From 255bc945c2bad35c01b65e3351337e30372907b4 Mon Sep 17 00:00:00 2001
From: Bert Belder <bertbelder@gmail.com>
Date: Thu, 7 Feb 2013 14:39:47 +0100
Subject: [PATCH 01/15] http: protect against response splitting attacks

This patch is a back-port of 3c293ba.
Closes #4696
---
 lib/http.js                                   |  5 ++
 .../test-http-header-response-splitting.js    | 64 +++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 test/simple/test-http-header-response-splitting.js

diff --git a/lib/http.js b/lib/http.js
index aee579aadf..315a9c6a24 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -546,6 +546,11 @@ OutgoingMessage.prototype._storeHeader = function(firstLine, headers) {
   var self = this;
 
   function store(field, value) {
+    // Protect against response splitting. The if statement is there to
+    // minimize the performance impact in the common case.
+    if (/[\r\n]/.test(value))
+      value = value.replace(/[\r\n]+[ \t]*/g, '');
+
     messageHeader += field + ': ' + value + CRLF;
 
     if (connectionExpression.test(field)) {
diff --git a/test/simple/test-http-header-response-splitting.js b/test/simple/test-http-header-response-splitting.js
new file mode 100644
index 0000000000..044618436c
--- /dev/null
+++ b/test/simple/test-http-header-response-splitting.js
@@ -0,0 +1,64 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common'),
+    assert = require('assert'),
+    http = require('http');
+
+var testIndex = 0,
+    responses = 0;
+
+var server = http.createServer(function(req, res) {
+  switch (testIndex++) {
+    case 0:
+      res.writeHead(200, { test: 'foo \r\ninvalid: bar' });
+      break;
+    case 1:
+      res.writeHead(200, { test: 'foo \ninvalid: bar' });
+      break;
+    case 2:
+      res.writeHead(200, { test: 'foo \rinvalid: bar' });
+      break;
+    case 3:
+      res.writeHead(200, { test: 'foo \n\n\ninvalid: bar' });
+      break;
+    case 4:
+      res.writeHead(200, { test: 'foo \r\n \r\n \r\ninvalid: bar' });
+      server.close();
+      break;
+    default:
+      assert(false);
+  }
+  res.end('Hi mars!');
+});
+server.listen(common.PORT);
+
+for (var i = 0; i < 5; i++) {
+  var req = http.get({ port: common.PORT, path: '/' }, function(res) {
+    assert.strictEqual(res.headers.test, 'foo invalid: bar');
+    assert.strictEqual(res.headers.invalid, undefined);
+    responses++;
+  });
+}
+
+process.on('exit', function() {
+  assert.strictEqual(responses, 5);
+});

From e4d97b1dca5a01f120fb11b10f8cf04841d97d94 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 7 Feb 2013 10:34:45 -0800
Subject: [PATCH 02/15] blog: v0.9.9

---
 doc/blog/v0.9.9.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 doc/blog/v0.9.9.md

diff --git a/doc/blog/v0.9.9.md b/doc/blog/v0.9.9.md
new file mode 100644
index 0000000000..052c626d32
--- /dev/null
+++ b/doc/blog/v0.9.9.md
@@ -0,0 +1,78 @@
+date: Thu Feb  7 10:32:17 PST 2013
+title: Node v0.9.9 (Stable)
+version: 0.9.9
+category: release
+slug: node-v0-9-9-stable
+
+2013.02.07, Version 0.9.9 (Unstable)
+
+* tls: port CryptoStream to streams2 (Fedor Indutny)
+
+* typed arrays: only share ArrayBuffer backing store (Ben Noordhuis)
+
+* stream: make Writable#end() accept a callback function (Nathan Rajlich)
+
+* buffer: optimize 'hex' handling (Ben Noordhuis)
+
+* dns, cares: don't filter NOTIMP, REFUSED, SERVFAIL (Ben Noordhuis)
+
+* readline: treat bare \r as a line ending (isaacs)
+
+* readline: make \r\n emit one 'line' event (Ben Noordhuis)
+
+* cluster: support datagram sockets (Bert Belder)
+
+* stream: Correct Transform class backpressure (isaacs)
+
+* addon: Pass module object to NODE_MODULE init function (isaacs, Rod Vagg)
+
+* buffer: slow buffer copy compatibility fix (Trevor Norris)
+
+* Add bytesWritten to tls.CryptoStream (Andy Burke)
+
+
+Source Code: http://nodejs.org/dist/v0.9.9/node-v0.9.9.tar.gz
+
+Macintosh Installer (Universal): http://nodejs.org/dist/v0.9.9/node-v0.9.9.pkg
+
+Windows Installer: http://nodejs.org/dist/v0.9.9/node-v0.9.9-x86.msi
+
+Windows x64 Installer: http://nodejs.org/dist/v0.9.9/x64/node-v0.9.9-x64.msi
+
+Windows x64 Files: http://nodejs.org/dist/v0.9.9/x64/
+
+Linux 32-bit Binary: http://nodejs.org/dist/v0.9.9/node-v0.9.9-linux-x86.tar.gz
+
+Linux 64-bit Binary: http://nodejs.org/dist/v0.9.9/node-v0.9.9-linux-x64.tar.gz
+
+Solaris 32-bit Binary: http://nodejs.org/dist/v0.9.9/node-v0.9.9-sunos-x86.tar.gz
+
+Solaris 64-bit Binary: http://nodejs.org/dist/v0.9.9/node-v0.9.9-sunos-x64.tar.gz
+
+Other release files: http://nodejs.org/dist/v0.9.9/
+
+Website: http://nodejs.org/docs/v0.9.9/
+
+Documentation: http://nodejs.org/docs/v0.9.9/api/
+
+Shasums:
+```
+643c26c2fc0c9ddeee99d346af86a022e6b470bc  node-v0.9.9-darwin-x64.tar.gz
+f3ffeb08ceab15fd24a33c8d1974be952177b623  node-v0.9.9-darwin-x86.tar.gz
+63d6ce5e4333a0cd203753a3153998076baa23a7  node-v0.9.9-linux-x64.tar.gz
+f1008b823b6010bd3ed3fd4f422eac3af5bd61da  node-v0.9.9-linux-x86.tar.gz
+679b09328f1a0c3225286a891bb5b4de131777d6  node-v0.9.9-sunos-x64.tar.gz
+4253f2e976a05ee6ea6ecc3b583e942b812d0b86  node-v0.9.9-sunos-x86.tar.gz
+0436ee0e57d12d5fc53914f9157521427d016629  node-v0.9.9-x86.msi
+8a98bc39e9c99a1a1dad6f38a47f56eeb9ad6ecd  node-v0.9.9.pkg
+af1deb80c79f256b319a727f8593740ff99cdbc8  node-v0.9.9.tar.gz
+ab3db4d6ffab88bb1babdddd96ca8d2c6caf4625  node.exe
+56f5a3c72992463435f6649b31da81fd679e91ae  node.exp
+e77f0097ce66317fc255b8e1642eaa675c190267  node.lib
+5ff7b6d7f1001383b4bd97e1315c67e7b223477d  node.pdb
+5b4dcf545eace51a4cae58e9c42b73604f6eb0f9  x64/node-v0.9.9-x64.msi
+43fd59cf0df5bdf21690a43a68a8f16160e28ec6  x64/node.exe
+b4845d2318dd5b1030eeca02703d7f19ebf2ef15  x64/node.exp
+2726441e5ff354bc51a841fa9a5a193d39831ac0  x64/node.lib
+df9083c37cf13109326df30df01e9692238ac381  x64/node.pdb
+```

From 2810b1ab00ffdaa1b7ed187e15fa8d7f036630db Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 7 Feb 2013 10:35:35 -0800
Subject: [PATCH 03/15] blog: v0.9.9 is unstable, not stable

---
 doc/blog/v0.9.9.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/blog/v0.9.9.md b/doc/blog/v0.9.9.md
index 052c626d32..d8f8bf0a09 100644
--- a/doc/blog/v0.9.9.md
+++ b/doc/blog/v0.9.9.md
@@ -1,8 +1,8 @@
 date: Thu Feb  7 10:32:17 PST 2013
-title: Node v0.9.9 (Stable)
+title: Node v0.9.9 (Unstable)
 version: 0.9.9
 category: release
-slug: node-v0-9-9-stable
+slug: node-v0-9-9-unstable
 
 2013.02.07, Version 0.9.9 (Unstable)
 

From c4f418d035ff0e75099fcee66a6605260ca12a00 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Fri, 8 Feb 2013 01:33:29 +0100
Subject: [PATCH 04/15] test: disable simple/test-dgram-send-error

It's not a good citizen, it spams random IP addresses with UDP packets.

Fixes #4730.
---
 test/{simple => disabled}/test-dgram-send-error.js | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename test/{simple => disabled}/test-dgram-send-error.js (100%)

diff --git a/test/simple/test-dgram-send-error.js b/test/disabled/test-dgram-send-error.js
similarity index 100%
rename from test/simple/test-dgram-send-error.js
rename to test/disabled/test-dgram-send-error.js

From 6dcadb9fc8618d45e696169135141dde4a9780b0 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Tue, 12 Feb 2013 12:03:52 -0800
Subject: [PATCH 05/15] blog: Peer Dependencies article

Thanks, @domenic
---
 doc/blog/npm/peer-dependencies.md | 133 ++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 doc/blog/npm/peer-dependencies.md

diff --git a/doc/blog/npm/peer-dependencies.md b/doc/blog/npm/peer-dependencies.md
new file mode 100644
index 0000000000..97cb990ead
--- /dev/null
+++ b/doc/blog/npm/peer-dependencies.md
@@ -0,0 +1,133 @@
+category: npm
+title: Peer Dependencies
+date: 2013-02-08T00:00:00Z
+author: Domenic Denicola
+
+<i>Reposted from [Domenic's
+blog](http://domenic.me/2013/02/08/peer-dependencies/) with
+permission.  Thanks!</i>
+
+npm is awesome as a package manager. In particular, it handles sub-dependencies very well: if my package depends on
+`request` version 2 and `some-other-library`, but `some-other-library` depends on `request` version 1, the resulting
+dependency graph looks like:
+
+```text
+├── request@2.12.0
+└─┬ some-other-library@1.2.3
+  └── request@1.9.9
+```
+
+This is, generally, great: now `some-other-library` has its own copy of `request` v1 that it can use, while not
+interfering with my package's v2 copy. Everyone's code works!
+
+## The Problem: Plugins
+
+There's one use case where this falls down, however: *plugins*. A plugin package is meant to be used with another "host"
+package, even though it does not always directly *use* the host package. There are many examples of this pattern in the
+Node.js package ecosystem already:
+
+- Grunt [plugins](http://gruntjs.com/#plugins-all)
+- Chai [plugins](http://chaijs.com/plugins)
+- Levelup [plugins](https://npmjs.org/package/level-hooks)
+- Express [middleware](http://expressjs.com/api.html#middleware)
+- Winston [transports](https://github.com/flatiron/winston/blob/master/docs/transports.md)
+
+Even if you're not familiar with any of those use cases, surely you recall "jQuery plugins" from back when you were a
+client-side developer: little `<script>`s you would drop into your page that would attach things to `jQuery.prototype`
+for your later convenience.
+
+In essence, plugins are designed to be used with host packages. But more importantly, they're designed to be used with
+*particular versions* of host packages. For example, versions 1.x and 2.x of my `chai-as-promised` plugin work with
+`chai` version 0.5, whereas versions 3.x work with `chai` 1.x. Or, in the faster-paced and less-semver–friendly world of
+Grunt plugins, version 0.3.1 of `grunt-contrib-stylus` works with `grunt` 0.4.0rc4, but breaks when used with `grunt`
+0.4.0rc5 due to removed APIs.
+
+As a package manager, a large part of npm's job when installing your dependencies is managing their versions. But its
+usual model, with a `"dependencies"` hash in `package.json`, clearly falls down for plugins. Most plugins never actually
+depend on their host package, i.e. grunt plugins never do `require("grunt")`, so even if plugins did put down their host
+package as a dependency, the downloaded copy would never be used. So we'd be back to square one, with your application
+possibly plugging in the plugin to a host package that it's incompatible with.
+
+Even for plugins that do have such direct dependencies, probably due to the host package supplying utility APIs,
+specifying the dependency in the plugin's `package.json` would result in a dependency tree with multiple copies of the
+host package—not what you want. For example, let's pretend that `winston-mail` 0.2.3 specified `"winston": "0.5.x"` in
+its `"dependencies"` hash, since that's the latest version it was tested against. As an app developer, you want the
+latest and greatest stuff, so you look up the latest versions of `winston` and of `winston-mail`, putting them in your
+`package.json` as
+
+```json
+{
+  "dependencies": {
+    "winston": "0.6.2",
+    "winston-mail": "0.2.3"
+  }
+}
+```
+
+But now, running `npm install` results in the unexpected dependency graph of
+
+```text
+├── winston@0.6.2
+└─┬ winston-mail@0.2.3
+  └── winston@0.5.11
+```
+
+I'll leave the subtle failures that come from the plugin using a different Winston API than the main application to
+your imagination.
+
+## The Solution: Peer Dependencies
+
+What we need is a way of expressing these "dependencies" between plugins and their host package. Some way of saying, "I
+only work when plugged in to version 1.2.x of my host package, so if you install me, be sure that it's alongside a
+compatible host." We call this relationship a *peer dependency*.
+
+The peer dependency idea has been kicked around for [literally](https://github.com/isaacs/npm/issues/930)
+[years](https://github.com/isaacs/npm/issues/1400). After
+[volunteering](https://github.com/isaacs/npm/issues/1400#issuecomment-5932027) to get this done "over the weekend" nine
+months ago, I finally found a free weekend, and now peer dependencies are in npm!
+
+Specifically, they were introduced in a rudimentary form in npm 1.2.0, and refined over the next few releases into
+something I'm actually happy with. Today Isaac packaged up npm 1.2.10 into
+[Node.js 0.8.19](http://blog.nodejs.org/2013/02/06/node-v0-8-19-stable/), so if you've installed the latest version of
+Node, you should be ready to use peer dependencies!
+
+As proof, I present you the results of trying to install [`jitsu`](https://npmjs.org/package/jitsu) 0.11.6 with npm
+1.2.10:
+
+```text
+npm ERR! peerinvalid The package flatiron does not satisfy its siblings' peerDependencies requirements!
+npm ERR! peerinvalid Peer flatiron-cli-config@0.1.3 wants flatiron@~0.1.9
+npm ERR! peerinvalid Peer flatiron-cli-users@0.1.4 wants flatiron@~0.3.0
+```
+
+As you can see, `jitsu` depends on two Flatiron-related packages, which themselves peer-depend on conflicting versions
+of Flatiron. Good thing npm was around to help us figure out this conflict, so it could be fixed in version 0.11.7!
+
+## Using Peer Dependencies
+
+Peer dependencies are pretty simple to use. When writing a plugin, figure out what version of the host package you
+peer-depend on, and add it to your `package.json`:
+
+```json
+{
+  "name": "chai-as-promised",
+  "peerDependencies": {
+    "chai": "1.x"
+  }
+}
+```
+
+Now, when installing `chai-as-promised`, the `chai` package will come along with it. And if later you try to install
+another Chai plugin that only works with 0.x versions of Chai, you'll get an error. Nice!
+
+One piece of advice: peer dependency requirements, unlike those for regular dependencies, *should be lenient*. You
+should not lock your peer dependencies down to specific patch versions. It would be really annoying if one Chai plugin
+peer-depended on Chai 1.4.1, while another depended on Chai 1.5.0, simply because the authors were lazy and didn't spend
+the time figuring out the actual minimum version of Chai they are compatible with.
+
+The best way to determine what your peer dependency requirements should be is to actually follow
+[semver](http://semver.org/). Assume that only changes in the host package's major version will break your plugin. Thus,
+if you've worked with every 1.x version of the host package, use `"~1.0"` or `"1.x"` to express this. If you depend on
+features introduced in 1.5.2, use `">= 1.5.2 < 2"`.
+
+Now go forth, and peer depend!

From 82ad5fbe9aa862f0500b63ea2d739991ede74f48 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Tue, 12 Feb 2013 16:30:25 -0800
Subject: [PATCH 06/15] blog: Forgot slug on peer-dependencies article

---
 doc/blog/npm/peer-dependencies.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/blog/npm/peer-dependencies.md b/doc/blog/npm/peer-dependencies.md
index 97cb990ead..28ab634531 100644
--- a/doc/blog/npm/peer-dependencies.md
+++ b/doc/blog/npm/peer-dependencies.md
@@ -2,6 +2,7 @@ category: npm
 title: Peer Dependencies
 date: 2013-02-08T00:00:00Z
 author: Domenic Denicola
+slug: peer-dependencies
 
 <i>Reposted from [Domenic's
 blog](http://domenic.me/2013/02/08/peer-dependencies/) with

From 2e1ebbf2c54585e67ec71d73b8a7f94214077368 Mon Sep 17 00:00:00 2001
From: Dan Kohn <dan@dankohn.com>
Date: Tue, 12 Feb 2013 15:04:23 -0500
Subject: [PATCH 07/15] doc: add prompt to fix repl_test.js example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Running repl.start without the prompt set produces this error:

repl.js:95
    throw new Error('An options Object, or a prompt String are required');
          ^
Error: An options Object, or a prompt String are required
    at new REPLServer (repl.js:95:11)
    at Object.exports.start (repl.js:321:14)
    at Object.<anonymous> (/Users/dan/Dropbox/Documents/dev/nextgen/repl_test.js:5:6)
    at Module._compile (module.js:449:26)
    at Object.Module._extensions..js (module.js:467:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Module.runMain (module.js:492:10)
    at process.startup.processNextTick.process._tickCallback (node.js:244:9)
---
 doc/api/repl.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/api/repl.markdown b/doc/api/repl.markdown
index 2104136bf2..557ae170a7 100644
--- a/doc/api/repl.markdown
+++ b/doc/api/repl.markdown
@@ -159,7 +159,7 @@ associated with each `REPLServer`.  For example:
     var repl = require("repl"),
         msg = "message";
 
-    repl.start().context.m = msg;
+    repl.start("> ").context.m = msg;
 
 Things in the `context` object appear as local within the REPL:
 

From aec6e9393126d1a3d40af6a639e93314db921b2f Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 14 Feb 2013 12:42:54 +0100
Subject: [PATCH 08/15] doc: add tools/ dir to CONTRIBUTING.md verboten list

---
 CONTRIBUTING.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index eecd1e6ca7..ea0f69d860 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -29,10 +29,10 @@ In a nutshell, modules are at varying levels of API stability.  Bug fixes are
 always welcome but API or behavioral  changes to modules at stability level 3
 and up are off-limits.
 
-Node.js has several bundled dependencies in the deps/ directory that are not
-part of the project proper.  Any changes to files in that directory or its
-subdirectories should be sent to their respective projects.  Do not send
-that patch to us, we cannot accept it.
+Node.js has several bundled dependencies in the deps/ and the tools/
+directories that are not part of the project proper.  Any changes to files
+in those directories or its subdirectories should be sent to their respective
+projects.  Do not send your patch to us, we cannot accept it.
 
 In case of doubt, open an issue in the [issue tracker][], post your question
 to the [node.js mailing list][] or contact one of the [project maintainers][]

From 3e2be6f39f70b444294a094cd47441b0107b2c35 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Thu, 14 Feb 2013 19:41:33 +0100
Subject: [PATCH 09/15] doc: clarify child_process.exec() stdio option

It only works for stdin, not stdout/stderr, for obvious reasons.
---
 doc/api/child_process.markdown | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/api/child_process.markdown b/doc/api/child_process.markdown
index 4417ed77e1..7c08424531 100644
--- a/doc/api/child_process.markdown
+++ b/doc/api/child_process.markdown
@@ -434,6 +434,8 @@ See also: `child_process.exec()` and `child_process.fork()`
 * `options` {Object}
   * `cwd` {String} Current working directory of the child process
   * `stdio` {Array|String} Child's stdio configuration. (See above)
+    Only stdin is configurable, anything else will lead to unpredictable
+    results.
   * `customFds` {Array} **Deprecated** File descriptors for the child to use
     for stdio.  (See above)
   * `env` {Object} Environment key-value pairs

From c9dcf5718cf47322b00f2994797aebb68d7ed0fb Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 14 Feb 2013 08:57:32 -0800
Subject: [PATCH 10/15] http: Raise hangup error on destroyed socket write

Prior to v0.10, Node ignored ECONNRESET errors in many situations.
There *are* valid cases in which ECONNRESET should be ignored as a
normal part of the TCP dance, but in many others, it's a very relevant
signal that must be heeded with care.

Exacerbating this problem, if the OutgoingMessage does not have a
req.connection._handle, it assumes that it is in the process of
connecting, and thus buffers writes up in an array.

The problem happens when you reuse a socket between two requests, and it
is destroyed abruptly in between them.  The writes will be buffered,
because the socket has no handle, but it's not ever going to GET a
handle, because it's not connecting, it's destroyed.

The proper fix is to treat ECONNRESET correctly.  However, this is a
behavior/semantics change, and cannot land in a stable branch.

Fix #4775
---
 lib/http.js                                   |  21 ++-
 .../test-http-destroyed-socket-write.js       | 131 ++++++++++++++++++
 2 files changed, 151 insertions(+), 1 deletion(-)
 create mode 100644 test/simple/test-http-destroyed-socket-write.js

diff --git a/lib/http.js b/lib/http.js
index 315a9c6a24..6f3eff1ba8 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -484,7 +484,8 @@ OutgoingMessage.prototype._writeRaw = function(data, encoding) {
 
   if (this.connection &&
       this.connection._httpMessage === this &&
-      this.connection.writable) {
+      this.connection.writable &&
+      !this.connection.destroyed) {
     // There might be pending data in the this.output buffer.
     while (this.output.length) {
       if (!this.connection.writable) {
@@ -498,7 +499,16 @@ OutgoingMessage.prototype._writeRaw = function(data, encoding) {
 
     // Directly write to socket.
     return this.connection.write(data, encoding);
+  } else if (this.connection && this.connection.destroyed) {
+    // The socket was destroyed.  If we're still trying to write to it,
+    // then something bad happened.
+    // If we've already raised an error on this message, then just ignore.
+    if (!this._hadError) {
+      this.emit('error', createHangUpError());
+      this._hadError = true;
+    }
   } else {
+    // buffer, as long as we're not destroyed.
     this._buffer(data, encoding);
     return false;
   }
@@ -1398,8 +1408,17 @@ function socketCloseListener() {
     // receive a response. The error needs to
     // fire on the request.
     req.emit('error', createHangUpError());
+    req._hadError = true;
   }
 
+  // Too bad.  That output wasn't getting written.
+  // This is pretty terrible that it doesn't raise an error.
+  // Fixed better in v0.10
+  if (req.output)
+    req.output.length = 0;
+  if (req.outputEncodings)
+    req.outputEncodings.length = 0;
+
   if (parser) {
     parser.finish();
     freeParser(parser, req);
diff --git a/test/simple/test-http-destroyed-socket-write.js b/test/simple/test-http-destroyed-socket-write.js
new file mode 100644
index 0000000000..c562987101
--- /dev/null
+++ b/test/simple/test-http-destroyed-socket-write.js
@@ -0,0 +1,131 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common');
+var assert = require('assert');
+
+// Fix the memory explosion that happens when writing to a http request
+// where the server has destroyed the socket on us between a successful
+// first request, and a subsequent request that reuses the socket.
+//
+// This test should not be ported to v0.10 and higher, because the
+// problem is fixed by not ignoring ECONNRESET in the first place.
+
+var http = require('http');
+var net = require('net');
+var server = http.createServer(function(req, res) {
+  // simulate a server that is in the process of crashing or something
+  // it only crashes after the first request, but before the second,
+  // which reuses the connection.
+  res.end('hallo wereld\n', function() {
+    setTimeout(function() {
+      req.connection.destroy();
+    }, 100);
+  });
+});
+
+var gotFirstResponse = false;
+var gotFirstData = false;
+var gotFirstEnd = false;
+server.listen(common.PORT, function() {
+
+  var gotFirstResponse = false;
+  var first = http.request({
+    port: common.PORT,
+    path: '/'
+  });
+  first.on('response', function(res) {
+    gotFirstResponse = true;
+    res.on('data', function(chunk) {
+      gotFirstData = true;
+    });
+    res.on('end', function() {
+      gotFirstEnd = true;
+    })
+  });
+  first.end();
+  second();
+
+  function second() {
+    var sec = http.request({
+      port: common.PORT,
+      path: '/',
+      method: 'POST'
+    });
+
+    var timer = setTimeout(write, 200);
+    var writes = 0;
+    var sawFalseWrite;
+
+    var gotError = false;
+    sec.on('error', function(er) {
+      assert.equal(gotError, false);
+      gotError = true;
+      assert(er.code === 'ECONNRESET');
+      clearTimeout(timer);
+      test();
+    });
+
+    function write() {
+      if (++writes === 64) {
+        clearTimeout(timer);
+        sec.end();
+        test();
+      } else {
+        timer = setTimeout(write);
+        var writeRet = sec.write(new Buffer('hello'));
+
+        // Once we find out that the connection is destroyed, every
+        // write() returns false
+        if (sawFalseWrite)
+          assert.equal(writeRet, false);
+        else
+          sawFalseWrite = writeRet === false;
+      }
+    }
+
+    assert.equal(first.connection, sec.connection,
+                 'should reuse connection');
+
+    sec.on('response', function(res) {
+      res.on('data', function(chunk) {
+        console.error('second saw data: ' + chunk);
+      });
+      res.on('end', function() {
+        console.error('second saw end');
+      });
+    });
+
+    function test() {
+      server.close();
+      assert(sec.connection.destroyed);
+      if (sec.output.length || sec.outputEncodings.length)
+        console.error('bad happened', sec.output, sec.outputEncodings);
+      assert.equal(sec.output.length, 0);
+      assert.equal(sec.outputEncodings, 0);
+      assert(gotError);
+      assert(gotFirstResponse);
+      assert(gotFirstData);
+      assert(gotFirstEnd);
+      console.log('ok');
+    }
+  }
+});

From 987338fe31b39b7f57a8f5645593425722ba40af Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 14 Feb 2013 15:37:12 -0800
Subject: [PATCH 11/15] http: Do not let Agent hand out destroyed sockets

Fix #4373
---
 lib/http.js                                   |   3 +-
 .../test-http-agent-destroyed-socket.js       | 106 ++++++++++++++++++
 2 files changed, 108 insertions(+), 1 deletion(-)
 create mode 100644 test/simple/test-http-agent-destroyed-socket.js

diff --git a/lib/http.js b/lib/http.js
index 6f3eff1ba8..2446545ba9 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -1131,7 +1131,8 @@ function Agent(options) {
       name += ':' + localAddress;
     }
 
-    if (self.requests[name] && self.requests[name].length) {
+    if (!socket.destroyed &&
+        self.requests[name] && self.requests[name].length) {
       self.requests[name].shift().onSocket(socket);
       if (self.requests[name].length === 0) {
         // don't leak
diff --git a/test/simple/test-http-agent-destroyed-socket.js b/test/simple/test-http-agent-destroyed-socket.js
new file mode 100644
index 0000000000..674ab5328a
--- /dev/null
+++ b/test/simple/test-http-agent-destroyed-socket.js
@@ -0,0 +1,106 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common');
+var assert = require('assert');
+var http = require('http');
+
+var server = http.createServer(function(req, res) {
+  res.writeHead(200, {'Content-Type': 'text/plain'});
+  res.end('Hello World\n');
+}).listen(common.PORT);
+
+var agent = new http.Agent({maxSockets: 1});
+
+agent.on('free', function(socket, host, port) {
+  console.log('freeing socket. destroyed? ', socket.destroyed);
+});
+
+var requestOptions = {
+  agent: agent,
+  host: 'localhost',
+  port: common.PORT,
+  path: '/'
+};
+
+var request1 = http.get(requestOptions, function(response) {
+  // assert request2 is queued in the agent
+  var key = 'localhost:' + common.PORT;
+  assert(agent.requests[key].length === 1);
+  console.log('got response1');
+  request1.socket.on('close', function() {
+    console.log('request1 socket closed');
+  });
+  response.pipe(process.stdout);
+  response.on('end', function() {
+    console.log('response1 done');
+    /////////////////////////////////
+    //
+    // THE IMPORTANT PART
+    //
+    // It is possible for the socket to get destroyed and other work
+    // to run before the 'close' event fires because it happens on
+    // nextTick. This example is contrived because it destroys the
+    // socket manually at just the right time, but at Voxer we have
+    // seen cases where the socket is destroyed by non-user code
+    // then handed out again by an agent *before* the 'close' event
+    // is triggered.
+    request1.socket.destroy();
+
+    process.nextTick(function() {
+      // assert request2 was removed from the queue
+      assert(!agent.requests[key]);
+      console.log("waiting for request2.onSocket's nextTick");
+      process.nextTick(function() {
+        // assert that the same socket was not assigned to request2,
+        // since it was destroyed.
+        assert(request1.socket !== request2.socket);
+        assert(!request2.socket.destroyed, 'the socket is destroyed');
+      });
+    });
+  });
+});
+
+var request2 = http.get(requestOptions, function(response) {
+  assert(!request2.socket.destroyed);
+  assert(request1.socket.destroyed);
+  // assert not reusing the same socket, since it was destroyed.
+  assert(request1.socket !== request2.socket);
+  console.log('got response2');
+  var gotClose = false;
+  var gotResponseEnd = false;
+  request2.socket.on('close', function() {
+    console.log('request2 socket closed');
+    gotClose = true;
+    done();
+  });
+  response.pipe(process.stdout);
+  response.on('end', function() {
+    console.log('response2 done');
+    gotResponseEnd = true;
+    done();
+  });
+
+  function done() {
+    if (gotResponseEnd && gotClose)
+      server.close();
+  }
+});

From 73be4608d9d7679a1b0233f64c7b60c329ccd235 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 15 Feb 2013 10:49:16 -0800
Subject: [PATCH 12/15] npm: Upgrade to v1.2.11

---
 deps/npm/doc/cli/config.md                    |   6 +-
 deps/npm/doc/cli/faq.md                       |  46 +++++++
 deps/npm/doc/cli/index.md                     |   4 +
 deps/npm/doc/cli/stars.md                     |  22 ++++
 deps/npm/doc/cli/update.md                    |   5 +-
 deps/npm/doc/cli/version.md                   |  11 +-
 deps/npm/html/api/bin.html                    |   2 +-
 deps/npm/html/api/bugs.html                   |   2 +-
 deps/npm/html/api/commands.html               |   2 +-
 deps/npm/html/api/config.html                 |   2 +-
 deps/npm/html/api/deprecate.html              |   2 +-
 deps/npm/html/api/docs.html                   |   2 +-
 deps/npm/html/api/edit.html                   |   2 +-
 deps/npm/html/api/explore.html                |   2 +-
 deps/npm/html/api/help-search.html            |   2 +-
 deps/npm/html/api/init.html                   |   2 +-
 deps/npm/html/api/install.html                |   2 +-
 deps/npm/html/api/link.html                   |   2 +-
 deps/npm/html/api/load.html                   |   2 +-
 deps/npm/html/api/ls.html                     |   2 +-
 deps/npm/html/api/npm.html                    |   4 +-
 deps/npm/html/api/outdated.html               |   2 +-
 deps/npm/html/api/owner.html                  |   2 +-
 deps/npm/html/api/pack.html                   |   2 +-
 deps/npm/html/api/prefix.html                 |   2 +-
 deps/npm/html/api/prune.html                  |   2 +-
 deps/npm/html/api/publish.html                |   2 +-
 deps/npm/html/api/rebuild.html                |   2 +-
 deps/npm/html/api/restart.html                |   2 +-
 deps/npm/html/api/root.html                   |   2 +-
 deps/npm/html/api/run-script.html             |   2 +-
 deps/npm/html/api/search.html                 |   2 +-
 deps/npm/html/api/shrinkwrap.html             |   2 +-
 deps/npm/html/api/start.html                  |   2 +-
 deps/npm/html/api/stop.html                   |   2 +-
 deps/npm/html/api/submodule.html              |   2 +-
 deps/npm/html/api/tag.html                    |   2 +-
 deps/npm/html/api/test.html                   |   2 +-
 deps/npm/html/api/uninstall.html              |   2 +-
 deps/npm/html/api/unpublish.html              |   2 +-
 deps/npm/html/api/update.html                 |   2 +-
 deps/npm/html/api/version.html                |   2 +-
 deps/npm/html/api/view.html                   |   2 +-
 deps/npm/html/api/whoami.html                 |   2 +-
 deps/npm/html/doc/README.html                 |   2 +-
 deps/npm/html/doc/adduser.html                |   2 +-
 deps/npm/html/doc/bin.html                    |   2 +-
 deps/npm/html/doc/bugs.html                   |   2 +-
 deps/npm/html/doc/build.html                  |   2 +-
 deps/npm/html/doc/bundle.html                 |   2 +-
 deps/npm/html/doc/cache.html                  |   2 +-
 deps/npm/html/doc/changelog.html              |   2 +-
 deps/npm/html/doc/coding-style.html           |   2 +-
 deps/npm/html/doc/completion.html             |   2 +-
 deps/npm/html/doc/config.html                 |  10 +-
 deps/npm/html/doc/dedupe.html                 |   2 +-
 deps/npm/html/doc/deprecate.html              |   2 +-
 deps/npm/html/doc/developers.html             |   2 +-
 deps/npm/html/doc/disputes.html               |   2 +-
 deps/npm/html/doc/docs.html                   |   2 +-
 deps/npm/html/doc/edit.html                   |   2 +-
 deps/npm/html/doc/explore.html                |   2 +-
 deps/npm/html/doc/faq.html                    |  48 ++++++-
 deps/npm/html/doc/folders.html                |   2 +-
 deps/npm/html/doc/global.html                 |   2 +-
 deps/npm/html/doc/help-search.html            |   2 +-
 deps/npm/html/doc/help.html                   |   2 +-
 deps/npm/html/doc/index.html                  |   6 +-
 deps/npm/html/doc/init.html                   |   2 +-
 deps/npm/html/doc/install.html                |   2 +-
 deps/npm/html/doc/json.html                   |   2 +-
 deps/npm/html/doc/link.html                   |   2 +-
 deps/npm/html/doc/ls.html                     |   4 +-
 deps/npm/html/doc/npm.html                    |   4 +-
 deps/npm/html/doc/outdated.html               |   2 +-
 deps/npm/html/doc/owner.html                  |   2 +-
 deps/npm/html/doc/pack.html                   |   2 +-
 deps/npm/html/doc/prefix.html                 |   2 +-
 deps/npm/html/doc/prune.html                  |   2 +-
 deps/npm/html/doc/publish.html                |   2 +-
 deps/npm/html/doc/rebuild.html                |   2 +-
 deps/npm/html/doc/registry.html               |   2 +-
 deps/npm/html/doc/removing-npm.html           |   2 +-
 deps/npm/html/doc/restart.html                |   2 +-
 deps/npm/html/doc/rm.html                     |   2 +-
 deps/npm/html/doc/root.html                   |   2 +-
 deps/npm/html/doc/run-script.html             |   2 +-
 deps/npm/html/doc/scripts.html                |   2 +-
 deps/npm/html/doc/search.html                 |   2 +-
 deps/npm/html/doc/semver.html                 |   2 +-
 deps/npm/html/doc/shrinkwrap.html             |   2 +-
 deps/npm/html/doc/star.html                   |   2 +-
 deps/npm/html/doc/stars.html                  |  60 +++++++++
 deps/npm/html/doc/start.html                  |   2 +-
 deps/npm/html/doc/stop.html                   |   2 +-
 deps/npm/html/doc/submodule.html              |   2 +-
 deps/npm/html/doc/tag.html                    |   2 +-
 deps/npm/html/doc/test.html                   |   2 +-
 deps/npm/html/doc/uninstall.html              |   2 +-
 deps/npm/html/doc/unpublish.html              |   2 +-
 deps/npm/html/doc/update.html                 |   7 +-
 deps/npm/html/doc/version.html                |  13 +-
 deps/npm/html/doc/view.html                   |   2 +-
 deps/npm/html/doc/whoami.html                 |   2 +-
 deps/npm/lib/cache.js                         | 118 +++++++++++++++---
 deps/npm/lib/install.js                       |   2 +-
 deps/npm/lib/npm.js                           |   4 +
 deps/npm/lib/publish.js                       |   7 ++
 deps/npm/lib/stars.js                         |  27 ++++
 deps/npm/lib/utils/error-handler.js           |  10 +-
 deps/npm/lib/utils/sha.js                     |  15 +--
 deps/npm/man/man1/config.1                    |  13 +-
 deps/npm/man/man1/faq.1                       |  50 ++++++++
 deps/npm/man/man1/index.1                     |   3 +
 deps/npm/man/man1/ls.1                        |   2 +-
 deps/npm/man/man1/npm.1                       |   2 +-
 deps/npm/man/man1/stars.1                     |  40 ++++++
 deps/npm/man/man1/update.1                    |   6 +-
 deps/npm/man/man1/version.1                   |  16 ++-
 deps/npm/man/man3/npm.3                       |   2 +-
 deps/npm/node_modules/glob/glob.js            |  10 --
 deps/npm/node_modules/glob/package.json       |  10 +-
 .../npm-registry-client/README.md             |   7 ++
 .../npm-registry-client/lib/request.js        |  17 ++-
 .../npm-registry-client/lib/stars.js          |   9 ++
 .../node_modules/couch-login/package.json     |   6 +-
 .../npm-registry-client/package.json          |   6 +-
 .../read-package-json/package.json            |   4 +-
 .../read-package-json/read-json.js            |  16 ++-
 deps/npm/package.json                         |   4 +-
 .../npm-test-shrinkwrap/npm-shrinkwrap.json   |  15 +--
 131 files changed, 663 insertions(+), 186 deletions(-)
 create mode 100644 deps/npm/doc/cli/stars.md
 create mode 100644 deps/npm/html/doc/stars.html
 create mode 100644 deps/npm/lib/stars.js
 create mode 100644 deps/npm/man/man1/stars.1
 create mode 100644 deps/npm/node_modules/npm-registry-client/lib/stars.js

diff --git a/deps/npm/doc/cli/config.md b/deps/npm/doc/cli/config.md
index 3deafce5f2..e48957ba82 100644
--- a/deps/npm/doc/cli/config.md
+++ b/deps/npm/doc/cli/config.md
@@ -36,11 +36,15 @@ work the same.
 `$HOME/.npmrc` (or the `userconfig` param, if set above)
 
 This file is an ini-file formatted list of `key = value` parameters.
+Environment variables can be replaced using `${VARIABLE_NAME}`. For example:
+
+    prefix = ${HOME}/.npm-packages
 
 ### Global config file
 
 `$PREFIX/etc/npmrc` (or the `globalconfig` param, if set above):
-This file is an ini-file formatted list of `key = value` parameters
+This file is an ini-file formatted list of `key = value` parameters.
+Environment variables can be replaced as above.
 
 ### Built-in config file
 
diff --git a/deps/npm/doc/cli/faq.md b/deps/npm/doc/cli/faq.md
index 4c8367137d..d6cc041e4c 100644
--- a/deps/npm/doc/cli/faq.md
+++ b/deps/npm/doc/cli/faq.md
@@ -72,6 +72,52 @@ Write your own package manager, then.  It's not that hard.
 
 npm will not help you do something that is known to be a bad idea.
 
+## `"node_modules"` is the name of my deity's arch-rival, and a Forbidden Word in my religion.  Can I configure npm to use a different folder?
+
+No.  This will never happen.  This question comes up sometimes,
+because it seems silly from the outside that npm couldn't just be
+configured to put stuff somewhere else, and then npm could load them
+from there.  It's an arbitrary spelling choice, right?  What's the bg
+deal?
+
+At the time of this writing, the string `'node_modules'` appears 151
+times in 53 separate files in npm and node core (excluding tests and
+documentation).
+
+Some of these references are in node's built-in module loader.  Since
+npm is not involved **at all** at run-time, node itself would have to
+be configured to know where you've decided to stick stuff.  Complexity
+hurdle #1.  Since the Node module system is locked, this cannot be
+changed, and is enough to kill this request.  But I'll continue, in
+deference to your deity's delicate feelings regarding spelling.
+
+Many of the others are in dependencies that npm uses, which are not
+necessarily tightly coupled to npm (in the sense that they do not read
+npm's configuration files, etc.)  Each of these would have to be
+configured to take the name of the `node_modules` folder as a
+parameter.  Complexity hurdle #2.
+
+Furthermore, npm has the ability to "bundle" dependencies by adding
+the dep names to the `"bundledDependencies"` list in package.json,
+which causes the folder to be included in the package tarball.  What
+if the author of a module bundles its dependencies, and they use a
+different spelling for `node_modules`?  npm would have to rename the
+folder at publish time, and then be smart enough to unpack it using
+your locally configured name.  Complexity hurdle #3.
+
+Furthermore, what happens when you *change* this name?  Fine, it's
+easy enough the first time, just rename the `node_modules` folders to
+`./blergyblerp/` or whatever name you choose.  But what about when you
+change it again?  npm doesn't currently track any state about past
+configuration settings, so this would be rather difficult to do
+properly.  It would have to track every previous value for this
+config, and always accept any of them, or else yesterday's install may
+be broken tomorrow.  Complexity hurdle #5.
+
+Never going to happen.  The folder is named `node_modules`.  It is
+written indelibly in the Node Way, handed down from the ancient times
+of Node 0.3.
+
 ## Should I check my `node_modules` folder into git?
 
 Mikeal Rogers answered this question very well:
diff --git a/deps/npm/doc/cli/index.md b/deps/npm/doc/cli/index.md
index 04852ce496..903812dc21 100644
--- a/deps/npm/doc/cli/index.md
+++ b/deps/npm/doc/cli/index.md
@@ -190,6 +190,10 @@ npm-index(1) -- Index of all npm documentation
 
  Mark your favorite packages
 
+## npm-stars(1)
+
+ View packages marked as favorites
+
 ## npm-start(1)
 
  Start a package
diff --git a/deps/npm/doc/cli/stars.md b/deps/npm/doc/cli/stars.md
new file mode 100644
index 0000000000..7c28f5b2a5
--- /dev/null
+++ b/deps/npm/doc/cli/stars.md
@@ -0,0 +1,22 @@
+npm-stars(1) -- View packages marked as favorites
+=================================================
+
+## SYNOPSIS
+
+    npm stars
+    npm stars [username]
+
+## DESCRIPTION
+
+If you have starred a lot of neat things and want to find them again
+quickly this command lets you do just that.
+
+You may also want to see your friend's favorite packages, in this case
+you will most certainly enjoy this command.
+
+## SEE ALSO
+
+* npm-star(1)
+* npm-view(1)
+* npm-whoami(1)
+* npm-adduser(1)
diff --git a/deps/npm/doc/cli/update.md b/deps/npm/doc/cli/update.md
index 1de49f2e2f..302e2efff8 100644
--- a/deps/npm/doc/cli/update.md
+++ b/deps/npm/doc/cli/update.md
@@ -3,7 +3,7 @@ npm-update(1) -- Update a package
 
 ## SYNOPSIS
 
-    npm update [<name> [<name> ...]]
+    npm update [-g] [<name> [<name> ...]]
 
 ## DESCRIPTION
 
@@ -12,6 +12,9 @@ This command will update all the packages listed to the latest version
 
 It will also install missing packages.
 
+If the `-g` flag is specified, this command will update globally installed packages.
+If no package name is specified, all packages in the specified location (global or local) will be updated.
+
 ## SEE ALSO
 
 * npm-install(1)
diff --git a/deps/npm/doc/cli/version.md b/deps/npm/doc/cli/version.md
index ca9b5fbfaa..74d938d6ba 100644
--- a/deps/npm/doc/cli/version.md
+++ b/deps/npm/doc/cli/version.md
@@ -27,7 +27,16 @@ resulting version number.  For example:
 
 If the `sign-git-tag` config is set, then the tag will be signed using
 the `-s` flag to git.  Note that you must have a default GPG key set up
-in your git config for this to work properly.
+in your git config for this to work properly.  For example:
+
+    $ npm config set sign-git-tag true
+    $ npm version patch
+
+    You need a passphrase to unlock the secret key for
+    user: "isaacs (http://blog.izs.me/) <i@izs.me>"
+    2048-bit RSA key, ID 6C481CF6, created 2010-08-31
+
+    Enter passphrase:
 
 ## SEE ALSO
 
diff --git a/deps/npm/html/api/bin.html b/deps/npm/html/api/bin.html
index 53761a1e83..762ed898d6 100644
--- a/deps/npm/html/api/bin.html
+++ b/deps/npm/html/api/bin.html
@@ -19,7 +19,7 @@
 <p>This function should not be used programmatically.  Instead, just refer
 to the <code>npm.bin</code> member.</p>
 </div>
-<p id="footer">bin &mdash; npm@1.2.10</p>
+<p id="footer">bin &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/bugs.html b/deps/npm/html/api/bugs.html
index 7831e95e2c..d7b615fbf2 100644
--- a/deps/npm/html/api/bugs.html
+++ b/deps/npm/html/api/bugs.html
@@ -25,7 +25,7 @@ optional version number.</p>
 <p>This command will launch a browser, so this command may not be the most
 friendly for programmatic use.</p>
 </div>
-<p id="footer">bugs &mdash; npm@1.2.10</p>
+<p id="footer">bugs &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/commands.html b/deps/npm/html/api/commands.html
index 8948891c60..ee98554c90 100644
--- a/deps/npm/html/api/commands.html
+++ b/deps/npm/html/api/commands.html
@@ -28,7 +28,7 @@ usage, or <code>man 3 npm-&lt;command&gt;</code> for programmatic usage.</p>
 
 <ul><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer">commands &mdash; npm@1.2.10</p>
+<p id="footer">commands &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/config.html b/deps/npm/html/api/config.html
index db526142c9..facb4ee83d 100644
--- a/deps/npm/html/api/config.html
+++ b/deps/npm/html/api/config.html
@@ -33,7 +33,7 @@ functions instead.</p>
 
 <ul><li><a href="../api/npm.html">npm(3)</a></li></ul>
 </div>
-<p id="footer">config &mdash; npm@1.2.10</p>
+<p id="footer">config &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/deprecate.html b/deps/npm/html/api/deprecate.html
index fc46f80fe7..ab671f2863 100644
--- a/deps/npm/html/api/deprecate.html
+++ b/deps/npm/html/api/deprecate.html
@@ -32,7 +32,7 @@ install the package.</p></li></ul>
 
 <ul><li><a href="../api/publish.html">publish(3)</a></li><li><a href="../api/unpublish.html">unpublish(3)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">deprecate &mdash; npm@1.2.10</p>
+<p id="footer">deprecate &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/docs.html b/deps/npm/html/api/docs.html
index 5cf46ec104..1b3d0c872b 100644
--- a/deps/npm/html/api/docs.html
+++ b/deps/npm/html/api/docs.html
@@ -25,7 +25,7 @@ optional version number.</p>
 <p>This command will launch a browser, so this command may not be the most
 friendly for programmatic use.</p>
 </div>
-<p id="footer">docs &mdash; npm@1.2.10</p>
+<p id="footer">docs &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/edit.html b/deps/npm/html/api/edit.html
index 6d179bdb1a..85acc0880d 100644
--- a/deps/npm/html/api/edit.html
+++ b/deps/npm/html/api/edit.html
@@ -30,7 +30,7 @@ to open. The package can optionally have a version number attached.</p>
 <p>Since this command opens an editor in a new process, be careful about where
 and how this is used.</p>
 </div>
-<p id="footer">edit &mdash; npm@1.2.10</p>
+<p id="footer">edit &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/explore.html b/deps/npm/html/api/explore.html
index 5945efe4a2..ddf38e77a4 100644
--- a/deps/npm/html/api/explore.html
+++ b/deps/npm/html/api/explore.html
@@ -24,7 +24,7 @@ sure to use <code>npm rebuild &lt;pkg&gt;</code> if you make any changes.</p>
 
 <p>The first element in the &#39;args&#39; parameter must be a package name.  After that is the optional command, which can be any number of strings. All of the strings will be combined into one, space-delimited command.</p>
 </div>
-<p id="footer">explore &mdash; npm@1.2.10</p>
+<p id="footer">explore &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/help-search.html b/deps/npm/html/api/help-search.html
index 79837a8d41..3615e7ede7 100644
--- a/deps/npm/html/api/help-search.html
+++ b/deps/npm/html/api/help-search.html
@@ -32,7 +32,7 @@ Name of the file that matched</li></ul>
 
 <p>The silent parameter is not neccessary not used, but it may in the future.</p>
 </div>
-<p id="footer">help-search &mdash; npm@1.2.10</p>
+<p id="footer">help-search &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/init.html b/deps/npm/html/api/init.html
index 409018e494..a8a62a6ed7 100644
--- a/deps/npm/html/api/init.html
+++ b/deps/npm/html/api/init.html
@@ -35,7 +35,7 @@ then go ahead and use this programmatically.</p>
 
 <p><a href="../doc/json.html">json(1)</a></p>
 </div>
-<p id="footer">init &mdash; npm@1.2.10</p>
+<p id="footer">init &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/install.html b/deps/npm/html/api/install.html
index 2f7d67d628..a2a7666b36 100644
--- a/deps/npm/html/api/install.html
+++ b/deps/npm/html/api/install.html
@@ -25,7 +25,7 @@ the name of a package to be installed.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when all packages have been
 installed or when an error has been encountered.</p>
 </div>
-<p id="footer">install &mdash; npm@1.2.10</p>
+<p id="footer">install &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/link.html b/deps/npm/html/api/link.html
index 451b0c0cd1..f843262754 100644
--- a/deps/npm/html/api/link.html
+++ b/deps/npm/html/api/link.html
@@ -39,7 +39,7 @@ npm.commands.link(&#39;redis&#39;, cb)  # link-install the package</code></pre>
 <p>Now, any changes to the redis package will be reflected in
 the package in the current working directory</p>
 </div>
-<p id="footer">link &mdash; npm@1.2.10</p>
+<p id="footer">link &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/load.html b/deps/npm/html/api/load.html
index 3da18c65d0..cea0c3f8d0 100644
--- a/deps/npm/html/api/load.html
+++ b/deps/npm/html/api/load.html
@@ -32,7 +32,7 @@ config object.</p>
 
 <p>For a list of all the available command-line configs, see <code>npm help config</code></p>
 </div>
-<p id="footer">load &mdash; npm@1.2.10</p>
+<p id="footer">load &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/ls.html b/deps/npm/html/api/ls.html
index 3a8753d11d..5e5671a088 100644
--- a/deps/npm/html/api/ls.html
+++ b/deps/npm/html/api/ls.html
@@ -59,7 +59,7 @@ project.</p>
 This means that if a submodule a same dependency as a parent module, then the
 dependency will only be output once.</p>
 </div>
-<p id="footer">ls &mdash; npm@1.2.10</p>
+<p id="footer">ls &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/npm.html b/deps/npm/html/api/npm.html
index c5eb011201..26e133c70d 100644
--- a/deps/npm/html/api/npm.html
+++ b/deps/npm/html/api/npm.html
@@ -24,7 +24,7 @@ npm.load([configObject,] function (er, npm) {
 
 <h2 id="VERSION">VERSION</h2>
 
-<p>1.2.10</p>
+<p>1.2.11</p>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
 
@@ -92,7 +92,7 @@ method names.  Use the <code>npm.deref</code> method to find the real name.</p>
 
 <pre><code>var cmd = npm.deref(&quot;unp&quot;) // cmd === &quot;unpublish&quot;</code></pre>
 </div>
-<p id="footer">npm &mdash; npm@1.2.10</p>
+<p id="footer">npm &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/outdated.html b/deps/npm/html/api/outdated.html
index 3d277123dc..7a693e0515 100644
--- a/deps/npm/html/api/outdated.html
+++ b/deps/npm/html/api/outdated.html
@@ -19,7 +19,7 @@ currently outdated.</p>
 
 <p>If the &#39;packages&#39; parameter is left out, npm will check all packages.</p>
 </div>
-<p id="footer">outdated &mdash; npm@1.2.10</p>
+<p id="footer">outdated &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/owner.html b/deps/npm/html/api/owner.html
index 049f74ca68..10263d85ea 100644
--- a/deps/npm/html/api/owner.html
+++ b/deps/npm/html/api/owner.html
@@ -34,7 +34,7 @@ that is not implemented at this time.</p>
 
 <ul><li><a href="../api/publish.html">publish(3)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">owner &mdash; npm@1.2.10</p>
+<p id="footer">owner &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/pack.html b/deps/npm/html/api/pack.html
index 81a6d6ef5c..75bfb97335 100644
--- a/deps/npm/html/api/pack.html
+++ b/deps/npm/html/api/pack.html
@@ -25,7 +25,7 @@ overwritten the second time.</p>
 
 <p>If no arguments are supplied, then npm packs the current package folder.</p>
 </div>
-<p id="footer">pack &mdash; npm@1.2.10</p>
+<p id="footer">pack &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/prefix.html b/deps/npm/html/api/prefix.html
index a1b4e98ea1..14056f2475 100644
--- a/deps/npm/html/api/prefix.html
+++ b/deps/npm/html/api/prefix.html
@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically</p>
 </div>
-<p id="footer">prefix &mdash; npm@1.2.10</p>
+<p id="footer">prefix &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/prune.html b/deps/npm/html/api/prune.html
index 5268d31c69..adefa17033 100644
--- a/deps/npm/html/api/prune.html
+++ b/deps/npm/html/api/prune.html
@@ -23,7 +23,7 @@
 <p>Extraneous packages are packages that are not listed on the parent
 package&#39;s dependencies list.</p>
 </div>
-<p id="footer">prune &mdash; npm@1.2.10</p>
+<p id="footer">prune &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/publish.html b/deps/npm/html/api/publish.html
index c7602abd4a..3b50a9e73c 100644
--- a/deps/npm/html/api/publish.html
+++ b/deps/npm/html/api/publish.html
@@ -32,7 +32,7 @@ the registry.  Overwrites when the &quot;force&quot; environment variable is set
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../api/owner.html">owner(3)</a></li></ul>
 </div>
-<p id="footer">publish &mdash; npm@1.2.10</p>
+<p id="footer">publish &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/rebuild.html b/deps/npm/html/api/rebuild.html
index d97fdaea06..c9e805c1c3 100644
--- a/deps/npm/html/api/rebuild.html
+++ b/deps/npm/html/api/rebuild.html
@@ -22,7 +22,7 @@ the new binary. If no &#39;packages&#39; parameter is specify, every package wil
 
 <p>See <code>npm help build</code></p>
 </div>
-<p id="footer">rebuild &mdash; npm@1.2.10</p>
+<p id="footer">rebuild &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/restart.html b/deps/npm/html/api/restart.html
index 19023e2edf..0378b94dd4 100644
--- a/deps/npm/html/api/restart.html
+++ b/deps/npm/html/api/restart.html
@@ -27,7 +27,7 @@ in the <code>packages</code> parameter.</p>
 
 <ul><li><a href="../api/start.html">start(3)</a></li><li><a href="../api/stop.html">stop(3)</a></li></ul>
 </div>
-<p id="footer">restart &mdash; npm@1.2.10</p>
+<p id="footer">restart &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/root.html b/deps/npm/html/api/root.html
index 4191995040..d2f6aab721 100644
--- a/deps/npm/html/api/root.html
+++ b/deps/npm/html/api/root.html
@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically.</p>
 </div>
-<p id="footer">root &mdash; npm@1.2.10</p>
+<p id="footer">root &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/run-script.html b/deps/npm/html/api/run-script.html
index f8dfd4a83a..5d93e41ed0 100644
--- a/deps/npm/html/api/run-script.html
+++ b/deps/npm/html/api/run-script.html
@@ -29,7 +29,7 @@ assumed to be the command to run. All other elements are ignored.</p>
 
 <ul><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../api/test.html">test(3)</a></li><li><a href="../api/start.html">start(3)</a></li><li><a href="../api/restart.html">restart(3)</a></li><li><a href="../api/stop.html">stop(3)</a></li></ul>
 </div>
-<p id="footer">run-script &mdash; npm@1.2.10</p>
+<p id="footer">run-script &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/search.html b/deps/npm/html/api/search.html
index 37bad3fc76..fefbed5507 100644
--- a/deps/npm/html/api/search.html
+++ b/deps/npm/html/api/search.html
@@ -32,7 +32,7 @@ excluded term (the &quot;searchexclude&quot; config). The search is case insensi
 and doesn&#39;t try to read your mind (it doesn&#39;t do any verb tense matching or the
 like).</p>
 </div>
-<p id="footer">search &mdash; npm@1.2.10</p>
+<p id="footer">search &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/shrinkwrap.html b/deps/npm/html/api/shrinkwrap.html
index d83a8ad483..50ca198174 100644
--- a/deps/npm/html/api/shrinkwrap.html
+++ b/deps/npm/html/api/shrinkwrap.html
@@ -26,7 +26,7 @@ but the shrinkwrap file will still be written.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when the shrinkwrap has
 been saved.</p>
 </div>
-<p id="footer">shrinkwrap &mdash; npm@1.2.10</p>
+<p id="footer">shrinkwrap &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/start.html b/deps/npm/html/api/start.html
index 675f3f35f8..5dbbcb74dd 100644
--- a/deps/npm/html/api/start.html
+++ b/deps/npm/html/api/start.html
@@ -19,7 +19,7 @@
 <p>npm can run tests on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">start &mdash; npm@1.2.10</p>
+<p id="footer">start &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/stop.html b/deps/npm/html/api/stop.html
index 9e36cf9cf8..733a1e2625 100644
--- a/deps/npm/html/api/stop.html
+++ b/deps/npm/html/api/stop.html
@@ -19,7 +19,7 @@
 <p>npm can run stop on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">stop &mdash; npm@1.2.10</p>
+<p id="footer">stop &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/submodule.html b/deps/npm/html/api/submodule.html
index e156748901..b655c4150e 100644
--- a/deps/npm/html/api/submodule.html
+++ b/deps/npm/html/api/submodule.html
@@ -33,7 +33,7 @@ dependencies into the submodule folder.</p>
 
 <ul><li>npm help json</li><li>git help submodule</li></ul>
 </div>
-<p id="footer">submodule &mdash; npm@1.2.10</p>
+<p id="footer">submodule &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/tag.html b/deps/npm/html/api/tag.html
index 2803372db5..cee47192a2 100644
--- a/deps/npm/html/api/tag.html
+++ b/deps/npm/html/api/tag.html
@@ -29,7 +29,7 @@ parameter is missing or falsey (empty), the default froom the config will be
 used. For more information about how to set this config, check
 <code>man 3 npm-config</code> for programmatic usage or <code>man npm-config</code> for cli usage.</p>
 </div>
-<p id="footer">tag &mdash; npm@1.2.10</p>
+<p id="footer">tag &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/test.html b/deps/npm/html/api/test.html
index 00ba0ea3af..8086289a4b 100644
--- a/deps/npm/html/api/test.html
+++ b/deps/npm/html/api/test.html
@@ -22,7 +22,7 @@ true.</p>
 <p>npm can run tests on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">test &mdash; npm@1.2.10</p>
+<p id="footer">test &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/uninstall.html b/deps/npm/html/api/uninstall.html
index 90a6b32f3b..1aac296d1c 100644
--- a/deps/npm/html/api/uninstall.html
+++ b/deps/npm/html/api/uninstall.html
@@ -22,7 +22,7 @@ the name of a package to be uninstalled.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when all packages have been
 uninstalled or when an error has been encountered.</p>
 </div>
-<p id="footer">uninstall &mdash; npm@1.2.10</p>
+<p id="footer">uninstall &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/unpublish.html b/deps/npm/html/api/unpublish.html
index 349d3ddb33..43aadee644 100644
--- a/deps/npm/html/api/unpublish.html
+++ b/deps/npm/html/api/unpublish.html
@@ -26,7 +26,7 @@ is what is meant.</p>
 <p>If no version is specified, or if all versions are removed then
 the root package entry is removed from the registry entirely.</p>
 </div>
-<p id="footer">unpublish &mdash; npm@1.2.10</p>
+<p id="footer">unpublish &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/update.html b/deps/npm/html/api/update.html
index 740deeea04..3aa2780df0 100644
--- a/deps/npm/html/api/update.html
+++ b/deps/npm/html/api/update.html
@@ -18,7 +18,7 @@
 
 <p>The &#39;packages&#39; argument is an array of packages to update. The &#39;callback&#39; parameter will be called when done or when an error occurs.</p>
 </div>
-<p id="footer">update &mdash; npm@1.2.10</p>
+<p id="footer">update &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/version.html b/deps/npm/html/api/version.html
index 3b7b03c71d..44dc04b01a 100644
--- a/deps/npm/html/api/version.html
+++ b/deps/npm/html/api/version.html
@@ -24,7 +24,7 @@ fail if the repo is not clean.</p>
 parameter. The difference, however, is this function will fail if it does
 not have exactly one element. The only element should be a version number.</p>
 </div>
-<p id="footer">version &mdash; npm@1.2.10</p>
+<p id="footer">version &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/view.html b/deps/npm/html/api/view.html
index 3617f7627b..5d3318c32b 100644
--- a/deps/npm/html/api/view.html
+++ b/deps/npm/html/api/view.html
@@ -99,7 +99,7 @@ the field name.</p>
 
 <p>corresponding to the list of fields selected.</p>
 </div>
-<p id="footer">view &mdash; npm@1.2.10</p>
+<p id="footer">view &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/api/whoami.html b/deps/npm/html/api/whoami.html
index 522b74635d..8a6bb178a6 100644
--- a/deps/npm/html/api/whoami.html
+++ b/deps/npm/html/api/whoami.html
@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically</p>
 </div>
-<p id="footer">whoami &mdash; npm@1.2.10</p>
+<p id="footer">whoami &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html
index d53f740b74..6a006e81c1 100644
--- a/deps/npm/html/doc/README.html
+++ b/deps/npm/html/doc/README.html
@@ -240,7 +240,7 @@ will no doubt tell you to put the output in a gist or email.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@1.2.10</p>
+<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/adduser.html b/deps/npm/html/doc/adduser.html
index f965cde790..b0d9e5e3dc 100644
--- a/deps/npm/html/doc/adduser.html
+++ b/deps/npm/html/doc/adduser.html
@@ -39,7 +39,7 @@ authorize on a new machine.</p>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li><li><a href="../doc/whoami.html">whoami(1)</a></li></ul>
 </div>
-<p id="footer">adduser &mdash; npm@1.2.10</p>
+<p id="footer">adduser &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/bin.html b/deps/npm/html/doc/bin.html
index bf863db4d0..45e3004313 100644
--- a/deps/npm/html/doc/bin.html
+++ b/deps/npm/html/doc/bin.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/prefix.html">prefix(1)</a></li><li><a href="../doc/root.html">root(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">bin &mdash; npm@1.2.10</p>
+<p id="footer">bin &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/bugs.html b/deps/npm/html/doc/bugs.html
index c648c5fcf5..dd98badb39 100644
--- a/deps/npm/html/doc/bugs.html
+++ b/deps/npm/html/doc/bugs.html
@@ -36,7 +36,7 @@ config param.</p>
 
 <ul><li><a href="../doc/docs.html">docs(1)</a></li><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">bugs &mdash; npm@1.2.10</p>
+<p id="footer">bugs &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/build.html b/deps/npm/html/doc/build.html
index 5dbb9e3614..05ff474d42 100644
--- a/deps/npm/html/doc/build.html
+++ b/deps/npm/html/doc/build.html
@@ -25,7 +25,7 @@ A folder containing a <code>package.json</code> file in its root.</li></ul>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">build &mdash; npm@1.2.10</p>
+<p id="footer">build &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/bundle.html b/deps/npm/html/doc/bundle.html
index c1425bb3de..bdb98c26db 100644
--- a/deps/npm/html/doc/bundle.html
+++ b/deps/npm/html/doc/bundle.html
@@ -20,7 +20,7 @@ install packages into the local space.</p>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">bundle &mdash; npm@1.2.10</p>
+<p id="footer">bundle &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/cache.html b/deps/npm/html/doc/cache.html
index efa25c50fd..da99303bd2 100644
--- a/deps/npm/html/doc/cache.html
+++ b/deps/npm/html/doc/cache.html
@@ -66,7 +66,7 @@ they do not make an HTTP request to the registry.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li></ul>
 </div>
-<p id="footer">cache &mdash; npm@1.2.10</p>
+<p id="footer">cache &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/changelog.html b/deps/npm/html/doc/changelog.html
index 06e6b71d5b..cae5b2b7fc 100644
--- a/deps/npm/html/doc/changelog.html
+++ b/deps/npm/html/doc/changelog.html
@@ -65,7 +65,7 @@
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li></ul>
 </div>
-<p id="footer">changelog &mdash; npm@1.2.10</p>
+<p id="footer">changelog &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/coding-style.html b/deps/npm/html/doc/coding-style.html
index 120c2e009f..a595d403c1 100644
--- a/deps/npm/html/doc/coding-style.html
+++ b/deps/npm/html/doc/coding-style.html
@@ -182,7 +182,7 @@ set to anything.&quot;</p>
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">coding-style &mdash; npm@1.2.10</p>
+<p id="footer">coding-style &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/completion.html b/deps/npm/html/doc/completion.html
index cc0128b431..cb8f57e076 100644
--- a/deps/npm/html/doc/completion.html
+++ b/deps/npm/html/doc/completion.html
@@ -33,7 +33,7 @@ completions based on the arguments.</p>
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">completion &mdash; npm@1.2.10</p>
+<p id="footer">completion &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/config.html b/deps/npm/html/doc/config.html
index fbab250056..7a15988296 100644
--- a/deps/npm/html/doc/config.html
+++ b/deps/npm/html/doc/config.html
@@ -42,12 +42,16 @@ work the same.</p>
 
 <p><code>$HOME/.npmrc</code> (or the <code>userconfig</code> param, if set above)</p>
 
-<p>This file is an ini-file formatted list of <code>key = value</code> parameters.</p>
+<p>This file is an ini-file formatted list of <code>key = value</code> parameters.
+Environment variables can be replaced using <code>${VARIABLE_NAME}</code>. For example:</p>
+
+<pre><code>prefix = ${HOME}/.npm-packages</code></pre>
 
 <h3 id="Global-config-file">Global config file</h3>
 
 <p><code>$PREFIX/etc/npmrc</code> (or the <code>globalconfig</code> param, if set above):
-This file is an ini-file formatted list of <code>key = value</code> parameters</p>
+This file is an ini-file formatted list of <code>key = value</code> parameters.
+Environment variables can be replaced as above.</p>
 
 <h3 id="Built-in-config-file">Built-in config file</h3>
 
@@ -767,7 +771,7 @@ then answer &quot;no&quot; to any prompt.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">config &mdash; npm@1.2.10</p>
+<p id="footer">config &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/dedupe.html b/deps/npm/html/doc/dedupe.html
index c871d3dcce..019e6562a6 100644
--- a/deps/npm/html/doc/dedupe.html
+++ b/deps/npm/html/doc/dedupe.html
@@ -57,7 +57,7 @@ registry.</p>
 
 <ul><li><a href="../doc/ls.html">ls(1)</a></li><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">dedupe &mdash; npm@1.2.10</p>
+<p id="footer">dedupe &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/deprecate.html b/deps/npm/html/doc/deprecate.html
index dd98b4c32f..eab223d622 100644
--- a/deps/npm/html/doc/deprecate.html
+++ b/deps/npm/html/doc/deprecate.html
@@ -31,7 +31,7 @@ something like this:</p>
 
 <ul><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">deprecate &mdash; npm@1.2.10</p>
+<p id="footer">deprecate &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/developers.html b/deps/npm/html/doc/developers.html
index 425826e669..14eee8488a 100644
--- a/deps/npm/html/doc/developers.html
+++ b/deps/npm/html/doc/developers.html
@@ -160,7 +160,7 @@ from a fresh checkout.</p>
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/init.html">init(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">developers &mdash; npm@1.2.10</p>
+<p id="footer">developers &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/disputes.html b/deps/npm/html/doc/disputes.html
index 62aac9ac6e..b363efb596 100644
--- a/deps/npm/html/doc/disputes.html
+++ b/deps/npm/html/doc/disputes.html
@@ -86,7 +86,7 @@ an empty tarball, you&#39;re going to be evicted.</li></ol>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li></ul>
 </div>
-<p id="footer">disputes &mdash; npm@1.2.10</p>
+<p id="footer">disputes &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/docs.html b/deps/npm/html/doc/docs.html
index 7843a49a19..ba7988451b 100644
--- a/deps/npm/html/doc/docs.html
+++ b/deps/npm/html/doc/docs.html
@@ -37,7 +37,7 @@ config param.</p>
 
 <ul><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">docs &mdash; npm@1.2.10</p>
+<p id="footer">docs &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/edit.html b/deps/npm/html/doc/edit.html
index 74fd445437..293a66ac99 100644
--- a/deps/npm/html/doc/edit.html
+++ b/deps/npm/html/doc/edit.html
@@ -37,7 +37,7 @@ or <code>&quot;notepad&quot;</code> on Windows.</li><li>Type: path</li></ul>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/explore.html">explore(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">edit &mdash; npm@1.2.10</p>
+<p id="footer">edit &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/explore.html b/deps/npm/html/doc/explore.html
index 47ef0a8a59..5577e85963 100644
--- a/deps/npm/html/doc/explore.html
+++ b/deps/npm/html/doc/explore.html
@@ -40,7 +40,7 @@ Windows</li><li>Type: path</li></ul>
 
 <ul><li><a href="../doc/submodule.html">submodule(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/edit.html">edit(1)</a></li><li><a href="../doc/rebuild.html">rebuild(1)</a></li><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">explore &mdash; npm@1.2.10</p>
+<p id="footer">explore &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/faq.html b/deps/npm/html/doc/faq.html
index 9fe947e678..81852a01b2 100644
--- a/deps/npm/html/doc/faq.html
+++ b/deps/npm/html/doc/faq.html
@@ -78,6 +78,52 @@ program that uses it.</p>
 
 <p>npm will not help you do something that is known to be a bad idea.</p>
 
+<h2 id="node_modules-is-the-name-of-my-deity-s-arch-rival-and-a-Forbidden-Word-in-my-religion-Can-I-configure-npm-to-use-a-different-folder"><code>&quot;node_modules&quot;</code> is the name of my deity&#39;s arch-rival, and a Forbidden Word in my religion.  Can I configure npm to use a different folder?</h2>
+
+<p>No.  This will never happen.  This question comes up sometimes,
+because it seems silly from the outside that npm couldn&#39;t just be
+configured to put stuff somewhere else, and then npm could load them
+from there.  It&#39;s an arbitrary spelling choice, right?  What&#39;s the bg
+deal?</p>
+
+<p>At the time of this writing, the string <code>&#39;node_modules&#39;</code> appears 151
+times in 53 separate files in npm and node core (excluding tests and
+documentation).</p>
+
+<p>Some of these references are in node&#39;s built-in module loader.  Since
+npm is not involved <strong>at all</strong> at run-time, node itself would have to
+be configured to know where you&#39;ve decided to stick stuff.  Complexity
+hurdle #1.  Since the Node module system is locked, this cannot be
+changed, and is enough to kill this request.  But I&#39;ll continue, in
+deference to your deity&#39;s delicate feelings regarding spelling.</p>
+
+<p>Many of the others are in dependencies that npm uses, which are not
+necessarily tightly coupled to npm (in the sense that they do not read
+npm&#39;s configuration files, etc.)  Each of these would have to be
+configured to take the name of the <code>node_modules</code> folder as a
+parameter.  Complexity hurdle #2.</p>
+
+<p>Furthermore, npm has the ability to &quot;bundle&quot; dependencies by adding
+the dep names to the <code>&quot;bundledDependencies&quot;</code> list in package.json,
+which causes the folder to be included in the package tarball.  What
+if the author of a module bundles its dependencies, and they use a
+different spelling for <code>node_modules</code>?  npm would have to rename the
+folder at publish time, and then be smart enough to unpack it using
+your locally configured name.  Complexity hurdle #3.</p>
+
+<p>Furthermore, what happens when you <em>change</em> this name?  Fine, it&#39;s
+easy enough the first time, just rename the <code>node_modules</code> folders to
+<code>./blergyblerp/</code> or whatever name you choose.  But what about when you
+change it again?  npm doesn&#39;t currently track any state about past
+configuration settings, so this would be rather difficult to do
+properly.  It would have to track every previous value for this
+config, and always accept any of them, or else yesterday&#39;s install may
+be broken tomorrow.  Complexity hurdle #5.</p>
+
+<p>Never going to happen.  The folder is named <code>node_modules</code>.  It is
+written indelibly in the Node Way, handed down from the ancient times
+of Node 0.3.</p>
+
 <h2 id="Should-I-check-my-node_modules-folder-into-git">Should I check my <code>node_modules</code> folder into git?</h2>
 
 <p>Mikeal Rogers answered this question very well:</p>
@@ -250,7 +296,7 @@ There is not sufficient need to impose namespace rules on everyone.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li></ul>
 </div>
-<p id="footer">faq &mdash; npm@1.2.10</p>
+<p id="footer">faq &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/folders.html b/deps/npm/html/doc/folders.html
index c966c34f05..7870b3fbf3 100644
--- a/deps/npm/html/doc/folders.html
+++ b/deps/npm/html/doc/folders.html
@@ -205,7 +205,7 @@ cannot be found elsewhere.  See <code><a href="../doc/json.html">json(1)</a></co
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li></ul>
 </div>
-<p id="footer">folders &mdash; npm@1.2.10</p>
+<p id="footer">folders &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/global.html b/deps/npm/html/doc/global.html
index b26baa4942..9bdd61bda8 100644
--- a/deps/npm/html/doc/global.html
+++ b/deps/npm/html/doc/global.html
@@ -205,7 +205,7 @@ cannot be found elsewhere.  See <code><a href="../doc/json.html">json(1)</a></co
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li></ul>
 </div>
-<p id="footer">global &mdash; npm@1.2.10</p>
+<p id="footer">global &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/help-search.html b/deps/npm/html/doc/help-search.html
index 9e17cf826d..6343d4ab2f 100644
--- a/deps/npm/html/doc/help-search.html
+++ b/deps/npm/html/doc/help-search.html
@@ -38,7 +38,7 @@ where the terms were found in the documentation.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/help.html">help(1)</a></li></ul>
 </div>
-<p id="footer">help-search &mdash; npm@1.2.10</p>
+<p id="footer">help-search &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/help.html b/deps/npm/html/doc/help.html
index ffc2ac5c9d..623bce6069 100644
--- a/deps/npm/html/doc/help.html
+++ b/deps/npm/html/doc/help.html
@@ -36,7 +36,7 @@ matches are equivalent to specifying a topic name.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/README.html">README</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/help-search.html">help-search(1)</a></li><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer">help &mdash; npm@1.2.10</p>
+<p id="footer">help &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/index.html b/deps/npm/html/doc/index.html
index 049bf6f85b..c7e6af084b 100644
--- a/deps/npm/html/doc/index.html
+++ b/deps/npm/html/doc/index.html
@@ -198,6 +198,10 @@
 
 <p> Mark your favorite packages</p>
 
+<h2 id="npm-stars-1"><a href="../doc/stars.html">stars(1)</a></h2>
+
+<p> View packages marked as favorites</p>
+
 <h2 id="npm-start-1"><a href="../doc/start.html">start(1)</a></h2>
 
 <p> Start a package</p>
@@ -396,7 +400,7 @@
 
 <p> Display npm username</p>
 </div>
-<p id="footer">index &mdash; npm@1.2.10</p>
+<p id="footer">index &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/init.html b/deps/npm/html/doc/init.html
index 39519e3fa4..b5ebffb4d4 100644
--- a/deps/npm/html/doc/init.html
+++ b/deps/npm/html/doc/init.html
@@ -29,7 +29,7 @@ without a really good reason to do so.</p>
 
 <ul><li><a href="https://github.com/isaacs/init-package-json">https://github.com/isaacs/init-package-json</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/version.html">version(1)</a></li></ul>
 </div>
-<p id="footer">init &mdash; npm@1.2.10</p>
+<p id="footer">init &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/install.html b/deps/npm/html/doc/install.html
index f68eab5517..1a16807312 100644
--- a/deps/npm/html/doc/install.html
+++ b/deps/npm/html/doc/install.html
@@ -136,7 +136,7 @@ affects a real use-case, it will be investigated.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/rebuild.html">rebuild(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/tag.html">tag(1)</a></li><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/shrinkwrap.html">shrinkwrap(1)</a></li></ul>
 </div>
-<p id="footer">install &mdash; npm@1.2.10</p>
+<p id="footer">install &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/json.html b/deps/npm/html/doc/json.html
index 22e5a37460..5970718a74 100644
--- a/deps/npm/html/doc/json.html
+++ b/deps/npm/html/doc/json.html
@@ -525,7 +525,7 @@ overridden.</p>
 
 <ul><li><a href="../doc/semver.html">semver(1)</a></li><li><a href="../doc/init.html">init(1)</a></li><li><a href="../doc/version.html">version(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/rm.html">rm(1)</a></li></ul>
 </div>
-<p id="footer">json &mdash; npm@1.2.10</p>
+<p id="footer">json &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/link.html b/deps/npm/html/doc/link.html
index 6d078e91a6..72491138ff 100644
--- a/deps/npm/html/doc/link.html
+++ b/deps/npm/html/doc/link.html
@@ -58,7 +58,7 @@ installation target into your project&#39;s <code>node_modules</code> folder.</p
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">link &mdash; npm@1.2.10</p>
+<p id="footer">link &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/ls.html b/deps/npm/html/doc/ls.html
index c522d88f7c..bdd63237d9 100644
--- a/deps/npm/html/doc/ls.html
+++ b/deps/npm/html/doc/ls.html
@@ -25,7 +25,7 @@ limit the results to only the paths to the packages named.  Note that
 nested packages will <em>also</em> show the paths to the specified packages.
 For example, running <code>npm ls promzard</code> in npm&#39;s source tree will show:</p>
 
-<pre><code>npm@1.2.10 /path/to/npm
+<pre><code>npm@1.2.11 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5</code></pre>
 
@@ -64,7 +64,7 @@ project.</p>
 
 <ul><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/prune.html">prune(1)</a></li><li><a href="../doc/outdated.html">outdated(1)</a></li><li><a href="../doc/update.html">update(1)</a></li></ul>
 </div>
-<p id="footer">ls &mdash; npm@1.2.10</p>
+<p id="footer">ls &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/npm.html b/deps/npm/html/doc/npm.html
index 501a4c742a..09ff19a4c7 100644
--- a/deps/npm/html/doc/npm.html
+++ b/deps/npm/html/doc/npm.html
@@ -14,7 +14,7 @@
 
 <h2 id="VERSION">VERSION</h2>
 
-<p>1.2.10</p>
+<p>1.2.11</p>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
 
@@ -135,7 +135,7 @@ will no doubt tell you to put the output in a gist or email.</p>
 
 <ul><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/README.html">README</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/index.html">index(1)</a></li><li><a href="../api/npm.html">npm(3)</a></li></ul>
 </div>
-<p id="footer">npm &mdash; npm@1.2.10</p>
+<p id="footer">npm &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/outdated.html b/deps/npm/html/doc/outdated.html
index fbf9820192..b00991b512 100644
--- a/deps/npm/html/doc/outdated.html
+++ b/deps/npm/html/doc/outdated.html
@@ -21,7 +21,7 @@ packages are currently outdated.</p>
 
 <ul><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li></ul>
 </div>
-<p id="footer">outdated &mdash; npm@1.2.10</p>
+<p id="footer">outdated &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/owner.html b/deps/npm/html/doc/owner.html
index f359feebe0..105dd163ce 100644
--- a/deps/npm/html/doc/owner.html
+++ b/deps/npm/html/doc/owner.html
@@ -34,7 +34,7 @@ that is not implemented at this time.</p>
 
 <ul><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/disputes.html">disputes(1)</a></li></ul>
 </div>
-<p id="footer">owner &mdash; npm@1.2.10</p>
+<p id="footer">owner &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/pack.html b/deps/npm/html/doc/pack.html
index bb2ae8f58d..d386b816b8 100644
--- a/deps/npm/html/doc/pack.html
+++ b/deps/npm/html/doc/pack.html
@@ -29,7 +29,7 @@ overwritten the second time.</p>
 
 <ul><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">pack &mdash; npm@1.2.10</p>
+<p id="footer">pack &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/prefix.html b/deps/npm/html/doc/prefix.html
index 3c1f9f5d9e..49aff1a10c 100644
--- a/deps/npm/html/doc/prefix.html
+++ b/deps/npm/html/doc/prefix.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/root.html">root(1)</a></li><li><a href="../doc/bin.html">bin(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">prefix &mdash; npm@1.2.10</p>
+<p id="footer">prefix &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/prune.html b/deps/npm/html/doc/prune.html
index 8045149b1b..e633dcfece 100644
--- a/deps/npm/html/doc/prune.html
+++ b/deps/npm/html/doc/prune.html
@@ -25,7 +25,7 @@ package&#39;s dependencies list.</p>
 
 <ul><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/list.html">list(1)</a></li></ul>
 </div>
-<p id="footer">prune &mdash; npm@1.2.10</p>
+<p id="footer">prune &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/publish.html b/deps/npm/html/doc/publish.html
index 2cec4baf31..2fbc9cea40 100644
--- a/deps/npm/html/doc/publish.html
+++ b/deps/npm/html/doc/publish.html
@@ -29,7 +29,7 @@ the registry.  Overwrites when the &quot;--force&quot; flag is set.</p>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li><li><a href="../doc/deprecate.html">deprecate(1)</a></li><li><a href="../doc/tag.html">tag(1)</a></li></ul>
 </div>
-<p id="footer">publish &mdash; npm@1.2.10</p>
+<p id="footer">publish &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/rebuild.html b/deps/npm/html/doc/rebuild.html
index f3780da967..3f62305a57 100644
--- a/deps/npm/html/doc/rebuild.html
+++ b/deps/npm/html/doc/rebuild.html
@@ -25,7 +25,7 @@ the new binary.</p>
 
 <ul><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">rebuild &mdash; npm@1.2.10</p>
+<p id="footer">rebuild &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/registry.html b/deps/npm/html/doc/registry.html
index 0ce8ce6e7d..de0416957c 100644
--- a/deps/npm/html/doc/registry.html
+++ b/deps/npm/html/doc/registry.html
@@ -95,7 +95,7 @@ ask for help on the <a href="mailto:npm-@googlegroups.com">npm-@googlegroups.com
 
 <ul><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/disputes.html">disputes(1)</a></li></ul>
 </div>
-<p id="footer">registry &mdash; npm@1.2.10</p>
+<p id="footer">registry &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/removing-npm.html b/deps/npm/html/doc/removing-npm.html
index 858e162b1c..e575a94569 100644
--- a/deps/npm/html/doc/removing-npm.html
+++ b/deps/npm/html/doc/removing-npm.html
@@ -58,7 +58,7 @@ modules.  To track those down, you can do the following:</p>
 
 <ul><li><a href="../doc/README.html">README</a></li><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/prune.html">prune(1)</a></li></ul>
 </div>
-<p id="footer">removing-npm &mdash; npm@1.2.10</p>
+<p id="footer">removing-npm &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/restart.html b/deps/npm/html/doc/restart.html
index 27da194657..b9b83d73e6 100644
--- a/deps/npm/html/doc/restart.html
+++ b/deps/npm/html/doc/restart.html
@@ -24,7 +24,7 @@ the &quot;start&quot; script.</p>
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/test.html">test(1)</a></li><li><a href="../doc/start.html">start(1)</a></li><li><a href="../doc/stop.html">stop(1)</a></li></ul>
 </div>
-<p id="footer">restart &mdash; npm@1.2.10</p>
+<p id="footer">restart &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/rm.html b/deps/npm/html/doc/rm.html
index 24c398c074..97331bf656 100644
--- a/deps/npm/html/doc/rm.html
+++ b/deps/npm/html/doc/rm.html
@@ -22,7 +22,7 @@ on its behalf.</p>
 
 <ul><li><a href="../doc/prune.html">prune(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">rm &mdash; npm@1.2.10</p>
+<p id="footer">rm &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/root.html b/deps/npm/html/doc/root.html
index 8a48ad77b8..165e337f4f 100644
--- a/deps/npm/html/doc/root.html
+++ b/deps/npm/html/doc/root.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/prefix.html">prefix(1)</a></li><li><a href="../doc/bin.html">bin(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">root &mdash; npm@1.2.10</p>
+<p id="footer">root &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/run-script.html b/deps/npm/html/doc/run-script.html
index bcbbcace71..0d9548d75e 100644
--- a/deps/npm/html/doc/run-script.html
+++ b/deps/npm/html/doc/run-script.html
@@ -23,7 +23,7 @@ called directly, as well.</p>
 
 <ul><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/test.html">test(1)</a></li><li><a href="../doc/start.html">start(1)</a></li><li><a href="../doc/restart.html">restart(1)</a></li><li><a href="../doc/stop.html">stop(1)</a></li></ul>
 </div>
-<p id="footer">run-script &mdash; npm@1.2.10</p>
+<p id="footer">run-script &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/scripts.html b/deps/npm/html/doc/scripts.html
index 9aa1f5b31f..aade7cf1ab 100644
--- a/deps/npm/html/doc/scripts.html
+++ b/deps/npm/html/doc/scripts.html
@@ -218,7 +218,7 @@ will sudo the npm command in question.</li></ul>
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">scripts &mdash; npm@1.2.10</p>
+<p id="footer">scripts &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/search.html b/deps/npm/html/doc/search.html
index 39885c58ca..8a201ae30f 100644
--- a/deps/npm/html/doc/search.html
+++ b/deps/npm/html/doc/search.html
@@ -24,7 +24,7 @@ expression characters must be escaped or quoted in most shells.)</p>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/view.html">view(1)</a></li></ul>
 </div>
-<p id="footer">search &mdash; npm@1.2.10</p>
+<p id="footer">search &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/semver.html b/deps/npm/html/doc/semver.html
index 0c462e6334..410695dd83 100644
--- a/deps/npm/html/doc/semver.html
+++ b/deps/npm/html/doc/semver.html
@@ -104,7 +104,7 @@ that satisfies the range, or null if none of them do.</li></ul>
 
 <ul><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">semver &mdash; npm@1.2.10</p>
+<p id="footer">semver &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/shrinkwrap.html b/deps/npm/html/doc/shrinkwrap.html
index 6d6760b6b2..efed371842 100644
--- a/deps/npm/html/doc/shrinkwrap.html
+++ b/deps/npm/html/doc/shrinkwrap.html
@@ -169,7 +169,7 @@ versions.</p>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/list.html">list(1)</a></li></ul>
 </div>
-<p id="footer">shrinkwrap &mdash; npm@1.2.10</p>
+<p id="footer">shrinkwrap &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/star.html b/deps/npm/html/doc/star.html
index 007f8bf3ca..7f7cb787f6 100644
--- a/deps/npm/html/doc/star.html
+++ b/deps/npm/html/doc/star.html
@@ -26,7 +26,7 @@ a vaguely positive way to show that you care.</p>
 
 <ul><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/whoami.html">whoami(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li></ul>
 </div>
-<p id="footer">star &mdash; npm@1.2.10</p>
+<p id="footer">star &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/stars.html b/deps/npm/html/doc/stars.html
new file mode 100644
index 0000000000..a3204e6aa2
--- /dev/null
+++ b/deps/npm/html/doc/stars.html
@@ -0,0 +1,60 @@
+<!doctype html>
+<html>
+  <title>stars</title>
+  <meta http-equiv="content-type" value="text/html;utf-8">
+  <link rel="stylesheet" type="text/css" href="../static/style.css">
+
+  <body>
+    <div id="wrapper">
+<h1><a href="../doc/stars.html">stars</a></h1> <p>View packages marked as favorites</p>
+
+<h2 id="SYNOPSIS">SYNOPSIS</h2>
+
+<pre><code>npm stars
+npm stars [username]</code></pre>
+
+<h2 id="DESCRIPTION">DESCRIPTION</h2>
+
+<p>If you have starred a lot of neat things and want to find them again
+quickly this command lets you do just that.</p>
+
+<p>You may also want to see your friend&#39;s favorite packages, in this case
+you will most certainly enjoy this command.</p>
+
+<h2 id="SEE-ALSO">SEE ALSO</h2>
+
+<ul><li><a href="../doc/star.html">star(1)</a></li><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/whoami.html">whoami(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li></ul>
+</div>
+<p id="footer">stars &mdash; npm@1.2.11</p>
+<script>
+;(function () {
+var wrapper = document.getElementById("wrapper")
+var els = Array.prototype.slice.call(wrapper.getElementsByTagName("*"), 0)
+  .filter(function (el) {
+    return el.parentNode === wrapper
+        && el.tagName.match(/H[1-6]/)
+        && el.id
+  })
+var l = 2
+  , toc = document.createElement("ul")
+toc.innerHTML = els.map(function (el) {
+  var i = el.tagName.charAt(1)
+    , out = ""
+  while (i > l) {
+    out += "<ul>"
+    l ++
+  }
+  while (i < l) {
+    out += "</ul>"
+    l --
+  }
+  out += "<li><a href='#" + el.id + "'>" +
+    ( el.innerText || el.text || el.innerHTML)
+    + "</a>"
+  return out
+}).join("\n")
+toc.id = "toc"
+document.body.appendChild(toc)
+})()
+</script>
+</body></html>
diff --git a/deps/npm/html/doc/start.html b/deps/npm/html/doc/start.html
index 3e6aa1ca64..4a42ee1e1a 100644
--- a/deps/npm/html/doc/start.html
+++ b/deps/npm/html/doc/start.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/test.html">test(1)</a></li><li><a href="../doc/restart.html">restart(1)</a></li><li><a href="../doc/stop.html">stop(1)</a></li></ul>
 </div>
-<p id="footer">start &mdash; npm@1.2.10</p>
+<p id="footer">start &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/stop.html b/deps/npm/html/doc/stop.html
index 115a9802bc..98a4b5c905 100644
--- a/deps/npm/html/doc/stop.html
+++ b/deps/npm/html/doc/stop.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/test.html">test(1)</a></li><li><a href="../doc/start.html">start(1)</a></li><li><a href="../doc/restart.html">restart(1)</a></li></ul>
 </div>
-<p id="footer">stop &mdash; npm@1.2.10</p>
+<p id="footer">stop &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/submodule.html b/deps/npm/html/doc/submodule.html
index a70b4d0839..fdb7797d35 100644
--- a/deps/npm/html/doc/submodule.html
+++ b/deps/npm/html/doc/submodule.html
@@ -33,7 +33,7 @@ dependencies into the submodule folder.</p>
 
 <ul><li><a href="../doc/json.html">json(1)</a></li><li>git help submodule</li></ul>
 </div>
-<p id="footer">submodule &mdash; npm@1.2.10</p>
+<p id="footer">submodule &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/tag.html b/deps/npm/html/doc/tag.html
index 28a38faba2..a7290cade2 100644
--- a/deps/npm/html/doc/tag.html
+++ b/deps/npm/html/doc/tag.html
@@ -21,7 +21,7 @@
 
 <ul><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">tag &mdash; npm@1.2.10</p>
+<p id="footer">tag &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/test.html b/deps/npm/html/doc/test.html
index 9428eb2076..297062f228 100644
--- a/deps/npm/html/doc/test.html
+++ b/deps/npm/html/doc/test.html
@@ -23,7 +23,7 @@ true.</p>
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/start.html">start(1)</a></li><li><a href="../doc/restart.html">restart(1)</a></li><li><a href="../doc/stop.html">stop(1)</a></li></ul>
 </div>
-<p id="footer">test &mdash; npm@1.2.10</p>
+<p id="footer">test &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/uninstall.html b/deps/npm/html/doc/uninstall.html
index c81e94645d..1632ff27eb 100644
--- a/deps/npm/html/doc/uninstall.html
+++ b/deps/npm/html/doc/uninstall.html
@@ -22,7 +22,7 @@ on its behalf.</p>
 
 <ul><li><a href="../doc/prune.html">prune(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">uninstall &mdash; npm@1.2.10</p>
+<p id="footer">uninstall &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/unpublish.html b/deps/npm/html/doc/unpublish.html
index e9a8ec0ba9..92636e134c 100644
--- a/deps/npm/html/doc/unpublish.html
+++ b/deps/npm/html/doc/unpublish.html
@@ -34,7 +34,7 @@ the root package entry is removed from the registry entirely.</p>
 
 <ul><li><a href="../doc/deprecate.html">deprecate(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li></ul>
 </div>
-<p id="footer">unpublish &mdash; npm@1.2.10</p>
+<p id="footer">unpublish &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/update.html b/deps/npm/html/doc/update.html
index 1f134e3680..9652a53a4e 100644
--- a/deps/npm/html/doc/update.html
+++ b/deps/npm/html/doc/update.html
@@ -10,7 +10,7 @@
 
 <h2 id="SYNOPSIS">SYNOPSIS</h2>
 
-<pre><code>npm update [&lt;name&gt; [&lt;name&gt; ...]]</code></pre>
+<pre><code>npm update [-g] [&lt;name&gt; [&lt;name&gt; ...]]</code></pre>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
 
@@ -19,11 +19,14 @@
 
 <p>It will also install missing packages.</p>
 
+<p>If the <code>-g</code> flag is specified, this command will update globally installed packages.
+If no package name is specified, all packages in the specified location (global or local) will be updated.</p>
+
 <h2 id="SEE-ALSO">SEE ALSO</h2>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/outdated.html">outdated(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/list.html">list(1)</a></li></ul>
 </div>
-<p id="footer">update &mdash; npm@1.2.10</p>
+<p id="footer">update &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/version.html b/deps/npm/html/doc/version.html
index d7fbfaa4be..953db5eb1e 100644
--- a/deps/npm/html/doc/version.html
+++ b/deps/npm/html/doc/version.html
@@ -34,13 +34,22 @@ resulting version number.  For example:</p>
 
 <p>If the <code>sign-git-tag</code> config is set, then the tag will be signed using
 the <code>-s</code> flag to git.  Note that you must have a default GPG key set up
-in your git config for this to work properly.</p>
+in your git config for this to work properly.  For example:</p>
+
+<pre><code>$ npm config set sign-git-tag true
+$ npm version patch
+
+You need a passphrase to unlock the secret key for
+user: &quot;isaacs (http://blog.izs.me/) &lt;i@izs.me&gt;&quot;
+2048-bit RSA key, ID 6C481CF6, created 2010-08-31
+
+Enter passphrase:</code></pre>
 
 <h2 id="SEE-ALSO">SEE ALSO</h2>
 
 <ul><li><a href="../doc/init.html">init(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/semver.html">semver(1)</a></li></ul>
 </div>
-<p id="footer">version &mdash; npm@1.2.10</p>
+<p id="footer">version &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/view.html b/deps/npm/html/doc/view.html
index f09cd1b5d2..1a36e11941 100644
--- a/deps/npm/html/doc/view.html
+++ b/deps/npm/html/doc/view.html
@@ -90,7 +90,7 @@ the field name.</p>
 
 <ul><li><a href="../doc/search.html">search(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/docs.html">docs(1)</a></li></ul>
 </div>
-<p id="footer">view &mdash; npm@1.2.10</p>
+<p id="footer">view &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/html/doc/whoami.html b/deps/npm/html/doc/whoami.html
index 505bc3353c..0b07228d75 100644
--- a/deps/npm/html/doc/whoami.html
+++ b/deps/npm/html/doc/whoami.html
@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li></ul>
 </div>
-<p id="footer">whoami &mdash; npm@1.2.10</p>
+<p id="footer">whoami &mdash; npm@1.2.11</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")
diff --git a/deps/npm/lib/cache.js b/deps/npm/lib/cache.js
index 5e92ef526f..a7a7a42165 100644
--- a/deps/npm/lib/cache.js
+++ b/deps/npm/lib/cache.js
@@ -139,6 +139,7 @@ function read (name, ver, forceBypass, cb) {
   }
 
   readJson(jsonFile, function (er, data) {
+    er = needVersion(er, data)
     if (er && er.code !== "ENOENT" && er.code !== "ENOTDIR") return cb(er)
     if (er) return addNamed(name, ver, c)
     deprCheck(data)
@@ -282,9 +283,11 @@ function fetchAndShaCheck (u, tmp, shasum, cb) {
       log.error("fetch failed", u)
       return cb(er, response)
     }
-    if (!shasum) return cb()
+    if (!shasum) return cb(null, response)
     // validate that the url we just downloaded matches the expected shasum.
-    sha.check(tmp, shasum, cb)
+    sha.check(tmp, shasum, function (er) {
+      return cb(er, response, shasum)
+    })
   })
 }
 
@@ -324,9 +327,9 @@ function addRemoteTarball (u, shasum, name, cb_) {
     })
   })
 
-  function done (er) {
+  function done (er, resp, shasum) {
     if (er) return cb(er)
-    addLocalTarball(tmp, name, cb)
+    addLocalTarball(tmp, name, shasum, cb)
   }
 }
 
@@ -342,7 +345,7 @@ function addRemoteTarball_(u, tmp, shasum, cb) {
   operation.attempt(function (currentAttempt) {
     log.info("retry", "fetch attempt " + currentAttempt
       + " at " + (new Date()).toLocaleTimeString())
-    fetchAndShaCheck(u, tmp, shasum, function (er, response) {
+    fetchAndShaCheck(u, tmp, shasum, function (er, response, shasum) {
       // Only retry on 408, 5xx or no `response`.
       var sc = response && response.statusCode
       var statusRetry = !sc || (sc === 408 || sc >= 500)
@@ -350,7 +353,7 @@ function addRemoteTarball_(u, tmp, shasum, cb) {
         log.info("retry", "will retry, error on last attempt: " + er)
         return
       }
-      cb(er)
+      cb(er, response, shasum)
     })
   })
 }
@@ -714,6 +717,7 @@ function addNameVersion (name, ver, data, cb) {
       if (!er) readJson( path.join( npm.cache, name, ver
                                   , "package", "package.json" )
                        , function (er, data) {
+          er = needVersion(er, data)
           if (er && er.code !== "ENOENT" && er.code !== "ENOTDIR") return cb(er)
           if (er) return fetchit()
           return cb(null, data)
@@ -732,6 +736,11 @@ function addNameVersion (name, ver, data, cb) {
       tb.protocol = url.parse(npm.config.get("registry")).protocol
       delete tb.href
       tb = url.format(tb)
+      // only add non-shasum'ed packages if --forced.
+      // only ancient things would lack this for good reasons nowadays.
+      if (!dist.shasum && !npm.config.get("force")) {
+        return cb(new Error("package lacks shasum"))
+      }
       return addRemoteTarball( tb
                              , dist.shasum
                              , name+"-"+ver
@@ -791,16 +800,18 @@ function maybeGithub (p, name, er, cb) {
   })
 }
 
-function addLocalTarball (p, name, cb_) {
+function addLocalTarball (p, name, shasum, cb_) {
+  if (typeof cb_ !== "function") cb_ = shasum, shasum = null
   if (typeof cb_ !== "function") cb_ = name, name = ""
   // if it's a tar, and not in place,
   // then unzip to .tmp, add the tmp folder, and clean up tmp
-  if (p.indexOf(npm.tmp) === 0) return addTmpTarball(p, name, cb_)
+  if (p.indexOf(npm.tmp) === 0)
+    return addTmpTarball(p, name, shasum, cb_)
 
   if (p.indexOf(npm.cache) === 0) {
     if (path.basename(p) !== "package.tgz") return cb_(new Error(
       "Not a valid cache tarball name: "+p))
-    return addPlacedTarball(p, name, cb_)
+    return addPlacedTarball(p, name, shasum, cb_)
   }
 
   function cb (er, data) {
@@ -827,7 +838,7 @@ function addLocalTarball (p, name, cb_) {
       log.verbose("chmod", tmp, npm.modes.file.toString(8))
       fs.chmod(tmp, npm.modes.file, function (er) {
         if (er) return cb(er)
-        addTmpTarball(tmp, name, cb)
+        addTmpTarball(tmp, name, shasum, cb)
       })
     })
     from.pipe(to)
@@ -890,15 +901,74 @@ function makeCacheDir (cb) {
 
 
 
-function addPlacedTarball (p, name, cb) {
+function addPlacedTarball (p, name, shasum, cb) {
   if (!cb) cb = name, name = ""
   getCacheStat(function (er, cs) {
     if (er) return cb(er)
-    return addPlacedTarball_(p, name, cs.uid, cs.gid, cb)
+    return addPlacedTarball_(p, name, cs.uid, cs.gid, shasum, cb)
   })
 }
 
-function addPlacedTarball_ (p, name, uid, gid, cb) {
+// Resolved sum is the shasum from the registry dist object, but
+// *not* necessarily the shasum of this tarball, because for stupid
+// historical reasons, npm re-packs each package an extra time through
+// a temp directory, so all installed packages are actually built with
+// *this* version of npm, on this machine.
+//
+// Once upon a time, this meant that we could change package formats
+// around and fix junk that might be added by incompatible tar
+// implementations.  Then, for a while, it was a way to correct bs
+// added by bugs in our own tar implementation.  Now, it's just
+// garbage, but cleaning it up is a pain, and likely to cause issues
+// if anything is overlooked, so it's not high priority.
+//
+// If you're bored, and looking to make npm go faster, and you've
+// already made it this far in this file, here's a better methodology:
+//
+// cache.add should really be cache.place.  That is, it should take
+// a set of arguments like it does now, but then also a destination
+// folder.
+//
+// cache.add('foo@bar', '/path/node_modules/foo', cb)
+//
+// 1. Resolve 'foo@bar' to some specific:
+//   - git url
+//   - local folder
+//   - local tarball
+//   - tarball url
+// 2. If resolved through the registry, then pick up the dist.shasum
+// along the way.
+// 3. Acquire request() stream fetching bytes: FETCH
+// 4. FETCH.pipe(tar unpack stream to dest)
+// 5. FETCH.pipe(shasum generator)
+// When the tar and shasum streams both finish, make sure that the
+// shasum matches dist.shasum, and if not, clean up and bail.
+//
+// publish(cb)
+//
+// 1. read package.json
+// 2. get root package object (for rev, and versions)
+// 3. update root package doc with version info
+// 4. remove _attachments object
+// 5. remove versions object
+// 5. jsonify, remove last }
+// 6. get stream: registry.put(/package)
+// 7. write trailing-}-less JSON
+// 8. write "_attachments":
+// 9. JSON.stringify(attachments), remove trailing }
+// 10. Write start of attachments (stubs)
+// 11. JSON(filename)+':{"type":"application/octet-stream","data":"'
+// 12. acquire tar packing stream, PACK
+// 13. PACK.pipe(PUT)
+// 14. PACK.pipe(shasum generator)
+// 15. when PACK finishes, get shasum
+// 16. PUT.write('"}},') (finish _attachments
+// 17. update "versions" object with current package version
+// (including dist.shasum and dist.tarball)
+// 18. write '"versions":' + JSON(versions)
+// 19. write '}}' (versions, close main doc)
+
+function addPlacedTarball_ (p, name, uid, gid, resolvedSum, cb) {
   // now we know it's in place already as .cache/name/ver/package.tgz
   // unpack to .cache/name/ver/package/, read the package.json,
   // and fire cb with the json data.
@@ -936,13 +1006,15 @@ function addPlacedTarball_ (p, name, uid, gid, cb) {
           return cb(er)
         }
         readJson(path.join(folder, "package.json"), function (er, data) {
+          er = needVersion(er, data)
           if (er) {
             log.error("addPlacedTarball", "Couldn't read json in %j"
                      , folder)
             return cb(er)
           }
+
           data.dist = data.dist || {}
-          if (shasum) data.dist.shasum = shasum
+          data.dist.shasum = shasum
           deprCheck(data)
           asyncMap([p], function (f, cb) {
             log.verbose("chmod", f, npm.modes.file.toString(8))
@@ -970,13 +1042,17 @@ function addPlacedTarball_ (p, name, uid, gid, cb) {
   }
 }
 
-function addLocalDirectory (p, name, cb) {
+// At this point, if shasum is set, it's something that we've already
+// read and checked.  Just stashing it in the data at this point.
+function addLocalDirectory (p, name, shasum, cb) {
+  if (typeof cb !== "function") cb = shasum, shasum = ""
   if (typeof cb !== "function") cb = name, name = ""
   // if it's a folder, then read the package.json,
   // tar it to the proper place, and add the cache tar
   if (p.indexOf(npm.cache) === 0) return cb(new Error(
     "Adding a cache directory to the cache will make the world implode."))
   readJson(path.join(p, "package.json"), function (er, data) {
+    er = needVersion(er, data)
     if (er) return cb(er)
     deprCheck(data)
     var random = Date.now() + "-" + Math.random()
@@ -1004,7 +1080,7 @@ function addLocalDirectory (p, name, cb) {
 
           chownr(made || tgz, cs.uid, cs.gid, function (er) {
             if (er) return cb(er)
-            addLocalTarball(tgz, name, cb)
+            addLocalTarball(tgz, name, shasum, cb)
           })
         })
       })
@@ -1012,7 +1088,7 @@ function addLocalDirectory (p, name, cb) {
   })
 }
 
-function addTmpTarball (tgz, name, cb) {
+function addTmpTarball (tgz, name, shasum, cb) {
   if (!cb) cb = name, name = ""
   getCacheStat(function (er, cs) {
     if (er) return cb(er)
@@ -1024,7 +1100,7 @@ function addTmpTarball (tgz, name, cb) {
       if (er) {
         return cb(er)
       }
-      addLocalDirectory(path.resolve(contents, "package"), name, cb)
+      addLocalDirectory(path.resolve(contents, "package"), name, shasum, cb)
     })
   })
 }
@@ -1101,3 +1177,9 @@ function unlock (u, cb) {
   myLocks[lf] = false
   lockFile.unlock(lockFileName(u), cb)
 }
+
+function needVersion(er, data) {
+  return er ? er
+       : (data && !data.version) ? new Error("No version provided")
+       : null
+}
diff --git a/deps/npm/lib/install.js b/deps/npm/lib/install.js
index 5f97dc43ad..9f63c7463a 100644
--- a/deps/npm/lib/install.js
+++ b/deps/npm/lib/install.js
@@ -649,7 +649,7 @@ function targetResolver (where, context, deps) {
     }
 
     if (wrap) {
-      name = what.split(/@/).shift()
+      var name = what.split(/@/).shift()
       if (wrap[name]) {
         var wrapTarget = readWrap(wrap[name])
         what = name + "@" + wrapTarget
diff --git a/deps/npm/lib/npm.js b/deps/npm/lib/npm.js
index da39eee2ce..2028b34f02 100644
--- a/deps/npm/lib/npm.js
+++ b/deps/npm/lib/npm.js
@@ -127,6 +127,7 @@ var commandCache = {}
 
               , "publish"
               , "star"
+              , "stars"
               , "tag"
               , "adduser"
               , "unpublish"
@@ -242,6 +243,9 @@ npm.load = function (cli, cb_) {
 
   function cb (er) {
     if (loadErr) return
+    if (npm.config.get("force")) {
+      log.warn("using --force", "I sure hope you know what you are doing.")
+    }
     npm.config.loaded = true
     loaded = true
     loadCb(loadErr = er)
diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js
index 8de09e5a1b..62d7fb9bb0 100644
--- a/deps/npm/lib/publish.js
+++ b/deps/npm/lib/publish.js
@@ -32,6 +32,7 @@ function publish (args, isRetry, cb) {
   var arg = args[0]
   // if it's a local folder, then run the prepublish there, first.
   readJson(path.resolve(arg, "package.json"), function (er, data) {
+    er = needVersion(er, data)
     if (er && er.code !== "ENOENT" && er.code !== "ENOTDIR") return cb(er)
     // error is ok.  could be publishing a url or tarball
     // however, that means that we will not have automatically run
@@ -105,3 +106,9 @@ function publish_ (arg, data, isRetry, cachedir, cb) {
     cb()
   })
 }
+
+function needVersion(er, data) {
+  return er ? er
+       : (data && !data.version) ? new Error("No version provided")
+       : null
+}
diff --git a/deps/npm/lib/stars.js b/deps/npm/lib/stars.js
new file mode 100644
index 0000000000..74841f2de3
--- /dev/null
+++ b/deps/npm/lib/stars.js
@@ -0,0 +1,27 @@
+module.exports = stars
+
+stars.usage = "npm stars [username]"
+
+var npm = require("./npm.js")
+  , registry = npm.registry
+  , log = require("npmlog")
+
+function stars (args, cb) {
+  var name = args.length === 1 ? args[0] : npm.config.get("username")
+  registry.stars(name, showstars)
+
+  function showstars (er, data) {
+    if (er) {
+      return cb(er)
+    }
+
+    if (data.rows.length === 0) {
+      log.warn('stars', 'user has not starred any packages.')
+    } else {
+      data.rows.forEach(function(a) {
+        console.log(a.value)
+      })
+    }
+    cb()
+  }
+}
diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js
index 51394f10ce..88ce742798 100644
--- a/deps/npm/lib/utils/error-handler.js
+++ b/deps/npm/lib/utils/error-handler.js
@@ -156,9 +156,13 @@ function errorHandler (er) {
   case "EPUBLISHCONFLICT":
     er.code = "EPUBLISHCONFLICT"
     log.error("publish fail", ["Cannot publish over existing version."
-              ,"Bump the 'version' field, set the --force flag, or"
-              ,"    npm unpublish '"+er.pkgid+"'"
-              ,"and try again"
+              ,"Update the 'version' field in package.json and try again."
+              ,""
+              ,"If the previous version was published in error, see:"
+              ,"    npm help unpublish"
+              ,""
+              ,"To automatically increment version numbers, see:"
+              ,"    npm help version"
               ].join("\n"))
     break
 
diff --git a/deps/npm/lib/utils/sha.js b/deps/npm/lib/utils/sha.js
index d3cd83a93e..a4212011a7 100644
--- a/deps/npm/lib/utils/sha.js
+++ b/deps/npm/lib/utils/sha.js
@@ -5,16 +5,17 @@ var fs = require("graceful-fs")
   , binding
 
 try { binding = process.binding("crypto") }
-catch (e) { binding = null }
+catch (e) {
+  var er = new Error( "crypto binding not found.\n"
+                    + "Please build node with openssl.\n"
+                    + e.message )
+  throw er
+}
 
 exports.check = check
 exports.get = get
 
 function check (file, sum, cb) {
-  if (!binding) {
-    log.warn("shasum", "crypto binding not found. Cannot verify shasum.")
-    return cb()
-  }
   get(file, function (er, actual) {
     if (er) {
       log.error("shasum", "error getting shasum")
@@ -30,10 +31,6 @@ function check (file, sum, cb) {
 }
 
 function get (file, cb) {
-  if (!binding) {
-    log.warn("shasum", "crypto binding not found. Cannot verify shasum.")
-    return cb()
-  }
   var h = crypto.createHash("sha1")
     , s = fs.createReadStream(file)
     , errState = null
diff --git a/deps/npm/man/man1/config.1 b/deps/npm/man/man1/config.1
index 0269570bc3..df6167b9e3 100644
--- a/deps/npm/man/man1/config.1
+++ b/deps/npm/man/man1/config.1
@@ -40,10 +40,21 @@ work the same\.
 .
 .P
 This file is an ini\-file formatted list of \fBkey = value\fR parameters\.
+Environment variables can be replaced using \fB${VARIABLE_NAME}\fR\|\. For example:
+.
+.IP "" 4
+.
+.nf
+prefix = ${HOME}/\.npm\-packages
+.
+.fi
+.
+.IP "" 0
 .
 .SS "Global config file"
 \fB$PREFIX/etc/npmrc\fR (or the \fBglobalconfig\fR param, if set above):
-This file is an ini\-file formatted list of \fBkey = value\fR parameters
+This file is an ini\-file formatted list of \fBkey = value\fR parameters\.
+Environment variables can be replaced as above\.
 .
 .SS "Built\-in config file"
 \fBpath/to/npm/itself/npmrc\fR
diff --git a/deps/npm/man/man1/faq.1 b/deps/npm/man/man1/faq.1
index 256e0ba41d..bc31a415ef 100644
--- a/deps/npm/man/man1/faq.1
+++ b/deps/npm/man/man1/faq.1
@@ -89,6 +89,56 @@ Write your own package manager, then\.  It\'s not that hard\.
 .P
 npm will not help you do something that is known to be a bad idea\.
 .
+.SH "<code>&quot;node_modules&quot;</code>"
+No\.  This will never happen\.  This question comes up sometimes,
+because it seems silly from the outside that npm couldn\'t just be
+configured to put stuff somewhere else, and then npm could load them
+from there\.  It\'s an arbitrary spelling choice, right?  What\'s the bg
+deal?
+.
+.P
+At the time of this writing, the string \fB\'node_modules\'\fR appears 151
+times in 53 separate files in npm and node core (excluding tests and
+documentation)\.
+.
+.P
+Some of these references are in node\'s built\-in module loader\.  Since
+npm is not involved \fBat all\fR at run\-time, node itself would have to
+be configured to know where you\'ve decided to stick stuff\.  Complexity
+hurdle #1\.  Since the Node module system is locked, this cannot be
+changed, and is enough to kill this request\.  But I\'ll continue, in
+deference to your deity\'s delicate feelings regarding spelling\.
+.
+.P
+Many of the others are in dependencies that npm uses, which are not
+necessarily tightly coupled to npm (in the sense that they do not read
+npm\'s configuration files, etc\.)  Each of these would have to be
+configured to take the name of the \fBnode_modules\fR folder as a
+parameter\.  Complexity hurdle #2\.
+.
+.P
+Furthermore, npm has the ability to "bundle" dependencies by adding
+the dep names to the \fB"bundledDependencies"\fR list in package\.json,
+which causes the folder to be included in the package tarball\.  What
+if the author of a module bundles its dependencies, and they use a
+different spelling for \fBnode_modules\fR?  npm would have to rename the
+folder at publish time, and then be smart enough to unpack it using
+your locally configured name\.  Complexity hurdle #3\.
+.
+.P
+Furthermore, what happens when you \fIchange\fR this name?  Fine, it\'s
+easy enough the first time, just rename the \fBnode_modules\fR folders to \fB\|\./blergyblerp/\fR or whatever name you choose\.  But what about when you
+change it again?  npm doesn\'t currently track any state about past
+configuration settings, so this would be rather difficult to do
+properly\.  It would have to track every previous value for this
+config, and always accept any of them, or else yesterday\'s install may
+be broken tomorrow\.  Complexity hurdle #5\.
+.
+.P
+Never going to happen\.  The folder is named \fBnode_modules\fR\|\.  It is
+written indelibly in the Node Way, handed down from the ancient times
+of Node 0\.3\.
+.
 .SH "Should I check my "
 Mikeal Rogers answered this question very well:
 .
diff --git a/deps/npm/man/man1/index.1 b/deps/npm/man/man1/index.1
index 2a6bcfe97c..ed6f1d92ce 100644
--- a/deps/npm/man/man1/index.1
+++ b/deps/npm/man/man1/index.1
@@ -147,6 +147,9 @@
 .SH "npm help star"
  Mark your favorite packages
 .
+.SH "npm help stars"
+ View packages marked as favorites
+.
 .SH "npm help start"
  Start a package
 .
diff --git a/deps/npm/man/man1/ls.1 b/deps/npm/man/man1/ls.1
index 1e224cde53..fadb701f25 100644
--- a/deps/npm/man/man1/ls.1
+++ b/deps/npm/man/man1/ls.1
@@ -29,7 +29,7 @@ For example, running \fBnpm ls promzard\fR in npm\'s source tree will show:
 .IP "" 4
 .
 .nf
-npm@1.2.10 /path/to/npm
+npm@1.2.11 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index dd7de70828..b0bc36d8f3 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -14,7 +14,7 @@ npm <command> [args]
 .fi
 .
 .SH "VERSION"
-1.2.10
+1.2.11
 .
 .SH "DESCRIPTION"
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man1/stars.1 b/deps/npm/man/man1/stars.1
new file mode 100644
index 0000000000..fe0095d5b9
--- /dev/null
+++ b/deps/npm/man/man1/stars.1
@@ -0,0 +1,40 @@
+.\" Generated with Ronnjs 0.3.8
+.\" http://github.com/kapouer/ronnjs/
+.
+.TH "NPM\-STARS" "1" "February 2013" "" ""
+.
+.SH "NAME"
+\fBnpm-stars\fR \-\- View packages marked as favorites
+.
+.SH "SYNOPSIS"
+.
+.nf
+npm stars
+npm stars [username]
+.
+.fi
+.
+.SH "DESCRIPTION"
+If you have starred a lot of neat things and want to find them again
+quickly this command lets you do just that\.
+.
+.P
+You may also want to see your friend\'s favorite packages, in this case
+you will most certainly enjoy this command\.
+.
+.SH "SEE ALSO"
+.
+.IP "\(bu" 4
+npm help star
+.
+.IP "\(bu" 4
+npm help view
+.
+.IP "\(bu" 4
+npm help whoami
+.
+.IP "\(bu" 4
+npm help adduser
+.
+.IP "" 0
+
diff --git a/deps/npm/man/man1/update.1 b/deps/npm/man/man1/update.1
index 58a073b482..e935863cbd 100644
--- a/deps/npm/man/man1/update.1
+++ b/deps/npm/man/man1/update.1
@@ -9,7 +9,7 @@
 .SH "SYNOPSIS"
 .
 .nf
-npm update [<name> [<name> \.\.\.]]
+npm update [\-g] [<name> [<name> \.\.\.]]
 .
 .fi
 .
@@ -20,6 +20,10 @@ This command will update all the packages listed to the latest version
 .P
 It will also install missing packages\.
 .
+.P
+If the \fB\-g\fR flag is specified, this command will update globally installed packages\.
+If no package name is specified, all packages in the specified location (global or local) will be updated\.
+.
 .SH "SEE ALSO"
 .
 .IP "\(bu" 4
diff --git a/deps/npm/man/man1/version.1 b/deps/npm/man/man1/version.1
index 227aadebf3..85dd3846cf 100644
--- a/deps/npm/man/man1/version.1
+++ b/deps/npm/man/man1/version.1
@@ -44,7 +44,21 @@ npm version patch \-m "Upgrade to %s for reasons"
 .P
 If the \fBsign\-git\-tag\fR config is set, then the tag will be signed using
 the \fB\-s\fR flag to git\.  Note that you must have a default GPG key set up
-in your git config for this to work properly\.
+in your git config for this to work properly\.  For example:
+.
+.IP "" 4
+.
+.nf
+$ npm config set sign\-git\-tag true
+$ npm version patch
+You need a passphrase to unlock the secret key for
+user: "isaacs (http://blog\.izs\.me/) <i@izs\.me>"
+2048\-bit RSA key, ID 6C481CF6, created 2010\-08\-31
+Enter passphrase:
+.
+.fi
+.
+.IP "" 0
 .
 .SH "SEE ALSO"
 .
diff --git a/deps/npm/man/man3/npm.3 b/deps/npm/man/man3/npm.3
index e836d7f6f8..06d00903ee 100644
--- a/deps/npm/man/man3/npm.3
+++ b/deps/npm/man/man3/npm.3
@@ -21,7 +21,7 @@ npm\.load([configObject,] function (er, npm) {
 .fi
 .
 .SH "VERSION"
-1.2.10
+1.2.11
 .
 .SH "DESCRIPTION"
 This is the API documentation for npm\.
diff --git a/deps/npm/node_modules/glob/glob.js b/deps/npm/node_modules/glob/glob.js
index d241e7c4f9..891c883603 100644
--- a/deps/npm/node_modules/glob/glob.js
+++ b/deps/npm/node_modules/glob/glob.js
@@ -325,9 +325,7 @@ Glob.prototype._process = function (pattern, depth, index, cb_) {
         if (exists) {
           if (prefix && isAbsolute(prefix) && !this.nomount) {
 	    if (prefix.charAt(0) === "/") {
-	      console.error('JOIN 0', this.root, prefix)
               prefix = path.join(this.root, prefix)
-	      console.error('JOIN 1', this.root, prefix)
 	    } else {
 	      prefix = path.resolve(this.root, prefix)
 	    }
@@ -364,9 +362,7 @@ Glob.prototype._process = function (pattern, depth, index, cb_) {
   if (prefix === null) read = "."
   else if (isAbsolute(prefix) || isAbsolute(pattern.join("/"))) {
     if (!prefix || !isAbsolute(prefix)) {
-	    console.error('JOIN 1', "/", prefix)
       prefix = path.join("/", prefix)
-	    console.error('JOIN 2', "/", prefix)
     }
     read = prefix = path.resolve(prefix)
 
@@ -444,9 +440,7 @@ Glob.prototype._process = function (pattern, depth, index, cb_) {
           else e = prefix + e
         }
         if (e.charAt(0) === "/" && !this.nomount) {
-	    console.error('JOIN 3', this.root, e)
           e = path.join(this.root, e)
-	    console.error('JOIN 4', this.root, e)
         }
 
         if (process.platform === "win32")
@@ -481,9 +475,7 @@ Glob.prototype._stat = function (f, cb) {
   assert(this instanceof Glob)
   var abs = f
   if (f.charAt(0) === "/") {
-	    console.error('JOIN 5', this.root, f)
     abs = path.join(this.root, f)
-	    console.error('JOIN 6', this.root, f)
   } else if (this.changedCwd) {
     abs = path.resolve(this.cwd, f)
   }
@@ -541,9 +533,7 @@ Glob.prototype._readdir = function (f, cb) {
   assert(this instanceof Glob)
   var abs = f
   if (f.charAt(0) === "/") {
-	    console.error('JOIN 5', this.root, f)
     abs = path.join(this.root, f)
-	    console.error('JOIN 5', abs)
   } else if (isAbsolute(f)) {
     abs = f
   } else if (this.changedCwd) {
diff --git a/deps/npm/node_modules/glob/package.json b/deps/npm/node_modules/glob/package.json
index c1fe087803..c4b0d3b7e6 100644
--- a/deps/npm/node_modules/glob/package.json
+++ b/deps/npm/node_modules/glob/package.json
@@ -6,7 +6,7 @@
   },
   "name": "glob",
   "description": "a little globber",
-  "version": "3.1.19",
+  "version": "3.1.20",
   "repository": {
     "type": "git",
     "url": "git://github.com/isaacs/node-glob.git"
@@ -31,6 +31,10 @@
   "license": "BSD",
   "readme": "# Glob\n\nThis is a glob implementation in JavaScript.  It uses the `minimatch`\nlibrary to do its matching.\n\n## Attention: node-glob users!\n\nThe API has changed dramatically between 2.x and 3.x. This library is\nnow 100% JavaScript, and the integer flags have been replaced with an\noptions object.\n\nAlso, there's an event emitter class, proper tests, and all the other\nthings you've come to expect from node modules.\n\nAnd best of all, no compilation!\n\n## Usage\n\n```javascript\nvar glob = require(\"glob\")\n\n// options is optional\nglob(\"**/*.js\", options, function (er, files) {\n  // files is an array of filenames.\n  // If the `nonull` option is set, and nothing\n  // was found, then files is [\"**/*.js\"]\n  // er is an error object or null.\n})\n```\n\n## Features\n\nPlease see the [minimatch\ndocumentation](https://github.com/isaacs/minimatch) for more details.\n\nSupports these glob features:\n\n* Brace Expansion\n* Extended glob matching\n* \"Globstar\" `**` matching\n\nSee:\n\n* `man sh`\n* `man bash`\n* `man 3 fnmatch`\n* `man 5 gitignore`\n* [minimatch documentation](https://github.com/isaacs/minimatch)\n\n## glob(pattern, [options], cb)\n\n* `pattern` {String} Pattern to be matched\n* `options` {Object}\n* `cb` {Function}\n  * `err` {Error | null}\n  * `matches` {Array<String>} filenames found matching the pattern\n\nPerform an asynchronous glob search.\n\n## glob.sync(pattern, [options]\n\n* `pattern` {String} Pattern to be matched\n* `options` {Object}\n* return: {Array<String>} filenames found matching the pattern\n\nPerform a synchronous glob search.\n\n## Class: glob.Glob\n\nCreate a Glob object by instanting the `glob.Glob` class.\n\n```javascript\nvar Glob = require(\"glob\").Glob\nvar mg = new Glob(pattern, options, cb)\n```\n\nIt's an EventEmitter, and starts walking the filesystem to find matches\nimmediately.\n\n### new glob.Glob(pattern, [options], [cb])\n\n* `pattern` {String} pattern to search for\n* `options` {Object}\n* `cb` {Function} Called when an error occurs, or matches are found\n  * `err` {Error | null}\n  * `matches` {Array<String>} filenames found matching the pattern\n\nNote that if the `sync` flag is set in the options, then matches will\nbe immediately available on the `g.found` member.\n\n### Properties\n\n* `minimatch` The minimatch object that the glob uses.\n* `options` The options object passed in.\n* `error` The error encountered.  When an error is encountered, the\n  glob object is in an undefined state, and should be discarded.\n* `aborted` Boolean which is set to true when calling `abort()`.  There\n  is no way at this time to continue a glob search after aborting, but\n  you can re-use the statCache to avoid having to duplicate syscalls.\n\n### Events\n\n* `end` When the matching is finished, this is emitted with all the\n  matches found.  If the `nonull` option is set, and no match was found,\n  then the `matches` list contains the original pattern.  The matches\n  are sorted, unless the `nosort` flag is set.\n* `match` Every time a match is found, this is emitted with the matched.\n* `error` Emitted when an unexpected error is encountered, or whenever\n  any fs error occurs if `options.strict` is set.\n* `abort` When `abort()` is called, this event is raised.\n\n### Methods\n\n* `abort` Stop the search.\n\n### Options\n\nAll the options that can be passed to Minimatch can also be passed to\nGlob to change pattern matching behavior.  Also, some have been added,\nor have glob-specific ramifications.\n\nAll options are false by default, unless otherwise noted.\n\nAll options are added to the glob object, as well.\n\n* `cwd` The current working directory in which to search.  Defaults\n  to `process.cwd()`.\n* `root` The place where patterns starting with `/` will be mounted\n  onto.  Defaults to `path.resolve(options.cwd, \"/\")` (`/` on Unix\n  systems, and `C:\\` or some such on Windows.)\n* `nomount` By default, a pattern starting with a forward-slash will be\n  \"mounted\" onto the root setting, so that a valid filesystem path is\n  returned.  Set this flag to disable that behavior.\n* `mark` Add a `/` character to directory matches.  Note that this\n  requires additional stat calls.\n* `nosort` Don't sort the results.\n* `stat` Set to true to stat *all* results.  This reduces performance\n  somewhat, and is completely unnecessary, unless `readdir` is presumed\n  to be an untrustworthy indicator of file existence.  It will cause\n  ELOOP to be triggered one level sooner in the case of cyclical\n  symbolic links.\n* `silent` When an unusual error is encountered\n  when attempting to read a directory, a warning will be printed to\n  stderr.  Set the `silent` option to true to suppress these warnings.\n* `strict` When an unusual error is encountered\n  when attempting to read a directory, the process will just continue on\n  in search of other matches.  Set the `strict` option to raise an error\n  in these cases.\n* `statCache` A cache of results of filesystem information, to prevent\n  unnecessary stat calls.  While it should not normally be necessary to\n  set this, you may pass the statCache from one glob() call to the\n  options object of another, if you know that the filesystem will not\n  change between calls.  (See \"Race Conditions\" below.)\n* `sync` Perform a synchronous glob search.\n* `nounique` In some cases, brace-expanded patterns can result in the\n  same file showing up multiple times in the result set.  By default,\n  this implementation prevents duplicates in the result set.\n  Set this flag to disable that behavior.\n* `nonull` Set to never return an empty set, instead returning a set\n  containing the pattern itself.  This is the default in glob(3).\n* `nocase` Perform a case-insensitive match.  Note that case-insensitive\n  filesystems will sometimes result in glob returning results that are\n  case-insensitively matched anyway, since readdir and stat will not\n  raise an error.\n* `debug` Set to enable debug logging in minimatch and glob.\n* `globDebug` Set to enable debug logging in glob, but not minimatch.\n\n## Comparisons to other fnmatch/glob implementations\n\nWhile strict compliance with the existing standards is a worthwhile\ngoal, some discrepancies exist between node-glob and other\nimplementations, and are intentional.\n\nIf the pattern starts with a `!` character, then it is negated.  Set the\n`nonegate` flag to suppress this behavior, and treat leading `!`\ncharacters normally.  This is perhaps relevant if you wish to start the\npattern with a negative extglob pattern like `!(a|B)`.  Multiple `!`\ncharacters at the start of a pattern will negate the pattern multiple\ntimes.\n\nIf a pattern starts with `#`, then it is treated as a comment, and\nwill not match anything.  Use `\\#` to match a literal `#` at the\nstart of a line, or set the `nocomment` flag to suppress this behavior.\n\nThe double-star character `**` is supported by default, unless the\n`noglobstar` flag is set.  This is supported in the manner of bsdglob\nand bash 4.1, where `**` only has special significance if it is the only\nthing in a path part.  That is, `a/**/b` will match `a/x/y/b`, but\n`a/**b` will not.  **Note that this is different from the way that `**` is\nhandled by ruby's `Dir` class.**\n\nIf an escaped pattern has no matches, and the `nonull` flag is set,\nthen glob returns the pattern as-provided, rather than\ninterpreting the character escapes.  For example,\n`glob.match([], \"\\\\*a\\\\?\")` will return `\"\\\\*a\\\\?\"` rather than\n`\"*a?\"`.  This is akin to setting the `nullglob` option in bash, except\nthat it does not resolve escaped pattern characters.\n\nIf brace expansion is not disabled, then it is performed before any\nother interpretation of the glob pattern.  Thus, a pattern like\n`+(a|{b),c)}`, which would not be valid in bash or zsh, is expanded\n**first** into the set of `+(a|b)` and `+(a|c)`, and those patterns are\nchecked for validity.  Since those two are valid, matching proceeds.\n\n## Windows\n\n**Please only use forward-slashes in glob expressions.**\n\nThough windows uses either `/` or `\\` as its path separator, only `/`\ncharacters are used by this glob implementation.  You must use\nforward-slashes **only** in glob expressions.  Back-slashes will always\nbe interpreted as escape characters, not path separators.\n\nResults from absolute patterns such as `/foo/*` are mounted onto the\nroot setting using `path.join`.  On windows, this will by default result\nin `/foo/*` matching `C:\\foo\\bar.txt`.\n\n## Race Conditions\n\nGlob searching, by its very nature, is susceptible to race conditions,\nsince it relies on directory walking and such.\n\nAs a result, it is possible that a file that exists when glob looks for\nit may have been deleted or modified by the time it returns the result.\n\nAs part of its internal implementation, this program caches all stat\nand readdir calls that it makes, in order to cut down on system\noverhead.  However, this also makes it even more susceptible to races,\nespecially if the statCache object is reused between glob calls.\n\nUsers are thus advised not to use a glob result as a\nguarantee of filesystem state in the face of rapid changes.\nFor the vast majority of operations, this is never a problem.\n",
   "readmeFilename": "README.md",
-  "_id": "glob@3.1.19",
-  "_from": "glob@~3.1.18"
+  "_id": "glob@3.1.20",
+  "dist": {
+    "shasum": "aeaba910c176cd1c90e200eefe4bb66f5b3763e7"
+  },
+  "_from": "glob@latest",
+  "_resolved": "https://registry.npmjs.org/glob/-/glob-3.1.20.tgz"
 }
diff --git a/deps/npm/node_modules/npm-registry-client/README.md b/deps/npm/node_modules/npm-registry-client/README.md
index 22751c48a4..534c40721f 100644
--- a/deps/npm/node_modules/npm-registry-client/README.md
+++ b/deps/npm/node_modules/npm-registry-client/README.md
@@ -118,6 +118,13 @@ Note that the user does not have to be the package owner to star or
 unstar a package, though other writes do require that the user be the
 package owner.
 
+# client.stars(username, cb)
+
+* `username` {String} Name of user to fetch starred packages for.
+* `cb` {Function}
+
+View your own or another user's starred packages.
+
 # client.tag(project, version, tag, cb)
 
 * `project` {String} Project name
diff --git a/deps/npm/node_modules/npm-registry-client/lib/request.js b/deps/npm/node_modules/npm-registry-client/lib/request.js
index f506be4f26..42221fe0d8 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/request.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/request.js
@@ -8,7 +8,8 @@ var url = require("url")
   , request = require("request")
   , retry = require("retry")
 
-function regRequest (method, where, what, etag, nofollow, cb_) {
+function regRequest (method, where, what, etag, nofollow, reauthed, cb_) {
+  if (typeof cb_ !== "function") cb_ = reauthed, reauthed = false
   if (typeof cb_ !== "function") cb_ = nofollow, nofollow = false
   if (typeof cb_ !== "function") cb_ = etag, etag = null
   if (typeof cb_ !== "function") cb_ = what, what = null
@@ -84,7 +85,7 @@ function regRequest (method, where, what, etag, nofollow, cb_) {
         this.conf.set('_token', this.couchLogin.token)
         return regRequest.call(this,
                                method, where, what,
-                               etag, nofollow, cb_)
+                               etag, nofollow, reauthed, cb_)
       }.bind(this))
     }
   }
@@ -123,14 +124,22 @@ function regRequest (method, where, what, etag, nofollow, cb_) {
 
       // Only retry on 408, 5xx or no `response`.
       var statusCode = response && response.statusCode
-      var reauth = statusCode === 401
+
+      var reauth = !reauthed &&
+                   ( statusCode === 401 ||
+                     statusCode === 400 ||
+                     statusCode === 403 )
+      if (reauth)
+        reauthed = true
+
       var timeout = statusCode === 408
       var serverError = statusCode >= 500
       var statusRetry = !statusCode || timeout || serverError
       if (reauth && this.conf.get('_auth') && this.conf.get('_token')) {
         this.conf.del('_token')
         this.couchLogin.token = null
-        return regRequest.call(this, method, where, what, etag, nofollow, cb_)
+        return regRequest.call(this, method, where, what,
+                               etag, nofollow, reauthed, cb_)
       }
       if (er && statusRetry && operation.retry(er)) {
         self.log.info("retry", "will retry, error on last attempt: " + er)
diff --git a/deps/npm/node_modules/npm-registry-client/lib/stars.js b/deps/npm/node_modules/npm-registry-client/lib/stars.js
new file mode 100644
index 0000000000..93f0d708f2
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/stars.js
@@ -0,0 +1,9 @@
+var qs = require('querystring')
+
+module.exports = stars
+
+function stars (name, cb) {
+  name = encodeURIComponent(name)
+  var path = "/-/_view/starredByUser?key=\""+name+"\""
+  this.request("GET", path, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json b/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
index 65ffd0c0ae..3b7ab38e25 100644
--- a/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
@@ -24,9 +24,5 @@
   "readme": "# couch-login\n\nThis module lets you log into couchdb to get a session token, then make\nrequests using that session.  It is basically just a thin wrapper around\n[@mikeal's request module](https://github.com/mikeal/request).\n\nThis is handy if you want a user to take actions in a couchdb database\non behalf of a user, without having to store their couchdb username and\npassword anywhere.  (You do need to store the AuthSession token\nsomewhere, though.)\n\n## Usage\n\n```javascript\nvar CouchLogin = require('couch-login')\n\n// Nothing about this module is http-server specific of course.\n// You could also use it to do authenticated requests against\n// a couchdb using sessions and storing the token somewhere else.\n\nhttp.createServer(function (req, res) {\n  var couch = new CouchLogin('http://my-couch.iriscouch.com:5984/')\n\n  // .. look up the token in the user's session or whatever ..\n  // Look at couch.decorate(req, res) for more on doing that\n  // automatically, below.\n\n  if (sessionToken) {\n    // this user already logged in.\n    couch.token = sessionToken\n\n    // now we can do things on their behalf, like:\n    // 1. View their session info.\n    // like doing request.get({ uri: couch + '/_session', ... })\n    // but with the cookie and whatnot\n\n    couch.get('/_session', function (er, resp, data) {\n      // er = some kind of communication error.\n      // resp = response object from the couchdb request.\n      // data = parsed JSON response body.\n      if (er || resp.statusCode !== 200) {\n        res.statusCode = resp.statusCode || 403\n        return res.end('Invalid login or something')\n      }\n\n      // now we have the session info, we know who this user is.\n      // hitting couchdb for this on every request is kinda costly,\n      // so maybe you should store the username wherever you're storing\n      // the sessionToken.  RedSess is a good util for this, if you're\n      // into redis.  And if you're not into redis, you're crazy,\n      // because it is awesome.\n\n      // now let's get the user record.\n      // note that this will 404 for anyone other than the user,\n      // unless they're a server admin.\n      couch.get('/_users/org.couchdb.user:' + data.userCtx.name, etc)\n\n      // PUTs and DELETEs will also use their session, of course, so\n      // your validate_doc_update's will see their info in userCtx\n    })\n\n  } else {\n    // don't have a sessionToken.\n    // get a username and password from the post body or something.\n    // maybe redirect to a /login page or something to ask for that.\n    var login = { name: name, password: password }\n    couch.login(login, function (er, resp, data) {\n      // again, er is an error, resp is the response obj, data is the json\n      if (er || resp.statusCode !== 200) {\n        res.statusCode = resp.statusCode || 403\n        return res.end('Invalid login or something')\n      }\n\n      // the data is something like\n      // {\"ok\":true,\"name\":\"testuser\",\"roles\":[]}\n      // and couch.token is the token you'll need to save somewhere.\n\n      // at this point, you can start making authenticated requests to\n      // couchdb, or save data in their session, or do whatever it is\n      // that you need to do.\n\n      res.statusCode = 200\n      res.write(\"Who's got two thumbs and just logged you into couch?\\n\")\n      setTimeout(function () {\n        res.end(\"THIS GUY!\")\n      }, 500)\n    })\n  }\n})\n```\n\n## Class: CouchLogin\n### new CouchLogin(couchdbUrl, token)\n\nCreate a new CouchLogin object bound to the couchdb url.\n\nIn addition to these, the `get`, `post`, `put`, and `del` methods all\nproxy to the associated method on [request](https://github.com/mikeal/request).\n\nHowever, as you'll note in the example above, only the pathname portion\nof the url is required.  Urls will be appended to the couchdb url passed\ninto the constructor.\n\nIf you have to talk to more than one couchdb, then you'll need more than\none CouchLogin object, for somewhat obvious reasons.\n\nAll callbacks get called with the following arguments, which are exactly\nidentical to the arguments passed to a `request` callback.\n\n* `er` {Error | null} Set if a communication error happens.\n* `resp` {HTTP Response} The response from the request to couchdb\n* `data` {Object} The parsed JSON data from couch\n\nIf the token is the string \"anonymous\", then it will not attempt to log\nin before making requests.  If the token is not \"anonymous\", then it\nmust be an object with the appropriate fields.\n\n### couch.token\n\n* {Object}\n\nAn object representing the couchdb session token.  (Basically just a\ncookie and a timeout.)\n\nIf the token has already timed out, then setting it will have no effect.\n\n### couch.tokenSet\n\nIf set, this method is called whenever the token is saved.\n\nFor example, you could assign a function to this method to save the\ntoken into a redis session, a cookie, or in some other database.\n\nTakes a callback which should be called when the token is saved.\n\n### couch.tokenGet\n\nIf set, this method is called to look up the token on demand.\n\nThe inverse of couch.tokenSet.  Takes a callback which is called with\nthe `cb(er || null, token)`.\n\n### couch.tokenDel\n\nIf set, this method is called to delete the token when it should be\ndiscarded.\n\nRelated to tokenGet and tokenSet.  Takes a callback which should be\ncalled when the token is deleted.\n\n### couch.ca\n\n* {String | Array | null}\n\nA certificate authority string, or an array of CA strings.  Only\nrelevant for HTTPS couches, of course.\n\nLeave as `null` to use the default ca settings built into node.\n\n### couch.strictSSL\n\n* {Boolean | null}\n\nWhether or not to be strict about SSL connections.  If left as null,\nthen use the default setting in node, which is true in node versions\n0.9.x and above, and false prior to 0.8.x.\n\nOnly relevant for HTTPS couches, of course.\n\n### couch.anonymous()\n\nReturn a new CouchLogin object that points at the same couchdb server,\nbut doesn't try to log in before making requests.\n\nThis is handy for situations where the user is not logged in at the\nmoment, but a request needs to be made anyway, and does not require\nauthorization.\n\n### couch.login(auth, callback)\n\n* `auth` {Object} The login details\n  * `name` {String}\n  * `password` {String}\n* `callback` {Function}\n\nWhen the callback is called, the `couch.token` will already have been\nset (assuming it worked!), so subsequent requests will be done as that\nuser.\n\n### couch.get(path, callback)\n\nGET the supplied path from the couchdb using the credentials on the\ntoken.\n\nFails if the token is invalid or expired.\n\n### couch.del(path, callback)\n\nDELETE the supplied path from the couchdb using the credentials on the\ntoken.\n\nFails if the token is invalid or expired.\n\n### couch.post(path, data, callback)\n\nPOST the data to the supplied path in the couchdb, using the credentials\non the token.\n\nFails if the token is invalid or expired.\n\n### couch.put(path, data, callback)\n\nPUT the data to the supplied path in the couchdb, using the credentials\non the token.\n\nFails if the token is invalid or expired.\n\n### couch.changePass(newAuth, callback)\n\nMust already be logged in.  Updates the `_users` document with new salt\nand hash, and re-logs in with the new credentials.  Callback is called\nwith the same arguments as login, or the first step of the process that\nfailed.\n\n### couch.signup(userData, callback)\n\nCreate a new user account.  The userData must contain at least a `name`\nand `password` field.  Any additional data will be copied to the user\nrecord.  The `_id`, `name`, `roles`, `type`, `password_sha`, `salt`, and\n`date` fields are generated.\n\nAlso signs in as the newly created user, on successful account creation.\n\n### couch.deleteAccount(name, callback)\n\nDeletes a user account.  If not logged in as the user, or a server\nadmin, then the request will fail.\n\nNote that this immediately invalidates any session tokens for the\ndeleted user account.  If you are deleting the user's record, then you\nought to follow this with `couch.logout(callback)` so that it won't try\nto re-use the invalid session.\n\n### couch.logout(callback)\n\nDelete the session out of couchdb.  This makes the token permanently\ninvalid, and deletes it.\n\n### couch.decorate(req, res)\n\nSet up `req.couch` and `res.couch` as references to this couch login\ninstance.\n\nAdditionall, if `req.session` or `res.session` is set, then it'll call\n`session.get('couch_token', cb)` as the tokenGet method,\n`session.set('couch_token', token, cb)` as the tokenSet method, and\n`session.del('couch_token', cb)` as the tokenDel method.\n\nThis works really nice with\n[RedSess](https://github.com/isaacs/redsess).\n",
   "readmeFilename": "README.md",
   "_id": "couch-login@0.1.15",
-  "dist": {
-    "shasum": "5239feb4080aacfc736d539bf9ebafbd1c381f38"
-  },
-  "_from": "couch-login@~0.1.15",
-  "_resolved": "https://registry.npmjs.org/couch-login/-/couch-login-0.1.15.tgz"
+  "_from": "couch-login@~0.1.15"
 }
diff --git a/deps/npm/node_modules/npm-registry-client/package.json b/deps/npm/node_modules/npm-registry-client/package.json
index 7af896e4de..5b23a9ec4f 100644
--- a/deps/npm/node_modules/npm-registry-client/package.json
+++ b/deps/npm/node_modules/npm-registry-client/package.json
@@ -6,7 +6,7 @@
   },
   "name": "npm-registry-client",
   "description": "Client for the npm registry",
-  "version": "0.2.13",
+  "version": "0.2.16",
   "repository": {
     "url": "git://github.com/isaacs/npm-registry-client"
   },
@@ -33,8 +33,8 @@
     "npmlog": ""
   },
   "license": "BSD",
-  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\n\nclient.get(\"npm\", \"latest\", 1000, function (er, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Configuration\n\nThis program is designed to work with\n[npmconf](https://npmjs.org/package/npmconf), but you can also pass in\na plain-jane object with the appropriate configs, and it'll shim it\nfor you.  Any configuration thingie that has get/set/del methods will\nalso be accepted.\n\n* `registry` **Required** {String} URL to the registry\n* `cache` **Required** {String} Path to the cache folder\n* `always-auth` {Boolean} Auth even for GET requests.\n* `auth` {String} A base64-encoded `username:password`\n* `email` {String} User's email address\n* `tag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `ca` {String} Cerficate signing authority certificates to trust.\n* `strict-ssl` {Boolean} Whether or not to be strict with SSL\n  certificates.  Default = `true`\n* `user-agent` {String} User agent header to send.  Default =\n  `\"node/{process.version} {process.platform} {process.arch}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `fetch-retries` {Number} Number of times to retry on GET failures.\n  Default=2\n* `fetch-retry-factor` {Number} `factor` setting for `node-retry`. Default=10\n* `fetch-retry-mintimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default=10000 (10 seconds)\n* `fetch-retry-maxtimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default=60000 (60 seconds)\n* `proxy` {URL} The url to proxy requests through.\n* `https-proxy` {URL} The url to proxy https requests through.\n  Defaults to be the same as `proxy` if unset.\n* `_auth` {String} The base64-encoded authorization header.\n* `username` `_password` {String} Username/password to use to generate\n  `_auth` if not supplied.\n* `_token` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login)\n\n# client.request(method, where, [what], [etag], [nofollow], cb)\n\n* `method` {String} HTTP method\n* `where` {String} Path to request on the server\n* `what` {Stream | Buffer | String | Object} The request body.  Objects\n  that are not Buffers or Streams are encoded as JSON.\n* `etag` {String} The cached ETag\n* `nofollow` {Boolean} Prevent following 302/301 responses\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a request to the registry.  All the other methods are wrappers\naround this. one.\n\n# client.adduser(username, password, email, cb)\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `cb` {Function}\n\nAdd a user account to the registry, or verify the credentials.\n\n# client.get(url, [timeout], [nofollow], [staleOk], cb)\n\n* `url` {String} The url path to fetch\n* `timeout` {Number} Number of seconds old that a cached copy must be\n  before a new request will be made.\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `staleOk` {Boolean} If there's cached data available, then return that\n  to the callback quickly, and update the cache the background.\n\nFetches data from the registry via a GET request, saving it in\nthe cache folder with the ETag.\n\n# client.publish(data, tarball, [readme], cb)\n\n* `data` {Object} Package data\n* `tarball` {String | Stream} Filename or stream of the package tarball\n* `readme` {String} Contents of the README markdown file\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.  However, it\ncan accept a gzipped tar stream or a filename to a tarball.\n\n# client.star(package, starred, cb)\n\n* `package` {String} Name of the package to star\n* `starred` {Boolean} True to star the package, false to unstar it.\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or\nunstar a package, though other writes do require that the user be the\npackage owner.\n\n# client.tag(project, version, tag, cb)\n\n* `project` {String} Project name\n* `version` {String} Version to tag\n* `tag` {String} Tag name to apply\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag`\nwill fetch the specified version.\n\n# client.unpublish(name, [ver], cb)\n\n* `name` {String} package name\n* `ver` {String} version to unpublish. Leave blank to unpublish all\n  versions.\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When\nthe last version us unpublished, the entire document is removed from the\ndatabase.\n\n# client.upload(where, file, [etag], [nofollow], cb)\n\n* `where` {String} URL path to upload to\n* `file` {String | Stream} Either the filename or a readable stream\n* `etag` {String} Cache ETag\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `cb` {Function}\n\nUpload an attachment.  Mostly used by `client.publish()`.\n",
+  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\n\nclient.get(\"npm\", \"latest\", 1000, function (er, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Configuration\n\nThis program is designed to work with\n[npmconf](https://npmjs.org/package/npmconf), but you can also pass in\na plain-jane object with the appropriate configs, and it'll shim it\nfor you.  Any configuration thingie that has get/set/del methods will\nalso be accepted.\n\n* `registry` **Required** {String} URL to the registry\n* `cache` **Required** {String} Path to the cache folder\n* `always-auth` {Boolean} Auth even for GET requests.\n* `auth` {String} A base64-encoded `username:password`\n* `email` {String} User's email address\n* `tag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `ca` {String} Cerficate signing authority certificates to trust.\n* `strict-ssl` {Boolean} Whether or not to be strict with SSL\n  certificates.  Default = `true`\n* `user-agent` {String} User agent header to send.  Default =\n  `\"node/{process.version} {process.platform} {process.arch}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `fetch-retries` {Number} Number of times to retry on GET failures.\n  Default=2\n* `fetch-retry-factor` {Number} `factor` setting for `node-retry`. Default=10\n* `fetch-retry-mintimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default=10000 (10 seconds)\n* `fetch-retry-maxtimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default=60000 (60 seconds)\n* `proxy` {URL} The url to proxy requests through.\n* `https-proxy` {URL} The url to proxy https requests through.\n  Defaults to be the same as `proxy` if unset.\n* `_auth` {String} The base64-encoded authorization header.\n* `username` `_password` {String} Username/password to use to generate\n  `_auth` if not supplied.\n* `_token` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login)\n\n# client.request(method, where, [what], [etag], [nofollow], cb)\n\n* `method` {String} HTTP method\n* `where` {String} Path to request on the server\n* `what` {Stream | Buffer | String | Object} The request body.  Objects\n  that are not Buffers or Streams are encoded as JSON.\n* `etag` {String} The cached ETag\n* `nofollow` {Boolean} Prevent following 302/301 responses\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a request to the registry.  All the other methods are wrappers\naround this. one.\n\n# client.adduser(username, password, email, cb)\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `cb` {Function}\n\nAdd a user account to the registry, or verify the credentials.\n\n# client.get(url, [timeout], [nofollow], [staleOk], cb)\n\n* `url` {String} The url path to fetch\n* `timeout` {Number} Number of seconds old that a cached copy must be\n  before a new request will be made.\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `staleOk` {Boolean} If there's cached data available, then return that\n  to the callback quickly, and update the cache the background.\n\nFetches data from the registry via a GET request, saving it in\nthe cache folder with the ETag.\n\n# client.publish(data, tarball, [readme], cb)\n\n* `data` {Object} Package data\n* `tarball` {String | Stream} Filename or stream of the package tarball\n* `readme` {String} Contents of the README markdown file\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.  However, it\ncan accept a gzipped tar stream or a filename to a tarball.\n\n# client.star(package, starred, cb)\n\n* `package` {String} Name of the package to star\n* `starred` {Boolean} True to star the package, false to unstar it.\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or\nunstar a package, though other writes do require that the user be the\npackage owner.\n\n# client.stars(username, cb)\n\n* `username` {String} Name of user to fetch starred packages for.\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n# client.tag(project, version, tag, cb)\n\n* `project` {String} Project name\n* `version` {String} Version to tag\n* `tag` {String} Tag name to apply\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag`\nwill fetch the specified version.\n\n# client.unpublish(name, [ver], cb)\n\n* `name` {String} package name\n* `ver` {String} version to unpublish. Leave blank to unpublish all\n  versions.\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When\nthe last version us unpublished, the entire document is removed from the\ndatabase.\n\n# client.upload(where, file, [etag], [nofollow], cb)\n\n* `where` {String} URL path to upload to\n* `file` {String | Stream} Either the filename or a readable stream\n* `etag` {String} Cache ETag\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `cb` {Function}\n\nUpload an attachment.  Mostly used by `client.publish()`.\n",
   "readmeFilename": "README.md",
-  "_id": "npm-registry-client@0.2.13",
+  "_id": "npm-registry-client@0.2.16",
   "_from": "npm-registry-client@latest"
 }
diff --git a/deps/npm/node_modules/read-package-json/package.json b/deps/npm/node_modules/read-package-json/package.json
index 3c1370de47..648f4ca47f 100644
--- a/deps/npm/node_modules/read-package-json/package.json
+++ b/deps/npm/node_modules/read-package-json/package.json
@@ -1,6 +1,6 @@
 {
   "name": "read-package-json",
-  "version": "0.1.13",
+  "version": "0.2.0",
   "author": {
     "name": "Isaac Z. Schlueter",
     "email": "i@izs.me",
@@ -32,6 +32,6 @@
   },
   "readme": "# read-package-json\n\nThis is the thing that npm uses to read package.json files.  It\nvalidates some stuff, and loads some default things.\n\nIt keeps a cache of the files you've read, so that you don't end\nup reading the same package.json file multiple times.\n\nNote that if you just want to see what's literally in the package.json\nfile, you can usually do `var data = require('some-module/package.json')`.\n\nThis module is basically only needed by npm, but it's handy to see what\nnpm will see when it looks at your package.\n\n## Usage\n\n```javascript\nvar readJson = require('read-package-json')\n\nreadJson('/path/to/package.json', function (er, data) {\n  if (er) {\n    console.error(\"There was an error reading the file\")\n    return\n  }\n\n  console.error('the package data is', data)\n}\n```\n\n## readJson(file, cb)\n\n* `file` {String} The path to the package.json file\n* `cb` {Function}\n\nReads the JSON file and does the things.\n\n## `package.json` Fields\n\nSee `man 5 package.json` or `npm help json`.\n\n## readJson.log\n\nBy default this is a reference to the `npmlog` module.  But if that\nmodule can't be found, then it'll be set to just a dummy thing that does\nnothing.\n\nReplace with your own `{log,warn,error}` object for fun loggy time.\n\n## readJson.extras(file, data, cb)\n\nRun all the extra stuff relative to the file, with the parsed data.\n\nModifies the data as it does stuff.  Calls the cb when it's done.\n\n## readJson.extraSet = [fn, fn, ...]\n\nArray of functions that are called by `extras`.  Each one receives the\narguments `fn(file, data, cb)` and is expected to call `cb(er, data)`\nwhen done or when an error occurs.\n\nOrder is indeterminate, so each function should be completely\nindependent.\n\nMix and match!\n\n## readJson.cache\n\nThe `lru-cache` object that readJson uses to not read the same file over\nand over again.  See\n[lru-cache](https://github.com/isaacs/node-lru-cache) for details.\n\n## Other Relevant Files Besides `package.json`\n\nSome other files have an effect on the resulting data object, in the\nfollowing ways:\n\n### `README?(.*)`\n\nIf there is a `README` or `README.*` file present, then npm will attach\na `readme` field to the data with the contents of this file.\n\nOwing to the fact that roughly 100% of existing node modules have\nMarkdown README files, it will generally be assumed to be Markdown,\nregardless of the extension.  Please plan accordingly.\n\n### `server.js`\n\nIf there is a `server.js` file, and there is not already a\n`scripts.start` field, then `scripts.start` will be set to `node\nserver.js`.\n\n### `AUTHORS`\n\nIf there is not already a `contributors` field, then the `contributors`\nfield will be set to the contents of the `AUTHORS` file, split by lines,\nand parsed.\n\n### `bindings.gyp`\n\nIf a bindings.gyp file exists, and there is not already a\n`scripts.install` field, then the `scripts.install` field will be set to\n`node-gyp rebuild`.\n\n### `wscript`\n\nIf a wscript file exists, and there is not already a `scripts.install`\nfield, then the `scripts.install` field will be set to `node-waf clean ;\nnode-waf configure build`.\n\nNote that the `bindings.gyp` file supercedes this, since node-waf has\nbeen deprecated in favor of node-gyp.\n\n### `index.js`\n\nIf the json file does not exist, but there is a `index.js` file\npresent instead, and that file has a package comment, then it will try\nto parse the package comment, and use that as the data instead.\n\nA package comment looks like this:\n\n```javascript\n/**package\n * { \"name\": \"my-bare-module\"\n * , \"version\": \"1.2.3\"\n * , \"description\": \"etc....\" }\n **/\n\n// or...\n\n/**package\n{ \"name\": \"my-bare-module\"\n, \"version\": \"1.2.3\"\n, \"description\": \"etc....\" }\n**/\n```\n\nThe important thing is that it starts with `/**package`, and ends with\n`**/`.  If the package.json file exists, then the index.js is not\nparsed.\n\n### `{directories.man}/*.[0-9]`\n\nIf there is not already a `man` field defined as an array of files or a\nsingle file, and\nthere is a `directories.man` field defined, then that directory will\nbe searched for manpages.\n\nAny valid manpages found in that directory will be assigned to the `man`\narray, and installed in the appropriate man directory at package install\ntime, when installed globally on a Unix system.\n\n### `{directories.bin}/*`\n\nIf there is not already a `bin` field defined as a string filename or a\nhash of `<name> : <filename>` pairs, then the `directories.bin`\ndirectory will be searched and all the files within it will be linked as\nexecutables at install time.\n\nWhen installing locally, npm links bins into `node_modules/.bin`, which\nis in the `PATH` environ when npm runs scripts.  When\ninstalling globally, they are linked into `{prefix}/bin`, which is\npresumably in the `PATH` environment variable.\n",
   "readmeFilename": "README.md",
-  "_id": "read-package-json@0.1.13",
+  "_id": "read-package-json@0.2.0",
   "_from": "read-package-json@latest"
 }
diff --git a/deps/npm/node_modules/read-package-json/read-json.js b/deps/npm/node_modules/read-package-json/read-json.js
index 9f26cf06ac..6b8c29af3b 100644
--- a/deps/npm/node_modules/read-package-json/read-json.js
+++ b/deps/npm/node_modules/read-package-json/read-json.js
@@ -554,14 +554,19 @@ function warn (f, d, m) {
 
 
 function validName (file, data) {
-                if (!data.name) return new Error("No 'name' field")
+                if (!data.name) {
+                                data.name = ""
+                                return true
+                }
                 data.name = data.name.trim()
                 if (data.name.charAt(0) === "." ||
                     data.name.match(/[\/@\s\+%:]/) ||
+                    data.name !== encodeURIComponent(data.name) ||
                     data.name.toLowerCase() === "node_modules" ||
                     data.name.toLowerCase() === "favicon.ico") {
-                                return new Error("Invalid name: " +
-                                                 JSON.stringify(data.name))
+                                var m = "Invalid name: "
+                                m += JSON.stringify(data.name)
+                                return new Error(m)
                 }
                 return true
 }
@@ -577,7 +582,10 @@ function parseKeywords (file, data) {
 
 function validVersion (file, data) {
                 var v = data.version
-                if (!v) return new Error("no version");
+                if (!v) {
+                                data.version = ""
+                                return true
+                }
                 if (!semver.valid(v)) {
                                 return new Error("invalid version: "+v)
                 }
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 406273a8d0..517cac5ffd 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "1.2.10",
+  "version": "1.2.11",
   "name": "npm",
   "publishConfig": {
     "proprietary-attribs": false
@@ -59,7 +59,7 @@
     "npmlog": "0",
     "ansi": "~0.1.2",
     "npm-registry-client": "~0.2.13",
-    "read-package-json": "~0.1.8",
+    "read-package-json": "~0.2.0",
     "read-installed": "0",
     "glob": "~3.1.18",
     "init-package-json": "0.0.6",
diff --git a/deps/npm/test/packages/npm-test-shrinkwrap/npm-shrinkwrap.json b/deps/npm/test/packages/npm-test-shrinkwrap/npm-shrinkwrap.json
index b0b8bd77c6..db5da040c1 100644
--- a/deps/npm/test/packages/npm-test-shrinkwrap/npm-shrinkwrap.json
+++ b/deps/npm/test/packages/npm-test-shrinkwrap/npm-shrinkwrap.json
@@ -4,46 +4,43 @@
   "dependencies": {
     "npm-test-single-file": {
       "version": "1.2.3",
-      "from": "https://raw.github.com/gist/1837112/index.js",
       "resolved": "https://raw.github.com/gist/1837112/index.js"
     },
     "glob": {
       "version": "3.1.5",
-      "from": "glob@git://github.com/isaacs/node-glob.git#npm-test",
       "resolved": "git://github.com/isaacs/node-glob.git#67bda227fd7a559cca5620307c7d30a6732a792f",
       "dependencies": {
         "minimatch": {
           "version": "0.2.1",
           "dependencies": {
             "lru-cache": {
-              "version": "1.0.5",
-              "from": "lru-cache@~1.0.5"
+              "version": "1.0.5"
             }
           }
         },
         "graceful-fs": {
           "version": "1.1.5",
-          "from": "graceful-fs@1.1.5",
+          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-1.1.5.tgz",
           "dependencies": {
             "fast-list": {
               "version": "1.0.2",
-              "from": "fast-list@1.0.2"
+              "resolved": "https://registry.npmjs.org/fast-list/-/fast-list-1.0.2.tgz"
             }
           }
         },
         "inherits": {
           "version": "1.0.0",
-          "from": "inherits@1.0.0"
+          "resolved": "https://registry.npmjs.org/inherits/-/inherits-1.0.0.tgz"
         }
       }
     },
     "minimatch": {
       "version": "0.1.5",
-      "from": "minimatch@0.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-0.1.5.tgz",
       "dependencies": {
         "lru-cache": {
           "version": "1.0.5",
-          "from": "lru-cache@1.0.5"
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-1.0.5.tgz"
         }
       }
     }

From e10c75579b536581ddd7ae4e2c3bf8a9d550d343 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 15 Feb 2013 09:57:32 -0800
Subject: [PATCH 13/15] 2013.02.15, Version 0.8.20 (Stable)

* npm: Upgrade to v1.2.11

* http: Do not let Agent hand out destroyed sockets (isaacs)

* http: Raise hangup error on destroyed socket write (isaacs)

* http: protect against response splitting attacks (Bert Belder)
---
 AUTHORS            |  1 +
 ChangeLog          | 13 ++++++++++++-
 src/node_version.h |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index c06984646f..8181644e1a 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -379,3 +379,4 @@ Chris Dent <chris.dent@gmail.com>
 Dan Milon <danmilon@gmail.com>
 Jacob Gable <jacob.gable@gmail.com>
 Rick Yakubowski <richard@orpha-systems.com>
+Dan Kohn <dan@dankohn.com>
diff --git a/ChangeLog b/ChangeLog
index 59d86d0bf5..016acdc1af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,15 @@
-2013.02.06, Version 0.8.19 (Stable)
+2013.02.15, Version 0.8.20 (Stable)
+
+* npm: Upgrade to v1.2.11
+
+* http: Do not let Agent hand out destroyed sockets (isaacs)
+
+* http: Raise hangup error on destroyed socket write (isaacs)
+
+* http: protect against response splitting attacks (Bert Belder)
+
+
+2013.02.06, Version 0.8.19 (Stable), 53978bdf420622ff0121c63c0338c9e7c2e60869
 
 * npm: Upgrade to v1.2.10
 
diff --git a/src/node_version.h b/src/node_version.h
index a8e6bf2694..8a13737d2c 100644
--- a/src/node_version.h
+++ b/src/node_version.h
@@ -30,7 +30,7 @@
 # define NODE_TAG ""
 #endif
 
-#define NODE_VERSION_IS_RELEASE 0
+#define NODE_VERSION_IS_RELEASE 1
 
 #ifndef NODE_STRINGIFY
 #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)

From 01bff7e7a7b54df6b66ed81a50dabad0de856708 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 15 Feb 2013 11:24:08 -0800
Subject: [PATCH 14/15] Now working on v0.8.21

---
 src/node_version.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/node_version.h b/src/node_version.h
index 8a13737d2c..e553a51d4f 100644
--- a/src/node_version.h
+++ b/src/node_version.h
@@ -24,13 +24,13 @@
 
 #define NODE_MAJOR_VERSION 0
 #define NODE_MINOR_VERSION 8
-#define NODE_PATCH_VERSION 20
+#define NODE_PATCH_VERSION 21
 
 #ifndef NODE_TAG
 # define NODE_TAG ""
 #endif
 
-#define NODE_VERSION_IS_RELEASE 1
+#define NODE_VERSION_IS_RELEASE 0
 
 #ifndef NODE_STRINGIFY
 #define NODE_STRINGIFY(n) NODE_STRINGIFY_HELPER(n)

From 3f38069acfae88be96a5ea8911081b3fde67ad71 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 15 Feb 2013 11:24:20 -0800
Subject: [PATCH 15/15] blog: Release v0.8.20

---
 doc/blog/release/v0.8.20.md | 62 +++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 doc/blog/release/v0.8.20.md

diff --git a/doc/blog/release/v0.8.20.md b/doc/blog/release/v0.8.20.md
new file mode 100644
index 0000000000..5e6c2dd187
--- /dev/null
+++ b/doc/blog/release/v0.8.20.md
@@ -0,0 +1,62 @@
+title: Node v0.8.20 (Stable)
+slug: node-v0-8-20-stable
+category: release
+date: Fri Feb 15 11:21:42 PST 2013
+version: 0.8.20
+
+2013.02.15, Version 0.8.20 (Stable)
+
+* npm: Upgrade to v1.2.11
+
+* http: Do not let Agent hand out destroyed sockets (isaacs)
+
+* http: Raise hangup error on destroyed socket write (isaacs)
+
+* http: protect against response splitting attacks (Bert Belder)
+
+
+Source Code: http://nodejs.org/dist/v0.8.20/node-v0.8.20.tar.gz
+
+Macintosh Installer (Universal): http://nodejs.org/dist/v0.8.20/node-v0.8.20.pkg
+
+Windows Installer: http://nodejs.org/dist/v0.8.20/node-v0.8.20-x86.msi
+
+Windows x64 Installer: http://nodejs.org/dist/v0.8.20/x64/node-v0.8.20-x64.msi
+
+Windows x64 Files: http://nodejs.org/dist/v0.8.20/x64/
+
+Linux 32-bit Binary: http://nodejs.org/dist/v0.8.20/node-v0.8.20-linux-x86.tar.gz
+
+Linux 64-bit Binary: http://nodejs.org/dist/v0.8.20/node-v0.8.20-linux-x64.tar.gz
+
+Solaris 32-bit Binary: http://nodejs.org/dist/v0.8.20/node-v0.8.20-sunos-x86.tar.gz
+
+Solaris 64-bit Binary: http://nodejs.org/dist/v0.8.20/node-v0.8.20-sunos-x64.tar.gz
+
+Other release files: http://nodejs.org/dist/v0.8.20/
+
+Website: http://nodejs.org/docs/v0.8.20/
+
+Documentation: http://nodejs.org/docs/v0.8.20/api/
+
+Shasums:
+```
+2b87bf077022b8fa1cbcec10ea3866574fed2b75  node-v0.8.20-darwin-x64.tar.gz
+42023ffbdbf36ef69250bd750f112e684eb97008  node-v0.8.20-darwin-x86.tar.gz
+93480cbc67f2c757879228434bce1fd765db7df8  node-v0.8.20-linux-x64.tar.gz
+7fedae5ce4b366d5dcaa7f2e770b3ff739648a51  node-v0.8.20-linux-x86.tar.gz
+fd66ea1bfbe5c8fe8df5ba8cc79cd3fab6e753ac  node-v0.8.20-sunos-x64.tar.gz
+ca6ad9aa92330358f6201191347451ab42fe12cf  node-v0.8.20-sunos-x86.tar.gz
+200ff5e5083df2a6bb4552e673d81b498e9812f0  node-v0.8.20-x86.msi
+54440b1f525da0126b434440ee6433c2b96959ae  node-v0.8.20.pkg
+b780f58f0e3bc43d2380d4a935f2b45350783b37  node-v0.8.20.tar.gz
+8e13b125c3572a1cb46364b3241405cdf7af1a82  node.exe
+f67ea64d6686207dbacb9bb8feacce3ac8899ec8  node.exp
+c338212caf48d945e8e8049c2a0c30e38e8730d6  node.lib
+019b24c60cdb03f9d8209290e7af90e8565999e7  node.pdb
+67fff498c5271033073a3ca9fc01178b5f5c309a  x64/node-v0.8.20-x64.msi
+6ecab177a47ff5c74397799b329c2359b40c7d1f  x64/node.exe
+bcd51345c05a28be5db3553fc578aa3dd52fc97e  x64/node.exp
+825f2ba0bb9d7bd170adef89009b84ee147754e5  x64/node.lib
+50c4cc483cc4b675966c7ec524afacb59ff99164  x64/node.pdb
+```