&quot;Reasonable&quot; is usually at least
+<a href="&#x6d;&#x61;&#105;&#108;&#x74;&#111;&#x3a;&#115;&#x75;&#x70;&#x70;&#111;&#114;&#x74;&#64;&#110;&#112;&#x6d;&#106;&#115;&#x2e;&#x63;&#x6f;&#109;">&#115;&#x75;&#x70;&#x70;&#111;&#114;&#x74;&#64;&#110;&#112;&#x6d;&#106;&#115;&#x2e;&#x63;&#x6f;&#109;</a> and we&#39;ll sort it out. (&quot;Reasonable&quot; is usually at least
 4 weeks.)</li>
 </ol>
 <h2 id="reasoning">REASONING</h2>
@ -96,12 +96,12 @@ application database or otherwise putting non-packagey things into it.</li>
 <a href="https://www.npmjs.com/policies/conduct">Code of Conduct</a> such as hateful
 language, pornographic content, or harassment.</li>
 </ol>
-<p>If you see bad behavior like this, please report it to <a href="&#109;&#97;&#x69;&#x6c;&#x74;&#111;&#x3a;&#x61;&#98;&#x75;&#x73;&#x65;&#64;&#x6e;&#x70;&#x6d;&#106;&#115;&#46;&#x63;&#111;&#109;">&#x61;&#98;&#x75;&#x73;&#x65;&#64;&#x6e;&#x70;&#x6d;&#106;&#115;&#46;&#x63;&#111;&#109;</a> right
+<p>If you see bad behavior like this, please report it to <a href="&#x6d;&#97;&#105;&#x6c;&#x74;&#111;&#x3a;&#x61;&#98;&#117;&#115;&#101;&#x40;&#x6e;&#112;&#x6d;&#x6a;&#x73;&#46;&#99;&#111;&#109;">&#x61;&#98;&#117;&#115;&#101;&#x40;&#x6e;&#112;&#x6d;&#x6a;&#x73;&#46;&#99;&#111;&#109;</a> right
 away. <strong>You are never expected to resolve abusive behavior on your own. We are
 here to help.</strong></p>
 <h2 id="trademarks">TRADEMARKS</h2>
 <p>If you think another npm publisher is infringing your trademark, such as by
-using a confusingly similar package name, email <a href="&#109;&#x61;&#x69;&#x6c;&#x74;&#x6f;&#58;&#97;&#x62;&#117;&#115;&#101;&#x40;&#x6e;&#112;&#109;&#x6a;&#115;&#46;&#99;&#x6f;&#109;">&#97;&#x62;&#117;&#115;&#101;&#x40;&#x6e;&#112;&#109;&#x6a;&#115;&#46;&#99;&#x6f;&#109;</a> with a link to
+using a confusingly similar package name, email <a href="&#x6d;&#x61;&#105;&#108;&#116;&#111;&#x3a;&#x61;&#x62;&#x75;&#115;&#101;&#x40;&#x6e;&#x70;&#109;&#x6a;&#x73;&#46;&#x63;&#x6f;&#109;">&#x61;&#x62;&#x75;&#115;&#101;&#x40;&#x6e;&#x70;&#109;&#x6a;&#x73;&#46;&#x63;&#x6f;&#109;</a> with a link to
 the package or user account on <a href="https://npmjs.com">https://npmjs.com</a>. Attach a
 copy of your trademark registration certificate.</p>
 <p>If we see that the package&#39;s publisher is intentionally misleading others by
@ -134,5 +134,5 @@ License.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-disputes &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-disputes &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-index.html
+++ b/deps/npm/html/doc/misc/npm-index.html
@ -91,7 +91,7 @@
 <h3 id="npm-search-1-"><a href="../cli/npm-search.html">npm-search(1)</a></h3>
 <p>Search for packages</p>
 <h3 id="npm-shrinkwrap-1-"><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></h3>
-<p>Lock down dependency versions</p>
+<p>Lock down dependency versions for publication</p>
 <h3 id="npm-star-1-"><a href="../cli/npm-star.html">npm-star(1)</a></h3>
 <p>Mark your favorite packages</p>
 <h3 id="npm-stars-1-"><a href="../cli/npm-stars.html">npm-stars(1)</a></h3>
@ -122,8 +122,14 @@
 <p>File system structures npm uses</p>
 <h3 id="npm-folders-5-"><a href="../files/npm-folders.html">npm-folders(5)</a></h3>
 <p>Folder Structures Used by npm</p>
 <h3 id="npm-package-locks-5-"><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></h3>
 <p>An explanation of npm lockfiles</p>
 <h3 id="npm-shrinkwrap-json-5-"><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></h3>
 <p>A publishable lockfile</p>
 <h3 id="npmrc-5-"><a href="../files/npmrc.html">npmrc(5)</a></h3>
 <p>The npm config files</p>
 <h3 id="package-lock-json-5-"><a href="../files/package-lock.json.html">package-lock.json(5)</a></h3>
 <p>A manifestation of the manifest</p>
 <h3 id="package-json-5-"><a href="../files/package.json.html">package.json(5)</a></h3>
 <p>Specifics of npm&#39;s package.json handling</p>
 <h2 id="misc">Misc</h2>
@ -162,5 +168,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-index &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-index &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-orgs.html
+++ b/deps/npm/html/doc/misc/npm-orgs.html
@ -86,5 +86,5 @@
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-orgs &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-orgs &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-registry.html
+++ b/deps/npm/html/doc/misc/npm-registry.html
@ -90,5 +90,5 @@ effectively implement the entire CouchDB API anyway.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-registry &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-registry &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-scope.html
+++ b/deps/npm/html/doc/misc/npm-scope.html
@ -99,5 +99,5 @@ that registry instead.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-scope &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-scope &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/npm-scripts.html
+++ b/deps/npm/html/doc/misc/npm-scripts.html
@ -15,14 +15,20 @@
 following scripts:</p>
 <ul>
 <li>prepublish:
-Run BEFORE the package is published.  (Also run on local <code>npm
+Run BEFORE the package is packed and published, as well as on local <code>npm
-install</code> without any arguments. See below.)</li>
+install</code> without any arguments. (See below)</li>
 <li>prepare:
-Run both BEFORE the package is published, and on local <code>npm
+Run both BEFORE the package is packed and published, and on local <code>npm
-install</code> without any arguments. (See below.) This is run
+install</code> without any arguments (See below). This is run
 AFTER <code>prepublish</code>, but BEFORE <code>prepublishOnly</code>.</li>
 <li>prepublishOnly:
-Run BEFORE the package is published. (See below.)</li>
+Run BEFORE the package is prepared and packed, ONLY on <code>npm publish</code>. (See
 below.)</li>
 <li>prepack:
 run BEFORE a tarball is packed (on <code>npm pack</code>, <code>npm publish</code>, and when
 installing git dependencies)</li>
 <li>postpack:
 Run AFTER the tarball has been generated and moved to its final destination.</li>
 <li>publish, postpublish:
 Run AFTER the package is published.</li>
 <li>preinstall:
@ -237,5 +243,5 @@ scripts is for compilation which must be done on the target architecture.</li>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-scripts &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">npm-scripts &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/removing-npm.html
+++ b/deps/npm/html/doc/misc/removing-npm.html
@ -57,5 +57,5 @@ modules.  To track those down, you can do the following:</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">removing-npm &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">removing-npm &mdash; npm@5.0.0</p>
--- a/deps/npm/html/doc/misc/semver.html
+++ b/deps/npm/html/doc/misc/semver.html
@ -325,5 +325,5 @@ range, use the <code>satisfies(version, range)</code> function.</p>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">semver &mdash; npm@5.0.0-beta.56</p>
+<p id="footer">semver &mdash; npm@5.0.0</p>
--- a/deps/npm/lib/config/cmd-list.js
+++ b/deps/npm/lib/config/cmd-list.js
@ -37,6 +37,7 @@ var affordances = {
  'info': 'view',
  'show': 'view',
  'find': 'search',
  'add': 'install',
  'unlink': 'uninstall',
  'remove': 'uninstall',
  'rm': 'uninstall',
--- a/deps/npm/lib/config/defaults.js
+++ b/deps/npm/lib/config/defaults.js
@ -178,6 +178,7 @@ Object.defineProperty(exports, 'defaults', {get: function () {
    'onload-script': false,
    only: null,
    optional: true,
    'package-lock': true,
    parseable: false,
    'prefer-offline': false,
    'prefer-online': false,
@ -200,6 +201,7 @@ Object.defineProperty(exports, 'defaults', {get: function () {
    'save-exact': false,
    'save-optional': false,
    'save-prefix': '^',
    'save-prod': false,
    scope: '',
    'scripts-prepend-node-path': 'warn-only',
    searchopts: '',
@ -304,6 +306,7 @@ exports.types = {
  'onload-script': [null, String],
  only: [null, 'dev', 'development', 'prod', 'production'],
  optional: Boolean,
  'package-lock': Boolean,
  parseable: Boolean,
  'prefer-offline': Boolean,
  'prefer-online': Boolean,
@ -321,6 +324,7 @@ exports.types = {
  'save-exact': Boolean,
  'save-optional': Boolean,
  'save-prefix': String,
  'save-prod': Boolean,
  scope: String,
  'scripts-prepend-node-path': [false, true, 'auto', 'warn-only'],
  searchopts: String,
@ -404,6 +408,7 @@ exports.shorthands = {
  D: ['--save-dev'],
  E: ['--save-exact'],
  O: ['--save-optional'],
  P: ['--save-prod'],
  y: ['--yes'],
  n: ['--no-yes'],
  B: ['--save-bundle'],
--- a/deps/npm/lib/config/pacote.js
+++ b/deps/npm/lib/config/pacote.js
@ -1,25 +1,24 @@
 'use strict'
-const BB = require('bluebird')
+const Buffer = require('safe-buffer').Buffer
 const cp = require('child_process')
 const npm = require('../npm')
 const log = require('npmlog')
-const packToStream = require('../utils/tar').packToStream
+let pack
 const path = require('path')
 const pipe = BB.promisify(require('mississippi').pipe)
 const readJson = BB.promisify(require('read-package-json'))
 const PassThrough = require('stream').PassThrough
 let effectiveOwner
 module.exports = pacoteOpts
 function pacoteOpts (moreOpts) {
  if (!pack) {
    pack = require('../pack.js')
  }
  const ownerStats = calculateOwner()
  const opts = {
    cache: path.join(npm.config.get('cache'), '_cacache'),
    defaultTag: npm.config.get('tag'),
-    dirPacker: prepareAndPack,
+    dirPacker: pack.packGitDep,
    hashAlgorithm: 'sha1',
    localAddress: npm.config.get('local-address'),
    log: log,
@ -44,17 +43,34 @@ function pacoteOpts (moreOpts) {
  }
  if (ownerStats.uid || ownerStats.gid) {
-    Object.assign(opts, ownerStats, {
+    Object.assign(opts, ownerStats)
      cacheUid: ownerStats.uid,
      cacheGid: ownerStats.gid
    })
  }
  npm.config.keys.forEach(function (k) {
-    if (k[0] === '/' && k.match(/.*:_authToken$/)) {
+    const authMatch = k[0] === '/' && k.match(
      /(.*):(_authToken|username|_password|password|email|always-auth)$/
    )
    if (authMatch) {
      const nerfDart = authMatch[1]
      const key = authMatch[2]
      const val = npm.config.get(k)
      if (!opts.auth) { opts.auth = {} }
-      opts.auth[k.replace(/:_authToken$/, '')] = {
+      if (!opts.auth[nerfDart]) {
-        token: npm.config.get(k)
+        opts.auth[nerfDart] = {
          alwaysAuth: !!npm.config.get('always-auth')
        }
      }
      if (key === '_authToken') {
        opts.auth[nerfDart].token = val
      } else if (key.match(/password$/i)) {
        opts.auth[nerfDart].password =
        // the config file stores password auth already-encoded. pacote expects
        // the actual username/password pair.
        Buffer.from(val, 'base64').toString('utf8')
      } else if (key === 'always-auth') {
        opts.auth[nerfDart].alwaysAuth = val === 'false' ? false : !!val
      } else {
        opts.auth[nerfDart][key] = val
      }
    }
    if (k[0] === '@') {
@ -90,86 +106,3 @@ function calculateOwner () {
  return effectiveOwner
 }
 const PASSTHROUGH_OPTS = [
  'always-auth',
  'auth-type',
  'ca',
  'cafile',
  'cert',
  'git',
  'local-address',
  'maxsockets',
  'offline',
  'prefer-offline',
  'prefer-online',
  'proxy',
  'https-proxy',
  'registry',
  'send-metrics',
  'sso-poll-frequency',
  'sso-type',
  'strict-ssl'
 ]
 function prepareAndPack (manifest, dir) {
  const stream = new PassThrough()
  readJson(path.join(dir, 'package.json')).then((pkg) => {
    if (pkg.scripts && pkg.scripts.prepare) {
      log.verbose('prepareGitDep', `${manifest._spec}: installing devDeps and running prepare script.`)
      const cliArgs = PASSTHROUGH_OPTS.reduce((acc, opt) => {
        if (npm.config.get(opt, 'cli') != null) {
          acc.push(`--${opt}=${npm.config.get(opt)}`)
        }
        return acc
      }, [])
      const child = cp.spawn(process.env.NODE || process.execPath, [
        require.main.filename,
        'install',
        '--ignore-prepublish',
        '--no-progress',
        '--no-save'
      ].concat(cliArgs), {
        cwd: dir,
        env: process.env
      })
      let errData = []
      let errDataLen = 0
      let outData = []
      let outDataLen = 0
      child.stdout.on('data', (data) => {
        outData.push(data)
        outDataLen += data.length
        log.gauge.pulse('preparing git package')
      })
      child.stderr.on('data', (data) => {
        errData.push(data)
        errDataLen += data.length
        log.gauge.pulse('preparing git package')
      })
      return BB.fromNode((cb) => {
        child.on('error', cb)
        child.on('exit', (code, signal) => {
          if (code > 0) {
            const err = new Error(`${signal}: npm exited with code ${code} while attempting to build ${manifest._requested}. Clone the repository manually and run 'npm install' in it for more information.`)
            err.code = code
            err.signal = signal
            cb(err)
          } else {
            cb()
          }
        })
      }).then(() => {
        if (outDataLen > 0) log.silly('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString())
        if (errDataLen > 0) log.silly('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString())
      }, (err) => {
        if (outDataLen > 0) log.error('prepareGitDep', '1>', Buffer.concat(outData, outDataLen).toString())
        if (errDataLen > 0) log.error('prepareGitDep', '2>', Buffer.concat(errData, errDataLen).toString())
        throw err
      })
    }
  }).then(() => {
    return pipe(packToStream(manifest, dir), stream)
  }).catch((err) => stream.emit('error', err))
  return stream
 }
--- a/deps/npm/lib/fetch-package-metadata.js
+++ b/deps/npm/lib/fetch-package-metadata.js
@ -12,7 +12,7 @@ const npmlog = require('npmlog')
 const limit = require('call-limit')
 const tempFilename = require('./utils/temp-filename')
 const pacote = require('pacote')
-const pacoteOpts = require('./config/pacote')
+let pacoteOpts
 const isWindows = require('./utils/is-windows.js')
 function andLogAndFinish (spec, tracker, done) {
@ -52,7 +52,9 @@ function fetchPackageMetadata (spec, where, opts, done) {
    err.code = 'EWINDOWSPATH'
    return logAndFinish(err)
  }
-
+  if (!pacoteOpts) {
    pacoteOpts = require('./config/pacote')
  }
  pacote.manifest(dep, pacoteOpts({
    annotate: true,
    fullMetadata: opts.fullMetadata,
@ -83,6 +85,9 @@ function fetchPackageMetadata (spec, where, opts, done) {
 module.exports.addBundled = addBundled
 function addBundled (pkg, next) {
  validate('OF', arguments)
  if (!pacoteOpts) {
    pacoteOpts = require('./config/pacote')
  }
  if (pkg._bundled !== undefined) return next(null, pkg)
  if (!pkg.bundleDependencies && pkg._requested.type !== 'directory') return next(null, pkg)
--- a/deps/npm/lib/install.js
+++ b/deps/npm/lib/install.js
@ -29,7 +29,7 @@ install.usage = usage(
  '\nnpm install <tarball url>' +
  '\nnpm install <git:// url>' +
  '\nnpm install <github username>/<github project>',
-  '[--save|--save-dev|--save-optional] [--save-exact]'
+  '[--save-prod|--save-dev|--save-optional] [--save-exact] [--no-save]'
 )
 install.completion = function (opts, cb) {
@ -98,6 +98,7 @@ var path = require('path')
 // dependencies
 var log = require('npmlog')
 var readPackageTree = require('read-package-tree')
 var readPackageJson = require('read-package-json')
 var chain = require('slide').chain
 var asyncMap = require('slide').asyncMap
 var archy = require('archy')
@ -137,10 +138,11 @@ var doReverseSerialActions = require('./install/actions.js').doReverseSerial
 var doParallelActions = require('./install/actions.js').doParallel
 var doOneAction = require('./install/actions.js').doOne
 var removeObsoleteDep = require('./install/deps.js').removeObsoleteDep
 var removeExtraneous = require('./install/deps.js').removeExtraneous
 var computeVersionSpec = require('./install/deps.js').computeVersionSpec
 var packageId = require('./utils/package-id.js')
 var moduleName = require('./utils/module-name.js')
 var errorMessage = require('./utils/error-message.js')
 var removeDeps = require('./install/deps.js').removeDeps
 var isExtraneous = require('./install/is-extraneous.js')
 function unlockCB (lockPath, name, cb) {
@ -202,6 +204,11 @@ function Installer (where, dryrun, args) {
  this.where = where
  this.dryrun = dryrun
  this.args = args
  // fakechildren are children created from the lockfile and lack relationship data
  // the only exist when the tree does not match the lockfile
  // this is fine when doing full tree installs/updates but not ok when modifying only
  // a few deps via `npm install` or `npm uninstall`.
  this.fakeChildren = true
  this.currentTree = null
  this.idealTree = null
  this.differences = []
@ -245,6 +252,11 @@ Installer.prototype.run = function (_cb) {
  var installSteps = []
  var postInstallSteps = []
  if (!this.dryrun) {
    installSteps.push(
      [this.newTracker(log, 'runTopLevelLifecycles', 2)],
      [this, this.runPreinstallTopLevelLifecycles])
  }
  installSteps.push(
    [this.newTracker(log, 'loadCurrentTree', 4)],
    [this, this.loadCurrentTree],
@ -265,9 +277,6 @@ Installer.prototype.run = function (_cb) {
    [this, this.debugActions, 'decomposeActions', 'todo'])
  if (!this.dryrun) {
    installSteps.push(
      [this.newTracker(log, 'runTopLevelLifecycles', 2)],
      [this, this.runPreinstallTopLevelLifecycles],
      [this.newTracker(log, 'executeActions', 8)],
      [this, this.executeActions],
      [this, this.finishTracker, 'executeActions'])
@ -313,9 +322,9 @@ Installer.prototype.run = function (_cb) {
 }
 Installer.prototype.loadArgMetadata = function (next) {
-  var self = this
+  getAllMetadata(this.args, this.currentTree, process.cwd(), iferr(next, (args) => {
-  getAllMetadata(this.args, this.currentTree, process.cwd(), iferr(next, function (args) {
+    this.args = args
-    self.args = args
+    if (args.length) this.fakeChildren = false
    next()
  }))
 }
@ -354,6 +363,14 @@ var flatNameFromTree = require('./install/flatten-tree.js').flatNameFromTree
 Installer.prototype.normalizeCurrentTree = function (cb) {
  this.currentTree.isTop = true
  normalizeTree(this.currentTree)
  // If the user didn't have a package.json then fill in deps with what was on disk
  if (this.currentTree.error) {
    for (let child of this.currentTree.children) {
      if (!child.fakeChild && isExtraneous(child)) {
        this.currentTree.package.dependencies[child.package.name] = computeVersionSpec(this.currentTree, child)
      }
    }
  }
  return cb()
  function normalizeTree (tree) {
@ -386,9 +403,9 @@ Installer.prototype.loadIdealTree = function (cb) {
 Installer.prototype.pruneIdealTree = function (cb) {
  var toPrune = this.idealTree.children
-    .filter((n) => !n.fromShrinkwrap && isExtraneous(n))
+    .filter((n) => !n.fakeChild && isExtraneous(n))
    .map((n) => ({name: moduleName(n)}))
-  return removeDeps(toPrune, this.idealTree, null, log.newGroup('pruneDeps'), cb)
+  return removeExtraneous(toPrune, this.idealTree, cb)
 }
 Installer.prototype.loadAllDepsIntoIdealTree = function (cb) {
@ -400,14 +417,14 @@ Installer.prototype.loadAllDepsIntoIdealTree = function (cb) {
  var installNewModules = !!this.args.length
  var steps = []
  if (installNewModules) {
    steps.push([validateArgs, this.idealTree, this.args])
    steps.push([loadRequestedDeps, this.args, this.idealTree, saveDeps, cg.newGroup('loadRequestedDeps')])
  } else {
  const depsToPreload = Object.assign({},
    this.dev ? this.idealTree.package.devDependencies : {},
    this.prod ? this.idealTree.package.dependencies : {}
  )
  if (installNewModules) {
    steps.push([validateArgs, this.idealTree, this.args])
    steps.push([loadRequestedDeps, this.args, this.idealTree, saveDeps, cg.newGroup('loadRequestedDeps')])
  } else {
    if (this.prod || this.dev) {
      steps.push(
        [prefetchDeps, this.idealTree, depsToPreload, cg.newGroup('prefetchDeps')])
@ -549,13 +566,16 @@ Installer.prototype.runPreinstallTopLevelLifecycles = function (cb) {
  if (this.failing) return cb()
  if (!this.topLevelLifecycles) return cb()
  log.silly('install', 'runPreinstallTopLevelLifecycles')
  var steps = []
  var trackLifecycle = this.progress.runTopLevelLifecycles
-  steps.push(
+  readPackageJson(path.join(this.where, 'package.json'), log, false, (err, data) => {
-    [doOneAction, 'preinstall', this.idealTree.path, this.idealTree, trackLifecycle.newGroup('preinstall:.')]
+    if (err) return cb()
-  )
+    this.currentTree = createNode({
-  chain(steps, cb)
+      isTop: true,
      package: data,
      path: this.where
    })
    doOneAction('preinstall', this.where, this.currentTree, log.newGroup('preinstall:.'), cb)
  })
 }
 Installer.prototype.runPostinstallTopLevelLifecycles = function (cb) {
@ -581,7 +601,7 @@ Installer.prototype.saveToDependencies = function (cb) {
  validate('F', arguments)
  if (this.failing) return cb()
  log.silly('install', 'saveToDependencies')
-  saveRequested(this.args, this.idealTree, cb)
+  saveRequested(this.idealTree, cb)
 }
 Installer.prototype.readGlobalPackageData = function (cb) {
@ -655,7 +675,7 @@ function isLink (child) {
 Installer.prototype.loadShrinkwrap = function (cb) {
  validate('F', arguments)
  log.silly('install', 'loadShrinkwrap')
-  readShrinkwrap.andInflate(this.idealTree, cb)
+  readShrinkwrap.andInflate(this.idealTree, {fakeChildren: this.fakeChildren}, cb)
 }
 Installer.prototype.getInstalledModules = function () {
@ -693,21 +713,22 @@ Installer.prototype.printInstalled = function (cb) {
  validate('F', arguments)
  if (this.failing) return cb()
  log.silly('install', 'printInstalled')
  const diffs = this.differences.concat((this.idealTree.removedChildren || []).map((r) => ['remove', r]))
  if (npm.config.get('json')) {
-    return this.printInstalledForJSON(cb)
+    return this.printInstalledForJSON(diffs, cb)
  } else if (npm.config.get('parseable')) {
-    return this.printInstalledForParseable(cb)
+    return this.printInstalledForParseable(diffs, cb)
  } else {
-    return this.printInstalledForHuman(cb)
+    return this.printInstalledForHuman(diffs, cb)
  }
 }
-Installer.prototype.printInstalledForHuman = function (cb) {
+Installer.prototype.printInstalledForHuman = function (diffs, cb) {
  var removed = 0
  var added = 0
  var updated = 0
  var moved = 0
-  this.differences.forEach(function (action) {
+  diffs.forEach(function (action) {
    var mutation = action[0]
    if (mutation === 'remove') {
      ++removed
@ -743,7 +764,7 @@ Installer.prototype.printInstalledForHuman = function (cb) {
  }
 }
-Installer.prototype.printInstalledForJSON = function (cb) {
+Installer.prototype.printInstalledForJSON = function (diffs, cb) {
  var result = {
    added: [],
    removed: [],
@ -764,7 +785,7 @@ Installer.prototype.printInstalledForJSON = function (cb) {
    }
    result.warnings.push(message)
  })
-  this.differences.forEach(function (action) {
+  diffs.forEach(function (action) {
    var mutation = action[0]
    var child = action[1]
    var record = recordAction(action)
@ -805,9 +826,9 @@ Installer.prototype.printInstalledForJSON = function (cb) {
  }
 }
-Installer.prototype.printInstalledForParseable = function (cb) {
+Installer.prototype.printInstalledForParseable = function (diffs, cb) {
  var self = this
-  this.differences.forEach(function (action) {
+  diffs.forEach(function (action) {
    var mutation = action[0]
    var child = action[1]
    if (mutation === 'move') {
@ -819,7 +840,7 @@ Installer.prototype.printInstalledForParseable = function (cb) {
      mutation + '\t' +
      moduleName(child) + '\t' +
      (child.package ? child.package.version : '') + '\t' +
-      path.relative(self.where, child.path) + '\t' +
+      (child.path ? path.relative(self.where, child.path) : '') + '\t' +
      (previousVersion || '') + '\t' +
      (previousPath || ''))
  })
--- a/deps/npm/lib/install/action/extract.js
+++ b/deps/npm/lib/install/action/extract.js
@ -10,22 +10,19 @@ const moduleName = require('../../utils/module-name.js')
 const moduleStagingPath = require('../module-staging-path.js')
 const move = BB.promisify(require('../../utils/move.js'))
 const npa = require('npm-package-arg')
 const npm = require('../../npm.js')
 const packageId = require('../../utils/package-id.js')
 const pacote = require('pacote')
-const pacoteOpts = require('../../config/pacote')
+let pacoteOpts
 const path = require('path')
 module.exports = extract
 function extract (staging, pkg, log) {
  log.silly('extract', packageId(pkg))
  const up = npm.config.get('unsafe-perm')
  const user = up ? null : npm.config.get('user')
  const group = up ? null : npm.config.get('group')
  const extractTo = moduleStagingPath(staging, pkg)
  if (!pacoteOpts) {
    pacoteOpts = require('../../config/pacote')
  }
  const opts = pacoteOpts({
    uid: user,
    gid: group,
    integrity: pkg.package._integrity
  })
  return pacote.extract(
--- a/deps/npm/lib/install/action/finalize.js
+++ b/deps/npm/lib/install/action/finalize.js
@ -23,10 +23,11 @@ module.exports = function (staging, pkg, log) {
  const requested = pkg.package._requested || getRequested(pkg)
  if (requested.type === 'directory') {
    const relative = path.relative(path.dirname(pkg.path), pkg.realpath)
    return makeParentPath(pkg.path)
-      .then(() => symlink(pkg.realpath, pkg.path, 'junction'))
+      .then(() => symlink(relative, pkg.path, 'junction'))
      .catch((ex) => {
-        return rimraf(pkg.path).then(() => symlink(pkg.realpath, pkg.path, 'junction'))
+        return rimraf(pkg.path).then(() => symlink(relative, pkg.path, 'junction'))
      })
  } else {
    return makeParentPath(pkg.realpath)
--- a/deps/npm/lib/install/action/preinstall.js
+++ b/deps/npm/lib/install/action/preinstall.js
@ -1,9 +1,8 @@
 'use strict'
 var lifecycle = require('../../utils/lifecycle.js')
 var packageId = require('../../utils/package-id.js')
 var moduleStagingPath = require('../module-staging-path.js')
 module.exports = function (staging, pkg, log, next) {
  log.silly('preinstall', packageId(pkg))
-  lifecycle(pkg.package, 'preinstall', moduleStagingPath(staging, pkg), false, false, next)
+  lifecycle(pkg.package, 'preinstall', pkg.path, false, false, next)
 }
--- a/deps/npm/lib/install/action/refresh-package-json.js
+++ b/deps/npm/lib/install/action/refresh-package-json.js
@ -10,13 +10,13 @@ module.exports = function (staging, pkg, log) {
  return readJson(path.join(pkg.path, 'package.json'), false).then((metadata) => {
    Object.keys(pkg.package).forEach(function (key) {
-      if (key !== '_injectedFromShrinkwrap' && !isEmpty(pkg.package[key])) {
+      if (!isEmpty(pkg.package[key])) {
        metadata[key] = pkg.package[key]
        if (key === '_resolved' && metadata[key] == null && pkg.package._injectedFromShrinkwrap) {
          metadata[key] = pkg.package._injectedFromShrinkwrap.resolved
        }
      }
    })
    if (metadata._resolved == null && pkg.fakeChild) {
      metadata._resolved = pkg.fakeChild.resolved
    }
    // These two sneak in and it's awful
    delete metadata.readme
    delete metadata.readmeFilename
--- a/deps/npm/lib/install/deps.js
+++ b/deps/npm/lib/install/deps.js
@ -183,7 +183,9 @@ function packageRelativePath (tree) {
  if (!tree) return ''
  var requested = tree.package._requested || {}
  var isLocal = requested.type === 'directory' || requested.type === 'file'
-  return isLocal ? requested.fetchSpec : tree.path
+  return isLocal ? requested.fetchSpec
       : (tree.isLink || tree.isInLink) && !preserveSymlinks() ? tree.realpath
       : tree.path
 }
 function matchingDep (tree, name) {
@ -227,14 +229,24 @@ exports.loadRequestedDeps = function (args, tree, saveToDependencies, log, next)
      }
      var childName = moduleName(child)
      child.saveSpec = computeVersionSpec(tree, child)
-      if (saveToDependencies) {
+      child.userRequired = true
-        tree.package[getSaveType(tree, child)][childName] = child.saveSpec
+      child.save = getSaveType(tree, child)
      const types = ['dependencies', 'devDependencies', 'optionalDependencies']
      if (child.save) {
        tree.package[child.save][childName] = child.saveSpec
        // Astute readers might notice that this exact same code exists in
        // save.js under a different guise. That code is responsible for deps
        // being removed from the final written `package.json`. The removal in
        // this function is specifically to prevent "installed as both X and Y"
        // warnings when moving an existing dep between different dep fields.
        //
        // Or, try it by removing this loop, and do `npm i -P x && npm i -D x`
        for (let saveType of types) {
          if (child.save !== saveType) {
            delete tree.package[saveType][childName]
          }
        }
      if (getSaveType(tree, child) === 'optionalDependencies') {
        tree.package.dependencies[childName] = child.saveSpec
      }
      child.userRequired = true
      child.save = saveToDependencies
      // For things the user asked to install, that aren't a dependency (or
      // won't be when we're done), flag it as "depending" on the user
@ -246,9 +258,17 @@ exports.loadRequestedDeps = function (args, tree, saveToDependencies, log, next)
  }, andForEachChild(loadDeps, andFinishTracker(log, next)))
 }
 module.exports.computeVersionSpec = computeVersionSpec
 function computeVersionSpec (tree, child) {
  validate('OO', arguments)
-  var requested = child.package._requested
+  var requested
  if (child.package._requested) {
    requested = child.package._requested
  } else if (child.package._from) {
    requested = npa(child.package._from)
  } else {
    requested = npa.resolve(child.package.name, child.package.version)
  }
  if (requested.registry) {
    var version = child.package.version
    var rangeDescriptor = ''
@ -275,26 +295,38 @@ function noModuleNameMatches (name) {
 // while this implementation does not require async calling, doing so
 // gives this a consistent interface with loadDeps et al
-exports.removeDeps = function (args, tree, saveToDependencies, log, next) {
+exports.removeDeps = function (args, tree, saveToDependencies, next) {
-  validate('AOOF', [args, tree, log, next])
+  validate('AOSF|AOZF', [args, tree, saveToDependencies, next])
-  args.forEach(function (pkg) {
+  for (let pkg of args) {
    var pkgName = moduleName(pkg)
    var toRemove = tree.children.filter(moduleNameMatches(pkgName))
    var pkgToRemove = toRemove[0] || createChild({package: {name: pkgName}})
-    if (tree.isTop) {
+    var saveType = getSaveType(tree, pkg) || 'dependencies'
-      if (saveToDependencies) {
+    if (tree.isTop && saveToDependencies) {
-        pkgToRemove.save = getSaveType(tree, pkg)
+      pkgToRemove.save = saveType
-        delete tree.package[pkgToRemove.save][pkgName]
+    }
-        if (pkgToRemove.save === 'optionalDependencies') {
+    if (tree.package[saveType][pkgName]) {
      delete tree.package[saveType][pkgName]
      if (saveType === 'optionalDependencies' && tree.package.dependencies[pkgName]) {
        delete tree.package.dependencies[pkgName]
      }
-        replaceModuleByPath(tree, 'removed', pkgToRemove)
+    }
    replaceModuleByPath(tree, 'removedChildren', pkgToRemove)
    for (let parent of pkgToRemove.requiredBy) {
      parent.requires = parent.requires.filter((child) => child !== pkgToRemove)
    }
    pkgToRemove.requiredBy = pkgToRemove.requiredBy.filter((parent) => parent !== tree)
  }
-    if (pkgToRemove.requiredBy.length === 0) removeObsoleteDep(pkgToRemove)
+  next()
-  })
+}
-  log.finish()
+exports.removeExtraneous = function (args, tree, next) {
  for (let pkg of args) {
    var pkgName = moduleName(pkg)
    var toRemove = tree.children.filter(moduleNameMatches(pkgName))
    if (toRemove.length) {
      removeObsoleteDep(toRemove[0])
    }
  }
  next()
 }
@ -639,6 +671,13 @@ var findRequirement = exports.findRequirement = function (tree, name, requested,
  return findRequirement(tree.parent, name, requested, requestor)
 }
 function preserveSymlinks () {
  if (!('NODE_PRESERVE_SYMLINKS' in process.env)) return false
  const value = process.env.NODE_PRESERVE_SYMLINKS
  if (value == null || value === '' || value === 'false' || value === 'no' || value === '0') return false
  return true
 }
 // Find the highest level in the tree that we can install this module in.
 // If the module isn't installed above us yet, that'd be the very top.
 // If it is, then it's the level below where its installed.
@ -670,7 +709,7 @@ var earliestInstallable = exports.earliestInstallable = function (requiredBy, tr
  var devDeps = tree.package.devDependencies || {}
  if (tree.isTop && devDeps[pkg.name]) {
-    var requested = npa.resolve(pkg.name, devDeps[pkg.name], tree.path)
+    var requested = childDependencySpecifier(tree, pkg.name, devDeps[pkg.name])
    if (!doesChildVersionMatch({package: pkg}, requested, tree)) {
      return null
    }
@ -684,7 +723,7 @@ var earliestInstallable = exports.earliestInstallable = function (requiredBy, tr
  if (npm.config.get('global-style') && tree.parent.isTop) return tree
  if (npm.config.get('legacy-bundling')) return tree
-  if (!process.env.NODE_PRESERVE_SYMLINKS && /^[.][.][\\/]/.test(path.relative(tree.parent.realpath, tree.realpath))) return tree
+  if (!preserveSymlinks() && /^[.][.][\\/]/.test(path.relative(tree.parent.realpath, tree.realpath))) return tree
  return (earliestInstallable(requiredBy, tree.parent, pkg) || tree)
 }
--- a/deps/npm/lib/install/inflate-shrinkwrap.js
+++ b/deps/npm/lib/install/inflate-shrinkwrap.js
@ -2,10 +2,10 @@
 const BB = require('bluebird')
-const addBundled = BB.promisify(require('../fetch-package-metadata.js').addBundled)
+let addBundled
 const childPath = require('../utils/child-path.js')
 const createChild = require('./node.js').create
-const fetchPackageMetadata = BB.promisify(require('../fetch-package-metadata.js'))
+let fetchPackageMetadata
 const inflateBundled = require('./inflate-bundled.js')
 const moduleName = require('../utils/module-name.js')
 const normalizePackageData = require('normalize-package-data')
@ -14,17 +14,28 @@ const realizeShrinkwrapSpecifier = require('./realize-shrinkwrap-specifier.js')
 const validate = require('aproba')
 const path = require('path')
-module.exports = function (tree, swdeps, finishInflating) {
+module.exports = function (tree, swdeps, opts, finishInflating) {
-  if (!npm.config.get('shrinkwrap')) return finishInflating()
+  if (!fetchPackageMetadata) {
    fetchPackageMetadata = BB.promisify(require('../fetch-package-metadata.js'))
    addBundled = BB.promisify(fetchPackageMetadata.addBundled)
  }
  if (!npm.config.get('shrinkwrap') || !npm.config.get('package-lock')) {
    return finishInflating()
  }
  if (arguments.length === 3) {
    finishInflating = opts
    opts = {}
  }
  tree.loaded = true
-  return inflateShrinkwrap(tree.path, tree, swdeps).then(
+  return inflateShrinkwrap(tree.path, tree, swdeps, opts).then(
    () => finishInflating(),
    finishInflating
  )
 }
-function inflateShrinkwrap (topPath, tree, swdeps) {
+function inflateShrinkwrap (topPath, tree, swdeps, opts) {
-  validate('SOO', arguments)
+  validate('SOO|SOOO', arguments)
  if (!opts) opts = {}
  const onDisk = {}
  tree.children.forEach((child) => {
    onDisk[moduleName(child)] = child
@ -43,7 +54,7 @@ function inflateShrinkwrap (topPath, tree, swdeps) {
    const dependencies = sw.dependencies || {}
    const requested = realizeShrinkwrapSpecifier(name, sw, topPath)
    return inflatableChild(
-      onDisk[name], name, topPath, tree, sw, requested
+      onDisk[name], name, topPath, tree, sw, requested, opts
    ).then((child) => {
      return inflateShrinkwrap(topPath, child, dependencies)
    })
@ -58,8 +69,8 @@ function normalizePackageDataNoErrors (pkg) {
  }
 }
-function inflatableChild (onDiskChild, name, topPath, tree, sw, requested) {
+function inflatableChild (onDiskChild, name, topPath, tree, sw, requested, opts) {
-  validate('OSSOOO|ZSSOOO', arguments)
+  validate('OSSOOOO|ZSSOOOO', arguments)
  if (onDiskChild && childIsEquivalent(sw, requested, onDiskChild)) {
    // The version on disk matches the shrinkwrap entry.
    if (!onDiskChild.fromShrinkwrap) onDiskChild.fromShrinkwrap = true
@ -77,7 +88,7 @@ function inflatableChild (onDiskChild, name, topPath, tree, sw, requested) {
    normalizePackageDataNoErrors(onDiskChild.package)
    tree.children.push(onDiskChild)
    return BB.resolve(onDiskChild)
-  } else if (sw.version && sw.integrity) {
+  } else if (opts.fakeChildren !== false && sw.version && sw.integrity) {
    // The shrinkwrap entry has an integrity field. We can fake a pkg to get
    // the installer to do a content-address fetch from the cache, if possible.
    return BB.resolve(makeFakeChild(name, topPath, tree, sw, requested))
@ -101,8 +112,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) {
    _from: from,
    _spec: requested.rawSpec,
    _where: topPath,
-    _args: [[requested.toString(), topPath]],
+    _args: [[requested.toString(), topPath]]
    _injectedFromShrinkwrap: sw
  }
  let bundleAdded = BB.resolve()
  if (Object.keys(sw.dependencies || {}).some((d) => {
@ -118,6 +128,7 @@ function makeFakeChild (name, topPath, tree, sw, requested) {
      parent: tree,
      children: pkg._bundled || [],
      fromShrinkwrap: true,
      fakeChild: sw,
      fromBundle: sw.bundled ? tree.fromBundle || tree : null,
      path: childPath(tree.path, pkg),
      realpath: childPath(tree.realpath, pkg),
--- a/deps/npm/lib/install/is-extraneous.js
+++ b/deps/npm/lib/install/is-extraneous.js
@ -6,14 +6,6 @@ function isExtraneous (tree) {
  return result
 }
 function isNotRequired (tree) {
  return tree.requiredBy && tree.requiredBy.length === 0
 }
 function parentHasNoPjson (tree) {
  return tree.parent && tree.parent.isTop && tree.parent.error
 }
 function topHasNoPjson (tree) {
  var top = tree
  while (!top.isTop) top = top.parent
@ -24,8 +16,6 @@ function isNotExtraneous (tree, isCycle) {
  if (!isCycle) isCycle = {}
  if (tree.isTop || tree.userRequired) {
    return true
  } else if (isNotRequired(tree) && parentHasNoPjson(tree)) {
    return true
  } else if (isCycle[tree.path]) {
    return topHasNoPjson(tree)
  } else {
--- a/deps/npm/lib/install/mutate-into-logical-tree.js
+++ b/deps/npm/lib/install/mutate-into-logical-tree.js
@ -7,6 +7,7 @@ var isExtraneous = require('./is-extraneous.js')
 var validateAllPeerDeps = require('./deps.js').validateAllPeerDeps
 var packageId = require('../utils/package-id.js')
 var moduleName = require('../utils/module-name.js')
 var npm = require('../npm.js')
 // Return true if tree is a part of a cycle that:
 //   A) Never connects to the top of the tree
@ -128,7 +129,7 @@ function translateTree_ (tree, seen) {
  pkg.path = tree.path
  pkg.error = tree.error
-  pkg.extraneous = isExtraneous(tree)
+  pkg.extraneous = !tree.isTop && (!tree.parent.isTop || !tree.parent.error) && !npm.config.get('global') && isExtraneous(tree)
  if (tree.target && tree.parent && !tree.parent.target) pkg.link = tree.realpath
  return pkg
 }
--- a/deps/npm/lib/install/read-shrinkwrap.js
+++ b/deps/npm/lib/install/read-shrinkwrap.js
@ -9,7 +9,6 @@ const log = require('npmlog')
 const parseJSON = require('../utils/parse-json.js')
 const path = require('path')
 const PKGLOCK_VERSION = require('../npm.js').lockfileVersion
 const pkgSri = require('../utils/package-integrity.js')
 const readFileAsync = BB.promisify(fs.readFile)
@ -34,14 +33,6 @@ function readShrinkwrap (child, next) {
          throw ex
        }
      }
      if (
        pkgJson &&
        parsed &&
        parsed.packageIntegrity &&
        !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity)
      ) {
        log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`)
      }
      if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) {
        log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`)
      }
@ -56,10 +47,14 @@ function maybeReadFile (name, child) {
  ).catch({code: 'ENOENT'}, () => null)
 }
-module.exports.andInflate = function (child, next) {
+module.exports.andInflate = function (child, opts, next) {
  if (arguments.length === 2) {
    next = opts
    opts = {}
  }
  readShrinkwrap(child, iferr(next, function () {
    if (child.package._shrinkwrap) {
-      return inflateShrinkwrap(child, child.package._shrinkwrap.dependencies || {}, next)
+      return inflateShrinkwrap(child, child.package._shrinkwrap.dependencies || {}, opts, next)
    } else {
      return next()
    }