diff --git a/deps/npm/CHANGELOG.md b/deps/npm/CHANGELOG.md index b73d83ac70..1a38e06619 100644 --- a/deps/npm/CHANGELOG.md +++ b/deps/npm/CHANGELOG.md @@ -1,3 +1,55 @@ +### v2.4.1 (2015-01-23): + +![bridge that doesn't meet in the middle](http://www.static-18.themodernnomad.com/wp-content/uploads/2011/08/bridge-fail.jpg) + +Let's accentuate the positive: the `dist-tag` endpoints for `npm dist-tag +{add,rm,ls}` are now live on the public npm registry. + +* [`f70272b`](https://github.com/npm/npm/commit/f70272bed7d77032d1e21553371dd5662fef32f2) + `npm-registry-client@6.0.3`: Properly escape JSON tag version strings and + filter `_etag` from CouchDB docs. ([@othiym23](https://github.com/othiym23)) + +### v2.4.0 (2015-01-22): + +#### REGISTRY 2: ACCESS AND DIST-TAGS + +NOTE: This week's registry-2 commands are leading the implementation on +registry.npmjs.org a little bit, so some of the following may not work for +another week or so. Also note that `npm access` has documentation and +subcommands that are not yet finished, because they depend on incompletely +specified registry API endpoints. Things are coming together very quickly, +though, so expect the missing pieces to be filled in the coming weeks. + +* [`c963eb2`](https://github.com/npm/npm/commit/c963eb295cf766921b1680f4a71fd0ed3e1bcad8) + [#7181](https://github.com/npm/npm/issues/7181) NEW `npm access public` and + `npm access restricted`: Toggle visibility of scoped packages. + ([@othiym23](https://github.com/othiym23)) +* [`dc51810`](https://github.com/npm/npm/commit/dc51810e08c0f104259146c9c035d255de4f7d1d) + [#6243](https://github.com/npm/npm/issues/6243) / + [#6854](https://github.com/npm/npm/issues/6854) NEW `npm dist-tags`: Directly + manage `dist-tags` on packages. Most notably, `dist-tags` can now be deleted. + ([@othiym23](https://github.com/othiym23)) +* [`4c7c132`](https://github.com/npm/npm/commit/4c7c132a6b8305dca2974943226c39c0cdc64ff9) + [#7181](https://github.com/npm/npm/issues/7181) / + [#6854](https://github.com/npm/npm/issues/6854) `npm-registry-client@6.0.1`: + Add new `access` and `dist-tags` endpoints + ([@othiym23](https://github.com/othiym23)) + +#### NOT EXACTLY SELF-DEPRECATING + +* [`10d5c77`](https://github.com/npm/npm/commit/10d5c77653487f15759ac7de262a97e9c655240c) + [#6274](https://github.com/npm/npm/issues/6274) Deprecate `npm tag` in favor + of `npm dist-tag`. ([@othiym23](https://github.com/othiym23)) + +#### BUG FIX AND TINY FEATURE + +* [`29a6ef3`](https://github.com/npm/npm/commit/29a6ef38ef86ac318c5d9ea4bee28ce614672fa6) + [#6850](https://github.com/npm/npm/issues/6850) Be smarter about determining + base of file deletion when unbuilding. ([@phated](https://github.com/phated)) +* [`4ad01ea`](https://github.com/npm/npm/commit/4ad01ea2930a7a1cf88be121cc5ce9eba40c6807) + `init-package-json@1.2.0`: Support `--save-exact` in `npm init`. + ([@gustavnikolaj](https://github.com/gustavnikolaj)) + ### v2.3.0 (2015-01-15): #### REGISTRY 2: OH MY STARS! WHO AM I? diff --git a/deps/npm/doc/cli/npm-access.md b/deps/npm/doc/cli/npm-access.md new file mode 100644 index 0000000000..85db7e6541 --- /dev/null +++ b/deps/npm/doc/cli/npm-access.md @@ -0,0 +1,63 @@ +npm-access(1) -- Set access level on published packages +======================================================= + +## SYNOPSIS + + npm access public [] + npm access restricted [] + + npm access add [] + npm access rm [] + + npm access ls [] + npm access edit [] + +## DESCRIPTION + +Used to set access controls on private packages. + +For all of the subcommands, `npm access` will perform actions on the packages +in the current working directory if no package name is passed to the +subcommand. + +* public / restricted: + Set a package to be either publicly accessible or restricted. + +* add / rm: + Add or remove the ability of users and teams to have read-only or read-write + access to a package. + +* ls: + Show all of the access privileges for a package. Will only show permissions + for packages to which you have at least read access. + +* edit: + Set the access privileges for a package at once using `$EDITOR`. + +## DETAILS + +`npm access` always operates directly on the current registry, configurable +from the command line using `--registry=`. + +Unscoped packages are *always public*. + +Scoped packages *default to restricted*, but you can either publish them as +public using `npm publish --access=public`, or set their access as public using +`npm access public` after the initial publish. + +You must have privileges to set the access of a package: + +* You are an owner of an unscoped or scoped package. +* You are a member of the team that owns a scope. +* You have been given read-write privileges for a package, either as a member + of a team or directly as an owner. + +If your account is not paid, then attempts to publish scoped packages will fail +with an HTTP 402 status code (logically enough), unless you use +`--access=public`. + +## SEE ALSO + +* npm-publish(1) +* npm-config(7) +* npm-registry(7) diff --git a/deps/npm/doc/cli/npm-dist-tag.md b/deps/npm/doc/cli/npm-dist-tag.md new file mode 100644 index 0000000000..b8eabe7157 --- /dev/null +++ b/deps/npm/doc/cli/npm-dist-tag.md @@ -0,0 +1,72 @@ +npm-dist-tag(1) -- Modify package distribution tags +=================================================== + +## SYNOPSIS + + npm dist-tag add @ [] + npm dist-tag rm + npm dist-tag ls [] + +## DESCRIPTION + +Add, remove, and enumerate distribution tags on a package: + +* add: + Tags the specified version of the package with the specified tag, or the + `--tag` config if not specified. + +* rm: + Clear a tag that is no longer in use from the package. + +* ls: + Show all of the dist-tags for a package, defaulting to the package in + the curren prefix. + +A tag can be used when installing packages as a reference to a version instead +of using a specific version number: + + npm install @ + +When installing dependencies, a preferred tagged version may be specified: + + npm install --tag + +This also applies to `npm dedupe`. + +Publishing a package always sets the "latest" tag to the published version. + +## PURPOSE + +Tags can be used to provide an alias instead of version numbers. For +example, `npm` currently uses the tag "next" to identify the upcoming +version, and the tag "latest" to identify the current version. + +A project might choose to have multiple streams of development, e.g., +"stable", "canary". + +## CAVEATS + +This command used to be known as `npm tag`, which only created new tags, and so +had a different syntax. + +Tags must share a namespace with version numbers, because they are specified in +the same slot: `npm install @` vs `npm install @`. + +Tags that can be interpreted as valid semver ranges will be rejected. For +example, `v1.4` cannot be used as a tag, because it is interpreted by semver as +`>=1.4.0 <1.5.0`. See . + +The simplest way to avoid semver problems with tags is to use tags that do not +begin with a number or the letter `v`. + +## SEE ALSO + +* npm-tag(1) +* npm-publish(1) +* npm-install(1) +* npm-dedupe(1) +* npm-registry(7) +* npm-config(1) +* npm-config(7) +* npm-tag(3) +* npmrc(5) diff --git a/deps/npm/doc/cli/npm-publish.md b/deps/npm/doc/cli/npm-publish.md index 30e816c7fd..8c447d0df9 100644 --- a/deps/npm/doc/cli/npm-publish.md +++ b/deps/npm/doc/cli/npm-publish.md @@ -4,8 +4,8 @@ npm-publish(1) -- Publish a package ## SYNOPSIS - npm publish [--tag ] - npm publish [--tag ] + npm publish [--tag ] [--access ] + npm publish [--tag ] [--access ] ## DESCRIPTION @@ -29,6 +29,12 @@ specifying a different default registry or using a `npm-scope(7)` in the name @` will install this version. By default, `npm publish` updates and `npm install` installs the `latest` tag. +* `[--access ]` + Tells the registry whether this package should be published as public or + restricted. Only applies to scoped packages, which default to `restricted`. + If you don't have a paid account, you must publish with `--access public` + to publish scoped packages. + Fails if the package name and version combination already exists in the specified registry. @@ -39,6 +45,7 @@ it is removed with npm-unpublish(1). ## SEE ALSO * npm-registry(7) +* npm-scope(7) * npm-adduser(1) * npm-owner(1) * npm-deprecate(1) diff --git a/deps/npm/doc/cli/npm-tag.md b/deps/npm/doc/cli/npm-tag.md index 28a1c9334f..d7118d4e58 100644 --- a/deps/npm/doc/cli/npm-tag.md +++ b/deps/npm/doc/cli/npm-tag.md @@ -7,6 +7,8 @@ npm-tag(1) -- Tag a published version ## DESCRIPTION +THIS COMMAND IS DEPRECATED. See npm-dist-tag(1) for details. + Tags the specified version of the package with the specified tag, or the `--tag` config if not specified. diff --git a/deps/npm/doc/misc/npm-config.md b/deps/npm/doc/misc/npm-config.md index 7aaaffb8d6..1772b34ec1 100644 --- a/deps/npm/doc/misc/npm-config.md +++ b/deps/npm/doc/misc/npm-config.md @@ -107,6 +107,16 @@ See package.json(5) for more information. ## Config Settings +### access + +* Default: `restricted` +* Type: Access + +When publishing scoped packages, the access level defaults to `restricted`. If +you want your scoped package to be publicly viewable (and installable) set +`--access=public`. The only valid values for `access` are `public` and +`restricted`. Unscoped packages _always_ have an access level of `public`. + ### always-auth * Default: false diff --git a/deps/npm/doc/misc/npm-index.md b/deps/npm/doc/misc/npm-index.md index 96c62cced6..4cbfbdc8bc 100644 --- a/deps/npm/doc/misc/npm-index.md +++ b/deps/npm/doc/misc/npm-index.md @@ -13,6 +13,10 @@ Using npm on the command line javascript package manager +### npm-access(1) + +Set access level on published packages + ### npm-adduser(1) Add a registry user account @@ -53,6 +57,10 @@ Reduce duplication Deprecate a version of a package +### npm-dist-tag(1) + +Modify package distribution tags + ### npm-docs(1) Docs for a package in a web browser maybe diff --git a/deps/npm/html/doc/README.html b/deps/npm/html/doc/README.html index a9953056c9..3edb83a967 100644 --- a/deps/npm/html/doc/README.html +++ b/deps/npm/html/doc/README.html @@ -126,7 +126,7 @@ specific purpose, or lack of malice in any given npm package.

If you have a complaint about a package in the public npm registry, and cannot resolve it with the package owner, please email -support@npmjs.com and explain the situation.

+support@npmjs.com and explain the situation.

Any data published to The npm Registry (including user account information) may be removed or modified at the sole discretion of the npm server administrators.

@@ -169,5 +169,5 @@ will no doubt tell you to put the output in a gist or email.

       - + diff --git a/deps/npm/html/doc/api/npm-bin.html b/deps/npm/html/doc/api/npm-bin.html index d1b9fb5bca..b927594b10 100644 --- a/deps/npm/html/doc/api/npm-bin.html +++ b/deps/npm/html/doc/api/npm-bin.html @@ -28,5 +28,5 @@ to the npm.bin property.

       - + diff --git a/deps/npm/html/doc/api/npm-bugs.html b/deps/npm/html/doc/api/npm-bugs.html index a7f3c3e4ad..976535097e 100644 --- a/deps/npm/html/doc/api/npm-bugs.html +++ b/deps/npm/html/doc/api/npm-bugs.html @@ -33,5 +33,5 @@ friendly for programmatic use.

       - + diff --git a/deps/npm/html/doc/api/npm-cache.html b/deps/npm/html/doc/api/npm-cache.html index 952856f869..94f242c4f0 100644 --- a/deps/npm/html/doc/api/npm-cache.html +++ b/deps/npm/html/doc/api/npm-cache.html @@ -42,5 +42,5 @@ incrementation.

       - + diff --git a/deps/npm/html/doc/api/npm-commands.html b/deps/npm/html/doc/api/npm-commands.html index 16292985c8..80968ebace 100644 --- a/deps/npm/html/doc/api/npm-commands.html +++ b/deps/npm/html/doc/api/npm-commands.html @@ -36,5 +36,5 @@ usage, or man 3 npm-<command> for programmatic usage.

       - + diff --git a/deps/npm/html/doc/api/npm-config.html b/deps/npm/html/doc/api/npm-config.html index 758eef37ac..6d763526fb 100644 --- a/deps/npm/html/doc/api/npm-config.html +++ b/deps/npm/html/doc/api/npm-config.html @@ -57,5 +57,5 @@ functions instead.

       - + diff --git a/deps/npm/html/doc/api/npm-deprecate.html b/deps/npm/html/doc/api/npm-deprecate.html index eb965608ef..6072d9371a 100644 --- a/deps/npm/html/doc/api/npm-deprecate.html +++ b/deps/npm/html/doc/api/npm-deprecate.html @@ -47,5 +47,5 @@ a deprecation warning to all who attempt to install it.

       - + diff --git a/deps/npm/html/doc/api/npm-docs.html b/deps/npm/html/doc/api/npm-docs.html index 25fa5167f4..42e0ed8f2c 100644 --- a/deps/npm/html/doc/api/npm-docs.html +++ b/deps/npm/html/doc/api/npm-docs.html @@ -33,5 +33,5 @@ friendly for programmatic use.

       - + diff --git a/deps/npm/html/doc/api/npm-edit.html b/deps/npm/html/doc/api/npm-edit.html index f7e777d86d..b494c3eb4f 100644 --- a/deps/npm/html/doc/api/npm-edit.html +++ b/deps/npm/html/doc/api/npm-edit.html @@ -36,5 +36,5 @@ and how this is used.

       - + diff --git a/deps/npm/html/doc/api/npm-explore.html b/deps/npm/html/doc/api/npm-explore.html index fb8b36e1b2..31ada6942d 100644 --- a/deps/npm/html/doc/api/npm-explore.html +++ b/deps/npm/html/doc/api/npm-explore.html @@ -31,5 +31,5 @@ sure to use npm rebuild <pkg> if you make any changes.

       - + diff --git a/deps/npm/html/doc/api/npm-help-search.html b/deps/npm/html/doc/api/npm-help-search.html index 3612ae521f..42f3ca527d 100644 --- a/deps/npm/html/doc/api/npm-help-search.html +++ b/deps/npm/html/doc/api/npm-help-search.html @@ -44,5 +44,5 @@ Name of the file that matched        - + diff --git a/deps/npm/html/doc/api/npm-init.html b/deps/npm/html/doc/api/npm-init.html index dc32dfdbe5..32526521c3 100644 --- a/deps/npm/html/doc/api/npm-init.html +++ b/deps/npm/html/doc/api/npm-init.html @@ -39,5 +39,5 @@ then go ahead and use this programmatically.

       - + diff --git a/deps/npm/html/doc/api/npm-install.html b/deps/npm/html/doc/api/npm-install.html index ef095d462c..43ed6e366a 100644 --- a/deps/npm/html/doc/api/npm-install.html +++ b/deps/npm/html/doc/api/npm-install.html @@ -32,5 +32,5 @@ installed or when an error has been encountered.

       - + diff --git a/deps/npm/html/doc/api/npm-link.html b/deps/npm/html/doc/api/npm-link.html index 7a80c5297d..44cac12f47 100644 --- a/deps/npm/html/doc/api/npm-link.html +++ b/deps/npm/html/doc/api/npm-link.html @@ -42,5 +42,5 @@ the package in the current working directory

       - + diff --git a/deps/npm/html/doc/api/npm-load.html b/deps/npm/html/doc/api/npm-load.html index 3882694cf0..97f85a0abc 100644 --- a/deps/npm/html/doc/api/npm-load.html +++ b/deps/npm/html/doc/api/npm-load.html @@ -37,5 +37,5 @@ config object.

       - + diff --git a/deps/npm/html/doc/api/npm-ls.html b/deps/npm/html/doc/api/npm-ls.html index 8b0bc0c6fb..330c35fa68 100644 --- a/deps/npm/html/doc/api/npm-ls.html +++ b/deps/npm/html/doc/api/npm-ls.html @@ -63,5 +63,5 @@ dependency will only be output once.

       - + diff --git a/deps/npm/html/doc/api/npm-outdated.html b/deps/npm/html/doc/api/npm-outdated.html index eeff9318d0..37548fae9b 100644 --- a/deps/npm/html/doc/api/npm-outdated.html +++ b/deps/npm/html/doc/api/npm-outdated.html @@ -28,5 +28,5 @@ currently outdated.

       - + diff --git a/deps/npm/html/doc/api/npm-owner.html b/deps/npm/html/doc/api/npm-owner.html index 6fff137875..65216030a4 100644 --- a/deps/npm/html/doc/api/npm-owner.html +++ b/deps/npm/html/doc/api/npm-owner.html @@ -47,5 +47,5 @@ that is not implemented at this time.

       - + diff --git a/deps/npm/html/doc/api/npm-pack.html b/deps/npm/html/doc/api/npm-pack.html index 13a1ed8f5d..ec3e4cb670 100644 --- a/deps/npm/html/doc/api/npm-pack.html +++ b/deps/npm/html/doc/api/npm-pack.html @@ -33,5 +33,5 @@ overwritten the second time.

       - + diff --git a/deps/npm/html/doc/api/npm-prefix.html b/deps/npm/html/doc/api/npm-prefix.html index 22398c50df..9b26a42de9 100644 --- a/deps/npm/html/doc/api/npm-prefix.html +++ b/deps/npm/html/doc/api/npm-prefix.html @@ -29,5 +29,5 @@        - + diff --git a/deps/npm/html/doc/api/npm-prune.html b/deps/npm/html/doc/api/npm-prune.html index 6ee9e7d59f..645cb21b20 100644 --- a/deps/npm/html/doc/api/npm-prune.html +++ b/deps/npm/html/doc/api/npm-prune.html @@ -30,5 +30,5 @@ package's dependencies list.

       - + diff --git a/deps/npm/html/doc/api/npm-publish.html b/deps/npm/html/doc/api/npm-publish.html index dccedcab6c..cd7e7446b1 100644 --- a/deps/npm/html/doc/api/npm-publish.html +++ b/deps/npm/html/doc/api/npm-publish.html @@ -46,5 +46,5 @@ the registry. Overwrites when the "force" environment variable is set        - + diff --git a/deps/npm/html/doc/api/npm-rebuild.html b/deps/npm/html/doc/api/npm-rebuild.html index 1203b177a2..d957bfdf1c 100644 --- a/deps/npm/html/doc/api/npm-rebuild.html +++ b/deps/npm/html/doc/api/npm-rebuild.html @@ -30,5 +30,5 @@ the new binary. If no 'packages' parameter is specify, every package wil        - + diff --git a/deps/npm/html/doc/api/npm-repo.html b/deps/npm/html/doc/api/npm-repo.html index 718f55aae6..34ec71cab1 100644 --- a/deps/npm/html/doc/api/npm-repo.html +++ b/deps/npm/html/doc/api/npm-repo.html @@ -33,5 +33,5 @@ friendly for programmatic use.

       - + diff --git a/deps/npm/html/doc/api/npm-restart.html b/deps/npm/html/doc/api/npm-restart.html index e3c90034fe..2c87673aba 100644 --- a/deps/npm/html/doc/api/npm-restart.html +++ b/deps/npm/html/doc/api/npm-restart.html @@ -52,5 +52,5 @@ behavior will be accompanied by an increase in major version number

       - + diff --git a/deps/npm/html/doc/api/npm-root.html b/deps/npm/html/doc/api/npm-root.html index 5231b853fd..8acc1a58f4 100644 --- a/deps/npm/html/doc/api/npm-root.html +++ b/deps/npm/html/doc/api/npm-root.html @@ -29,5 +29,5 @@        - + diff --git a/deps/npm/html/doc/api/npm-run-script.html b/deps/npm/html/doc/api/npm-run-script.html index c9877f4012..63befb7a5b 100644 --- a/deps/npm/html/doc/api/npm-run-script.html +++ b/deps/npm/html/doc/api/npm-run-script.html @@ -41,5 +41,5 @@ assumed to be the command to run. All other elements are ignored.

       - + diff --git a/deps/npm/html/doc/api/npm-search.html b/deps/npm/html/doc/api/npm-search.html index 8d116367ae..bc8f712647 100644 --- a/deps/npm/html/doc/api/npm-search.html +++ b/deps/npm/html/doc/api/npm-search.html @@ -53,5 +53,5 @@ like).

       - + diff --git a/deps/npm/html/doc/api/npm-shrinkwrap.html b/deps/npm/html/doc/api/npm-shrinkwrap.html index 08aec3538c..5d686266ee 100644 --- a/deps/npm/html/doc/api/npm-shrinkwrap.html +++ b/deps/npm/html/doc/api/npm-shrinkwrap.html @@ -33,5 +33,5 @@ been saved.

       - + diff --git a/deps/npm/html/doc/api/npm-start.html b/deps/npm/html/doc/api/npm-start.html index 74e8271a54..497fe9eb6e 100644 --- a/deps/npm/html/doc/api/npm-start.html +++ b/deps/npm/html/doc/api/npm-start.html @@ -28,5 +28,5 @@        - + diff --git a/deps/npm/html/doc/api/npm-stop.html b/deps/npm/html/doc/api/npm-stop.html index 018b57ea3b..65fc48fe63 100644 --- a/deps/npm/html/doc/api/npm-stop.html +++ b/deps/npm/html/doc/api/npm-stop.html @@ -28,5 +28,5 @@ in the packages parameter.

       - + diff --git a/deps/npm/html/doc/api/npm-tag.html b/deps/npm/html/doc/api/npm-tag.html index bc145f5f05..f2ef22f26d 100644 --- a/deps/npm/html/doc/api/npm-tag.html +++ b/deps/npm/html/doc/api/npm-tag.html @@ -36,5 +36,5 @@ used. For more information about how to set this config, check        - + diff --git a/deps/npm/html/doc/api/npm-test.html b/deps/npm/html/doc/api/npm-test.html index b799e3a7ff..574006ece9 100644 --- a/deps/npm/html/doc/api/npm-test.html +++ b/deps/npm/html/doc/api/npm-test.html @@ -30,5 +30,5 @@ in the packages parameter.

       - + diff --git a/deps/npm/html/doc/api/npm-uninstall.html b/deps/npm/html/doc/api/npm-uninstall.html index 51720cc7d8..8004e1a7f4 100644 --- a/deps/npm/html/doc/api/npm-uninstall.html +++ b/deps/npm/html/doc/api/npm-uninstall.html @@ -30,5 +30,5 @@ uninstalled or when an error has been encountered.

       - + diff --git a/deps/npm/html/doc/api/npm-unpublish.html b/deps/npm/html/doc/api/npm-unpublish.html index 004ca7ed7f..0567809e1e 100644 --- a/deps/npm/html/doc/api/npm-unpublish.html +++ b/deps/npm/html/doc/api/npm-unpublish.html @@ -33,5 +33,5 @@ the root package entry is removed from the registry entirely.

       - + diff --git a/deps/npm/html/doc/api/npm-update.html b/deps/npm/html/doc/api/npm-update.html index 5feecc4b46..044359cf1e 100644 --- a/deps/npm/html/doc/api/npm-update.html +++ b/deps/npm/html/doc/api/npm-update.html @@ -27,5 +27,5 @@        - + diff --git a/deps/npm/html/doc/api/npm-version.html b/deps/npm/html/doc/api/npm-version.html index cdd410a14c..6627acec54 100644 --- a/deps/npm/html/doc/api/npm-version.html +++ b/deps/npm/html/doc/api/npm-version.html @@ -32,5 +32,5 @@ not have exactly one element. The only element should be a version number.

       - + diff --git a/deps/npm/html/doc/api/npm-view.html b/deps/npm/html/doc/api/npm-view.html index 627f9e65f0..938ade87dd 100644 --- a/deps/npm/html/doc/api/npm-view.html +++ b/deps/npm/html/doc/api/npm-view.html @@ -81,5 +81,5 @@ the field name.

       - + diff --git a/deps/npm/html/doc/api/npm-whoami.html b/deps/npm/html/doc/api/npm-whoami.html index c381923cd8..2ae1832bfc 100644 --- a/deps/npm/html/doc/api/npm-whoami.html +++ b/deps/npm/html/doc/api/npm-whoami.html @@ -29,5 +29,5 @@        - + diff --git a/deps/npm/html/doc/api/npm.html b/deps/npm/html/doc/api/npm.html index ef985922c6..d5328254e9 100644 --- a/deps/npm/html/doc/api/npm.html +++ b/deps/npm/html/doc/api/npm.html @@ -23,7 +23,7 @@ npm.load([configObject, ]function (er, npm) { npm.commands.install(["package"], cb) })

VERSION

-

2.3.0

+

2.4.1

DESCRIPTION

This is the API documentation for npm. To find documentation of the command line @@ -109,5 +109,5 @@ method names. Use the npm.deref method to find the real name.

       - + diff --git a/deps/npm/html/doc/cli/npm-access.html b/deps/npm/html/doc/cli/npm-access.html new file mode 100644 index 0000000000..e9fe0e7f96 --- /dev/null +++ b/deps/npm/html/doc/cli/npm-access.html @@ -0,0 +1,78 @@ + + + npm-access + + + + + + +
+ +

npm-access

Set access level on published packages

+

SYNOPSIS

+
npm access public [<package>]
+npm access restricted [<package>]
+
+npm access add <read-only|read-write> <entity> [<package>]
+npm access rm <entity> [<package>]
+
+npm access ls [<package>]
+npm access edit [<package>]
+

DESCRIPTION

+

Used to set access controls on private packages.

+

For all of the subcommands, npm access will perform actions on the packages +in the current working directory if no package name is passed to the +subcommand.

+
    +

  • public / restricted: +Set a package to be either publicly accessible or restricted.

    +
    • +

  • add / rm: +Add or remove the ability of users and teams to have read-only or read-write +access to a package.

    +
    • +

  • ls: +Show all of the access privileges for a package. Will only show permissions +for packages to which you have at least read access.

    +
    • +

  • edit: +Set the access privileges for a package at once using $EDITOR.

    +
    • +
+

DETAILS

+

npm access always operates directly on the current registry, configurable +from the command line using --registry=<registry url>.

+

Unscoped packages are always public.

+

Scoped packages default to restricted, but you can either publish them as +public using npm publish --access=public, or set their access as public using +npm access public after the initial publish.

+

You must have privileges to set the access of a package:

+
    +
  • You are an owner of an unscoped or scoped package.
    • +
  • You are a member of the team that owns a scope.
    • +
  • You have been given read-write privileges for a package, either as a member +of a team or directly as an owner.
    • +
+

If your account is not paid, then attempts to publish scoped packages will fail +with an HTTP 402 status code (logically enough), unless you use +--access=public.

+

SEE ALSO

+ + +
+ + + + + + + + + + + diff --git a/deps/npm/html/doc/cli/npm-adduser.html b/deps/npm/html/doc/cli/npm-adduser.html index 541ad0c41f..e25299b6c9 100644 --- a/deps/npm/html/doc/cli/npm-adduser.html +++ b/deps/npm/html/doc/cli/npm-adduser.html @@ -68,5 +68,5 @@ precedence over any global configuration.

       - + diff --git a/deps/npm/html/doc/cli/npm-bin.html b/deps/npm/html/doc/cli/npm-bin.html index 0f61d5c0be..e599f97a83 100644 --- a/deps/npm/html/doc/cli/npm-bin.html +++ b/deps/npm/html/doc/cli/npm-bin.html @@ -35,5 +35,5 @@        - + diff --git a/deps/npm/html/doc/cli/npm-bugs.html b/deps/npm/html/doc/cli/npm-bugs.html index ccb59fe063..a0eb7624d9 100644 --- a/deps/npm/html/doc/cli/npm-bugs.html +++ b/deps/npm/html/doc/cli/npm-bugs.html @@ -54,5 +54,5 @@ a package.json in the current folder and use the name        - + diff --git a/deps/npm/html/doc/cli/npm-build.html b/deps/npm/html/doc/cli/npm-build.html index a32234b9f7..09cbd1cdaf 100644 --- a/deps/npm/html/doc/cli/npm-build.html +++ b/deps/npm/html/doc/cli/npm-build.html @@ -38,5 +38,5 @@ A folder containing a package.json file in its root.        - + diff --git a/deps/npm/html/doc/cli/npm-bundle.html b/deps/npm/html/doc/cli/npm-bundle.html index 2aec65af8a..5ea73eda4f 100644 --- a/deps/npm/html/doc/cli/npm-bundle.html +++ b/deps/npm/html/doc/cli/npm-bundle.html @@ -31,5 +31,5 @@ install packages into the local space.

       - + diff --git a/deps/npm/html/doc/cli/npm-cache.html b/deps/npm/html/doc/cli/npm-cache.html index d0d392a29c..82277f48ea 100644 --- a/deps/npm/html/doc/cli/npm-cache.html +++ b/deps/npm/html/doc/cli/npm-cache.html @@ -81,5 +81,5 @@ they do not make an HTTP request to the registry.

       - + diff --git a/deps/npm/html/doc/cli/npm-completion.html b/deps/npm/html/doc/cli/npm-completion.html index 69da1503e4..1bfebc7283 100644 --- a/deps/npm/html/doc/cli/npm-completion.html +++ b/deps/npm/html/doc/cli/npm-completion.html @@ -42,5 +42,5 @@ completions based on the arguments.

       - + diff --git a/deps/npm/html/doc/cli/npm-config.html b/deps/npm/html/doc/cli/npm-config.html index 7521a212a8..6c70244eac 100644 --- a/deps/npm/html/doc/cli/npm-config.html +++ b/deps/npm/html/doc/cli/npm-config.html @@ -66,5 +66,5 @@ global config.

       - + diff --git a/deps/npm/html/doc/cli/npm-dedupe.html b/deps/npm/html/doc/cli/npm-dedupe.html index 2ea5f3de96..233b2ec5f5 100644 --- a/deps/npm/html/doc/cli/npm-dedupe.html +++ b/deps/npm/html/doc/cli/npm-dedupe.html @@ -63,5 +63,5 @@ versions.

       - + diff --git a/deps/npm/html/doc/cli/npm-deprecate.html b/deps/npm/html/doc/cli/npm-deprecate.html index 886ddd1696..68dc7488d5 100644 --- a/deps/npm/html/doc/cli/npm-deprecate.html +++ b/deps/npm/html/doc/cli/npm-deprecate.html @@ -38,5 +38,5 @@ something like this:

       - + diff --git a/deps/npm/html/doc/cli/npm-dist-tag.html b/deps/npm/html/doc/cli/npm-dist-tag.html new file mode 100644 index 0000000000..a0cadee07d --- /dev/null +++ b/deps/npm/html/doc/cli/npm-dist-tag.html @@ -0,0 +1,79 @@ + + + npm-dist-tag + + + + + + +
+ +

npm-dist-tag

Modify package distribution tags

+

SYNOPSIS

+
npm dist-tag add <pkg>@<version> [<tag>]
+npm dist-tag rm <pkg> <tag>
+npm dist-tag ls [<pkg>]
+

DESCRIPTION

+

Add, remove, and enumerate distribution tags on a package:

+
    +

  • add: +Tags the specified version of the package with the specified tag, or the +--tag config if not specified.

    +
    • +

  • rm: +Clear a tag that is no longer in use from the package.

    +
    • +

  • ls: +Show all of the dist-tags for a package, defaulting to the package in +the curren prefix.

    +
    • +
+

A tag can be used when installing packages as a reference to a version instead +of using a specific version number:

+
npm install <name>@<tag>
+

When installing dependencies, a preferred tagged version may be specified:

+
npm install --tag <tag>
+

This also applies to npm dedupe.

+

Publishing a package always sets the "latest" tag to the published version.

+

PURPOSE

+

Tags can be used to provide an alias instead of version numbers. For +example, npm currently uses the tag "next" to identify the upcoming +version, and the tag "latest" to identify the current version.

+

A project might choose to have multiple streams of development, e.g., +"stable", "canary".

+

CAVEATS

+

This command used to be known as npm tag, which only created new tags, and so +had a different syntax.

+

Tags must share a namespace with version numbers, because they are specified in +the same slot: npm install <pkg>@<version> vs npm install <pkg>@<tag>.

+

Tags that can be interpreted as valid semver ranges will be rejected. For +example, v1.4 cannot be used as a tag, because it is interpreted by semver as +>=1.4.0 <1.5.0. See https://github.com/npm/npm/issues/6082.

+

The simplest way to avoid semver problems with tags is to use tags that do not +begin with a number or the letter v.

+

SEE ALSO

+ + +
+ + + + + + + + + + + diff --git a/deps/npm/html/doc/cli/npm-docs.html b/deps/npm/html/doc/cli/npm-docs.html index 0721663da0..e8c4f58161 100644 --- a/deps/npm/html/doc/cli/npm-docs.html +++ b/deps/npm/html/doc/cli/npm-docs.html @@ -56,5 +56,5 @@ the current folder and use the name property.

       - + diff --git a/deps/npm/html/doc/cli/npm-edit.html b/deps/npm/html/doc/cli/npm-edit.html index 6a068adb15..34c261de89 100644 --- a/deps/npm/html/doc/cli/npm-edit.html +++ b/deps/npm/html/doc/cli/npm-edit.html @@ -49,5 +49,5 @@ or "notepad" on Windows.        - + diff --git a/deps/npm/html/doc/cli/npm-explore.html b/deps/npm/html/doc/cli/npm-explore.html index 38e79ce0d6..84396a3094 100644 --- a/deps/npm/html/doc/cli/npm-explore.html +++ b/deps/npm/html/doc/cli/npm-explore.html @@ -49,5 +49,5 @@ Windows        - + diff --git a/deps/npm/html/doc/cli/npm-help-search.html b/deps/npm/html/doc/cli/npm-help-search.html index 3584c29b88..079fcc6c2f 100644 --- a/deps/npm/html/doc/cli/npm-help-search.html +++ b/deps/npm/html/doc/cli/npm-help-search.html @@ -46,5 +46,5 @@ where the terms were found in the documentation.

       - + diff --git a/deps/npm/html/doc/cli/npm-help.html b/deps/npm/html/doc/cli/npm-help.html index eb463a8cd9..8c93fbb3d0 100644 --- a/deps/npm/html/doc/cli/npm-help.html +++ b/deps/npm/html/doc/cli/npm-help.html @@ -52,5 +52,5 @@ matches are equivalent to specifying a topic name.

       - + diff --git a/deps/npm/html/doc/cli/npm-init.html b/deps/npm/html/doc/cli/npm-init.html index c0586d97b7..4353534e7d 100644 --- a/deps/npm/html/doc/cli/npm-init.html +++ b/deps/npm/html/doc/cli/npm-init.html @@ -40,5 +40,5 @@ defaults and not prompt you for any options.

       - + diff --git a/deps/npm/html/doc/cli/npm-install.html b/deps/npm/html/doc/cli/npm-install.html index 6a7f9dd7dd..13adbec882 100644 --- a/deps/npm/html/doc/cli/npm-install.html +++ b/deps/npm/html/doc/cli/npm-install.html @@ -239,5 +239,5 @@ affects a real use-case, it will be investigated.

       - + diff --git a/deps/npm/html/doc/cli/npm-link.html b/deps/npm/html/doc/cli/npm-link.html index b783736d32..03e9dca9c2 100644 --- a/deps/npm/html/doc/cli/npm-link.html +++ b/deps/npm/html/doc/cli/npm-link.html @@ -71,5 +71,5 @@ include that scope, e.g.

       - + diff --git a/deps/npm/html/doc/cli/npm-ls.html b/deps/npm/html/doc/cli/npm-ls.html index d4d80cfdaa..6beb97a637 100644 --- a/deps/npm/html/doc/cli/npm-ls.html +++ b/deps/npm/html/doc/cli/npm-ls.html @@ -22,7 +22,7 @@ installed, as well as their dependencies, in a tree-structure.

limit the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@2.3.0 /path/to/npm
+
npm@2.4.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
It will print out extraneous, missing, and invalid packages.

@@ -85,5 +85,5 @@ project.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-outdated.html b/deps/npm/html/doc/cli/npm-outdated.html
index 81552873ad..c4e5d91a85 100644
--- a/deps/npm/html/doc/cli/npm-outdated.html
+++ b/deps/npm/html/doc/cli/npm-outdated.html
@@ -67,5 +67,5 @@ project.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-owner.html b/deps/npm/html/doc/cli/npm-owner.html
index ed9bcafcb9..a295affe05 100644
--- a/deps/npm/html/doc/cli/npm-owner.html
+++ b/deps/npm/html/doc/cli/npm-owner.html
@@ -49,5 +49,5 @@ that is not implemented at this time.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-pack.html b/deps/npm/html/doc/cli/npm-pack.html
index c5ebe07989..634aaa4428 100644
--- a/deps/npm/html/doc/cli/npm-pack.html
+++ b/deps/npm/html/doc/cli/npm-pack.html
@@ -41,5 +41,5 @@ overwritten the second time.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-prefix.html b/deps/npm/html/doc/cli/npm-prefix.html
index f3926644ed..2a186e65d7 100644
--- a/deps/npm/html/doc/cli/npm-prefix.html
+++ b/deps/npm/html/doc/cli/npm-prefix.html
@@ -38,5 +38,5 @@ to contain a package.json file unless -g is also specified.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-prune.html b/deps/npm/html/doc/cli/npm-prune.html
index 03b306dad3..b7034bf749 100644
--- a/deps/npm/html/doc/cli/npm-prune.html
+++ b/deps/npm/html/doc/cli/npm-prune.html
@@ -39,5 +39,5 @@ packages specified in your devDependencies.

   
    
 
-
+
 
diff --git a/deps/npm/html/doc/cli/npm-publish.html b/deps/npm/html/doc/cli/npm-publish.html
index 6dc61da658..3ff6b37e98 100644
--- a/deps/npm/html/doc/cli/npm-publish.html
+++ b/deps/npm/html/doc/cli/npm-publish.html
@@ -11,8 +11,8 @@
 
 
npm-publish
 
Publish a package

 
SYNOPSIS

-
npm publish <tarball> [--tag <tag>]
-npm publish <folder> [--tag <tag>]
+
npm publish <tarball> [--tag <tag>] [--access <public|restricted>]
+npm publish <folder> [--tag <tag>] [--access <public|restricted>]
 
DESCRIPTION

 
Publishes a package to the registry so that it can be installed by name. See
 npm-developers(7) for details on what's included in the published package, as
@@ -33,6 +33,12 @@ Registers the published package with the given tag, such that npm install
 <name>@<tag> will install this version.  By default, npm publish updates
 and npm install installs the latest tag.

 
+
  • [--access <public|restricted>]
+Tells the registry whether this package should be published as public or
+restricted. Only applies to scoped packages, which default to restricted.
+If you don't have a paid account, you must publish with --access public
+to publish scoped packages.
    
+
    • 
 
 
    Fails if the package name and version combination already exists in
 the specified registry.
    
@@ -42,6 +48,7 @@ it is removed with SEE ALSO
 
 
    Be sure to include all of the output from the npm command that didn't work
 as expected.  The npm-debug.log file is also helpful to provide.
    
@@ -128,7 +128,7 @@ will no doubt tell you to put the output in a gist or email.
    
 
    Isaac Z. Schlueter ::
 isaacs ::
 @izs ::
-i@izs.me
    
+i@izs.me
    
 
    SEE ALSO
    
 
    VERSION
    
-
    2.3.0
    
+
    2.4.1
    
 
    DESCRIPTION
    
 
    This is the API documentation for npm.
 To find documentation of the command line
diff --git a/deps/npm/html/partial/doc/cli/npm-access.html b/deps/npm/html/partial/doc/cli/npm-access.html
new file mode 100644
index 0000000000..d31d47066a
--- /dev/null
+++ b/deps/npm/html/partial/doc/cli/npm-access.html
@@ -0,0 +1,54 @@
+
    npm-access
     
    Set access level on published packages
    
+
    SYNOPSIS
    
+
    npm access public [<package>]
+npm access restricted [<package>]
+
+npm access add <read-only|read-write> <entity> [<package>]
+npm access rm <entity> [<package>]
+
+npm access ls [<package>]
+npm access edit [<package>]
+
    DESCRIPTION
    
+
    Used to set access controls on private packages.
    
+
    For all of the subcommands, npm access will perform actions on the packages
+in the current working directory if no package name is passed to the
+subcommand.
    
+
      
+
    • public / restricted:
+Set a package to be either publicly accessible or restricted.
      
+
      • 
+
    • add / rm:
+Add or remove the ability of users and teams to have read-only or read-write
+access to a package.
      
+
      • 
+
    • ls:
+Show all of the access privileges for a package. Will only show permissions
+for packages to which you have at least read access.
      
+
      • 
+
    • edit:
+Set the access privileges for a package at once using $EDITOR.
      
+
      • 
+
    
+
    DETAILS
    
+
    npm access always operates directly on the current registry, configurable
+from the command line using --registry=<registry url>.
    
+
    Unscoped packages are always public.
    
+
    Scoped packages default to restricted, but you can either publish them as
+public using npm publish --access=public, or set their access as public using
+npm access public after the initial publish.
    
+
    You must have privileges to set the access of a package:
    
+
      
+
    • You are an owner of an unscoped or scoped package.
      • 
+
    • You are a member of the team that owns a scope.
      • 
+
    • You have been given read-write privileges for a package, either as a member
+of a team or directly as an owner.
      • 
+
    
+
    If your account is not paid, then attempts to publish scoped packages will fail
+with an HTTP 402 status code (logically enough), unless you use
+--access=public.
    
+
    SEE ALSO
    
+
diff --git a/deps/npm/html/partial/doc/cli/npm-dist-tag.html b/deps/npm/html/partial/doc/cli/npm-dist-tag.html
new file mode 100644
index 0000000000..c4da315141
--- /dev/null
+++ b/deps/npm/html/partial/doc/cli/npm-dist-tag.html
@@ -0,0 +1,55 @@
+
    npm-dist-tag
     
    Modify package distribution tags
    
+
    SYNOPSIS
    
+
    npm dist-tag add <pkg>@<version> [<tag>]
+npm dist-tag rm <pkg> <tag>
+npm dist-tag ls [<pkg>]
+
    DESCRIPTION
    
+
    Add, remove, and enumerate distribution tags on a package:
    
+
      
+
    • add:
+Tags the specified version of the package with the specified tag, or the
+--tag config if not specified.
      
+
      • 
+
    • rm:
+Clear a tag that is no longer in use from the package.
      
+
      • 
+
    • ls:
+Show all of the dist-tags for a package, defaulting to the package in
+the curren prefix.
      
+
      • 
+
    
+
    A tag can be used when installing packages as a reference to a version instead
+of using a specific version number:
    
+
    npm install <name>@<tag>
+
    When installing dependencies, a preferred tagged version may be specified:
    
+
    npm install --tag <tag>
+
    This also applies to npm dedupe.
    
+
    Publishing a package always sets the "latest" tag to the published version.
    
+
    PURPOSE
    
+
    Tags can be used to provide an alias instead of version numbers.  For
+example, npm currently uses the tag "next" to identify the upcoming
+version, and the tag "latest" to identify the current version.
    
+
    A project might choose to have multiple streams of development, e.g.,
+"stable", "canary".
    
+
    CAVEATS
    
+
    This command used to be known as npm tag, which only created new tags, and so
+had a different syntax.
    
+
    Tags must share a namespace with version numbers, because they are specified in
+the same slot: npm install <pkg>@<version> vs npm install <pkg>@<tag>.
    
+
    Tags that can be interpreted as valid semver ranges will be rejected. For
+example, v1.4 cannot be used as a tag, because it is interpreted by semver as
+>=1.4.0 <1.5.0.  See https://github.com/npm/npm/issues/6082.
    
+
    The simplest way to avoid semver problems with tags is to use tags that do not
+begin with a number or the letter v.
    
+
    SEE ALSO
    
+
diff --git a/deps/npm/html/partial/doc/cli/npm-ls.html b/deps/npm/html/partial/doc/cli/npm-ls.html
index 788a0d2adb..39d1668d9a 100644
--- a/deps/npm/html/partial/doc/cli/npm-ls.html
+++ b/deps/npm/html/partial/doc/cli/npm-ls.html
@@ -11,7 +11,7 @@ installed, as well as their dependencies, in a tree-structure.
    
 limit the results to only the paths to the packages named.  Note that
 nested packages will also show the paths to the specified packages.
 For example, running npm ls promzard in npm's source tree will show:
    
-
    npm@2.3.0 /path/to/npm
+
    npm@2.4.1 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 
    It will print out extraneous, missing, and invalid packages.
    
diff --git a/deps/npm/html/partial/doc/cli/npm-publish.html b/deps/npm/html/partial/doc/cli/npm-publish.html
index 8df73e3d21..8d9321292a 100644
--- a/deps/npm/html/partial/doc/cli/npm-publish.html
+++ b/deps/npm/html/partial/doc/cli/npm-publish.html
@@ -1,7 +1,7 @@
 
    npm-publish
     
    Publish a package
    
 
    SYNOPSIS
    
-
    npm publish <tarball> [--tag <tag>]
-npm publish <folder> [--tag <tag>]
+
    npm publish <tarball> [--tag <tag>] [--access <public|restricted>]
+npm publish <folder> [--tag <tag>] [--access <public|restricted>]
 
    DESCRIPTION
    
 
    Publishes a package to the registry so that it can be installed by name. See
 npm-developers(7) for details on what's included in the published package, as
@@ -22,6 +22,12 @@ Registers the published package with the given tag, such that npm install
 <name>@<tag> will install this version.  By default, npm publish updates
 and npm install installs the latest tag.
    
 
+
  • [--access <public|restricted>]
+Tells the registry whether this package should be published as public or
+restricted. Only applies to scoped packages, which default to restricted.
+If you don't have a paid account, you must publish with --access public
+to publish scoped packages.
    
+
    • 
 
 
    Fails if the package name and version combination already exists in
 the specified registry.
    
@@ -31,6 +37,7 @@ it is removed with npm-unpublish(1).
    
 
    SEE ALSO
    
 
      
 
    • npm-registry(7)
      • 
+
    • npm-scope(7)
      • 
 
    • npm-adduser(1)
      • 
 
    • npm-owner(1)
      • 
 
    • npm-deprecate(1)
      • 
diff --git a/deps/npm/html/partial/doc/cli/npm-tag.html b/deps/npm/html/partial/doc/cli/npm-tag.html
index 3d0ff71861..b12d5de7a4 100644
--- a/deps/npm/html/partial/doc/cli/npm-tag.html
+++ b/deps/npm/html/partial/doc/cli/npm-tag.html
@@ -2,6 +2,7 @@
 
      SYNOPSIS
      
 
      npm tag <name>@<version> [<tag>]
 
      DESCRIPTION
      
+
      THIS COMMAND IS DEPRECATED. See npm-dist-tag(1) for details.
      
 
      Tags the specified version of the package with the specified tag, or the
 --tag config if not specified.
      
 
      A tag can be used when installing packages as a reference to a version instead
diff --git a/deps/npm/html/partial/doc/cli/npm.html b/deps/npm/html/partial/doc/cli/npm.html
index 9410dfdea1..a3f617a6aa 100644
--- a/deps/npm/html/partial/doc/cli/npm.html
+++ b/deps/npm/html/partial/doc/cli/npm.html
@@ -2,7 +2,7 @@
 
      SYNOPSIS
      
 
      npm <command> [args]
 
      VERSION
      
-
      2.3.0
      
+
      2.4.1
      
 
      DESCRIPTION
      
 
      npm is the package manager for the Node JavaScript platform.  It puts
 modules in place so that node can find them, and manages dependency
@@ -99,7 +99,7 @@ easily by doing npm view npm contributors.
      
 the issues list or ask on the mailing list.
      
 
 
      BUGS
      
 
      When you find issues, please report them:
      
@@ -107,7 +107,7 @@ the issues list or ask on the mailing list.
      
 
    • web:
 http://github.com/npm/npm/issues
      • 
 
    • email:
-npm-@googlegroups.com
      • 
+npm-@googlegroups.com
 
    
 
    Be sure to include all of the output from the npm command that didn't work
 as expected.  The npm-debug.log file is also helpful to provide.
    
@@ -117,7 +117,7 @@ will no doubt tell you to put the output in a gist or email.
    
 
    Isaac Z. Schlueter ::
 isaacs ::
 @izs ::
-i@izs.me
    
+i@izs.me
    
 
    SEE ALSO
    
 
      
 
    • npm-help(1)
      • 
diff --git a/deps/npm/html/partial/doc/index.html b/deps/npm/html/partial/doc/index.html
index 4fb98e1bd6..2d23cb50cc 100644
--- a/deps/npm/html/partial/doc/index.html
+++ b/deps/npm/html/partial/doc/index.html
@@ -5,6 +5,8 @@
 
      Using npm on the command line
      
 
      npm(1)
      
 
      javascript package manager
      
+
      npm-access(1)
      
+
      Set access level on published packages
      
 
      npm-adduser(1)
      
 
      Add a registry user account
      
 
      npm-bin(1)
      
@@ -25,6 +27,8 @@
 
      Reduce duplication
      
 
      npm-deprecate(1)
      
 
      Deprecate a version of a package
      
+
      npm-dist-tag(1)
      
+
      Modify package distribution tags
      
 
      npm-docs(1)
      
 
      Docs for a package in a web browser maybe
      
 
      npm-edit(1)
      
diff --git a/deps/npm/html/partial/doc/misc/npm-config.html b/deps/npm/html/partial/doc/misc/npm-config.html
index 1dcbc237cc..919d82ebf6 100644
--- a/deps/npm/html/partial/doc/misc/npm-config.html
+++ b/deps/npm/html/partial/doc/misc/npm-config.html
@@ -81,6 +81,15 @@ this:
      
 
      npm config set foo:port 80
 
      See package.json(5) for more information.
      
 
      Config Settings
      
+
      access
      
+
        
+
      • Default: restricted
        • 
+
      • Type: Access
        • 
+
      
+
      When publishing scoped packages, the access level defaults to restricted.  If
+you want your scoped package to be publicly viewable (and installable) set
+--access=public. The only valid values for access are public and
+restricted. Unscoped packages always have an access level of public.
      
 
      always-auth
      
 
        
 
      • Default: false
        • 
diff --git a/deps/npm/html/partial/doc/misc/npm-disputes.html b/deps/npm/html/partial/doc/misc/npm-disputes.html
index ab322741a7..d082ec78a6 100644
--- a/deps/npm/html/partial/doc/misc/npm-disputes.html
+++ b/deps/npm/html/partial/doc/misc/npm-disputes.html
@@ -2,7 +2,7 @@
 
        SYNOPSIS
        
 
          
 
        1. Get the author email with npm owner ls <pkgname>
          2. 
-
        2. Email the author, CC support@npmjs.com
          3. 
+
        3. Email the author, CC support@npmjs.com
          4. 
 
        4. After a few weeks, if there's no resolution, we'll sort it out.
          5. 
 
        
 
        Don't squat on package names.  Publish code or move out of the way.
        
@@ -40,12 +40,12 @@ Joe's appropriate course of action in each case is the same.
        
 owner (Bob).
 
      • Joe emails Bob, explaining the situation as respectfully as
 possible, and what he would like to do with the module name.  He
-adds the npm support staff support@npmjs.com to the CC list of
+adds the npm support staff support@npmjs.com to the CC list of
 the email.  Mention in the email that Bob can run npm owner add
 joe foo to add Joe as an owner of the foo package.
        • 
 
      • After a reasonable amount of time, if Bob has not responded, or if
 Bob and Joe can't come to any sort of resolution, email support
-support@npmjs.com and we'll sort it out.  ("Reasonable" is
+support@npmjs.com and we'll sort it out.  ("Reasonable" is
 usually at least 4 weeks, but extra time is allowed around common
 holidays.)
        • 
 
diff --git a/deps/npm/html/partial/doc/misc/npm-faq.html b/deps/npm/html/partial/doc/misc/npm-faq.html
index a015b73831..89d0755296 100644
--- a/deps/npm/html/partial/doc/misc/npm-faq.html
+++ b/deps/npm/html/partial/doc/misc/npm-faq.html
@@ -225,7 +225,7 @@ that has a package.json in its root, or a git url.
 
        To check if the registry is down, open up
 https://registry.npmjs.org/ in a web browser.  This will also tell
 you if you are just unable to access the internet for some reason.
        
-
        If the registry IS down, let us know by emailing support@npmjs.com
+
        If the registry IS down, let us know by emailing support@npmjs.com
 or posting an issue at https://github.com/npm/npm/issues.  If it's
 down for the world (and not just on your local network) then we're
 probably already being pinged about it.
        
diff --git a/deps/npm/html/partial/doc/misc/npm-index.html b/deps/npm/html/partial/doc/misc/npm-index.html
index eab0753c9e..c42ca682cc 100644
--- a/deps/npm/html/partial/doc/misc/npm-index.html
+++ b/deps/npm/html/partial/doc/misc/npm-index.html
@@ -5,6 +5,8 @@
 
        Using npm on the command line
        
 
        npm(1)
        
 
        javascript package manager
        
+
        npm-access(1)
        
+
        Set access level on published packages
        
 
        npm-adduser(1)
        
 
        Add a registry user account
        
 
        npm-bin(1)
        
@@ -25,6 +27,8 @@
 
        Reduce duplication
        
 
        npm-deprecate(1)
        
 
        Deprecate a version of a package
        
+
        npm-dist-tag(1)
        
+
        Modify package distribution tags
        
 
        npm-docs(1)
        
 
        Docs for a package in a web browser maybe
        
 
        npm-edit(1)
        
diff --git a/deps/npm/lib/access.js b/deps/npm/lib/access.js
new file mode 100644
index 0000000000..a479a971c3
--- /dev/null
+++ b/deps/npm/lib/access.js
@@ -0,0 +1,123 @@
+var assert = require("assert")
+var resolve = require("path").resolve
+var url = require("url")
+
+var log = require("npmlog")
+var readPackageJson = require("read-package-json")
+
+var mapToRegistry = require("./utils/map-to-registry.js")
+var npa = require("npm-package-arg")
+var npm = require("./npm.js")
+
+module.exports = access
+
+access.usage = "npm access public []"
+             + "\nnpm access restricted []"
+             + "\nnpm access add   []"
+             + "\nnpm access rm  []"
+             + "\nnpm access ls []"
+             + "\nnpm access edit []"
+
+access.completion = function (opts, cb) {
+  var argv = opts.conf.argv.remain
+  if (argv.length === 2) {
+    return cb(null, ["public", "restricted", "add", "rm", "ls", "edit"])
+  }
+
+  switch (argv[2]) {
+    case "public":
+    case "restricted":
+    case "ls":
+    case "edit":
+      return cb(new Error("unimplemented: packages you can change"))
+    case "add":
+      if (argv.length === 3) return cb(null, ["read-only", "read-write"])
+
+      return cb(new Error("unimplemented: entities and packages"))
+    case "rm":
+      return cb(new Error("unimplemented: entities and packages"))
+    default:
+      return cb(new Error(argv[2]+" not recognized"))
+  }
+}
+
+function access (args, cb) {
+  var cmd = args.shift()
+  switch (cmd) {
+    case "public": case "restricted": return changeAccess(args, cmd, cb)
+    case "add": case "set": return add(args, cb)
+    case "rm": case "del": case "clear": return rm(args, cb)
+    case "list": case "sl": case "ls": return ls(args, cb)
+    case "edit": case "ed": return edit(args, cb)
+    default: return cb("Usage:\n"+access.usage)
+  }
+}
+
+function changeAccess (args, level, cb) {
+  assert(Array.isArray(args), "changeAccess requires args be an array")
+  assert(
+    ["public", "restricted"].indexOf(level) !== -1,
+    "access level must be either 'public' or 'restricted'"
+  )
+  assert(typeof cb === "function", "changeAccess requires a callback")
+
+  var p = (args.shift() || "").trim()
+  if (!p) return getCurrentPackage(level, cb)
+  changeAccess_(p, level, cb)
+}
+
+function getCurrentPackage (level, cb) {
+  var here = resolve(npm.prefix, "package.json")
+  log.verbose("setPackageLevel", "here", here)
+
+  readPackageJson(here, function (er, data) {
+    if (er) return cb(er)
+
+    if (!data.name) {
+      return cb(new Error("Package must be named"))
+    }
+
+    changeAccess_(data.name, level, cb)
+  })
+}
+
+function changeAccess_ (name, level, cb) {
+  log.verbose("changeAccess", "name", name, "level", level)
+  mapToRegistry(name, npm.config, function (er, uri, auth, base) {
+    if (er) return cb(er)
+
+    var data = npa(name)
+    if (!data.scope) {
+      var msg = "Sorry, you can't change the access level of unscoped packages."
+      log.error("access", msg)
+      return cb(new Error(msg))
+    }
+
+    // name must be scoped, so escape separator
+    name = name.replace("/", "%2f")
+    // FIXME: mapToRegistry still isn't generic enough SIGH
+    uri = url.resolve(base, "-/package/"+name+"/access")
+    var params = {
+      level : level,
+      auth : auth
+    }
+
+    npm.registry.access(uri, params, cb)
+  })
+}
+
+function add (args, cb) {
+  return cb(new Error("npm access add isn't implemented yet!"))
+}
+
+function rm (args, cb) {
+  return cb(new Error("npm access rm isn't implemented yet!"))
+}
+
+function ls (args, cb) {
+  return cb(new Error("npm access ls isn't implemented yet!"))
+}
+
+function edit (args, cb) {
+  return cb(new Error("npm edit ls isn't implemented yet!"))
+}
diff --git a/deps/npm/lib/cache/caching-client.js b/deps/npm/lib/cache/caching-client.js
index 459a236f55..ec8eb8e16c 100644
--- a/deps/npm/lib/cache/caching-client.js
+++ b/deps/npm/lib/cache/caching-client.js
@@ -24,6 +24,7 @@ function CachingRegistryClient (config) {
   // swizzle in our custom cache invalidation logic
   this._request = this.request
   this.request  = this._invalidatingRequest
+  this.get      = get
 }
 inherits(CachingRegistryClient, RegistryClient)
 
@@ -42,7 +43,7 @@ CachingRegistryClient.prototype._invalidatingRequest = function (uri, params, cb
       // thinking that it didn't work when it did.
       // Note that failure is an acceptable option here, since the only
       // result will be a stale cache for some helper commands.
-      client.log.verbose("request", "invalidating", invalidated, "on", method)
+      log.verbose("request", "invalidating", invalidated, "on", method)
       return rimraf(invalidated, function () {
         cb.apply(undefined, args)
       })
@@ -52,7 +53,7 @@ CachingRegistryClient.prototype._invalidatingRequest = function (uri, params, cb
   })
 }
 
-CachingRegistryClient.prototype.get = function get (uri, params, cb) {
+function get (uri, params, cb) {
   assert(typeof uri === "string", "must pass registry URI to get")
   assert(params && typeof params === "object", "must pass params to get")
   assert(typeof cb === "function", "must pass callback to get")
@@ -68,7 +69,10 @@ CachingRegistryClient.prototype.get = function get (uri, params, cb) {
 
   // If the GET is part of a write operation (PUT or DELETE), then
   // skip past the cache entirely, but still save the results.
-  if (uri.match(/\?write=true$/)) return get_.call(this, uri, cachePath, params, cb)
+  if (uri.match(/\?write=true$/)) {
+    log.verbose("get", "GET as part of write; not caching result")
+    return get_.call(this, uri, cachePath, params, cb)
+  }
 
   var client = this
   fs.stat(cachePath, function (er, stat) {
@@ -170,6 +174,7 @@ function get_ (uri, cachePath, params, cb) {
     }
 
     function saveToCache (cachePath, data, saved) {
+      log.verbose("get", "saving", data.name, "to", cachePath)
       getCacheStat(function (er, st) {
         mkdirp(path.dirname(cachePath), function (er, made) {
           if (er) return saved()
diff --git a/deps/npm/lib/config/defaults.js b/deps/npm/lib/config/defaults.js
index 3d99ab86fa..b7443a7e03 100644
--- a/deps/npm/lib/config/defaults.js
+++ b/deps/npm/lib/config/defaults.js
@@ -24,7 +24,7 @@ try {
 exports.Umask = Umask
 function Umask () {}
 function validateUmask (data, k, val) {
-  return umask.validate (data, k, val)
+  return umask.validate(data, k, val)
 }
 
 function validateSemver (data, k, val) {
@@ -119,7 +119,9 @@ Object.defineProperty(exports, "defaults", {get: function () {
   }
 
   defaults = {
-    "always-auth" : false
+    access : "restricted"
+    , "always-auth" : false
+
     , "bin-links" : true
     , browser : null
 
@@ -228,7 +230,8 @@ Object.defineProperty(exports, "defaults", {get: function () {
 }})
 
 exports.types =
-  { "always-auth" : Boolean
+  { access : ["restricted", "public"]
+  , "always-auth" : Boolean
   , "bin-links": Boolean
   , browser : [null, String]
   , ca: [null, String, Array]
@@ -272,7 +275,7 @@ exports.types =
   // local-address must be listed as an IP for a local network interface
   // must be IPv4 due to node bug
   , "local-address" : getLocalAddresses()
-  , loglevel : ["silent","error","warn","http","info","verbose","silly"]
+  , loglevel : ["silent", "error", "warn", "http", "info", "verbose", "silly"]
   , logstream : Stream
   , long : Boolean
   , message: String
diff --git a/deps/npm/lib/dist-tag.js b/deps/npm/lib/dist-tag.js
new file mode 100644
index 0000000000..48b40202f9
--- /dev/null
+++ b/deps/npm/lib/dist-tag.js
@@ -0,0 +1,151 @@
+module.exports = distTag
+
+var log = require("npmlog")
+var npa = require("npm-package-arg")
+var semver = require("semver")
+
+var npm = require("./npm.js")
+var mapToRegistry = require("./utils/map-to-registry.js")
+var readLocalPkg = require("./utils/read-local-package.js")
+
+distTag.usage = "npm dist-tag add @ []"
+              + "\nnpm dist-tag rm  "
+              + "\nnpm dist-tag ls []"
+
+distTag.completion = function (opts, cb) {
+  var argv = opts.conf.argv.remain
+  if (argv.length === 2) {
+    return cb(null, ["add", "rm", "ls"])
+  }
+
+  switch (argv[2]) {
+    default:
+      return cb()
+  }
+}
+
+function distTag (args, cb) {
+  var cmd = args.shift()
+  switch (cmd) {
+    case "add": case "a": case "set": case "s":
+      return add(args[0], args[1], cb)
+    case "rm":  case "r": case "del": case "d": case "remove":
+      return remove(args[1], args[0], cb)
+    case "ls":  case "l": case "sl": case "list":
+      return list(args[0], cb)
+    default:
+      return cb("Usage:\n"+distTag.usage)
+  }
+}
+
+function add (spec, tag, cb) {
+  var thing = npa(spec || "")
+  var pkg = thing.name
+  var version = thing.rawSpec
+  var t = (tag || npm.config.get("tag")).trim()
+
+  log.verbose("dist-tag add", t, "to", pkg+"@"+version)
+
+  if (!pkg || !version || !t) return cb("Usage:\n"+distTag.usage)
+
+  if (semver.validRange(t)) {
+    var er = new Error("Tag name must not be a valid SemVer range: " + t)
+    return cb(er)
+  }
+
+  fetchTags(pkg, function (er, tags) {
+    if (er) return cb(er)
+
+    if (tags[t] === version) {
+      log.warn("dist-tag add", t, "is already set to version", version)
+      return cb()
+    }
+    tags[t] = version
+
+    mapToRegistry(pkg, npm.config, function (er, uri, auth, base) {
+      var params = {
+        package : pkg,
+        distTag : t,
+        version : version,
+        auth : auth
+      }
+
+      npm.registry.distTags.add(base, params, function (er) {
+        if (er) return cb(er)
+
+        console.log("+"+t+": "+pkg+"@"+version)
+        cb()
+      })
+    })
+  })
+}
+
+function remove (tag, pkg, cb) {
+  log.verbose("dist-tag del", tag, "from", pkg)
+
+  fetchTags(pkg, function (er, tags) {
+    if (er) return cb(er)
+
+    if (!tags[tag]) {
+      log.info("dist-tag del", tag, "is not a dist-tag on", pkg)
+      return cb(new Error(tag+" is not a dist-tag on "+pkg))
+    }
+
+    var version = tags[tag]
+    delete tags[tag]
+
+    mapToRegistry(pkg, npm.config, function (er, uri, auth, base) {
+      var params = {
+        package : pkg,
+        distTag : tag,
+        auth : auth
+      }
+
+      npm.registry.distTags.rm(base, params, function (er) {
+        if (er) return cb(er)
+
+        console.log("-"+tag+": "+pkg+"@"+version)
+        cb()
+      })
+    })
+  })
+}
+
+function list (pkg, cb) {
+  if (!pkg) return readLocalPkg(function (er, pkg) {
+    if (er) return cb(er)
+    if (!pkg) return cb(distTag.usage)
+    list(pkg, cb)
+  })
+
+  fetchTags(pkg, function (er, tags) {
+    if (er) {
+      log.error("dist-tag ls", "Couldn't get dist-tag data for", pkg)
+      return cb(er)
+    }
+    var msg = Object.keys(tags).map(function (k) {
+      return k+": "+tags[k]
+    }).sort().join("\n")
+    console.log(msg)
+    cb(er, tags)
+  })
+}
+
+function fetchTags (pkg, cb) {
+  mapToRegistry(pkg, npm.config, function (er, uri, auth, base) {
+    if (er) return cb(er)
+
+    var params = {
+      package : pkg,
+      auth : auth
+    }
+    npm.registry.distTags.fetch(base, params, function (er, tags) {
+      if (er) return cb(er)
+      if (!tags || !Object.keys(tags).length) {
+        return cb(new Error("No dist-tags found for " + pkg))
+      }
+
+      cb(null, tags)
+    })
+  })
+}
diff --git a/deps/npm/lib/npm.js b/deps/npm/lib/npm.js
index d03ec47b6b..8077e8ac99 100644
--- a/deps/npm/lib/npm.js
+++ b/deps/npm/lib/npm.js
@@ -67,6 +67,7 @@ var commandCache = {}
               , "isntall" : "install"
               , "up" : "update"
               , "c" : "config"
+              , "dist-tags" : "dist-tag"
               , "info" : "view"
               , "show" : "view"
               , "find" : "search"
@@ -111,6 +112,7 @@ var commandCache = {}
               , "adduser"
               , "unpublish"
               , "owner"
+              , "access"
               , "deprecate"
               , "shrinkwrap"
 
@@ -131,6 +133,7 @@ var commandCache = {}
               , "prefix"
               , "bin"
               , "whoami"
+              , "dist-tag"
 
               , "test"
               , "stop"
diff --git a/deps/npm/lib/owner.js b/deps/npm/lib/owner.js
index 7b34508337..3d33a932a3 100644
--- a/deps/npm/lib/owner.js
+++ b/deps/npm/lib/owner.js
@@ -6,8 +6,8 @@ owner.usage = "npm owner add  "
 
 var npm = require("./npm.js")
   , log = require("npmlog")
-  , readJson = require("read-package-json")
   , mapToRegistry = require("./utils/map-to-registry.js")
+  , readLocalPkg = require("./utils/read-local-package.js")
 
 owner.completion = function (opts, cb) {
   var argv = opts.conf.argv.remain
@@ -252,14 +252,6 @@ function mutate (pkg, user, mutation, cb) {
   }
 }
 
-function readLocalPkg (cb) {
-  if (npm.config.get("global")) return cb()
-  var path = require("path")
-  readJson(path.resolve(npm.prefix, "package.json"), function (er, d) {
-    return cb(er, d && d.name)
-  })
-}
-
 function unknown (action, cb) {
   cb("Usage: \n" + owner.usage)
 }
diff --git a/deps/npm/lib/publish.js b/deps/npm/lib/publish.js
index f179bd4222..18f45b0879 100644
--- a/deps/npm/lib/publish.js
+++ b/deps/npm/lib/publish.js
@@ -12,6 +12,7 @@ var npm = require("./npm.js")
   , mapToRegistry = require("./utils/map-to-registry.js")
   , cachedPackageRoot = require("./cache/cached-package-root.js")
   , createReadStream = require("graceful-fs").createReadStream
+  , npa = require("npm-package-arg")
 
 publish.usage = "npm publish "
               + "\nnpm publish "
@@ -121,6 +122,15 @@ function publish_ (arg, data, isRetry, cachedir, cb) {
       auth     : auth
     }
 
+    // registry-frontdoor cares about the access level, which is only
+    // configurable for scoped packages
+    if (npa(data.name).scope) {
+      params.access = config.get("access")
+    }
+    else {
+      params.access = "public"
+    }
+
     registry.publish(registryBase, params, function (er) {
       if (er && er.code === "EPUBLISHCONFLICT" &&
           npm.config.get("force") && !isRetry) {
diff --git a/deps/npm/lib/tag.js b/deps/npm/lib/tag.js
index bc7ec91879..75da0b2174 100644
--- a/deps/npm/lib/tag.js
+++ b/deps/npm/lib/tag.js
@@ -9,6 +9,7 @@ var npm = require("./npm.js")
   , mapToRegistry = require("./utils/map-to-registry.js")
   , npa = require("npm-package-arg")
   , semver = require("semver")
+  , log = require("npmlog")
 
 function tag (args, cb) {
   var thing = npa(args.shift() || "")
@@ -25,6 +26,8 @@ function tag (args, cb) {
     return cb(er)
   }
 
+  log.warn("tag", "This command is deprecated. Use `npm dist-tag` instead.")
+
   mapToRegistry(project, npm.config, function (er, uri, auth) {
     if (er) return cb(er)
 
diff --git a/deps/npm/lib/unbuild.js b/deps/npm/lib/unbuild.js
index df57c5b346..ede8482c40 100644
--- a/deps/npm/lib/unbuild.js
+++ b/deps/npm/lib/unbuild.js
@@ -5,6 +5,7 @@ var readJson = require("read-package-json")
   , gentlyRm = require("./utils/gently-rm.js")
   , npm = require("./npm.js")
   , path = require("path")
+  , isInside = require("path-is-inside")
   , lifecycle = require("./utils/lifecycle.js")
   , asyncMap = require("slide").asyncMap
   , chain = require("slide").chain
@@ -23,11 +24,12 @@ function unbuild_ (silent) { return function (folder, cb_) {
     cb_(er, path.relative(npm.root, folder))
   }
   folder = path.resolve(folder)
+  var base = isInside(folder, npm.prefix) ? npm.prefix : folder
   delete build._didBuild[folder]
   log.verbose("unbuild", folder.substr(npm.prefix.length + 1))
   readJson(path.resolve(folder, "package.json"), function (er, pkg) {
     // if no json, then just trash it, but no scripts or whatever.
-    if (er) return gentlyRm(folder, false, npm.prefix, cb)
+    if (er) return gentlyRm(folder, false, base, cb)
     readJson.cache.del(folder)
     chain
       ( [ [lifecycle, pkg, "preuninstall", folder, false, true]
@@ -38,7 +40,7 @@ function unbuild_ (silent) { return function (folder, cb_) {
           }
         , [rmStuff, pkg, folder]
         , [lifecycle, pkg, "postuninstall", folder, false, true]
-        , [gentlyRm, folder, false, npm.prefix] ]
+        , [gentlyRm, folder, false, base] ]
       , cb )
   })
 }}
diff --git a/deps/npm/lib/utils/read-local-package.js b/deps/npm/lib/utils/read-local-package.js
new file mode 100644
index 0000000000..ca6d613210
--- /dev/null
+++ b/deps/npm/lib/utils/read-local-package.js
@@ -0,0 +1,12 @@
+exports = module.exports = readLocalPkg
+
+var npm = require("../npm.js")
+  , readJson = require("read-package-json")
+
+function readLocalPkg (cb) {
+  if (npm.config.get("global")) return cb()
+  var path = require("path")
+  readJson(path.resolve(npm.prefix, "package.json"), function (er, d) {
+    return cb(er, d && d.name)
+  })
+}
diff --git a/deps/npm/man/man1/npm-access.1 b/deps/npm/man/man1/npm-access.1
new file mode 100644
index 0000000000..9b8e9d99dc
--- /dev/null
+++ b/deps/npm/man/man1/npm-access.1
@@ -0,0 +1,77 @@
+.TH "NPM\-ACCESS" "1" "January 2015" "" ""
+.SH "NAME"
+\fBnpm-access\fR \- Set access level on published packages
+.SH SYNOPSIS
+.P
+.RS 2
+.nf
+npm access public []
+npm access restricted []
+
+npm access add   []
+npm access rm  []
+
+npm access ls []
+npm access edit []
+.fi
+.RE
+.SH DESCRIPTION
+.P
+Used to set access controls on private packages\.
+.P
+For all of the subcommands, \fBnpm access\fR will perform actions on the packages
+in the current working directory if no package name is passed to the
+subcommand\.
+.RS 0
+.IP \(bu 2
+public / restricted:
+Set a package to be either publicly accessible or restricted\.
+.IP \(bu 2
+add / rm:
+Add or remove the ability of users and teams to have read\-only or read\-write
+access to a package\.
+.IP \(bu 2
+ls:
+Show all of the access privileges for a package\. Will only show permissions
+for packages to which you have at least read access\.
+.IP \(bu 2
+edit:
+Set the access privileges for a package at once using \fB$EDITOR\fR\|\.
+
+.RE
+.SH DETAILS
+.P
+\fBnpm access\fR always operates directly on the current registry, configurable
+from the command line using \fB\-\-registry=\fR\|\.
+.P
+Unscoped packages are \fIalways public\fR\|\.
+.P
+Scoped packages \fIdefault to restricted\fR, but you can either publish them as
+public using \fBnpm publish \-\-access=public\fR, or set their access as public using
+\fBnpm access public\fR after the initial publish\.
+.P
+You must have privileges to set the access of a package:
+.RS 0
+.IP \(bu 2
+You are an owner of an unscoped or scoped package\.
+.IP \(bu 2
+You are a member of the team that owns a scope\.
+.IP \(bu 2
+You have been given read\-write privileges for a package, either as a member
+of a team or directly as an owner\.
+
+.RE
+.P
+If your account is not paid, then attempts to publish scoped packages will fail
+with an HTTP 402 status code (logically enough), unless you use
+\fB\-\-access=public\fR\|\.
+.SH SEE ALSO
+.RS 0
+.IP \(bu 2
+npm help publish
+.IP \(bu 2
+npm help 7 config
+.IP \(bu 2
+npm help 7 registry
+
+.RE
diff --git a/deps/npm/man/man1/npm-dist-tag.1 b/deps/npm/man/man1/npm-dist-tag.1
new file mode 100644
index 0000000000..1d099f9606
--- /dev/null
+++ b/deps/npm/man/man1/npm-dist-tag.1
@@ -0,0 +1,94 @@
+.TH "NPM\-DIST\-TAG" "1" "January 2015" "" ""
+.SH "NAME"
+\fBnpm-dist-tag\fR \- Modify package distribution tags
+.SH SYNOPSIS
+.P
+.RS 2
+.nf
+npm dist\-tag add @ []
+npm dist\-tag rm  
+npm dist\-tag ls []
+.fi
+.RE
+.SH DESCRIPTION
+.P
+Add, remove, and enumerate distribution tags on a package:
+.RS 0
+.IP \(bu 2
+add:
+Tags the specified version of the package with the specified tag, or the
+\fB\-\-tag\fR config if not specified\.
+.IP \(bu 2
+rm:
+Clear a tag that is no longer in use from the package\.
+.IP \(bu 2
+ls:
+Show all of the dist\-tags for a package, defaulting to the package in
+the curren prefix\.
+
+.RE
+.P
+A tag can be used when installing packages as a reference to a version instead
+of using a specific version number:
+.P
+.RS 2
+.nf
+npm install @
+.fi
+.RE
+.P
+When installing dependencies, a preferred tagged version may be specified:
+.P
+.RS 2
+.nf
+npm install \-\-tag 
+.fi
+.RE
+.P
+This also applies to \fBnpm dedupe\fR\|\.
+.P
+Publishing a package always sets the "latest" tag to the published version\.
+.SH PURPOSE
+.P
+Tags can be used to provide an alias instead of version numbers\.  For
+example, \fBnpm\fR currently uses the tag "next" to identify the upcoming
+version, and the tag "latest" to identify the current version\.
+.P
+A project might choose to have multiple streams of development, e\.g\.,
+"stable", "canary"\.
+.SH CAVEATS
+.P
+This command used to be known as \fBnpm tag\fR, which only created new tags, and so
+had a different syntax\.
+.P
+Tags must share a namespace with version numbers, because they are specified in
+the same slot: \fBnpm install @\fR vs \fBnpm install @\fR\|\.
+.P
+Tags that can be interpreted as valid semver ranges will be rejected\. For
+example, \fBv1\.4\fR cannot be used as a tag, because it is interpreted by semver as
+\fB>=1\.4\.0 <1\.5\.0\fR\|\.  See https://github\.com/npm/npm/issues/6082\|\.
+.P
+The simplest way to avoid semver problems with tags is to use tags that do not
+begin with a number or the letter \fBv\fR\|\.
+.SH SEE ALSO
+.RS 0
+.IP \(bu 2
+npm help tag
+.IP \(bu 2
+npm help publish
+.IP \(bu 2
+npm help install
+.IP \(bu 2
+npm help dedupe
+.IP \(bu 2
+npm help 7 registry
+.IP \(bu 2
+npm help config
+.IP \(bu 2
+npm help 7 config
+.IP \(bu 2
+npm apihelp tag
+.IP \(bu 2
+npm help 5 npmrc
+
+.RE
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index bbdc916666..53784cbc39 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -23,7 +23,7 @@ For example, running \fBnpm ls promzard\fR in npm's source tree will show:
 .P
 .RS 2
 .nf
-npm@2.3.0 /path/to/npm
+npm@2.4.1 /path/to/npm
 └─┬ init\-package\-json@0\.0\.4
   └── promzard@0\.1\.5
 .fi
diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1
index 0df825154b..d8a6368fc4 100644
--- a/deps/npm/man/man1/npm-publish.1
+++ b/deps/npm/man/man1/npm-publish.1
@@ -5,8 +5,8 @@
 .P
 .RS 2
 .nf
-npm publish  [\-\-tag ]
-npm publish  [\-\-tag ]
+npm publish  [\-\-tag ] [\-\-access ]
+npm publish  [\-\-tag ] [\-\-access ]
 .fi
 .RE
 .SH DESCRIPTION
@@ -31,6 +31,12 @@ with a package\.json file inside\.
 Registers the published package with the given tag, such that \fBnpm install
 @\fR will install this version\.  By default, \fBnpm publish\fR updates
 and \fBnpm install\fR installs the \fBlatest\fR tag\.
+.IP \(bu 2
+\fB[\-\-access ]\fR
+Tells the registry whether this package should be published as public or
+restricted\. Only applies to scoped packages, which default to \fBrestricted\fR\|\.
+If you don't have a paid account, you must publish with \fB\-\-access public\fR
+to publish scoped packages\.
 
 .RE
 .P
@@ -45,6 +51,8 @@ it is removed with npm help unpublish\.
 .IP \(bu 2
 npm help 7 registry
 .IP \(bu 2
+npm help 7 scope
+.IP \(bu 2
 npm help adduser
 .IP \(bu 2
 npm help owner
diff --git a/deps/npm/man/man1/npm-tag.1 b/deps/npm/man/man1/npm-tag.1
index 995ad39907..ed72fa30de 100644
--- a/deps/npm/man/man1/npm-tag.1
+++ b/deps/npm/man/man1/npm-tag.1
@@ -10,6 +10,8 @@ npm tag @ []
 .RE
 .SH DESCRIPTION
 .P
+THIS COMMAND IS DEPRECATED\. See npm help dist\-tag for details\.
+.P
 Tags the specified version of the package with the specified tag, or the
 \fB\-\-tag\fR config if not specified\.
 .P
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index 7b4465aa29..4fad037145 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -10,7 +10,7 @@ npm  [args]
 .RE
 .SH VERSION
 .P
-2.3.0
+2.4.1
 .SH DESCRIPTION
 .P
 npm is the package manager for the Node JavaScript platform\.  It puts
diff --git a/deps/npm/man/man3/npm.3 b/deps/npm/man/man3/npm.3
index 1bd3f3890f..080c5ac119 100644
--- a/deps/npm/man/man3/npm.3
+++ b/deps/npm/man/man3/npm.3
@@ -20,7 +20,7 @@ npm\.load([configObject, ]function (er, npm) {
 .RE
 .SH VERSION
 .P
-2.3.0
+2.4.1
 .SH DESCRIPTION
 .P
 This is the API documentation for npm\.
diff --git a/deps/npm/man/man7/npm-config.7 b/deps/npm/man/man7/npm-config.7
index b76ec439c5..a325169983 100644
--- a/deps/npm/man/man7/npm-config.7
+++ b/deps/npm/man/man7/npm-config.7
@@ -151,6 +151,19 @@ npm config set foo:port 80
 .P
 See npm help 5 package\.json for more information\.
 .SH Config Settings
+.SS access
+.RS 0
+.IP \(bu 2
+Default: \fBrestricted\fR
+.IP \(bu 2
+Type: Access
+
+.RE
+.P
+When publishing scoped packages, the access level defaults to \fBrestricted\fR\|\.  If
+you want your scoped package to be publicly viewable (and installable) set
+\fB\-\-access=public\fR\|\. The only valid values for \fBaccess\fR are \fBpublic\fR and
+\fBrestricted\fR\|\. Unscoped packages \fIalways\fR have an access level of \fBpublic\fR\|\.
 .SS always\-auth
 .RS 0
 .IP \(bu 2
diff --git a/deps/npm/man/man7/npm-index.7 b/deps/npm/man/man7/npm-index.7
index b3608b5777..7ca7b25606 100644
--- a/deps/npm/man/man7/npm-index.7
+++ b/deps/npm/man/man7/npm-index.7
@@ -10,6 +10,9 @@ Using npm on the command line
 .SS npm help npm
 .P
 javascript package manager
+.SS npm help access
+.P
+Set access level on published packages
 .SS npm help adduser
 .P
 Add a registry user account
@@ -40,6 +43,9 @@ Reduce duplication
 .SS npm help deprecate
 .P
 Deprecate a version of a package
+.SS npm help dist\-tag
+.P
+Modify package distribution tags
 .SS npm help docs
 .P
 Docs for a package in a web browser maybe
diff --git a/deps/npm/node_modules/init-package-json/default-input.js b/deps/npm/node_modules/init-package-json/default-input.js
index 068bb00a82..1b7d2c0638 100644
--- a/deps/npm/node_modules/init-package-json/default-input.js
+++ b/deps/npm/node_modules/init-package-json/default-input.js
@@ -28,7 +28,7 @@ function readDeps (test) { return function (cb) {
         try { p = JSON.parse(p) }
         catch (e) { return next() }
         if (!p.version) return next()
-        deps[d] = config.get('save-prefix') + p.version
+        deps[d] = config.get('save-exact') ? p.version : config.get('save-prefix') + p.version
         return next()
       })
     })
diff --git a/deps/npm/node_modules/init-package-json/node_modules/promzard/package.json b/deps/npm/node_modules/init-package-json/node_modules/promzard/package.json
index c15c772241..f66857539f 100644
--- a/deps/npm/node_modules/init-package-json/node_modules/promzard/package.json
+++ b/deps/npm/node_modules/init-package-json/node_modules/promzard/package.json
@@ -44,5 +44,6 @@
     "tarball": "http://registry.npmjs.org/promzard/-/promzard-0.2.2.tgz"
   },
   "directories": {},
-  "_resolved": "https://registry.npmjs.org/promzard/-/promzard-0.2.2.tgz"
+  "_resolved": "https://registry.npmjs.org/promzard/-/promzard-0.2.2.tgz",
+  "readme": "ERROR: No README data found!"
 }
diff --git a/deps/npm/node_modules/init-package-json/package.json b/deps/npm/node_modules/init-package-json/package.json
index de90de6207..f3cadb45e7 100644
--- a/deps/npm/node_modules/init-package-json/package.json
+++ b/deps/npm/node_modules/init-package-json/package.json
@@ -1,6 +1,6 @@
 {
   "name": "init-package-json",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "main": "init-package-json.js",
   "scripts": {
     "test": "tap test/*.js"
@@ -38,14 +38,34 @@
     "prompt",
     "start"
   ],
-  "readme": "# init-package-json\n\nA node module to get your node module started.\n\n## Usage\n\n```javascript\nvar init = require('init-package-json')\nvar path = require('path')\n\n// a path to a promzard module.  In the event that this file is\n// not found, one will be provided for you.\nvar initFile = path.resolve(process.env.HOME, '.npm-init')\n\n// the dir where we're doin stuff.\nvar dir = process.cwd()\n\n// extra stuff that gets put into the PromZard module's context.\n// In npm, this is the resolved config object.  Exposed as 'config'\n// Optional.\nvar configData = { some: 'extra stuff' }\n\n// Any existing stuff from the package.json file is also exposed in the\n// PromZard module as the `package` object.  There will also be free\n// vars for:\n// * `filename` path to the package.json file\n// * `basename` the tip of the package dir\n// * `dirname` the parent of the package dir\n\ninit(dir, initFile, configData, function (er, data) {\n  // the data's already been written to {dir}/package.json\n  // now you can do stuff with it\n})\n```\n\nOr from the command line:\n\n```\n$ npm-init\n```\n\nSee [PromZard](https://github.com/isaacs/promzard) for details about\nwhat can go in the config file.\n",
-  "readmeFilename": "README.md",
-  "gitHead": "b766900b2d615ddc43c452e251b8c5543538e832",
+  "gitHead": "6c0743199706494a190c0b47d2e2567dc86055a3",
   "bugs": {
     "url": "https://github.com/isaacs/init-package-json/issues"
   },
   "homepage": "https://github.com/isaacs/init-package-json",
-  "_id": "init-package-json@1.1.3",
-  "_shasum": "1d633c151a4909891afc8ee13cace8b336c0c9c2",
-  "_from": "init-package-json@>=1.1.3 <1.2.0"
+  "_id": "init-package-json@1.2.0",
+  "_shasum": "b9f027514403b3b3f582c148592ab75214003348",
+  "_from": "init-package-json@>=1.2.0 <1.3.0",
+  "_npmVersion": "2.3.0",
+  "_nodeVersion": "0.10.35",
+  "_npmUser": {
+    "name": "othiym23",
+    "email": "ogd@aoaioxxysz.net"
+  },
+  "maintainers": [
+    {
+      "name": "isaacs",
+      "email": "i@izs.me"
+    },
+    {
+      "name": "othiym23",
+      "email": "ogd@aoaioxxysz.net"
+    }
+  ],
+  "dist": {
+    "shasum": "b9f027514403b3b3f582c148592ab75214003348",
+    "tarball": "http://registry.npmjs.org/init-package-json/-/init-package-json-1.2.0.tgz"
+  },
+  "directories": {},
+  "_resolved": "https://registry.npmjs.org/init-package-json/-/init-package-json-1.2.0.tgz"
 }
diff --git a/deps/npm/node_modules/init-package-json/test/npm-defaults.js b/deps/npm/node_modules/init-package-json/test/npm-defaults.js
index f65f646316..666e9a1c49 100644
--- a/deps/npm/node_modules/init-package-json/test/npm-defaults.js
+++ b/deps/npm/node_modules/init-package-json/test/npm-defaults.js
@@ -14,7 +14,7 @@ var EXPECTED = {
     test          : 'echo "Error: no test specified" && exit 1'
   },
   keywords        : [],
-  author          : "npmbot  (http://npm.im)",
+  author          : "npmbot  (http://npm.im/)",
   license         : "WTFPL"
 }
 
diff --git a/deps/npm/node_modules/node-gyp/addon.gypi b/deps/npm/node_modules/node-gyp/addon.gypi
index 63fefe3d16..0b81fab202 100644
--- a/deps/npm/node_modules/node-gyp/addon.gypi
+++ b/deps/npm/node_modules/node-gyp/addon.gypi
@@ -42,7 +42,7 @@
           '-luuid.lib',
           '-lodbc32.lib',
           '-lDelayImp.lib',
-          '-l"<(node_root_dir)/$(ConfigurationName)/iojs.lib"'
+          '-l"<(node_root_dir)/$(ConfigurationName)/node.lib"'
         ],
         # warning C4251: 'node::ObjectWrap::handle_' : class 'v8::Persistent'
         # needs to have dll-interface to be used by clients of class 'node::ObjectWrap'
diff --git a/deps/npm/node_modules/node-gyp/lib/build.js b/deps/npm/node_modules/node-gyp/lib/build.js
index 3d3c58785f..f3605902e9 100644
--- a/deps/npm/node_modules/node-gyp/lib/build.js
+++ b/deps/npm/node_modules/node-gyp/lib/build.js
@@ -173,7 +173,7 @@ function build (gyp, argv, callback) {
   }
 
   /**
-   * Copies the iojs.lib file for the current target architecture into the
+   * Copies the node.lib file for the current target architecture into the
    * current proper dev dir location.
    */
 
@@ -181,15 +181,15 @@ function build (gyp, argv, callback) {
     if (!win || !copyDevLib) return doBuild()
 
     var buildDir = path.resolve(nodeDir, buildType)
-      , archNodeLibPath = path.resolve(nodeDir, arch, 'iojs.lib')
-      , buildNodeLibPath = path.resolve(buildDir, 'iojs.lib')
+      , archNodeLibPath = path.resolve(nodeDir, arch, 'node.lib')
+      , buildNodeLibPath = path.resolve(buildDir, 'node.lib')
 
     mkdirp(buildDir, function (err, isNew) {
       if (err) return callback(err)
       log.verbose('"' + buildType + '" dir needed to be created?', isNew)
       var rs = fs.createReadStream(archNodeLibPath)
         , ws = fs.createWriteStream(buildNodeLibPath)
-      log.verbose('copying "iojs.lib" for ' + arch, buildNodeLibPath)
+      log.verbose('copying "node.lib" for ' + arch, buildNodeLibPath)
       rs.pipe(ws)
       rs.on('error', callback)
       ws.on('error', callback)
diff --git a/deps/npm/node_modules/node-gyp/lib/install.js b/deps/npm/node_modules/node-gyp/lib/install.js
index 378fbfae47..6f72e6a93d 100644
--- a/deps/npm/node_modules/node-gyp/lib/install.js
+++ b/deps/npm/node_modules/node-gyp/lib/install.js
@@ -39,7 +39,7 @@ function install (gyp, argv, callback) {
     }
   }
 
-  var distUrl = gyp.opts['dist-url'] || gyp.opts.disturl || 'https://iojs.org/dist'
+  var distUrl = gyp.opts['dist-url'] || gyp.opts.disturl || 'http://nodejs.org/dist'
 
 
   // Determine which node dev files version we are installing
@@ -185,7 +185,7 @@ function install (gyp, argv, callback) {
 
       // now download the node tarball
       var tarPath = gyp.opts['tarball']
-      var tarballUrl = tarPath ? tarPath : distUrl + '/v' + version + '/iojs-v' + version + '.tar.gz'
+      var tarballUrl = tarPath ? tarPath : distUrl + '/v' + version + '/node-v' + version + '.tar.gz'
         , badDownload = false
         , extractCount = 0
         , gunzip = zlib.createGunzip()
@@ -267,7 +267,7 @@ function install (gyp, argv, callback) {
         var async = 0
 
         if (win) {
-          // need to download iojs.lib
+          // need to download node.lib
           async++
           downloadNodeLib(deref)
         }
@@ -295,8 +295,7 @@ function install (gyp, argv, callback) {
             // check content shasums
             for (var k in contentShasums) {
               log.verbose('validating download checksum for ' + k, '(%s == %s)', contentShasums[k], expectShasums[k])
-              // TODO(piscisaureus) re-enable checksum verification when the correct files are in place.
-              if (false || contentShasums[k] !== expectShasums[k]) {
+              if (contentShasums[k] !== expectShasums[k]) {
                 cb(new Error(k + ' local checksum ' + contentShasums[k] + ' not match remote ' + expectShasums[k]))
                 return
               }
@@ -344,36 +343,36 @@ function install (gyp, argv, callback) {
       }
 
       function downloadNodeLib (done) {
-        log.verbose('on Windows; need to download `iojs.lib`...')
+        log.verbose('on Windows; need to download `node.lib`...')
         var dir32 = path.resolve(devDir, 'ia32')
           , dir64 = path.resolve(devDir, 'x64')
-          , nodeLibPath32 = path.resolve(dir32, 'iojs.lib')
-          , nodeLibPath64 = path.resolve(dir64, 'iojs.lib')
-          , nodeLibUrl32 = distUrl + '/v' + version + '/win-x86/iojs.lib'
-          , nodeLibUrl64 = distUrl + '/v' + version + '/win-x64/iojs.lib'
+          , nodeLibPath32 = path.resolve(dir32, 'node.lib')
+          , nodeLibPath64 = path.resolve(dir64, 'node.lib')
+          , nodeLibUrl32 = distUrl + '/v' + version + '/node.lib'
+          , nodeLibUrl64 = distUrl + '/v' + version + '/x64/node.lib'
 
-        log.verbose('32-bit iojs.lib dir', dir32)
-        log.verbose('64-bit iojs.lib dir', dir64)
-        log.verbose('`iojs.lib` 32-bit url', nodeLibUrl32)
-        log.verbose('`iojs.lib` 64-bit url', nodeLibUrl64)
+        log.verbose('32-bit node.lib dir', dir32)
+        log.verbose('64-bit node.lib dir', dir64)
+        log.verbose('`node.lib` 32-bit url', nodeLibUrl32)
+        log.verbose('`node.lib` 64-bit url', nodeLibUrl64)
 
         var async = 2
         mkdir(dir32, function (err) {
           if (err) return done(err)
-          log.verbose('streaming 32-bit iojs.lib to:', nodeLibPath32)
+          log.verbose('streaming 32-bit node.lib to:', nodeLibPath32)
 
           var req = download(nodeLibUrl32)
           if (!req) return
           req.on('error', done)
           req.on('response', function (res) {
             if (res.statusCode !== 200) {
-              done(new Error(res.statusCode + ' status code downloading 32-bit iojs.lib'))
+              done(new Error(res.statusCode + ' status code downloading 32-bit node.lib'))
               return
             }
 
             getContentSha(res, function (_, checksum) {
-              contentShasums['win-x86/iojs.lib'] = checksum
-              log.verbose('content checksum', 'win-x86/iojs.lib', checksum)
+              contentShasums['node.lib'] = checksum
+              log.verbose('content checksum', 'node.lib', checksum)
             })
 
             var ws = fs.createWriteStream(nodeLibPath32)
@@ -386,20 +385,20 @@ function install (gyp, argv, callback) {
         })
         mkdir(dir64, function (err) {
           if (err) return done(err)
-          log.verbose('streaming 64-bit iojs.lib to:', nodeLibPath64)
+          log.verbose('streaming 64-bit node.lib to:', nodeLibPath64)
 
           var req = download(nodeLibUrl64)
           if (!req) return
           req.on('error', done)
           req.on('response', function (res) {
             if (res.statusCode !== 200) {
-              done(new Error(res.statusCode + ' status code downloading 64-bit iojs.lib'))
+              done(new Error(res.statusCode + ' status code downloading 64-bit node.lib'))
               return
             }
 
             getContentSha(res, function (_, checksum) {
-              contentShasums['win-x64/iojs.lib'] = checksum
-              log.verbose('content checksum', 'win-x64/iojs.lib', checksum)
+              contentShasums['x64/node.lib'] = checksum
+              log.verbose('content checksum', 'x64/node.lib', checksum)
             })
 
             var ws = fs.createWriteStream(nodeLibPath64)
diff --git a/deps/npm/node_modules/npm-registry-client/README.md b/deps/npm/node_modules/npm-registry-client/README.md
index a35c483117..702ae2ea1d 100644
--- a/deps/npm/node_modules/npm-registry-client/README.md
+++ b/deps/npm/node_modules/npm-registry-client/README.md
@@ -55,6 +55,19 @@ for authorization. These credentials always look the same:
 
 ## API
 
+### client.access(uri, params, cb)
+
+* `uri` {String} Registry URL for the package's access API endpoint.
+  Looks like `/-/package//access`.
+* `params` {Object} Object containing per-request properties.
+  * `access` {String} New access level for the package. Can be either
+    `public` or `restricted`. Registry will raise an error if trying
+    to change the access level of an unscoped package.
+  * `auth` {Credentials}
+
+Set the access level for scoped packages. For now, there are only two
+access levels: "public" and "restricted".
+
 ### client.adduser(uri, params, cb)
 
 * `uri` {String} Base registry URL.
@@ -79,6 +92,67 @@ Add a user account to the registry, or verify the credentials.
 
 Deprecate a version of a package in the registry.
 
+### client.distTags.fetch(uri, params, cb)
+
+* `uri` {String} Base URL for the registry.
+* `params` {Object} Object containing per-request properties.
+  * `package` {String} Name of the package.
+  * `auth` {Credentials}
+* `cb` {Function}
+
+Fetch all of the `dist-tags` for the named package.
+
+### client.distTags.add(uri, params, cb)
+
+* `uri` {String} Base URL for the registry.
+* `params` {Object} Object containing per-request properties.
+  * `package` {String} Name of the package.
+  * `distTag` {String} Name of the new `dist-tag`.
+  * `version` {String} Exact version to be mapped to the `dist-tag`.
+  * `auth` {Credentials}
+* `cb` {Function}
+
+Add (or replace) a single dist-tag onto the named package.
+
+### client.distTags.set(uri, params, cb)
+
+* `uri` {String} Base URL for the registry.
+* `params` {Object} Object containing per-request properties.
+  * `package` {String} Name of the package.
+  * `distTags` {Object} Object containing a map from tag names to package
+     versions.
+  * `auth` {Credentials}
+* `cb` {Function}
+
+Set all of the `dist-tags` for the named package at once, creating any
+`dist-tags` that do not already exit. Any `dist-tags` not included in the
+`distTags` map will be removed.
+
+### client.distTags.update(uri, params, cb)
+
+* `uri` {String} Base URL for the registry.
+* `params` {Object} Object containing per-request properties.
+  * `package` {String} Name of the package.
+  * `distTags` {Object} Object containing a map from tag names to package
+     versions.
+  * `auth` {Credentials}
+* `cb` {Function}
+
+Update the values of multiple `dist-tags`, creating any `dist-tags` that do
+not already exist. Any pre-existing `dist-tags` not included in the `distTags`
+map will be left alone.
+
+### client.distTags.rm(uri, params, cb)
+
+* `uri` {String} Base URL for the registry.
+* `params` {Object} Object containing per-request properties.
+  * `package` {String} Name of the package.
+  * `distTag` {String} Name of the new `dist-tag`.
+  * `auth` {Credentials}
+* `cb` {Function}
+
+Remove a single `dist-tag` from the named package.
+
 ### client.get(uri, params, cb)
 
 * `uri` {String} The complete registry URI to fetch
@@ -100,6 +174,7 @@ with the ETag or the "Last Modified" timestamp.
 * `uri` {String} The registry URI for the package to publish.
 * `params` {Object} Object containing per-request properties.
   * `metadata` {Object} Package metadata.
+  * `access` {String} Access for the package. Can be `public` or `restricted` (no default).
   * `body` {Stream} Stream of the package body / tarball.
   * `auth` {Credentials}
 * `cb` {Function}
@@ -215,7 +290,7 @@ any):
 * `proxy.https` {URL} The URL to proxy HTTPS requests through. Defaults to be
   the same as `proxy.http` if unset.
 * `proxy.localAddress` {IP} The local address to use on multi-homed systems.
-* `ssl.ca` {String} Cerficate signing authority certificates to trust.
+* `ssl.ca` {String} Certificate signing authority certificates to trust.
 * `ssl.certificate` {String} Client certificate (PEM encoded). Enable access
   to servers that require client certificates.
 * `ssl.key` {String} Private key (PEM encoded) for client certificate.
diff --git a/deps/npm/node_modules/npm-registry-client/index.js b/deps/npm/node_modules/npm-registry-client/index.js
index 801d00f8e9..6ea288b0a6 100644
--- a/deps/npm/node_modules/npm-registry-client/index.js
+++ b/deps/npm/node_modules/npm-registry-client/index.js
@@ -46,11 +46,34 @@ function RegClient (config) {
 
   this.log = this.config.log || npmlog
   delete this.config.log
+
+  var client = this
+  fs.readdirSync(join(__dirname, "lib")).forEach(function (f) {
+    var entry = join(__dirname, "lib", f)
+
+    // lib/group-name/operation.js -> client.groupName.operation
+    var stat = fs.statSync(entry)
+    if (stat.isDirectory()) {
+      var groupName = f.replace(/-([a-z])/, dashToCamel)
+      fs.readdirSync(entry).forEach(function (f) {
+        if (!f.match(/\.js$/)) return
+
+        if (!client[groupName]) {
+          // keep client.groupName.operation from stomping client.operation
+          client[groupName] = Object.create(client)
+        }
+        var name = f.replace(/\.js$/, "").replace(/-([a-z])/, dashToCamel)
+        client[groupName][name] = require(join(entry, f))
+      })
+      return
+    }
+
+    if (!f.match(/\.js$/)) return
+    var name = f.replace(/\.js$/, "").replace(/-([a-z])/, dashToCamel)
+    client[name] = require(entry)
+  })
 }
 
-fs.readdirSync(join(__dirname, "lib")).forEach(function (f) {
-  if (!f.match(/\.js$/)) return
-  var name = f.replace(/\.js$/, "")
-              .replace(/-([a-z])/, function (_, l) { return l.toUpperCase() })
-  RegClient.prototype[name] = require(join(__dirname, "lib", f))
-})
+function dashToCamel (_, l) {
+  return l.toUpperCase()
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/access.js b/deps/npm/node_modules/npm-registry-client/lib/access.js
new file mode 100644
index 0000000000..c642d16f3f
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/access.js
@@ -0,0 +1,30 @@
+module.exports = access
+
+var assert = require("assert")
+
+function access (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to access")
+  assert(params && typeof params === "object", "must pass params to access")
+  assert(typeof cb === "function", "muss pass callback to access")
+
+  assert(typeof params.level === "string", "must pass level to access")
+  assert(
+    ["public", "restricted"].indexOf(params.level) !== -1,
+    "access level must be either 'public' or 'restricted'"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to access"
+  )
+
+  var body = {
+    access : params.level
+  }
+
+  var options = {
+    method : "POST",
+    body : JSON.stringify(body),
+    auth : params.auth
+  }
+  this.request(uri, options, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/dist-tags/add.js b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/add.js
new file mode 100644
index 0000000000..7443cbca2f
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/add.js
@@ -0,0 +1,43 @@
+module.exports = add
+
+var assert = require("assert")
+var url = require("url")
+
+var npa = require("npm-package-arg")
+
+function add (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to distTags.add")
+  assert(
+    params && typeof params === "object",
+    "must pass params to distTags.add"
+  )
+  assert(typeof cb === "function", "muss pass callback to distTags.add")
+
+  assert(
+    typeof params.package === "string",
+    "must pass package name to distTags.add"
+  )
+  assert(
+    typeof params.distTag === "string",
+    "must pass package distTag name to distTags.add"
+  )
+  assert(
+    typeof params.version === "string",
+    "must pass version to be mapped to distTag to distTags.add"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to distTags.add"
+  )
+
+  var p = npa(params.package)
+  var package = p.scope ? params.package.replace("/", "%2f") : params.package
+  var rest = "-/package/"+package+"/dist-tags/"+params.distTag
+
+  var options = {
+    method : "PUT",
+    body : JSON.stringify(params.version),
+    auth : params.auth
+  }
+  this.request(url.resolve(uri, rest), options, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/dist-tags/fetch.js b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/fetch.js
new file mode 100644
index 0000000000..46bb33f4d5
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/fetch.js
@@ -0,0 +1,37 @@
+module.exports = fetch
+
+var assert = require("assert")
+var url = require("url")
+
+var npa = require("npm-package-arg")
+
+function fetch (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to distTags.fetch")
+  assert(
+    params && typeof params === "object",
+    "must pass params to distTags.fetch"
+  )
+  assert(typeof cb === "function", "muss pass callback to distTags.fetch")
+
+  assert(
+    typeof params.package === "string",
+    "must pass package name to distTags.fetch"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to distTags.fetch"
+  )
+
+  var p = npa(params.package)
+  var package = p.scope ? params.package.replace("/", "%2f") : params.package
+  var rest = "-/package/"+package+"/dist-tags"
+
+  var options = {
+    method : "GET",
+    auth : params.auth
+  }
+  this.request(url.resolve(uri, rest), options, function (er, data) {
+    if (data && typeof data === "object") delete data._etag
+    cb(er, data)
+  })
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/dist-tags/rm.js b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/rm.js
new file mode 100644
index 0000000000..dbae245ecf
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/rm.js
@@ -0,0 +1,38 @@
+module.exports = rm
+
+var assert = require("assert")
+var url = require("url")
+
+var npa = require("npm-package-arg")
+
+function rm (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to distTags.rm")
+  assert(
+    params && typeof params === "object",
+    "must pass params to distTags.rm"
+  )
+  assert(typeof cb === "function", "muss pass callback to distTags.rm")
+
+  assert(
+    typeof params.package === "string",
+    "must pass package name to distTags.rm"
+  )
+  assert(
+    typeof params.distTag === "string",
+    "must pass package distTag name to distTags.rm"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to distTags.rm"
+  )
+
+  var p = npa(params.package)
+  var package = p.scope ? params.package.replace("/", "%2f") : params.package
+  var rest = "-/package/"+package+"/dist-tags/"+params.distTag
+
+  var options = {
+    method : "DELETE",
+    auth : params.auth
+  }
+  this.request(url.resolve(uri, rest), options, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/dist-tags/set.js b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/set.js
new file mode 100644
index 0000000000..e1e17cde50
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/set.js
@@ -0,0 +1,39 @@
+module.exports = set
+
+var assert = require("assert")
+var url = require("url")
+
+var npa = require("npm-package-arg")
+
+function set (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to distTags.set")
+  assert(
+    params && typeof params === "object",
+    "must pass params to distTags.set"
+  )
+  assert(typeof cb === "function", "muss pass callback to distTags.set")
+
+  assert(
+    typeof params.package === "string",
+    "must pass package name to distTags.set"
+  )
+  assert(
+    params.distTags && typeof params.distTags === "object",
+    "must pass distTags map to distTags.set"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to distTags.set"
+  )
+
+  var p = npa(params.package)
+  var package = p.scope ? params.package.replace("/", "%2f") : params.package
+  var rest = "-/package/"+package+"/dist-tags"
+
+  var options = {
+    method : "PUT",
+    body : JSON.stringify(params.distTags),
+    auth : params.auth
+  }
+  this.request(url.resolve(uri, rest), options, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/dist-tags/update.js b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/update.js
new file mode 100644
index 0000000000..6c46fc5322
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/dist-tags/update.js
@@ -0,0 +1,39 @@
+module.exports = update
+
+var assert = require("assert")
+var url = require("url")
+
+var npa = require("npm-package-arg")
+
+function update (uri, params, cb) {
+  assert(typeof uri === "string", "must pass registry URI to distTags.update")
+  assert(
+    params && typeof params === "object",
+    "must pass params to distTags.update"
+  )
+  assert(typeof cb === "function", "muss pass callback to distTags.update")
+
+  assert(
+    typeof params.package === "string",
+    "must pass package name to distTags.update"
+  )
+  assert(
+    params.distTags && typeof params.distTags === "object",
+    "must pass distTags map to distTags.update"
+  )
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to distTags.update"
+  )
+
+  var p = npa(params.package)
+  var package = p.scope ? params.package.replace("/", "%2f") : params.package
+  var rest = "-/package/"+package+"/dist-tags"
+
+  var options = {
+    method : "POST",
+    body : JSON.stringify(params.distTags),
+    auth : params.auth
+  }
+  this.request(url.resolve(uri, rest), options, cb)
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/publish.js b/deps/npm/node_modules/npm-registry-client/lib/publish.js
index ea9dcaef74..24034a6b86 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/publish.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/publish.js
@@ -17,6 +17,13 @@ function publish (uri, params, cb) {
   assert(params && typeof params === "object", "must pass params to publish")
   assert(typeof cb === "function", "must pass callback to publish")
 
+  var access = params.access
+  assert(access && typeof access === "string", "must pass access for package")
+  assert(
+    ["public", "restricted"].indexOf(access) !== -1,
+    "access level must be either 'public' or 'restricted'"
+  )
+
   var auth = params.auth
   assert(auth && typeof auth === "object", "must pass auth to publish")
   if (!(auth.token ||
@@ -46,13 +53,13 @@ function publish (uri, params, cb) {
   assert(body instanceof Stream, "package body passed to publish must be a stream")
   var client = this
   var sink = concat(function (tarbuffer) {
-    putFirst.call(client, uri, metadata, tarbuffer, auth, cb)
+    putFirst.call(client, uri, metadata, tarbuffer, access, auth, cb)
   })
   sink.on("error", cb)
   body.pipe(sink)
 }
 
-function putFirst (registry, data, tarbuffer, auth, cb) {
+function putFirst (registry, data, tarbuffer, access, auth, cb) {
   // optimistically try to PUT all in one single atomic thing.
   // If 409, then GET and merge, try again.
   // If other error, then fail.
@@ -61,6 +68,7 @@ function putFirst (registry, data, tarbuffer, auth, cb) {
     { _id : data.name
     , name : data.name
     , description : data.description
+    , access : access
     , "dist-tags" : {}
     , versions : {}
     , readme: data.readme || ""
diff --git a/deps/npm/node_modules/npm-registry-client/lib/tag.js b/deps/npm/node_modules/npm-registry-client/lib/tag.js
index 8b42199075..cad5154d7f 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/tag.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/tag.js
@@ -9,7 +9,10 @@ function tag (uri, params, cb) {
 
   assert(typeof params.version === "string", "must pass version to tag")
   assert(typeof params.tag === "string", "must pass tag name to tag")
-  assert(params.auth && typeof params.auth === "object", "must pass auth to tag")
+  assert(
+    params.auth && typeof params.auth === "object",
+    "must pass auth to tag"
+  )
 
   var options = {
     method : "PUT",
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/LICENSE b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/LICENSE
new file mode 100644
index 0000000000..05eeeb88c2
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/LICENSE
@@ -0,0 +1,15 @@
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/README.md b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/README.md
new file mode 100644
index 0000000000..21683f5e59
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/README.md
@@ -0,0 +1,101 @@
+# npm-package-arg
+
+Parse package name and specifier passed to commands like `npm install` or
+`npm cache add`.  This just parses the text given-- it's worth noting that
+`npm` has further logic it applies by looking at your disk to figure out
+what ambiguous specifiers are.  If you want that logic, please see
+[realize-package-specifier].
+
+[realize-package-specifier]: https://www.npmjs.org/package/realize-package-specifier
+
+Arguments look like: `foo@1.2`, `@bar/foo@1.2`, `foo@user/foo`, `http://x.com/foo.tgz`,
+`git+https://github.com/user/foo`, `bitbucket:user/foo`, `foo.tar.gz` or `bar`
+
+## EXAMPLES
+
+```javascript
+var assert = require("assert")
+var npa = require("npm-package-arg")
+
+// Pass in the descriptor, and it'll return an object
+var parsed = npa("@bar/foo@1.2")
+
+// Returns an object like:
+{
+  raw: '@bar/foo@1.2',   // what was passed in
+  name: "foo",           // the name of the package
+  scope: "@bar",         // the private scope of the package, or null
+  type: "range",         // the type of specifier this is
+  spec: ">=1.2.0 <1.3.0" // the expanded specifier
+  rawSpec: "1.2"         // the specifier as passed in
+ }
+
+// Parsing urls pointing at hosted git services produces a variation:
+var parsed = npa("git+https://github.com/user/foo")
+
+// Returns an object like:
+{
+  raw: 'git+https://github.com/user/foo',
+  scope: null,
+  name: null,
+  rawSpec: 'git+https://github.com/user/foo',
+  spec: 'user/foo',
+  type: 'hosted',
+  hosted: {
+    type: 'github',
+    ssh: 'git@github.com:user/foo.git',
+    sshurl: 'git+ssh://git@github.com/user/foo.git',
+    https: 'https://github.com/user/foo.git',
+    directUrl: 'https://raw.githubusercontent.com/user/foo/master/package.json'
+  }
+}
+
+// Completely unreasonable invalid garbage throws an error
+// Make sure you wrap this in a try/catch if you have not
+// already sanitized the inputs!
+assert.throws(function() {
+  npa("this is not \0 a valid package name or url")
+})
+```
+
+## USING
+
+`var npa = require('npm-package-arg')`
+
+* var result = npa(*arg*)
+
+Parses *arg* and returns a result object detailing what *arg* is.
+
+*arg* -- a package descriptor, like: `foo@1.2`, or `foo@user/foo`, or
+`http://x.com/foo.tgz`, or `git+https://github.com/user/foo`
+
+## RESULT OBJECT
+
+The objects that are returned by npm-package-arg contain the following
+keys:
+
+* `name` - If known, the `name` field expected in the resulting pkg.
+* `type` - One of the following strings:
+  * `git` - A git repo
+  * `hosted` - A hosted project, from github, bitbucket or gitlab. Originally
+    either a full url pointing at one of these services or a shorthand like
+    `user/project` or `github:user/project` for github or `bitbucket:user/project`
+    for bitbucket.
+  * `tag` - A tagged version, like `"foo@latest"`
+  * `version` - A specific version number, like `"foo@1.2.3"`
+  * `range` - A version range, like `"foo@2.x"`
+  * `local` - A local file or folder path
+  * `remote` - An http url (presumably to a tgz)
+* `spec` - The "thing".  URL, the range, git repo, etc.
+* `hosted` - If type=hosted this will be an object with the following keys:
+  * `type` - github, bitbucket or gitlab
+  * `ssh` - The ssh path for this git repo
+  * `sshUrl` - The ssh URL for this git repo
+  * `httpsUrl` - The HTTPS URL for this git repo
+  * `directUrl` - The URL for the package.json in this git repo
+* `raw` - The original un-modified string that was provided.
+* `rawSpec` - The part after the `name@...`, as it was originally
+  provided.
+* `scope` - If a name is something like `@org/module` then the `scope`
+  field will be set to `org`.  If it doesn't have a scoped name, then
+  scope is `null`.
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.npmignore b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.npmignore
new file mode 100644
index 0000000000..58e97a7875
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.npmignore
@@ -0,0 +1,3 @@
+*~
+.#
+node_modules
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.travis.yml b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.travis.yml
new file mode 100644
index 0000000000..7dc6619174
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/.travis.yml
@@ -0,0 +1,5 @@
+language: node_js
+node_js:
+  - "0.11"
+  - "0.10"
+script: "npm test"
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/README.md b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/README.md
new file mode 100644
index 0000000000..f1d799b173
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/README.md
@@ -0,0 +1,81 @@
+# hosted-git-info
+
+This will let you identify and transform various git hosts URLs between
+protocols.  It also can tell you what the URL is for the raw path for
+particular file for direct access without git.
+
+## Usage
+
+```javascript
+var hostedGitInfo = require("hosted-git-info")
+var info = hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git")
+/* info looks like:
+{
+  type: "github",
+  domain: "github.com",
+  user: "npm",
+  project: "hosted-git-info"
+}
+*/
+```
+
+If the URL can't be matched with a git host, `null` will be returned.  We
+can match git, ssh and https urls.  Additionally, we can match ssh connect
+strings (`git@github.com:npm/hosted-git-info`) and shortcuts (eg,
+`github:npm/hosted-git-info`).  Github specifically, is detected in the case
+of a third, unprefixed, form: `npm/hosted-git-info`.
+
+If it does match, the returned object has properties of:
+
+* info.type -- The short name of the service
+* info.domain -- The domain for git protocol use
+* info.user -- The name of the user/org on the git host
+* info.project -- The name of the project on the git host
+
+And methods of:
+
+* info.file(path)
+
+Given the path of a file relative to the repository, returns a URL for
+directly fetching it from the githost.  If no comittish was set then
+`master` will be used as the default.
+
+For example `hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git#v1.0.0").file("package.json")`
+would return `https://raw.githubusercontent.com/npm/hosted-git-info/v1.0.0/package.json`
+
+* info.shortcut()
+
+eg, `github:npm/hosted-git-info`
+
+* info.browse()
+
+eg, `https://github.com/npm/hosted-git-info/tree/v1.2.0`
+
+* info.bugs()
+
+eg, `https://github.com/npm/hosted-git-info/issues`
+
+* info.docs()
+
+eg, `https://github.com/npm/hosted-git-info/tree/v1.2.0#readme`
+
+* info.https()
+
+eg, `https://github.com/npm/hosted-git-info.git`
+
+* info.sshurl()
+
+eg, `git+ssh://git@github.com/npm/hosted-git-info.git`
+
+* info.ssh()
+
+eg, `git@github.com:npm/hosted-git-info.git`
+
+* info.path()
+
+eg, `npm/hosted-git-info`
+
+## Supported hosts
+
+Currently this supports Github, Bitbucket and Gitlab. Pull requests for
+additional hosts welcome.
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/index.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/index.js
new file mode 100644
index 0000000000..c2ad10a3bc
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/index.js
@@ -0,0 +1,208 @@
+"use strict"
+var url = require("url")
+
+var GitHost = exports = module.exports = function (type, user, project, comittish) {
+  this.type           = type
+  this.domain         = gitHosts[type].domain
+  this.filetemplate   = gitHosts[type].filetemplate
+  this.sshtemplate    = gitHosts[type].sshtemplate
+  this.sshurltemplate = gitHosts[type].sshurltemplate
+  this.browsetemplate = gitHosts[type].browsetemplate
+  this.docstemplate   = gitHosts[type].docstemplate
+  this.bugstemplate   = gitHosts[type].bugstemplate
+  this.gittemplate    = gitHosts[type].gittemplate
+  this.httpstemplate  = gitHosts[type].httpstemplate
+  this.treepath       = gitHosts[type].treepath
+  this.user           = user
+  this.project        = project
+  this.comittish      = comittish
+}
+GitHost.prototype = {}
+
+exports.fromUrl = function (giturl) {
+  if (giturl == null || giturl == "") return
+  var parsed = parseGitUrl(maybeGitHubShorthand(giturl) ? "github:" + giturl : giturl)
+  var matches = Object.keys(gitHosts).map(function(V) {
+    var gitHost = gitHosts[V]
+    var comittish = parsed.hash ? decodeURIComponent(parsed.hash.substr(1)) : null
+    if (parsed.protocol == V + ":") {
+      return new GitHost(V,
+        decodeURIComponent(parsed.host), decodeURIComponent(parsed.path.replace(/^[/](.*?)(?:[.]git)?$/, "$1")), comittish)
+    }
+    if (parsed.host != gitHost.domain) return
+    if (! gitHost.protocols_re.test(parsed.protocol)) return
+    var matched = parsed.path.match(gitHost.pathmatch)
+    if (! matched) return
+    return new GitHost(
+      V,
+      matched[1]!=null && decodeURIComponent(matched[1]),
+      matched[2]!=null && decodeURIComponent(matched[2]),
+      comittish)
+  }).filter(function(V){ return V })
+  if (matches.length != 1) return
+  return matches[0]
+}
+
+function maybeGitHubShorthand(arg) {
+  // Note: This does not fully test the git ref format.
+  // See https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
+  //
+  // The only way to do this properly would be to shell out to
+  // git-check-ref-format, and as this is a fast sync function,
+  // we don't want to do that.  Just let git fail if it turns
+  // out that the commit-ish is invalid.
+  // GH usernames cannot start with . or -
+  return /^[^:@%/\s.-][^:@%/\s]*[/][^:@\s/%]+(?:#.*)?$/.test(arg)
+}
+
+var parseGitUrl = function (giturl) {
+  if (typeof giturl != "string") giturl = "" + giturl
+  var matched = giturl.match(/^([^@]+)@([^:]+):[/]?((?:[^/]+[/])?[^/]+?)(?:[.]git)?(#.*)?$/)
+  if (! matched) return url.parse(giturl)
+  return {
+    protocol: "git+ssh:",
+    slashes: true,
+    auth: matched[1],
+    host: matched[2],
+    port: null,
+    hostname: matched[2],
+    hash: matched[4],
+    search: null,
+    query: null,
+    pathname: "/" + matched[3],
+    path: "/" + matched[3],
+    href: "git+ssh://" + matched[1] + "@" + matched[2] + "/" + matched[3] + (matched[4]||"")
+  }
+}
+
+var gitHostDefaults = {
+  "sshtemplate": "git@{domain}:{user}/{project}.git{#comittish}",
+  "sshurltemplate": "git+ssh://git@{domain}/{user}/{project}.git{#comittish}",
+  "browsetemplate": "https://{domain}/{user}/{project}{/tree/comittish}",
+  "docstemplate": "https://{domain}/{user}/{project}{/tree/comittish}#readme",
+  "httpstemplate": "https://{domain}/{user}/{project}.git{#comittish}",
+  "filetemplate": "https://{domain}/{user}/{project}/raw/{comittish}/{path}"
+}
+var gitHosts = {
+  github: {
+    // First two are insecure and generally shouldn't be used any more, but
+    // they are still supported.
+    "protocols": [ "git", "http", "git+ssh", "git+https", "ssh", "https" ],
+    "domain": "github.com",
+    "pathmatch": /^[/]([^/]+)[/]([^/]+?)(?:[.]git)?$/,
+    "treepath": "tree",
+    "filetemplate": "https://raw.githubusercontent.com/{user}/{project}/{comittish}/{path}",
+    "bugstemplate": "https://{domain}/{user}/{project}/issues",
+    "gittemplate": "git://{domain}/{user}/{project}.git{#comittish}"
+  },
+  bitbucket: {
+    "protocols": [ "git+ssh", "git+https", "ssh", "https" ],
+    "domain": "bitbucket.org",
+    "pathmatch": /^[/]([^/]+)[/]([^/]+?)(?:[.]git)?$/,
+    "treepath": "src"
+  },
+  gitlab: {
+    "protocols": [ "git+ssh", "git+https", "ssh", "https" ],
+    "domain": "gitlab.com",
+    "pathmatch": /^[/]([^/]+)[/]([^/]+?)(?:[.]git)?$/,
+    "treepath": "tree",
+    "docstemplate": "https://{domain}/{user}/{project}{/tree/comittish}#README",
+    "bugstemplate": "https://{domain}/{user}/{project}/issues"
+  },
+  gist: {
+    "protocols": [ "git", "git+ssh", "git+https", "ssh", "https" ],
+    "domain": "gist.github.com",
+    "pathmatch": /^[/](?:([^/]+)[/])?([a-z0-9]+)(?:[.]git)?$/,
+    "filetemplate": "https://gist.githubusercontent.com/{user}/{project}/raw{/comittish}/{path}",
+    "bugstemplate": "https://{domain}/{project}",
+    "gittemplate": "git://{domain}/{project}.git{#comittish}",
+    "sshtemplate": "git@{domain}:/{project}.git{#comittish}",
+    "sshurltemplate": "git+ssh://git@{domain}/{project}.git{#comittish}",
+    "browsetemplate": "https://{domain}/{project}{/comittish}",
+    "docstemplate": "https://{domain}/{project}{/comittish}",
+    "httpstemplate": "https://{domain}/{project}.git{#comittish}",
+  },
+}
+
+Object.keys(gitHosts).forEach(function(host) {
+  gitHosts[host].protocols_re = RegExp("^(" +
+    gitHosts[host].protocols.map(function(P){
+      return P.replace(/([\\+*{}()\[\]$^|])/g, "\\$1")
+    }).join("|") + "):$")
+})
+
+GitHost.prototype.shortcut = function () {
+  return this.type + ":" + this.path()
+}
+
+GitHost.prototype.hash = function () {
+  return this.comittish ? "#" + this.comittish : ""
+}
+
+GitHost.prototype.path = function () {
+  return this.user + "/" + this.project + this.hash()
+}
+
+GitHost.prototype._fill = function (template, vars) {
+  if (!template) throw new Error("Tried to fill without template")
+  if (!vars) vars = {}
+  var self = this
+  Object.keys(this).forEach(function(K){ if (self[K]!=null && vars[K]==null) vars[K] = self[K] })
+  var rawComittish = vars.comittish
+  Object.keys(vars).forEach(function(K){ (K[0]!='#') && (vars[K] = encodeURIComponent(vars[K])) })
+  vars["#comittish"] = rawComittish ? "#" + rawComittish : ""
+  vars["/tree/comittish"] = vars.comittish ? "/"+vars.treepath+"/" + vars.comittish : "",
+  vars["/comittish"] = vars.comittish ? "/" + vars.comittish : ""
+  vars.comittish = vars.comittish || "master"
+  var res = template
+  Object.keys(vars).forEach(function(K){
+    res = res.replace(new RegExp("[{]" + K + "[}]", "g"), vars[K])
+  })
+  return res
+}
+
+GitHost.prototype.ssh = function () {
+  var sshtemplate = this.sshtemplate || gitHostDefaults.sshtemplate
+  return this._fill(sshtemplate)
+}
+
+GitHost.prototype.sshurl = function () {
+  var sshurltemplate = this.sshurltemplate || gitHostDefaults.sshurltemplate
+  return this._fill(sshurltemplate)
+}
+
+GitHost.prototype.browse = function () {
+  var browsetemplate = this.browsetemplate || gitHostDefaults.browsetemplate
+  return this._fill(browsetemplate)
+}
+
+GitHost.prototype.docs = function () {
+  var docstemplate = this.docstemplate || gitHostDefaults.docstemplate
+  return this._fill(docstemplate)
+}
+
+GitHost.prototype.bugs = function() {
+  if (! this.bugstemplate) return
+  return this._fill(this.bugstemplate)
+}
+
+GitHost.prototype.https = function () {
+  var httpstemplate = this.httpstemplate || gitHostDefaults.httpstemplate
+  return this._fill(httpstemplate)
+}
+
+GitHost.prototype.git = function () {
+  if (! this.gittemplate) return
+  return this._fill(this.gittemplate)
+}
+
+GitHost.prototype.file = function (P) {
+  var filetemplate = this.filetemplate || gitHostDefaults.filetemplate
+  return this._fill(filetemplate, {
+    path: P.replace(/^[/]+/g, "")
+  })
+}
+
+GitHost.prototype.toString = function () {
+  return this[this.default||"sshurl"]()
+}
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/package.json b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/package.json
new file mode 100644
index 0000000000..6dbc918501
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/package.json
@@ -0,0 +1,55 @@
+{
+  "name": "hosted-git-info",
+  "version": "1.5.3",
+  "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab",
+  "main": "index.js",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/npm/hosted-git-info.git"
+  },
+  "keywords": [
+    "git",
+    "github",
+    "bitbucket",
+    "gitlab"
+  ],
+  "author": {
+    "name": "Rebecca Turner",
+    "email": "me@re-becca.org",
+    "url": "http://re-becca.org"
+  },
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/npm/hosted-git-info/issues"
+  },
+  "homepage": "https://github.com/npm/hosted-git-info",
+  "scripts": {
+    "test": "tap test/*.js"
+  },
+  "devDependencies": {
+    "tap": "^0.4.13"
+  },
+  "gitHead": "153325f997813ebf8a7ae07b322b4fa89aa25f7d",
+  "_id": "hosted-git-info@1.5.3",
+  "_shasum": "1f46e25e9c0e207852fb7a4b94422ed5f09a03f5",
+  "_from": "hosted-git-info@>=1.4.0 <2.0.0",
+  "_npmVersion": "2.4.0",
+  "_nodeVersion": "0.10.33",
+  "_npmUser": {
+    "name": "iarna",
+    "email": "me@re-becca.org"
+  },
+  "maintainers": [
+    {
+      "name": "iarna",
+      "email": "me@re-becca.org"
+    }
+  ],
+  "dist": {
+    "shasum": "1f46e25e9c0e207852fb7a4b94422ed5f09a03f5",
+    "tarball": "http://registry.npmjs.org/hosted-git-info/-/hosted-git-info-1.5.3.tgz"
+  },
+  "directories": {},
+  "_resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-1.5.3.tgz",
+  "readme": "ERROR: No README data found!"
+}
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/basic.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/basic.js
new file mode 100644
index 0000000000..e56ef9a05a
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/basic.js
@@ -0,0 +1,9 @@
+"use strict"
+var HostedGit = require("../index")
+var test = require("tap").test
+
+test("basic", function (t) {
+   t.is(HostedGit.fromUrl("https://google.com"), undefined, "null on failure")
+
+   t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/bitbucket.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/bitbucket.js
new file mode 100644
index 0000000000..8712723145
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/bitbucket.js
@@ -0,0 +1,23 @@
+"use strict"
+var HostedGit = require("../index")
+var test = require("tap").test
+
+test("fromUrl(bitbucket url)", function (t) {
+  function verify(host, label, branch) {
+    var hostinfo = HostedGit.fromUrl(host)
+    var hash = branch ? "#" + branch : ""
+    t.ok(hostinfo, label)
+    if (! hostinfo) return
+    t.is( hostinfo.https(), "https://bitbucket.org/111/222.git" + hash, label + " -> https" )
+    t.is( hostinfo.browse(), "https://bitbucket.org/111/222" + (branch ? "/src/" + branch : ""), label + " -> browse" )
+    t.is( hostinfo.docs(), "https://bitbucket.org/111/222" + (branch ? "/src/" + branch : "") + "#readme", label + " -> docs" )
+    t.is( hostinfo.ssh(), "git@bitbucket.org:111/222.git" + hash, label + " -> ssh" )
+    t.is( hostinfo.sshurl(), "git+ssh://git@bitbucket.org/111/222.git" + hash, label + " -> sshurl" )
+    t.is( (""+hostinfo), "git+ssh://git@bitbucket.org/111/222.git" + hash, label + " -> stringify" )
+    t.is( hostinfo.file("C"), "https://bitbucket.org/111/222/raw/"+(branch||"master")+"/C", label + " -> file" )
+  }
+
+  require('./lib/standard-tests')(verify, "bitbucket.org", "bitbucket")
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gist.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gist.js
new file mode 100644
index 0000000000..3081c3db42
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gist.js
@@ -0,0 +1,39 @@
+"use strict"
+var HostedGit = require("../index")
+var test = require("tap").test
+
+
+test("fromUrl(gist url)", function (t) {
+  function verify(host, label, branch) {
+    var hostinfo = HostedGit.fromUrl(host)
+    var hash = branch ? "#" + branch : ""
+    t.ok(hostinfo, label)
+    if (! hostinfo) return
+    t.is( hostinfo.https(), "https://gist.github.com/222.git" + hash, label + " -> https" )
+    t.is( hostinfo.git(), "git://gist.github.com/222.git" + hash, label + " -> git" )
+    t.is( hostinfo.browse(), "https://gist.github.com/222" + (branch ? "/" + branch : ""), label + " -> browse" )
+    t.is( hostinfo.bugs(), "https://gist.github.com/222", label + " -> bugs" )
+    t.is( hostinfo.docs(), "https://gist.github.com/222" + (branch ? "/" + branch : ""), label + " -> docs" )
+    t.is( hostinfo.ssh(), "git@gist.github.com:/222.git" + hash, label + " -> ssh" )
+    t.is( hostinfo.sshurl(), "git+ssh://git@gist.github.com/222.git" + hash, label + " -> sshurl" )
+    t.is( (""+hostinfo), "git+ssh://git@gist.github.com/222.git" + hash, label + " -> stringify" )
+    if (hostinfo.user) {
+      t.is( hostinfo.file("C"), "https://gist.githubusercontent.com/111/222/raw/"+(branch?branch+"/":"")+"C", label + " -> file" )
+    }
+  }
+
+  verify("git@gist.github.com:222.git", "git@")
+  var hostinfo = HostedGit.fromUrl("git@gist.github.com:/ef860c7z5e0de3179341.git")
+  if (t.ok(hostinfo, "git@hex")) {
+    t.is( hostinfo.https(), "https://gist.github.com/ef860c7z5e0de3179341.git", "git@hex -> https" )
+  }
+  verify("git@gist.github.com:/222.git", "git@/")
+  verify("git://gist.github.com/222", "git")
+  verify("git://gist.github.com/222.git", "git.git")
+  verify("git://gist.github.com/222#branch", "git#branch", "branch")
+  verify("git://gist.github.com/222.git#branch", "git.git#branch", "branch")
+
+  require('./lib/standard-tests')(verify, "gist.github.com", "gist")
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/github.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/github.js
new file mode 100644
index 0000000000..1b945d26c3
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/github.js
@@ -0,0 +1,41 @@
+"use strict"
+var HostedGit = require("../index")
+var test = require("tap").test
+
+
+test("fromUrl(github url)", function (t) {
+  function verify(host, label, branch) {
+    var hostinfo = HostedGit.fromUrl(host)
+    var hash = branch ? "#" + branch : ""
+    t.ok(hostinfo, label)
+    if (! hostinfo) return
+    t.is( hostinfo.https(), "https://github.com/111/222.git" + hash, label + " -> https" )
+    t.is( hostinfo.git(), "git://github.com/111/222.git" + hash, label + " -> git" )
+    t.is( hostinfo.browse(), "https://github.com/111/222" + (branch ? "/tree/" + branch : ""), label + " -> browse" )
+    t.is( hostinfo.bugs(), "https://github.com/111/222/issues", label + " -> bugs" )
+    t.is( hostinfo.docs(), "https://github.com/111/222" + (branch ? "/tree/" + branch : "") + "#readme", label + " -> docs" )
+    t.is( hostinfo.ssh(), "git@github.com:111/222.git" + hash, label + " -> ssh" )
+    t.is( hostinfo.sshurl(), "git+ssh://git@github.com/111/222.git" + hash, label + " -> sshurl" )
+    t.is( (""+hostinfo), "git+ssh://git@github.com/111/222.git" + hash, label + " -> stringify" )
+    t.is( hostinfo.file("C"), "https://raw.githubusercontent.com/111/222/"+(branch||"master")+"/C", label + " -> file" )
+  }
+
+  // github shorturls
+  verify("111/222", "github-short")
+  verify("111/222#branch", "github-short#branch", "branch")
+
+  // insecure protocols
+  verify("git://github.com/111/222", "git")
+  verify("git://github.com/111/222.git", "git.git")
+  verify("git://github.com/111/222#branch", "git#branch", "branch")
+  verify("git://github.com/111/222.git#branch", "git.git#branch", "branch")
+
+  verify("http://github.com/111/222", "http")
+  verify("http://github.com/111/222.git", "http.git")
+  verify("http://github.com/111/222#branch", "http#branch", "branch")
+  verify("http://github.com/111/222.git#branch", "http.git#branch", "branch")
+
+  require('./lib/standard-tests')(verify, "github.com", "github")
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gitlab.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gitlab.js
new file mode 100644
index 0000000000..1b25d60c7d
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/gitlab.js
@@ -0,0 +1,24 @@
+"use strict"
+var HostedGit = require("../index")
+var test = require("tap").test
+
+
+test("fromUrl(gitlab url)", function (t) {
+  function verify(host, label, branch) {
+    var hostinfo = HostedGit.fromUrl(host)
+    var hash = branch ? "#" + branch : ""
+    t.ok(hostinfo, label)
+    if (! hostinfo) return
+    t.is( hostinfo.https(), "https://gitlab.com/111/222.git" + hash, label + " -> https" )
+    t.is( hostinfo.browse(), "https://gitlab.com/111/222" + (branch ? "/tree/" + branch : ""), label + " -> browse" )
+    t.is( hostinfo.docs(), "https://gitlab.com/111/222" + (branch ? "/tree/" + branch : "") + "#README", label + " -> docs" )
+    t.is( hostinfo.ssh(), "git@gitlab.com:111/222.git" + hash, label + " -> ssh" )
+    t.is( hostinfo.sshurl(), "git+ssh://git@gitlab.com/111/222.git" + hash, label + " -> sshurl" )
+    t.is( (""+hostinfo), "git+ssh://git@gitlab.com/111/222.git" + hash, label + " -> stringify" )
+    t.is( hostinfo.file("C"), "https://gitlab.com/111/222/raw/"+(branch||"master")+"/C", label + " -> file" )
+  }
+
+  require('./lib/standard-tests')(verify, "gitlab.com", "gitlab")
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/lib/standard-tests.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/lib/standard-tests.js
new file mode 100644
index 0000000000..c505342fa0
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/node_modules/hosted-git-info/test/lib/standard-tests.js
@@ -0,0 +1,28 @@
+"use strict"
+module.exports = function (verify, domain, shortname) {
+  verify("https://" + domain + "/111/222", "https")
+  verify("https://" + domain + "/111/222.git", "https.git")
+  verify("https://" + domain + "/111/222#branch", "https#branch", "branch")
+  verify("https://" + domain + "/111/222.git#branch", "https.git#branch", "branch")
+
+  verify("git+https://" + domain + "/111/222", "git+https")
+  verify("git+https://" + domain + "/111/222.git", "git+https.git")
+  verify("git+https://" + domain + "/111/222#branch", "git+https#branch", "branch")
+  verify("git+https://" + domain + "/111/222.git#branch", "git+https.git#branch", "branch")
+
+  verify("git@" + domain + ":111/222", "ssh")
+  verify("git@" + domain + ":111/222.git", "ssh.git")
+  verify("git@" + domain + ":111/222#branch", "ssh", "branch")
+  verify("git@" + domain + ":111/222.git#branch", "ssh.git", "branch")
+
+
+  verify("git+ssh://git@" + domain + "/111/222", "ssh url")
+  verify("git+ssh://git@" + domain + "/111/222.git", "ssh url.git")
+  verify("git+ssh://git@" + domain + "/111/222#branch", "ssh url#branch", "branch")
+  verify("git+ssh://git@" + domain + "/111/222.git#branch", "ssh url.git#branch", "branch")
+
+  verify(shortname + ":111/222", "shortcut")
+  verify(shortname + ":111/222.git", "shortcut.git")
+  verify(shortname + ":111/222#branch", "shortcut#branch", "branch")
+  verify(shortname + ":111/222.git#branch", "shortcut.git#branch", "branch")
+}
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/npa.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/npa.js
new file mode 100644
index 0000000000..883c5401b4
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/npa.js
@@ -0,0 +1,181 @@
+var url = require("url")
+var assert = require("assert")
+var util = require("util")
+var semver = require("semver")
+var path = require("path")
+var HostedGit = require("hosted-git-info")
+
+module.exports = npa
+
+var isWindows = process.platform === "win32" || global.FAKE_WINDOWS
+var slashRe = isWindows ? /\\|[/]/ : /[/]/
+
+var parseName = /^(?:@([^/]+?)[/])?([^/]+?)$/
+var nameAt = /^(@([^/]+?)[/])?([^/]+?)@/
+var debug = util.debuglog ? util.debuglog("npa")
+  : /\bnpa\b/i.test(process.env.NODE_DEBUG || "")
+  ? function () {
+    console.error("NPA: " + util.format.apply(util, arguments).split("\n").join("\nNPA: "))
+  } : function () {}
+
+function validName (name) {
+  if (!name) {
+    debug("not a name %j", name)
+    return false
+  }
+  var n = name.trim()
+  if (!n || n.charAt(0) === "."
+      || !n.match(/^[a-zA-Z0-9]/)
+      || n.match(/[/()&?#|<>@:%\s\\*'"!~`]/)
+      || n.toLowerCase() === "node_modules"
+      || n !== encodeURIComponent(n)
+      || n.toLowerCase() === "favicon.ico") {
+    debug("not a valid name %j", name)
+    return false
+  }
+  return n
+}
+
+function npa (arg) {
+  assert.equal(typeof arg, "string")
+  arg = arg.trim()
+
+  var res = new Result
+  res.raw = arg
+  res.scope = null
+
+  // See if it's something like foo@...
+  var nameparse = arg.match(nameAt)
+  debug("nameparse", nameparse)
+  if (nameparse && validName(nameparse[3]) &&
+      (!nameparse[2] || validName(nameparse[2]))) {
+    res.name = (nameparse[1] || "") + nameparse[3]
+    if (nameparse[2])
+      res.scope = "@" + nameparse[2]
+    arg = arg.substr(nameparse[0].length)
+  } else {
+    res.name = null
+  }
+
+  res.rawSpec = arg
+  res.spec = arg
+
+  var urlparse = url.parse(arg)
+  debug("urlparse", urlparse)
+
+  // windows paths look like urls
+  // don't be fooled!
+  if (isWindows && urlparse && urlparse.protocol &&
+      urlparse.protocol.match(/^[a-zA-Z]:$/)) {
+    debug("windows url-ish local path", urlparse)
+    urlparse = {}
+  }
+
+  if (urlparse.protocol || HostedGit.fromUrl(arg)) {
+    return parseUrl(res, arg, urlparse)
+  }
+
+  // at this point, it's not a url, and not hosted
+  // If it's a valid name, and doesn't already have a name, then assume
+  // $name@"" range
+  //
+  // if it's got / chars in it, then assume that it's local.
+
+  if (res.name) {
+    var version = semver.valid(arg, true)
+    var range = semver.validRange(arg, true)
+    // foo@...
+    if (version) {
+      res.spec = version
+      res.type = "version"
+    } else if (range) {
+      res.spec = range
+      res.type = "range"
+    } else if (slashRe.test(arg)) {
+      parseLocal(res, arg)
+    } else {
+      res.type = "tag"
+      res.spec = arg
+    }
+  } else {
+    var p = arg.match(parseName)
+    if (p && validName(p[2]) &&
+        (!p[1] || validName(p[1]))) {
+      res.type = "range"
+      res.spec = "*"
+      res.rawSpec = ""
+      res.name = arg
+      if (p[1])
+        res.scope = "@" + p[1]
+    } else {
+      parseLocal(res, arg)
+    }
+  }
+
+  return res
+}
+
+function parseLocal (res, arg) {
+  // turns out nearly every character is allowed in fs paths
+  if (/\0/.test(arg)) {
+    throw new Error("Invalid Path: " + JSON.stringify(arg))
+  }
+  res.type = "local"
+  res.spec = path.resolve(arg)
+}
+
+function parseUrl (res, arg, urlparse) {
+  var gitHost = HostedGit.fromUrl(arg)
+  if (gitHost) {
+    res.type  = "hosted"
+    res.spec  = gitHost.toString(),
+    res.hosted = {
+      type:      gitHost.type,
+      ssh:       gitHost.ssh(),
+      sshUrl:    gitHost.sshurl(),
+      httpsUrl:  gitHost.https(),
+      directUrl: gitHost.file("package.json")
+    }
+    return res
+  }
+  // check the protocol, and then see if it's git or not
+  switch (urlparse.protocol) {
+    case "git:":
+    case "git+http:":
+    case "git+https:":
+    case "git+rsync:":
+    case "git+ftp:":
+    case "git+ssh:":
+    case "git+file:":
+      res.type = "git"
+      res.spec = arg.replace(/^git[+]/, "")
+      break
+
+    case "http:":
+    case "https:":
+      res.type = "remote"
+      res.spec = arg
+      break
+
+    case "file:":
+      res.type = "local"
+      res.spec = urlparse.pathname
+      break
+
+    default:
+      throw new Error("Unsupported URL Type: " + arg)
+      break
+  }
+
+  return res
+}
+
+
+function Result () {
+  if (!(this instanceof Result)) return new Result
+}
+Result.prototype.name   = null
+Result.prototype.type   = null
+Result.prototype.spec   = null
+Result.prototype.raw    = null
+Result.prototype.hosted = null
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/package.json b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/package.json
new file mode 100644
index 0000000000..d5b72e01cd
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/package.json
@@ -0,0 +1,62 @@
+{
+  "name": "npm-package-arg",
+  "version": "3.0.0",
+  "description": "Parse the things that can be arguments to `npm install`",
+  "main": "npa.js",
+  "directories": {
+    "test": "test"
+  },
+  "dependencies": {
+    "hosted-git-info": "^1.4.0",
+    "semver": "4"
+  },
+  "devDependencies": {
+    "tap": "^0.4.9"
+  },
+  "scripts": {
+    "test": "tap test/*.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/npm/npm-package-arg"
+  },
+  "author": {
+    "name": "Isaac Z. Schlueter",
+    "email": "i@izs.me",
+    "url": "http://blog.izs.me/"
+  },
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/npm/npm-package-arg/issues"
+  },
+  "homepage": "https://github.com/npm/npm-package-arg",
+  "gitHead": "263fd43295ac8f6eca046be108782cfbf9a78bfe",
+  "_id": "npm-package-arg@3.0.0",
+  "_shasum": "84e91836fa2e4e35ae26dc984440b1e5b5aee1ee",
+  "_from": "npm-package-arg@>=3.0.0 <4.0.0",
+  "_npmVersion": "1.4.28",
+  "_npmUser": {
+    "name": "iarna",
+    "email": "me@re-becca.org"
+  },
+  "maintainers": [
+    {
+      "name": "isaacs",
+      "email": "i@izs.me"
+    },
+    {
+      "name": "othiym23",
+      "email": "ogd@aoaioxxysz.net"
+    },
+    {
+      "name": "iarna",
+      "email": "me@re-becca.org"
+    }
+  ],
+  "dist": {
+    "shasum": "84e91836fa2e4e35ae26dc984440b1e5b5aee1ee",
+    "tarball": "http://registry.npmjs.org/npm-package-arg/-/npm-package-arg-3.0.0.tgz"
+  },
+  "_resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-3.0.0.tgz",
+  "readme": "ERROR: No README data found!"
+}
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/basic.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/basic.js
new file mode 100644
index 0000000000..4991ffcd3e
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/basic.js
@@ -0,0 +1,168 @@
+var npa = require("../npa.js")
+var path = require("path")
+
+require("tap").test("basic", function (t) {
+  t.setMaxListeners(999)
+
+  var tests = {
+    "foo@1.2": {
+      name: "foo",
+      type: "range",
+      spec: ">=1.2.0 <1.3.0",
+      raw: "foo@1.2",
+      rawSpec: "1.2"
+    },
+
+    "@foo/bar": {
+      raw: "@foo/bar",
+      name: "@foo/bar",
+      scope: "@foo",
+      rawSpec: "",
+      spec: "*",
+      type: "range"
+    },
+
+    "@foo/bar@": {
+      raw: "@foo/bar@",
+      name: "@foo/bar",
+      scope: "@foo",
+      rawSpec: "",
+      spec: "*",
+      type: "range"
+    },
+
+    "@foo/bar@baz": {
+      raw: "@foo/bar@baz",
+      name: "@foo/bar",
+      scope: "@foo",
+      rawSpec: "baz",
+      spec: "baz",
+      type: "tag"
+    },
+
+    "@f fo o al/ a d s ;f ": {
+      raw: "@f fo o al/ a d s ;f",
+      name: null,
+      rawSpec: "@f fo o al/ a d s ;f",
+      spec: path.resolve("@f fo o al/ a d s ;f"),
+      type: "local"
+    },
+
+    "foo@1.2.3": {
+      name: "foo",
+      type: "version",
+      spec: "1.2.3",
+      raw: "foo@1.2.3"
+    },
+
+    "foo@=v1.2.3": {
+      name: "foo",
+      type: "version",
+      spec: "1.2.3",
+      raw: "foo@=v1.2.3",
+      rawSpec: "=v1.2.3"
+    },
+
+    "git+ssh://git@notgithub.com/user/foo#1.2.3": {
+      name: null,
+      type: "git",
+      spec: "ssh://git@notgithub.com/user/foo#1.2.3",
+      raw: "git+ssh://git@notgithub.com/user/foo#1.2.3"
+    },
+
+    "git+file://path/to/repo#1.2.3": {
+      name: null,
+      type: "git",
+      spec: "file://path/to/repo#1.2.3",
+      raw: "git+file://path/to/repo#1.2.3"
+    },
+
+    "git://notgithub.com/user/foo": {
+      name: null,
+      type: "git",
+      spec: "git://notgithub.com/user/foo",
+      raw: "git://notgithub.com/user/foo"
+    },
+
+    "@foo/bar@git+ssh://notgithub.com/user/foo": {
+      name: "@foo/bar",
+      scope: "@foo",
+      spec: "ssh://notgithub.com/user/foo",
+      rawSpec: "git+ssh://notgithub.com/user/foo",
+      raw: "@foo/bar@git+ssh://notgithub.com/user/foo"
+    },
+
+    "/path/to/foo": {
+      name: null,
+      type: "local",
+      spec: "/path/to/foo",
+      raw: "/path/to/foo"
+    },
+
+    "file:path/to/foo": {
+      name: null,
+      type: "local",
+      spec: "path/to/foo",
+      raw: "file:path/to/foo"
+    },
+
+    "file:~/path/to/foo": {
+      name: null,
+      type: "local",
+      spec: "~/path/to/foo",
+      raw: "file:~/path/to/foo"
+    },
+
+    "file:../path/to/foo": {
+      name: null,
+      type: "local",
+      spec: "../path/to/foo",
+      raw: "file:../path/to/foo"
+    },
+
+    "file:///path/to/foo": {
+      name: null,
+      type: "local",
+      spec: "/path/to/foo",
+      raw: "file:///path/to/foo"
+    },
+
+    "https://server.com/foo.tgz": {
+      name: null,
+      type: "remote",
+      spec: "https://server.com/foo.tgz",
+      raw: "https://server.com/foo.tgz"
+    },
+
+    "foo@latest": {
+      name: "foo",
+      type: "tag",
+      spec: "latest",
+      raw: "foo@latest"
+    },
+
+    "foo": {
+      name: "foo",
+      type: "range",
+      spec: "*",
+      raw: "foo"
+    }
+  }
+
+  Object.keys(tests).forEach(function (arg) {
+    var res = npa(arg)
+    t.type(res, "Result", arg + " is result")
+    t.has(res, tests[arg], arg + " matches expectations")
+  })
+
+  // Completely unreasonable invalid garbage throws an error
+  t.throws(function() {
+    npa("this is not a \0 valid package name or url")
+  })
+
+  t.throws(function() {
+    npa("gopher://yea right")
+  }, "Unsupported URL Type: gopher://yea right")
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/bitbucket.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/bitbucket.js
new file mode 100644
index 0000000000..48bbdbcf9b
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/bitbucket.js
@@ -0,0 +1,82 @@
+var npa = require("../npa.js")
+var path = require("path")
+
+require("tap").test("basic", function (t) {
+  t.setMaxListeners(999)
+
+  var tests = {
+    "bitbucket:user/foo-js": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo-js.git",
+      raw: "bitbucket:user/foo-js"
+    },
+
+    "bitbucket:user/foo-js#bar/baz": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo-js.git#bar/baz",
+      raw: "bitbucket:user/foo-js#bar/baz"
+    },
+
+    "bitbucket:user..blerg--/..foo-js# . . . . . some . tags / / /": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user..blerg--/..foo-js.git# . . . . . some . tags / / /",
+      raw: "bitbucket:user..blerg--/..foo-js# . . . . . some . tags / / /"
+    },
+
+    "bitbucket:user/foo-js#bar/baz/bin": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo-js.git#bar/baz/bin",
+      raw: "bitbucket:user/foo-js#bar/baz/bin"
+    },
+
+    "foo@bitbucket:user/foo-js": {
+      name: "foo",
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo-js.git",
+      raw: "foo@bitbucket:user/foo-js"
+    },
+
+    "git+ssh://git@bitbucket.org/user/foo#1.2.3": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo.git#1.2.3",
+      raw: "git+ssh://git@bitbucket.org/user/foo#1.2.3"
+    },
+
+    "https://bitbucket.org/user/foo.git": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo.git",
+      raw: "https://bitbucket.org/user/foo.git"
+    },
+
+    "@foo/bar@git+ssh://bitbucket.org/user/foo": {
+      name: "@foo/bar",
+      scope: "@foo",
+      type: "hosted",
+      hosted: { type: "bitbucket" },
+      spec: "git+ssh://git@bitbucket.org/user/foo.git",
+      rawSpec: "git+ssh://bitbucket.org/user/foo",
+      raw: "@foo/bar@git+ssh://bitbucket.org/user/foo"
+    }
+  }
+
+  Object.keys(tests).forEach(function (arg) {
+    var res = npa(arg)
+    t.type(res, "Result", arg + " is a result")
+    t.has(res, tests[arg], arg + " matches expectations")
+  })
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/github.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/github.js
new file mode 100644
index 0000000000..63fd26c10a
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/github.js
@@ -0,0 +1,106 @@
+var npa = require("../npa.js")
+var path = require("path")
+
+require("tap").test("basic", function (t) {
+  t.setMaxListeners(999)
+
+  var tests = {
+    "user/foo-js": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo-js.git",
+      raw: "user/foo-js"
+    },
+
+    "user/foo-js#bar/baz": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo-js.git#bar/baz",
+      raw: "user/foo-js#bar/baz"
+    },
+
+    "user..blerg--/..foo-js# . . . . . some . tags / / /": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user..blerg--/..foo-js.git# . . . . . some . tags / / /",
+      raw: "user..blerg--/..foo-js# . . . . . some . tags / / /"
+    },
+
+    "user/foo-js#bar/baz/bin": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo-js.git#bar/baz/bin",
+      raw: "user/foo-js#bar/baz/bin"
+    },
+
+    "foo@user/foo-js": {
+      name: "foo",
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo-js.git",
+      raw: "foo@user/foo-js"
+    },
+
+    "github:user/foo-js": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo-js.git",
+      raw: "github:user/foo-js"
+    },
+
+    "git+ssh://git@github.com/user/foo#1.2.3": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo.git#1.2.3",
+      raw: "git+ssh://git@github.com/user/foo#1.2.3"
+    },
+
+    "git://github.com/user/foo": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo.git",
+      raw: "git://github.com/user/foo"
+    },
+
+    "https://github.com/user/foo.git": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo.git",
+      raw: "https://github.com/user/foo.git"
+    },
+
+    "@foo/bar@git+ssh://github.com/user/foo": {
+      name: "@foo/bar",
+      scope: "@foo",
+      type: "hosted",
+      hosted: { type: "github" },
+      spec: "git+ssh://git@github.com/user/foo.git",
+      rawSpec: "git+ssh://github.com/user/foo",
+      raw: "@foo/bar@git+ssh://github.com/user/foo"
+    },
+
+   "foo@bar/foo": {
+     name: "foo",
+     type: "hosted",
+      hosted: { type: "github" },
+     spec: "git+ssh://git@github.com/bar/foo.git",
+     raw: "foo@bar/foo"
+   }
+  }
+
+  Object.keys(tests).forEach(function (arg) {
+    var res = npa(arg)
+    t.type(res, "Result", arg + " is a result")
+    t.has(res, tests[arg], arg + " matches expectations")
+  })
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/gitlab.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/gitlab.js
new file mode 100644
index 0000000000..36ea016db7
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/gitlab.js
@@ -0,0 +1,82 @@
+var npa = require("../npa.js")
+var path = require("path")
+
+require("tap").test("basic", function (t) {
+  t.setMaxListeners(999)
+
+  var tests = {
+    "gitlab:user/foo-js": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo-js.git",
+      raw: "gitlab:user/foo-js"
+    },
+
+    "gitlab:user/foo-js#bar/baz": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo-js.git#bar/baz",
+      raw: "gitlab:user/foo-js#bar/baz"
+    },
+
+    "gitlab:user..blerg--/..foo-js# . . . . . some . tags / / /": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user..blerg--/..foo-js.git# . . . . . some . tags / / /",
+      raw: "gitlab:user..blerg--/..foo-js# . . . . . some . tags / / /"
+    },
+
+    "gitlab:user/foo-js#bar/baz/bin": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo-js.git#bar/baz/bin",
+      raw: "gitlab:user/foo-js#bar/baz/bin"
+    },
+
+    "foo@gitlab:user/foo-js": {
+      name: "foo",
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo-js.git",
+      raw: "foo@gitlab:user/foo-js"
+    },
+
+    "git+ssh://git@gitlab.com/user/foo#1.2.3": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo.git#1.2.3",
+      raw: "git+ssh://git@gitlab.com/user/foo#1.2.3"
+    },
+
+    "https://gitlab.com/user/foo.git": {
+      name: null,
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo.git",
+      raw: "https://gitlab.com/user/foo.git"
+    },
+
+    "@foo/bar@git+ssh://gitlab.com/user/foo": {
+      name: "@foo/bar",
+      scope: "@foo",
+      type: "hosted",
+      hosted: { type: "gitlab" },
+      spec: "git+ssh://git@gitlab.com/user/foo.git",
+      rawSpec: "git+ssh://gitlab.com/user/foo",
+      raw: "@foo/bar@git+ssh://gitlab.com/user/foo"
+    }
+  }
+
+  Object.keys(tests).forEach(function (arg) {
+    var res = npa(arg)
+    t.type(res, "Result", arg + " is a result")
+    t.has(res, tests[arg], arg + " matches expectations")
+  })
+
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/windows.js b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/windows.js
new file mode 100644
index 0000000000..e3c8ba6b59
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/npm-package-arg/test/windows.js
@@ -0,0 +1,41 @@
+global.FAKE_WINDOWS = true
+
+var npa = require("../npa.js")
+var test = require("tap").test
+var path = require("path")
+
+var cases = {
+  "C:\\x\\y\\z": {
+    raw: "C:\\x\\y\\z",
+    scope: null,
+    name: null,
+    rawSpec: "C:\\x\\y\\z",
+    spec: path.resolve("C:\\x\\y\\z"),
+    type: "local"
+  },
+  "foo@C:\\x\\y\\z": {
+    raw: "foo@C:\\x\\y\\z",
+    scope: null,
+    name: "foo",
+    rawSpec: "C:\\x\\y\\z",
+    spec: path.resolve("C:\\x\\y\\z"),
+    type: "local"
+  },
+  "foo@/foo/bar/baz": {
+    raw: "foo@/foo/bar/baz",
+    scope: null,
+    name: "foo",
+    rawSpec: "/foo/bar/baz",
+    spec: path.resolve("/foo/bar/baz"),
+    type: "local"
+  }
+}
+
+test("parse a windows path", function (t) {
+  Object.keys(cases).forEach(function (c) {
+    var expect = cases[c]
+    var actual = npa(c)
+    t.same(actual, expect, c)
+  })
+  t.end()
+})
diff --git a/deps/npm/node_modules/npm-registry-client/package.json b/deps/npm/node_modules/npm-registry-client/package.json
index 9d4178c572..4b804454db 100644
--- a/deps/npm/node_modules/npm-registry-client/package.json
+++ b/deps/npm/node_modules/npm-registry-client/package.json
@@ -6,7 +6,7 @@
   },
   "name": "npm-registry-client",
   "description": "Client for the npm registry",
-  "version": "5.0.0",
+  "version": "6.0.3",
   "repository": {
     "url": "git://github.com/isaacs/npm-registry-client"
   },
@@ -20,6 +20,7 @@
     "graceful-fs": "^3.0.0",
     "mkdirp": "^0.5.0",
     "normalize-package-data": "~1.0.1",
+    "npm-package-arg": "^3.0.0",
     "once": "^1.3.0",
     "request": "^2.47.0",
     "retry": "^0.6.1",
@@ -37,14 +38,14 @@
     "npmlog": ""
   },
   "license": "ISC",
-  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\nvar uri = \"npm://registry.npmjs.org/npm\"\nvar params = {timeout: 1000}\n\nclient.get(uri, params, function (error, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Registry URLs\n\nThe registry calls take either a full URL pointing to a resource in the\nregistry, or a base URL for the registry as a whole (including the registry\npath – but be sure to terminate the path with `/`). `http` and `https` URLs are\nthe only ones supported.\n\n## Using the client\n\nEvery call to the client follows the same pattern:\n\n* `uri` {String} The *fully-qualified* URI of the registry API method being\n  invoked.\n* `params` {Object} Per-request parameters.\n* `callback` {Function} Callback to be invoked when the call is complete.\n\n### Credentials\n\nMany requests to the registry can by authenticated, and require credentials\nfor authorization. These credentials always look the same:\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n**or**\n\n* `token` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n## API\n\n### client.adduser(uri, params, cb)\n\n* `uri` {String} Base registry URL.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nAdd a user account to the registry, or verify the credentials.\n\n### client.deprecate(uri, params, cb)\n\n* `uri` {String} Full registry URI for the deprecated package.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Semver version range.\n  * `message` {String} The message to use as a deprecation warning.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nDeprecate a version of a package in the registry.\n\n### client.get(uri, params, cb)\n\n* `uri` {String} The complete registry URI to fetch\n* `params` {Object} Object containing per-request properties.\n  * `timeout` {Number} Duration before the request times out. Optional\n    (default: never).\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `staleOk` {Boolean} If there's cached data available, then return that to\n    the callback quickly, and update the cache the background. Optional\n    (default: false).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetches data from the registry via a GET request, saving it in the cache folder\nwith the ETag or the \"Last Modified\" timestamp.\n\n### client.publish(uri, params, cb)\n\n* `uri` {String} The registry URI for the package to publish.\n* `params` {Object} Object containing per-request properties.\n  * `metadata` {Object} Package metadata.\n  * `body` {Stream} Stream of the package body / tarball.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.\n\n### client.star(uri, params, cb)\n\n* `uri` {String} The complete registry URI for the package to star.\n* `params` {Object} Object containing per-request properties.\n  * `starred` {Boolean} True to star the package, false to unstar it. Optional\n    (default: false).\n  * `auth` {Credentials}\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or unstar a\npackage, though other writes do require that the user be the package owner.\n\n### client.stars(uri, params, cb)\n\n* `uri` {String} The base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `username` {String} Name of user to fetch starred packages for. Optional\n    (default: user in `auth`).\n  * `auth` {Credentials} Optional (required if `username` is omitted).\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n### client.tag(uri, params, cb)\n\n* `uri` {String} The complete registry URI to tag\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Version to tag.\n  * `tag` {String} Tag name to apply.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag` will fetch the\nspecified version.\n\n### client.unpublish(uri, params, cb)\n\n* `uri` {String} The complete registry URI of the package to unpublish.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} version to unpublish. Optional – omit to unpublish all\n    versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When the\nlast version us unpublished, the entire document is removed from the database.\n\n### client.whoami(uri, params, cb)\n\n* `uri` {String} The base registry for the URI.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSimple call to see who the registry thinks you are. Especially useful with\ntoken-based auth.\n\n\n## PLUMBING\n\nThe below are primarily intended for use by the rest of the API, or by the npm\ncaching logic directly.\n\n### client.request(uri, params, cb)\n\n* `uri` {String} URI pointing to the resource to request.\n* `params` {Object} Object containing per-request properties.\n  * `method` {String} HTTP method. Optional (default: \"GET\").\n  * `body` {Stream | Buffer | String | Object} The request body.  Objects\n    that are not Buffers or Streams are encoded as JSON. Optional – body\n    only used for write operations.\n  * `etag` {String} The cached ETag. Optional.\n  * `lastModified` {String} The cached Last-Modified timestamp. Optional.\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a generic request to the registry. All the other methods are wrappers\naround `client.request`.\n\n### client.fetch(uri, params, cb)\n\n* `uri` {String} The complete registry URI to upload to\n* `params` {Object} Object containing per-request properties.\n  * `headers` {Stream} HTTP headers to be included with the request. Optional.\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetch a package from a URL, with auth set appropriately if included. Used to\ncache remote tarballs as well as request package tarballs from the registry.\n\n# Configuration\n\nThe client uses its own configuration, which is just passed in as a simple\nnested object. The following are the supported values (with their defaults, if\nany):\n\n* `proxy.http` {URL} The URL to proxy HTTP requests through.\n* `proxy.https` {URL} The URL to proxy HTTPS requests through. Defaults to be\n  the same as `proxy.http` if unset.\n* `proxy.localAddress` {IP} The local address to use on multi-homed systems.\n* `ssl.ca` {String} Cerficate signing authority certificates to trust.\n* `ssl.certificate` {String} Client certificate (PEM encoded). Enable access\n  to servers that require client certificates.\n* `ssl.key` {String} Private key (PEM encoded) for client certificate.\n* `ssl.strict` {Boolean} Whether or not to be strict with SSL certificates.\n  Default = `true`\n* `retry.count` {Number} Number of times to retry on GET failures. Default = 2.\n* `retry.factor` {Number} `factor` setting for `node-retry`. Default = 10.\n* `retry.minTimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default = 10000 (10 seconds)\n* `retry.maxTimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default = 60000 (60 seconds)\n* `userAgent` {String} User agent header to send. Default =\n  `\"node/{process.version}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `defaultTag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `couchToken` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login).\n* `sessionToken` {string} A random identifier for this set of client requests.\n  Default = 8 random hexadecimal bytes.\n",
+  "gitHead": "7d3d14eb825aa376c63854a08e67d2c9b3415927",
+  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\nvar uri = \"npm://registry.npmjs.org/npm\"\nvar params = {timeout: 1000}\n\nclient.get(uri, params, function (error, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Registry URLs\n\nThe registry calls take either a full URL pointing to a resource in the\nregistry, or a base URL for the registry as a whole (including the registry\npath – but be sure to terminate the path with `/`). `http` and `https` URLs are\nthe only ones supported.\n\n## Using the client\n\nEvery call to the client follows the same pattern:\n\n* `uri` {String} The *fully-qualified* URI of the registry API method being\n  invoked.\n* `params` {Object} Per-request parameters.\n* `callback` {Function} Callback to be invoked when the call is complete.\n\n### Credentials\n\nMany requests to the registry can by authenticated, and require credentials\nfor authorization. These credentials always look the same:\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n**or**\n\n* `token` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n## API\n\n### client.access(uri, params, cb)\n\n* `uri` {String} Registry URL for the package's access API endpoint.\n  Looks like `/-/package//access`.\n* `params` {Object} Object containing per-request properties.\n  * `access` {String} New access level for the package. Can be either\n    `public` or `restricted`. Registry will raise an error if trying\n    to change the access level of an unscoped package.\n  * `auth` {Credentials}\n\nSet the access level for scoped packages. For now, there are only two\naccess levels: \"public\" and \"restricted\".\n\n### client.adduser(uri, params, cb)\n\n* `uri` {String} Base registry URL.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nAdd a user account to the registry, or verify the credentials.\n\n### client.deprecate(uri, params, cb)\n\n* `uri` {String} Full registry URI for the deprecated package.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Semver version range.\n  * `message` {String} The message to use as a deprecation warning.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nDeprecate a version of a package in the registry.\n\n### client.distTags.fetch(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nFetch all of the `dist-tags` for the named package.\n\n### client.distTags.add(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `version` {String} Exact version to be mapped to the `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nAdd (or replace) a single dist-tag onto the named package.\n\n### client.distTags.set(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSet all of the `dist-tags` for the named package at once, creating any\n`dist-tags` that do not already exit. Any `dist-tags` not included in the\n`distTags` map will be removed.\n\n### client.distTags.update(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nUpdate the values of multiple `dist-tags`, creating any `dist-tags` that do\nnot already exist. Any pre-existing `dist-tags` not included in the `distTags`\nmap will be left alone.\n\n### client.distTags.rm(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a single `dist-tag` from the named package.\n\n### client.get(uri, params, cb)\n\n* `uri` {String} The complete registry URI to fetch\n* `params` {Object} Object containing per-request properties.\n  * `timeout` {Number} Duration before the request times out. Optional\n    (default: never).\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `staleOk` {Boolean} If there's cached data available, then return that to\n    the callback quickly, and update the cache the background. Optional\n    (default: false).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetches data from the registry via a GET request, saving it in the cache folder\nwith the ETag or the \"Last Modified\" timestamp.\n\n### client.publish(uri, params, cb)\n\n* `uri` {String} The registry URI for the package to publish.\n* `params` {Object} Object containing per-request properties.\n  * `metadata` {Object} Package metadata.\n  * `access` {String} Access for the package. Can be `public` or `restricted` (no default).\n  * `body` {Stream} Stream of the package body / tarball.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.\n\n### client.star(uri, params, cb)\n\n* `uri` {String} The complete registry URI for the package to star.\n* `params` {Object} Object containing per-request properties.\n  * `starred` {Boolean} True to star the package, false to unstar it. Optional\n    (default: false).\n  * `auth` {Credentials}\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or unstar a\npackage, though other writes do require that the user be the package owner.\n\n### client.stars(uri, params, cb)\n\n* `uri` {String} The base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `username` {String} Name of user to fetch starred packages for. Optional\n    (default: user in `auth`).\n  * `auth` {Credentials} Optional (required if `username` is omitted).\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n### client.tag(uri, params, cb)\n\n* `uri` {String} The complete registry URI to tag\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Version to tag.\n  * `tag` {String} Tag name to apply.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag` will fetch the\nspecified version.\n\n### client.unpublish(uri, params, cb)\n\n* `uri` {String} The complete registry URI of the package to unpublish.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} version to unpublish. Optional – omit to unpublish all\n    versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When the\nlast version us unpublished, the entire document is removed from the database.\n\n### client.whoami(uri, params, cb)\n\n* `uri` {String} The base registry for the URI.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSimple call to see who the registry thinks you are. Especially useful with\ntoken-based auth.\n\n\n## PLUMBING\n\nThe below are primarily intended for use by the rest of the API, or by the npm\ncaching logic directly.\n\n### client.request(uri, params, cb)\n\n* `uri` {String} URI pointing to the resource to request.\n* `params` {Object} Object containing per-request properties.\n  * `method` {String} HTTP method. Optional (default: \"GET\").\n  * `body` {Stream | Buffer | String | Object} The request body.  Objects\n    that are not Buffers or Streams are encoded as JSON. Optional – body\n    only used for write operations.\n  * `etag` {String} The cached ETag. Optional.\n  * `lastModified` {String} The cached Last-Modified timestamp. Optional.\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a generic request to the registry. All the other methods are wrappers\naround `client.request`.\n\n### client.fetch(uri, params, cb)\n\n* `uri` {String} The complete registry URI to upload to\n* `params` {Object} Object containing per-request properties.\n  * `headers` {Stream} HTTP headers to be included with the request. Optional.\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetch a package from a URL, with auth set appropriately if included. Used to\ncache remote tarballs as well as request package tarballs from the registry.\n\n# Configuration\n\nThe client uses its own configuration, which is just passed in as a simple\nnested object. The following are the supported values (with their defaults, if\nany):\n\n* `proxy.http` {URL} The URL to proxy HTTP requests through.\n* `proxy.https` {URL} The URL to proxy HTTPS requests through. Defaults to be\n  the same as `proxy.http` if unset.\n* `proxy.localAddress` {IP} The local address to use on multi-homed systems.\n* `ssl.ca` {String} Certificate signing authority certificates to trust.\n* `ssl.certificate` {String} Client certificate (PEM encoded). Enable access\n  to servers that require client certificates.\n* `ssl.key` {String} Private key (PEM encoded) for client certificate.\n* `ssl.strict` {Boolean} Whether or not to be strict with SSL certificates.\n  Default = `true`\n* `retry.count` {Number} Number of times to retry on GET failures. Default = 2.\n* `retry.factor` {Number} `factor` setting for `node-retry`. Default = 10.\n* `retry.minTimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default = 10000 (10 seconds)\n* `retry.maxTimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default = 60000 (60 seconds)\n* `userAgent` {String} User agent header to send. Default =\n  `\"node/{process.version}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `defaultTag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `couchToken` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login).\n* `sessionToken` {string} A random identifier for this set of client requests.\n  Default = 8 random hexadecimal bytes.\n",
   "readmeFilename": "README.md",
-  "gitHead": "b22f38992087e57f263c269dcd52ff290565d401",
   "bugs": {
     "url": "https://github.com/isaacs/npm-registry-client/issues"
   },
   "homepage": "https://github.com/isaacs/npm-registry-client",
-  "_id": "npm-registry-client@5.0.0",
-  "_shasum": "0425db2fc3dcd322e74fe95029d2c49a41e4b6cf",
-  "_from": "npm-registry-client@>=5.0.0 <5.1.0"
+  "_id": "npm-registry-client@6.0.3",
+  "_shasum": "ae19f33b1cd6b4f5e81b7614bde7b97393c57cdc",
+  "_from": "npm-registry-client@>=6.0.3 <6.1.0"
 }
diff --git a/deps/npm/node_modules/npm-registry-client/test/access.js b/deps/npm/node_modules/npm-registry-client/test/access.js
new file mode 100644
index 0000000000..52ecdda4a4
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/access.js
@@ -0,0 +1,96 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var URI = "http://localhost:1337/-/package/underscore/access"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var LEVEL = "public"
+var PARAMS = {
+  level : LEVEL,
+  auth : AUTH
+}
+
+test("access call contract", function (t) {
+  t.throws(function () {
+    client.access(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.access([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.access(URI, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.access(URI, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.access(URI, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.access(URI, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        auth : AUTH
+      }
+      client.access(URI, params, nop)
+    },
+    { name : "AssertionError", message : "must pass level to access" },
+    "access must include level"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        level : LEVEL
+      }
+      client.access(URI, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to access" },
+    "access must include auth"
+  )
+
+  t.end()
+})
+
+test("set access level on a package", function (t) {
+  server.expect("POST", "/-/package/underscore/access", function (req, res) {
+    t.equal(req.method, "POST")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      var updated = JSON.parse(b)
+
+      t.deepEqual(updated, { access : "public" })
+
+      res.statusCode = 201
+      res.json({accessChanged : true})
+    })
+  })
+
+  client.access(URI, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.ok(data.accessChanged, "access level set")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/dist-tags-add.js b/deps/npm/node_modules/npm-registry-client/test/dist-tags-add.js
new file mode 100644
index 0000000000..a215c67d93
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/dist-tags-add.js
@@ -0,0 +1,141 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var BASE_URL = "http://localhost:1337/"
+var URI = "/-/package/underscore/dist-tags/test"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var PACKAGE = "underscore"
+var DIST_TAG = "test"
+var VERSION = "3.1.3"
+var PARAMS = {
+  package : PACKAGE,
+  distTag : DIST_TAG,
+  version : VERSION,
+  auth : AUTH
+}
+
+test("distTags.add call contract", function (t) {
+  t.throws(function () {
+    client.distTags.add(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.distTags.add([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.distTags.add(BASE_URL, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.distTags.add(BASE_URL, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.distTags.add(BASE_URL, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.distTags.add(BASE_URL, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        distTag : DIST_TAG,
+        version : VERSION,
+        auth : AUTH
+      }
+      client.distTags.add(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package name to distTags.add"
+    },
+    "distTags.add must include package name"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        version : VERSION,
+        auth : AUTH
+      }
+      client.distTags.add(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package distTag name to distTags.add"
+    },
+    "distTags.add must include dist-tag"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        distTag : DIST_TAG,
+        auth : AUTH
+      }
+      client.distTags.add(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass version to be mapped to distTag to distTags.add"
+    },
+    "distTags.add must include version"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        distTag : DIST_TAG,
+        version : VERSION
+      }
+      client.distTags.add(BASE_URL, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to distTags.add" },
+    "distTags.add must include auth"
+  )
+
+  t.end()
+})
+
+test("add a new dist-tag to a package", function (t) {
+  server.expect("PUT", URI, function (req, res) {
+    t.equal(req.method, "PUT")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      t.doesNotThrow(function () {
+        var parsed = JSON.parse(b)
+        t.deepEqual(parsed, VERSION)
+
+        res.statusCode = 200
+        res.json({ "test" : VERSION })
+      }, "got valid JSON from client")
+    })
+  })
+
+  client.distTags.add(BASE_URL, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.ok(data.test, "dist-tag added")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/dist-tags-fetch.js b/deps/npm/node_modules/npm-registry-client/test/dist-tags-fetch.js
new file mode 100644
index 0000000000..c108b6b392
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/dist-tags-fetch.js
@@ -0,0 +1,98 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var BASE_URL = "http://localhost:1337/"
+var URI = "/-/package/underscore/dist-tags"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var PACKAGE = "underscore"
+var PARAMS = {
+  package : PACKAGE,
+  auth : AUTH
+}
+
+test("distTags.fetch call contract", function (t) {
+  t.throws(function () {
+    client.distTags.fetch(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.distTags.fetch([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.distTags.fetch(BASE_URL, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.distTags.fetch(BASE_URL, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.distTags.fetch(BASE_URL, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.distTags.fetch(BASE_URL, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        auth : AUTH
+      }
+      client.distTags.fetch(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package name to distTags.fetch"
+    },
+    "distTags.fetch must include package name"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE
+      }
+      client.distTags.fetch(BASE_URL, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to distTags.fetch" },
+    "distTags.fetch must include auth"
+  )
+
+  t.end()
+})
+
+test("fetch dist-tags for a package", function (t) {
+  server.expect("GET", URI, function (req, res) {
+    t.equal(req.method, "GET")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      t.notOk(b, "no request body")
+
+      res.statusCode = 200
+      res.json({ a : "1.0.0", b : "2.0.0", _etag : "xxx" })
+    })
+  })
+
+  client.distTags.fetch(BASE_URL, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.same(data, { a : "1.0.0", b : "2.0.0" }, "etag filtered from response")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/dist-tags-rm.js b/deps/npm/node_modules/npm-registry-client/test/dist-tags-rm.js
new file mode 100644
index 0000000000..6268a06aaa
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/dist-tags-rm.js
@@ -0,0 +1,117 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var BASE_URL = "http://localhost:1337/"
+var URI = "/-/package/underscore/dist-tags/test"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var PACKAGE = "underscore"
+var DIST_TAG = "test"
+var PARAMS = {
+  package : PACKAGE,
+  distTag : DIST_TAG,
+  auth : AUTH
+}
+
+test("distTags.rm call contract", function (t) {
+  t.throws(function () {
+    client.distTags.rm(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.distTags.rm([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.distTags.rm(BASE_URL, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.distTags.rm(BASE_URL, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.distTags.rm(BASE_URL, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.distTags.rm(BASE_URL, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        distTag : DIST_TAG,
+        auth : AUTH
+      }
+      client.distTags.rm(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package name to distTags.rm"
+    },
+    "distTags.rm must include package name"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        auth : AUTH
+      }
+      client.distTags.rm(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package distTag name to distTags.rm"
+    },
+    "distTags.rm must include dist-tag"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        distTag : DIST_TAG
+      }
+      client.distTags.rm(BASE_URL, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to distTags.rm" },
+    "distTags.rm must include auth"
+  )
+
+  t.end()
+})
+
+test("remove a dist-tag from a package", function (t) {
+  server.expect("DELETE", URI, function (req, res) {
+    t.equal(req.method, "DELETE")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      t.notOk(b, "got no message body")
+
+      res.statusCode = 200
+      res.json({})
+    })
+  })
+
+  client.distTags.rm(BASE_URL, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.notOk(data.test, "dist-tag removed")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/dist-tags-set.js b/deps/npm/node_modules/npm-registry-client/test/dist-tags-set.js
new file mode 100644
index 0000000000..ff5591dbd2
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/dist-tags-set.js
@@ -0,0 +1,121 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var BASE_URL = "http://localhost:1337/"
+var URI = "/-/package/underscore/dist-tags"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var PACKAGE = "underscore"
+var DIST_TAGS = {
+  "a" : "8.0.8",
+  "b" : "3.0.3"
+}
+var PARAMS = {
+  package : PACKAGE,
+  distTags : DIST_TAGS,
+  auth : AUTH
+}
+
+test("distTags.set call contract", function (t) {
+  t.throws(function () {
+    client.distTags.set(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.distTags.set([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.distTags.set(BASE_URL, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.distTags.set(BASE_URL, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.distTags.set(BASE_URL, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.distTags.set(BASE_URL, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        distTags : DIST_TAGS,
+        auth : AUTH
+      }
+      client.distTags.set(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package name to distTags.set"
+    },
+    "distTags.set must include package name"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        auth : AUTH
+      }
+      client.distTags.set(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass distTags map to distTags.set"
+    },
+    "distTags.set must include dist-tags"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        distTags : DIST_TAGS
+      }
+      client.distTags.set(BASE_URL, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to distTags.set" },
+    "distTags.set must include auth"
+  )
+
+  t.end()
+})
+
+test("set dist-tags for a package", function (t) {
+  server.expect("PUT", URI, function (req, res) {
+    t.equal(req.method, "PUT")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      var d = JSON.parse(b)
+      t.deepEqual(d, DIST_TAGS, "got back tags")
+
+      res.statusCode = 200
+      res.json(DIST_TAGS)
+    })
+  })
+
+  client.distTags.set(BASE_URL, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.ok(data.a && data.b, "dist-tags set")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/dist-tags-update.js b/deps/npm/node_modules/npm-registry-client/test/dist-tags-update.js
new file mode 100644
index 0000000000..7c29e1114d
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/dist-tags-update.js
@@ -0,0 +1,121 @@
+var test = require("tap").test
+
+var server = require("./lib/server.js")
+var common = require("./lib/common.js")
+var client = common.freshClient()
+
+function nop() {}
+
+var BASE_URL = "http://localhost:1337/"
+var URI = "/-/package/underscore/dist-tags"
+var TOKEN = "foo"
+var AUTH = {
+  token : TOKEN
+}
+var PACKAGE = "underscore"
+var DIST_TAGS = {
+  "a" : "8.0.8",
+  "b" : "3.0.3"
+}
+var PARAMS = {
+  package : PACKAGE,
+  distTags : DIST_TAGS,
+  auth : AUTH
+}
+
+test("distTags.update call contract", function (t) {
+  t.throws(function () {
+    client.distTags.update(undefined, AUTH, nop)
+  }, "requires a URI")
+
+  t.throws(function () {
+    client.distTags.update([], PARAMS, nop)
+  }, "requires URI to be a string")
+
+  t.throws(function () {
+    client.distTags.update(BASE_URL, undefined, nop)
+  }, "requires params object")
+
+  t.throws(function () {
+    client.distTags.update(BASE_URL, "", nop)
+  }, "params must be object")
+
+  t.throws(function () {
+    client.distTags.update(BASE_URL, PARAMS, undefined)
+  }, "requires callback")
+
+  t.throws(function () {
+    client.distTags.update(BASE_URL, PARAMS, "callback")
+  }, "callback must be function")
+
+  t.throws(
+    function () {
+      var params = {
+        distTags : DIST_TAGS,
+        auth : AUTH
+      }
+      client.distTags.update(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass package name to distTags.update"
+    },
+    "distTags.update must include package name"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        auth : AUTH
+      }
+      client.distTags.update(BASE_URL, params, nop)
+    },
+    {
+      name : "AssertionError",
+      message : "must pass distTags map to distTags.update"
+    },
+    "distTags.update must include dist-tags"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        package : PACKAGE,
+        distTags : DIST_TAGS
+      }
+      client.distTags.update(BASE_URL, params, nop)
+    },
+    { name : "AssertionError", message : "must pass auth to distTags.update" },
+    "distTags.update must include auth"
+  )
+
+  t.end()
+})
+
+test("update dist-tags for a package", function (t) {
+  server.expect("POST", URI, function (req, res) {
+    t.equal(req.method, "POST")
+
+    var b = ""
+    req.setEncoding("utf8")
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      var d = JSON.parse(b)
+      t.deepEqual(d, DIST_TAGS, "got back tags")
+
+      res.statusCode = 200
+      res.json(DIST_TAGS)
+    })
+  })
+
+  client.distTags.update(BASE_URL, PARAMS, function (error, data) {
+    t.ifError(error, "no errors")
+    t.ok(data.a && data.b, "dist-tags set")
+
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-again-scoped.js b/deps/npm/node_modules/npm-registry-client/test/publish-again-scoped.js
index 10b1275053..b9d9a24d66 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish-again-scoped.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-again-scoped.js
@@ -78,6 +78,7 @@ tap.test("publish again", function (t) {
 
   var params = {
     metadata : pkg,
+    access : "restricted",
     body : tarball,
     auth : auth
   }
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-again.js b/deps/npm/node_modules/npm-registry-client/test/publish-again.js
index 9c547ca010..f5da5b2435 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish-again.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-again.js
@@ -76,6 +76,7 @@ tap.test("publish again", function (t) {
 
   var params = {
     metadata : pkg,
+    access : "public",
     body : tarball,
     auth : auth
   }
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-failed-no-message.js b/deps/npm/node_modules/npm-registry-client/test/publish-failed-no-message.js
index cce6fcbc7d..50b3f93493 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish-failed-no-message.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-failed-no-message.js
@@ -12,6 +12,7 @@ var USERNAME  = "username"
 var PASSWORD  = "%1234@asdf%"
 var EMAIL     = "i@izs.me"
 var METADATA  = require("../package.json")
+var ACCESS    = "public"
 // not really a tarball, but doesn't matter
 var BODY_PATH = require.resolve("../package.json")
 var BODY      = createReadStream(BODY_PATH, "base64")
@@ -22,6 +23,7 @@ var AUTH      = {
 }
 var PARAMS  = {
   metadata : METADATA,
+  access   : ACCESS,
   body     : BODY,
   auth     : AUTH
 }
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-scoped-auth-token.js b/deps/npm/node_modules/npm-registry-client/test/publish-scoped-auth-token.js
index 70ff1e93f1..203c800048 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish-scoped-auth-token.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-scoped-auth-token.js
@@ -44,6 +44,7 @@ tap.test("publish", function (t) {
 
   var params = {
     metadata : pkg,
+    access : "restricted",
     body : tarball,
     auth : auth
   }
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-scoped.js b/deps/npm/node_modules/npm-registry-client/test/publish-scoped.js
index b21e33f417..6bb48617df 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish-scoped.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-scoped.js
@@ -51,6 +51,7 @@ tap.test("publish", function (t) {
 
   var params = {
     metadata : pkg,
+    access : "restricted",
     body : tarball,
     auth : auth
   }
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish.js b/deps/npm/node_modules/npm-registry-client/test/publish.js
index 9292a94c7a..40bfdf2bbc 100644
--- a/deps/npm/node_modules/npm-registry-client/test/publish.js
+++ b/deps/npm/node_modules/npm-registry-client/test/publish.js
@@ -13,6 +13,7 @@ var USERNAME  = "username"
 var PASSWORD  = "%1234@asdf%"
 var EMAIL     = "i@izs.me"
 var METADATA  = require("../package.json")
+var ACCESS    = "public"
 // not really a tarball, but doesn't matter
 var BODY_PATH = require.resolve("../package.json")
 var BODY      = fs.createReadStream(BODY_PATH, "base64")
@@ -23,6 +24,7 @@ var AUTH      = {
 }
 var PARAMS  = {
   metadata : METADATA,
+  access   : ACCESS,
   body     : BODY,
   auth     : AUTH
 }
@@ -55,6 +57,7 @@ test("publish call contract", function (t) {
   t.throws(
     function () {
       var params = {
+        access : ACCESS,
         body : BODY,
         auth : AUTH
       }
@@ -68,6 +71,20 @@ test("publish call contract", function (t) {
     function () {
       var params = {
         metadata : METADATA,
+        body : BODY,
+        auth : AUTH
+      }
+      client.publish(URI, params, nop)
+    },
+    { name : "AssertionError", message : "must pass access for package" },
+    "params must include access for package"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        metadata : METADATA,
+        access : ACCESS,
         auth : AUTH
       }
       client.publish(URI, params, nop)
@@ -80,6 +97,7 @@ test("publish call contract", function (t) {
     function () {
       var params = {
         metadata : METADATA,
+        access : ACCESS,
         body : BODY
       }
       client.publish(URI, params, nop)
@@ -92,6 +110,7 @@ test("publish call contract", function (t) {
     function () {
       var params = {
         metadata : -1,
+        access : ACCESS,
         body : BODY,
         auth : AUTH
       }
@@ -105,6 +124,24 @@ test("publish call contract", function (t) {
     function () {
       var params = {
         metadata : METADATA,
+        access : "hamchunx",
+        body : BODY,
+        auth : AUTH
+      }
+      client.publish(URI, params, nop)
+    },
+    {
+      name    : "AssertionError",
+      message : "access level must be either 'public' or 'restricted'"
+    },
+    "access level must be 'public' or 'restricted'"
+  )
+
+  t.throws(
+    function () {
+      var params = {
+        metadata : METADATA,
+        access : ACCESS,
         body : -1,
         auth : AUTH
       }
@@ -122,6 +159,7 @@ test("publish call contract", function (t) {
     metadata.version = "%!@#$"
     var params = {
       metadata : metadata,
+      access : ACCESS,
       message : BODY,
       auth : AUTH
     }
@@ -153,6 +191,7 @@ test("publish", function (t) {
       var o = JSON.parse(b)
       t.equal(o._id, "npm-registry-client")
       t.equal(o["dist-tags"].latest, METADATA.version)
+      t.equal(o.access, ACCESS)
       t.has(o.versions[METADATA.version], METADATA)
       t.same(o.maintainers, [{ name : "username", email : "i@izs.me" }])
       t.same(o.maintainers, o.versions[METADATA.version].maintainers)
diff --git a/deps/npm/node_modules/npm-registry-client/test/tag.js b/deps/npm/node_modules/npm-registry-client/test/tag.js
index 687df5d7d5..4116586ee3 100644
--- a/deps/npm/node_modules/npm-registry-client/test/tag.js
+++ b/deps/npm/node_modules/npm-registry-client/test/tag.js
@@ -57,7 +57,7 @@ test("tag call contract", function (t) {
       client.tag(URI, params, nop)
     },
     { name : "AssertionError", message : "must pass version to tag" },
-    "auth must include username"
+    "tag must include version"
   )
 
   t.throws(
@@ -69,7 +69,7 @@ test("tag call contract", function (t) {
       client.tag(URI, params, nop)
     },
     { name : "AssertionError", message : "must pass tag name to tag" },
-    "auth must include username"
+    "tag must include name"
   )
 
   t.throws(
@@ -81,7 +81,7 @@ test("tag call contract", function (t) {
       client.tag(URI, params, nop)
     },
     { name : "AssertionError", message : "must pass auth to tag" },
-    "auth must include username"
+    "params must include auth"
   )
 
   t.end()
diff --git a/deps/npm/node_modules/npm-registry-client/test/whoami.js b/deps/npm/node_modules/npm-registry-client/test/whoami.js
index ccb173a09c..21b70e82fa 100644
--- a/deps/npm/node_modules/npm-registry-client/test/whoami.js
+++ b/deps/npm/node_modules/npm-registry-client/test/whoami.js
@@ -49,10 +49,13 @@ test("whoami call contract", function (t) {
 })
 
 test("whoami", function (t) {
-  server.expect("GET", "/whoami", function (req, res) {
+  server.expect("GET", "/-/whoami", function (req, res) {
     t.equal(req.method, "GET")
     // only available for token-based auth for now
-    t.equal(req.headers.authorization, "Bearer not-bad-meaning-bad-but-bad-meaning-wombat")
+    t.equal(
+      req.headers.authorization,
+      "Bearer not-bad-meaning-bad-but-bad-meaning-wombat"
+    )
 
     res.json({username : WHOIAM})
   })
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 9717becdce..d33c16f6c7 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.3.0",
+  "version": "2.4.1",
   "name": "npm",
   "description": "A package manager for node",
   "keywords": [
@@ -58,7 +58,7 @@
     "inflight": "~1.0.4",
     "inherits": "~2.0.1",
     "ini": "~1.3.2",
-    "init-package-json": "~1.1.3",
+    "init-package-json": "~1.2.0",
     "lockfile": "~1.0.0",
     "lru-cache": "~2.5.0",
     "minimatch": "~2.0.1",
@@ -70,7 +70,7 @@
     "npm-cache-filename": "~1.0.1",
     "npm-install-checks": "~1.0.5",
     "npm-package-arg": "~2.1.3",
-    "npm-registry-client": "~5.0.0",
+    "npm-registry-client": "~6.0.3",
     "npm-user-validate": "~0.1.1",
     "npmlog": "~0.1.1",
     "once": "~1.3.1",
diff --git a/deps/npm/test/tap/access.js b/deps/npm/test/tap/access.js
new file mode 100644
index 0000000000..909fdf01a8
--- /dev/null
+++ b/deps/npm/test/tap/access.js
@@ -0,0 +1,91 @@
+var fs = require("fs")
+var path = require("path")
+var mkdirp = require("mkdirp")
+var rimraf = require("rimraf")
+var mr = require("npm-registry-mock")
+
+var test = require("tap").test
+var common = require("../common-tap.js")
+
+var pkg = path.resolve(__dirname, "access")
+var server
+
+var scoped = {
+  name : "@scoped/pkg",
+  version : "1.1.1"
+}
+
+var body = {
+  access : "public"
+}
+
+function mocks (server) {
+  server.post("/-/package/@scoped%2fpkg/access", JSON.stringify(body))
+    .reply(200, { "access" : "public" })
+  server.post("/-/package/@scoped%2fanother/access", JSON.stringify(body))
+    .reply(200, { "access" : "public" })
+}
+
+test("setup", function (t) {
+  mkdirp(pkg, function (er) {
+    t.ifError(er, pkg + " made successfully")
+
+    mr({port : common.port, mocks : mocks}, function (s) {
+      server = s
+
+      fs.writeFile(
+        path.join(pkg, "package.json"),
+        JSON.stringify(scoped),
+        function (er) {
+          t.ifError(er, "wrote package.json")
+          t.end()
+        }
+      )
+    })
+  })
+})
+
+test("npm access on current package", function (t) {
+  common.npm(
+    [
+      "access",
+      "public",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+
+      t.end()
+    }
+  )
+})
+
+test("npm access on named package", function (t) {
+  common.npm(
+    [
+      "access",
+      "public", "@scoped/another",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+
+      t.end()
+    }
+  )
+})
+
+test("cleanup", function (t) {
+  t.pass("cleaned up")
+  rimraf.sync(pkg)
+  server.close()
+  t.end()
+})
diff --git a/deps/npm/test/tap/dist-tag.js b/deps/npm/test/tap/dist-tag.js
new file mode 100644
index 0000000000..9686f9d8a5
--- /dev/null
+++ b/deps/npm/test/tap/dist-tag.js
@@ -0,0 +1,195 @@
+var fs = require("fs")
+var path = require("path")
+var mkdirp = require("mkdirp")
+var rimraf = require("rimraf")
+var mr = require("npm-registry-mock")
+
+var test = require("tap").test
+var common = require("../common-tap.js")
+
+var pkg = path.resolve(__dirname, "dist-tag")
+var server
+
+var scoped = {
+  name : "@scoped/pkg",
+  version : "1.1.1"
+}
+
+function mocks (server) {
+  // ls current package
+  server.get("/-/package/@scoped%2fpkg/dist-tags")
+    .reply(200, { latest : "1.0.0", a : "0.0.1", b : "0.5.0" })
+
+  // ls named package
+  server.get("/-/package/@scoped%2fanother/dist-tags")
+    .reply(200, { latest : "2.0.0", a : "0.0.2", b : "0.6.0" })
+
+  // add c
+  server.get("/-/package/@scoped%2fanother/dist-tags")
+    .reply(200, { latest : "2.0.0", a : "0.0.2", b : "0.6.0" })
+  server.put("/-/package/@scoped%2fanother/dist-tags/c", "\"7.7.7\"")
+    .reply(200, { latest : "7.7.7", a : "0.0.2", b : "0.6.0", c : "7.7.7" })
+
+  // set same version
+  server.get("/-/package/@scoped%2fanother/dist-tags")
+    .reply(200, { latest : "2.0.0", b : "0.6.0" })
+
+  // rm
+  server.get("/-/package/@scoped%2fanother/dist-tags")
+    .reply(200, { latest : "2.0.0", a : "0.0.2", b : "0.6.0", c : "7.7.7" })
+  server.delete("/-/package/@scoped%2fanother/dist-tags/c")
+    .reply(200, { c : "7.7.7" })
+
+  // rm
+  server.get("/-/package/@scoped%2fanother/dist-tags")
+    .reply(200, { latest : "4.0.0" })
+}
+
+test("setup", function (t) {
+  mkdirp(pkg, function (er) {
+    t.ifError(er, pkg + " made successfully")
+
+    mr({port : common.port, mocks : mocks}, function (s) {
+      server = s
+
+      fs.writeFile(
+        path.join(pkg, "package.json"),
+        JSON.stringify(scoped),
+        function (er) {
+          t.ifError(er, "wrote package.json")
+          t.end()
+        }
+      )
+    })
+  })
+})
+
+test("npm dist-tags ls in current package", function (t) {
+  common.npm(
+    [
+      "dist-tags", "ls",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+      t.equal(stdout, "a: 0.0.1\nb: 0.5.0\nlatest: 1.0.0\n")
+
+      t.end()
+    }
+  )
+})
+
+test("npm dist-tags ls on named package", function (t) {
+  common.npm(
+    [
+      "dist-tags",
+      "ls", "@scoped/another",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+      t.equal(stdout, "a: 0.0.2\nb: 0.6.0\nlatest: 2.0.0\n")
+
+      t.end()
+    }
+  )
+})
+
+test("npm dist-tags add @scoped/another@7.7.7 c", function (t) {
+  common.npm(
+    [
+      "dist-tags",
+      "add", "@scoped/another@7.7.7", "c",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+      t.equal(stdout, "+c: @scoped/another@7.7.7\n")
+
+      t.end()
+    }
+  )
+})
+
+test("npm dist-tags set same version", function (t) {
+  common.npm(
+    [
+      "dist-tag",
+      "set", "@scoped/another@0.6.0", "b",
+      "--registry", common.registry,
+      "--loglevel", "warn"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.equal(
+        stderr,
+        "npm WARN dist-tag add b is already set to version 0.6.0\n",
+        "warned about setting same version"
+      )
+      t.notOk(stdout, "only expecting warning message")
+
+      t.end()
+    }
+  )
+})
+
+test("npm dist-tags rm @scoped/another c", function (t) {
+  common.npm(
+    [
+      "dist-tags",
+      "rm", "@scoped/another", "c",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm access")
+      t.notOk(code, "exited OK")
+      t.notOk(stderr, "no error output")
+      t.equal(stdout, "-c: @scoped/another@7.7.7\n")
+
+      t.end()
+    }
+  )
+})
+
+test("npm dist-tags rm @scoped/another nonexistent", function (t) {
+  common.npm(
+    [
+      "dist-tags",
+      "rm", "@scoped/another", "nonexistent",
+      "--registry", common.registry,
+      "--loglevel", "silent"
+    ],
+    { cwd : pkg },
+    function (er, code, stdout, stderr) {
+      t.ifError(er, "npm dist-tag")
+      t.ok(code, "expecting nonzero exit code")
+      t.notOk(stderr, "no error output")
+      t.notOk(stdout, "not expecting output")
+
+      t.end()
+    }
+  )
+})
+
+test("cleanup", function (t) {
+  t.pass("cleaned up")
+  rimraf.sync(pkg)
+  server.close()
+  t.end()
+})
diff --git a/deps/npm/test/tap/owner.js b/deps/npm/test/tap/owner.js
index 47dc255d87..f634aaf717 100644
--- a/deps/npm/test/tap/owner.js
+++ b/deps/npm/test/tap/owner.js
@@ -53,6 +53,8 @@ function mocks (server) {
     .reply(200, {_id:"underscore",_rev:2,maintainers:[jashkenas,othiym23]})
 
   // test 4
+  server.get("/underscore")
+    .reply(200, {_id:"underscore",_rev:2,maintainers:[jashkenas,othiym23]})
   server.put(
     "/underscore/-rev/2",
     {_id:"underscore",_rev:2,maintainers:[jashkenas]},
diff --git a/deps/npm/test/tap/publish-access-scoped.js b/deps/npm/test/tap/publish-access-scoped.js
new file mode 100644
index 0000000000..d4d59c143d
--- /dev/null
+++ b/deps/npm/test/tap/publish-access-scoped.js
@@ -0,0 +1,83 @@
+var fs = require("fs")
+var path = require("path")
+
+var test = require("tap").test
+var mkdirp = require("mkdirp")
+var rimraf = require("rimraf")
+var nock = require("nock")
+
+var npm = require("../../")
+var common = require("../common-tap.js")
+
+var pkg = path.join(__dirname, "publish-access")
+
+// TODO: nock uses setImmediate, breaks 0.8: replace with mockRegistry
+if (!global.setImmediate) {
+  global.setImmediate = function () {
+    var args = [arguments[0], 0].concat([].slice.call(arguments, 1))
+    setTimeout.apply(this, args)
+  }
+}
+
+test("setup", function (t) {
+  mkdirp(path.join(pkg, "cache"), function () {
+    var configuration = {
+      cache    : path.join(pkg, "cache"),
+      loglevel : "silent",
+      registry : common.registry
+    }
+
+    npm.load(configuration, next)
+  })
+
+  function next (er) {
+    t.ifError(er, "npm loaded successfully")
+
+    process.chdir(pkg)
+    fs.writeFile(
+      path.join(pkg, "package.json"),
+      JSON.stringify({
+        name: "@bigco/publish-access",
+        version: "1.2.5"
+      }),
+      "ascii",
+      function (er) {
+        t.ifError(er)
+
+        t.pass("setup done")
+        t.end()
+      }
+    )
+  }
+})
+
+test("scoped packages should default to restricted access", function (t) {
+  var put = nock(common.registry)
+              .put("/@bigco%2fpublish-access")
+              .reply(201, verify)
+
+  npm.commands.publish([], false, function (er) {
+    t.ifError(er, "published without error")
+
+    put.done()
+    t.end()
+  })
+
+  function verify (_, body) {
+    t.doesNotThrow(function () {
+      var parsed = JSON.parse(body)
+      t.equal(parsed.access, "restricted", "access level is correct")
+    }, "converted body back into object")
+
+    return {ok: true}
+  }
+})
+
+test("cleanup", function (t) {
+  process.chdir(__dirname)
+  rimraf(pkg, function (er) {
+    t.ifError(er)
+
+    t.end()
+  })
+})
diff --git a/deps/npm/test/tap/publish-access-unscoped.js b/deps/npm/test/tap/publish-access-unscoped.js
new file mode 100644
index 0000000000..a4cdcc2315
--- /dev/null
+++ b/deps/npm/test/tap/publish-access-unscoped.js
@@ -0,0 +1,83 @@
+var fs = require("fs")
+var path = require("path")
+
+var test = require("tap").test
+var mkdirp = require("mkdirp")
+var rimraf = require("rimraf")
+var nock = require("nock")
+
+var npm = require("../../")
+var common = require("../common-tap.js")
+
+var pkg = path.join(__dirname, "publish-access-unscoped")
+
+// TODO: nock uses setImmediate, breaks 0.8: replace with mockRegistry
+if (!global.setImmediate) {
+  global.setImmediate = function () {
+    var args = [arguments[0], 0].concat([].slice.call(arguments, 1))
+    setTimeout.apply(this, args)
+  }
+}
+
+test("setup", function (t) {
+  mkdirp(path.join(pkg, "cache"), function () {
+    var configuration = {
+      cache    : path.join(pkg, "cache"),
+      loglevel : "silent",
+      registry : common.registry
+    }
+
+    npm.load(configuration, next)
+  })
+
+  function next (er) {
+    t.ifError(er, "npm loaded successfully")
+
+    process.chdir(pkg)
+    fs.writeFile(
+      path.join(pkg, "package.json"),
+      JSON.stringify({
+        name: "publish-access",
+        version: "1.2.5"
+      }),
+      "ascii",
+      function (er) {
+        t.ifError(er)
+
+        t.pass("setup done")
+        t.end()
+      }
+    )
+  }
+})
+
+test("scoped packages should default to restricted access", function (t) {
+  var put = nock(common.registry)
+              .put("/publish-access")
+              .reply(201, verify)
+
+  npm.commands.publish([], false, function (er) {
+    t.ifError(er, "published without error")
+
+    put.done()
+    t.end()
+  })
+
+  function verify (_, body) {
+    t.doesNotThrow(function () {
+      var parsed = JSON.parse(body)
+      t.equal(parsed.access, "public", "access level is correct")
+    }, "converted body back into object")
+
+    return {ok: true}
+  }
+})
+
+test("cleanup", function (t) {
+  process.chdir(__dirname)
+  rimraf(pkg, function (er) {
+    t.ifError(er)
+
+    t.end()
+  })
+})