diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpm/node_modules/make-fetch-happen/CHANGELOG.md
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/CHANGELOG.md
rename to node_modules/libnpm/node_modules/make-fetch-happen/CHANGELOG.md
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpm/node_modules/make-fetch-happen/LICENSE
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/LICENSE
rename to node_modules/libnpm/node_modules/make-fetch-happen/LICENSE
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/README.md b/node_modules/libnpm/node_modules/make-fetch-happen/README.md
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/README.md
rename to node_modules/libnpm/node_modules/make-fetch-happen/README.md
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/agent.js b/node_modules/libnpm/node_modules/make-fetch-happen/agent.js
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/agent.js
rename to node_modules/libnpm/node_modules/make-fetch-happen/agent.js
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/cache.js b/node_modules/libnpm/node_modules/make-fetch-happen/cache.js
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/cache.js
rename to node_modules/libnpm/node_modules/make-fetch-happen/cache.js
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/index.js b/node_modules/libnpm/node_modules/make-fetch-happen/index.js
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/index.js
rename to node_modules/libnpm/node_modules/make-fetch-happen/index.js
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json b/node_modules/libnpm/node_modules/make-fetch-happen/package.json
similarity index 94%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json
rename to node_modules/libnpm/node_modules/make-fetch-happen/package.json
index 0f5adaa3476c9..e01e060f231e2 100644
--- a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/package.json
+++ b/node_modules/libnpm/node_modules/make-fetch-happen/package.json
@@ -3,7 +3,7 @@
"_id": "make-fetch-happen@4.0.2",
"_inBundle": false,
"_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
- "_location": "/npm-registry-fetch/make-fetch-happen",
+ "_location": "/libnpm/make-fetch-happen",
"_phantomChildren": {},
"_requested": {
"type": "range",
@@ -16,12 +16,12 @@
"fetchSpec": "^4.0.2"
},
"_requiredBy": [
- "/npm-registry-fetch"
+ "/libnpm/npm-registry-fetch"
],
"_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
"_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
"_spec": "make-fetch-happen@^4.0.2",
- "_where": "/Users/isaacs/dev/npm/cli/node_modules/npm-registry-fetch",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm/node_modules/npm-registry-fetch",
"author": {
"name": "Kat Marchán",
"email": "kzm@zkat.tech"
diff --git a/node_modules/npm-registry-fetch/node_modules/make-fetch-happen/warning.js b/node_modules/libnpm/node_modules/make-fetch-happen/warning.js
similarity index 100%
rename from node_modules/npm-registry-fetch/node_modules/make-fetch-happen/warning.js
rename to node_modules/libnpm/node_modules/make-fetch-happen/warning.js
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpm/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/README.md b/node_modules/libnpm/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/config.js b/node_modules/libnpm/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/index.js b/node_modules/libnpm/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/package.json b/node_modules/libnpm/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..98978b3d76bb0
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpm/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpm"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpm",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpm/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmaccess/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmaccess/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/README.md b/node_modules/libnpmaccess/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmaccess/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmaccess/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/index.js b/node_modules/libnpmaccess/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/package.json b/node_modules/libnpmaccess/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..6e910bd51a0fe
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmaccess/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmaccess/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmaccess/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmaccess/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmaccess/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..3b0a402f3d6e0
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmaccess/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmaccess"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmaccess",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmhook/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmhook/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/README.md b/node_modules/libnpmhook/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmhook/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmhook/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/index.js b/node_modules/libnpmhook/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/package.json b/node_modules/libnpmhook/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..bf110031ed7c2
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmhook/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmhook/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmhook/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmhook/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmhook/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..d1b368489ecbc
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmhook/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmhook"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmhook",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmorg/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmorg/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/README.md b/node_modules/libnpmorg/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmorg/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmorg/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/index.js b/node_modules/libnpmorg/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/package.json b/node_modules/libnpmorg/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..8294ba9bdb7cc
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmorg/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmorg/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmorg/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmorg/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmorg/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..0a9c819cada31
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmorg/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmorg"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmorg",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md b/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json b/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..d5abc57173262
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmpublish/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmpublish/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmpublish/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..4302bfc690cb6
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmpublish/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmpublish"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmpublish",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmpublish/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmsearch/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmsearch/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/README.md b/node_modules/libnpmsearch/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmsearch/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmsearch/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/index.js b/node_modules/libnpmsearch/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/package.json b/node_modules/libnpmsearch/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..9290fe8c04cea
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmsearch/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmsearch/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmsearch/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmsearch/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmsearch/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..ca0f456d9a9f0
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmsearch/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmsearch"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmsearch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/libnpmteam/node_modules/make-fetch-happen/CHANGELOG.md
new file mode 100644
index 0000000000000..a446842f55d80
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/CHANGELOG.md
@@ -0,0 +1,555 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
+
+
+
+
+## [4.0.1](https://github.com/zkat/make-fetch-happen/compare/v4.0.0...v4.0.1) (2018-04-12)
+
+
+### Bug Fixes
+
+* **integrity:** use new sri.match() for verification ([4f371a0](https://github.com/zkat/make-fetch-happen/commit/4f371a0))
+
+
+
+
+# [4.0.0](https://github.com/zkat/make-fetch-happen/compare/v3.0.0...v4.0.0) (2018-04-09)
+
+
+### meta
+
+* drop node@4, add node@9 ([7b0191a](https://github.com/zkat/make-fetch-happen/commit/7b0191a))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+# [3.0.0](https://github.com/zkat/make-fetch-happen/compare/v2.6.0...v3.0.0) (2018-03-12)
+
+
+### Bug Fixes
+
+* **license:** switch to ISC ([#49](https://github.com/zkat/make-fetch-happen/issues/49)) ([bf90c6d](https://github.com/zkat/make-fetch-happen/commit/bf90c6d))
+* **standard:** standard@11 update ([ff0aa70](https://github.com/zkat/make-fetch-happen/commit/ff0aa70))
+
+
+### BREAKING CHANGES
+
+* **license:** license changed from CC0 to ISC.
+
+
+
+
+# [2.6.0](https://github.com/zkat/make-fetch-happen/compare/v2.5.0...v2.6.0) (2017-11-14)
+
+
+### Bug Fixes
+
+* **integrity:** disable node-fetch compress when checking integrity (#42) ([a7cc74c](https://github.com/zkat/make-fetch-happen/commit/a7cc74c))
+
+
+### Features
+
+* **onretry:** Add `options.onRetry` (#48) ([f90ccff](https://github.com/zkat/make-fetch-happen/commit/f90ccff))
+
+
+
+
+# [2.5.0](https://github.com/zkat/make-fetch-happen/compare/v2.4.13...v2.5.0) (2017-08-24)
+
+
+### Bug Fixes
+
+* **agent:** support timeout durations greater than 30 seconds ([04875ae](https://github.com/zkat/make-fetch-happen/commit/04875ae)), closes [#35](https://github.com/zkat/make-fetch-happen/issues/35)
+
+
+### Features
+
+* **cache:** export cache deletion functionality (#40) ([3da4250](https://github.com/zkat/make-fetch-happen/commit/3da4250))
+
+
+
+
+## [2.4.13](https://github.com/zkat/make-fetch-happen/compare/v2.4.12...v2.4.13) (2017-06-29)
+
+
+### Bug Fixes
+
+* **deps:** bump other deps for bugfixes ([eab8297](https://github.com/zkat/make-fetch-happen/commit/eab8297))
+* **proxy:** bump proxy deps with bugfixes (#32) ([632f860](https://github.com/zkat/make-fetch-happen/commit/632f860)), closes [#32](https://github.com/zkat/make-fetch-happen/issues/32)
+
+
+
+
+## [2.4.12](https://github.com/zkat/make-fetch-happen/compare/v2.4.11...v2.4.12) (2017-06-06)
+
+
+### Bug Fixes
+
+* **cache:** encode x-local-cache-etc headers to be header-safe ([dc9fb1b](https://github.com/zkat/make-fetch-happen/commit/dc9fb1b))
+
+
+
+
+## [2.4.11](https://github.com/zkat/make-fetch-happen/compare/v2.4.10...v2.4.11) (2017-06-05)
+
+
+### Bug Fixes
+
+* **deps:** bump deps with ssri fix ([bef1994](https://github.com/zkat/make-fetch-happen/commit/bef1994))
+
+
+
+
+## [2.4.10](https://github.com/zkat/make-fetch-happen/compare/v2.4.9...v2.4.10) (2017-05-31)
+
+
+### Bug Fixes
+
+* **deps:** bump dep versions with bugfixes ([0af4003](https://github.com/zkat/make-fetch-happen/commit/0af4003))
+* **proxy:** use auth parameter for proxy authentication (#30) ([c687306](https://github.com/zkat/make-fetch-happen/commit/c687306))
+
+
+
+
+## [2.4.9](https://github.com/zkat/make-fetch-happen/compare/v2.4.8...v2.4.9) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** use the passed-in promise for resolving cache stuff ([4c46257](https://github.com/zkat/make-fetch-happen/commit/4c46257))
+
+
+
+
+## [2.4.8](https://github.com/zkat/make-fetch-happen/compare/v2.4.7...v2.4.8) (2017-05-25)
+
+
+### Bug Fixes
+
+* **cache:** pass uid/gid/Promise through to cache ([a847c92](https://github.com/zkat/make-fetch-happen/commit/a847c92))
+
+
+
+
+## [2.4.7](https://github.com/zkat/make-fetch-happen/compare/v2.4.6...v2.4.7) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** pull in various fixes from deps ([fc2a587](https://github.com/zkat/make-fetch-happen/commit/fc2a587))
+
+
+
+
+## [2.4.6](https://github.com/zkat/make-fetch-happen/compare/v2.4.5...v2.4.6) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** choose agent for http(s)-proxy by protocol of destUrl ([ea4832a](https://github.com/zkat/make-fetch-happen/commit/ea4832a))
+* **proxy:** make socks proxy working ([1de810a](https://github.com/zkat/make-fetch-happen/commit/1de810a))
+* **proxy:** revert previous proxy solution ([563b0d8](https://github.com/zkat/make-fetch-happen/commit/563b0d8))
+
+
+
+
+## [2.4.5](https://github.com/zkat/make-fetch-happen/compare/v2.4.4...v2.4.5) (2017-05-24)
+
+
+### Bug Fixes
+
+* **proxy:** use the destination url when determining agent ([1a714e7](https://github.com/zkat/make-fetch-happen/commit/1a714e7))
+
+
+
+
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
+
+## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)
+
+
+### Bug Fixes
+
+* **redirect:** redirects now delete authorization if hosts fail to match ([c071805](https://github.com/zkat/make-fetch-happen/commit/c071805))
+
+
+
+
+## [2.4.2](https://github.com/zkat/make-fetch-happen/compare/v2.4.1...v2.4.2) (2017-05-04)
+
+
+### Bug Fixes
+
+* **cache:** reduce race condition window by checking for content ([24544b1](https://github.com/zkat/make-fetch-happen/commit/24544b1))
+* **match:** Rewrite the conditional stream logic (#25) ([66bba4b](https://github.com/zkat/make-fetch-happen/commit/66bba4b))
+
+
+
+
+## [2.4.1](https://github.com/zkat/make-fetch-happen/compare/v2.4.0...v2.4.1) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** missed spots + allow passthrough of memo objs ([ac0cd12](https://github.com/zkat/make-fetch-happen/commit/ac0cd12))
+
+
+
+
+# [2.4.0](https://github.com/zkat/make-fetch-happen/compare/v2.3.0...v2.4.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoize:** cacache had a broken memoizer ([8a9ed4c](https://github.com/zkat/make-fetch-happen/commit/8a9ed4c))
+
+
+### Features
+
+* **memoization:** only slurp stuff into memory if opts.memoize is not false ([0744adc](https://github.com/zkat/make-fetch-happen/commit/0744adc))
+
+
+
+
+# [2.3.0](https://github.com/zkat/make-fetch-happen/compare/v2.2.6...v2.3.0) (2017-04-27)
+
+
+### Features
+
+* **agent:** added opts.strictSSL and opts.localAddress ([c35015a](https://github.com/zkat/make-fetch-happen/commit/c35015a))
+* **proxy:** Added opts.noProxy and NO_PROXY support ([f45c915](https://github.com/zkat/make-fetch-happen/commit/f45c915))
+
+
+
+
+## [2.2.6](https://github.com/zkat/make-fetch-happen/compare/v2.2.5...v2.2.6) (2017-04-26)
+
+
+### Bug Fixes
+
+* **agent:** check uppercase & lowercase proxy env (#24) ([acf2326](https://github.com/zkat/make-fetch-happen/commit/acf2326)), closes [#22](https://github.com/zkat/make-fetch-happen/issues/22)
+* **deps:** switch to node-fetch-npm and stop bundling ([3db603b](https://github.com/zkat/make-fetch-happen/commit/3db603b))
+
+
+
+
+## [2.2.5](https://github.com/zkat/make-fetch-happen/compare/v2.2.4...v2.2.5) (2017-04-23)
+
+
+### Bug Fixes
+
+* **deps:** bump cacache and use its size feature ([926c1d3](https://github.com/zkat/make-fetch-happen/commit/926c1d3))
+
+
+
+
+## [2.2.4](https://github.com/zkat/make-fetch-happen/compare/v2.2.3...v2.2.4) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** hash verification issues fixed ([07f9402](https://github.com/zkat/make-fetch-happen/commit/07f9402))
+
+
+
+
+## [2.2.3](https://github.com/zkat/make-fetch-happen/compare/v2.2.2...v2.2.3) (2017-04-18)
+
+
+### Bug Fixes
+
+* **staleness:** responses older than 8h were never stale :< ([b54dd75](https://github.com/zkat/make-fetch-happen/commit/b54dd75))
+* **warning:** remove spurious warning, make format more spec-compliant ([2e4f6bb](https://github.com/zkat/make-fetch-happen/commit/2e4f6bb))
+
+
+
+
+## [2.2.2](https://github.com/zkat/make-fetch-happen/compare/v2.2.1...v2.2.2) (2017-04-12)
+
+
+### Bug Fixes
+
+* **retry:** stop retrying 404s ([6fafd53](https://github.com/zkat/make-fetch-happen/commit/6fafd53))
+
+
+
+
+## [2.2.1](https://github.com/zkat/make-fetch-happen/compare/v2.2.0...v2.2.1) (2017-04-10)
+
+
+### Bug Fixes
+
+* **deps:** move test-only deps to devDeps ([2daaf80](https://github.com/zkat/make-fetch-happen/commit/2daaf80))
+
+
+
+
+# [2.2.0](https://github.com/zkat/make-fetch-happen/compare/v2.1.0...v2.2.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **cache:** treat caches as private ([57b7dc2](https://github.com/zkat/make-fetch-happen/commit/57b7dc2))
+
+
+### Features
+
+* **retry:** accept shorthand retry settings ([dfed69d](https://github.com/zkat/make-fetch-happen/commit/dfed69d))
+
+
+
+
+# [2.1.0](https://github.com/zkat/make-fetch-happen/compare/v2.0.4...v2.1.0) (2017-04-09)
+
+
+### Features
+
+* **cache:** cache now obeys Age and a variety of other things (#13) ([7b9652d](https://github.com/zkat/make-fetch-happen/commit/7b9652d))
+
+
+
+
+## [2.0.4](https://github.com/zkat/make-fetch-happen/compare/v2.0.3...v2.0.4) (2017-04-09)
+
+
+### Bug Fixes
+
+* **agent:** accept Request as fetch input, not just strings ([b71669a](https://github.com/zkat/make-fetch-happen/commit/b71669a))
+
+
+
+
+## [2.0.3](https://github.com/zkat/make-fetch-happen/compare/v2.0.2...v2.0.3) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** seriously ([c29e7e7](https://github.com/zkat/make-fetch-happen/commit/c29e7e7))
+
+
+
+
+## [2.0.2](https://github.com/zkat/make-fetch-happen/compare/v2.0.1...v2.0.2) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** use bundleDeps instead ([c36ebf0](https://github.com/zkat/make-fetch-happen/commit/c36ebf0))
+
+
+
+
+## [2.0.1](https://github.com/zkat/make-fetch-happen/compare/v2.0.0...v2.0.1) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** make sure node-fetch tarball included in release ([3bf49d1](https://github.com/zkat/make-fetch-happen/commit/3bf49d1))
+
+
+
+
+# [2.0.0](https://github.com/zkat/make-fetch-happen/compare/v1.7.0...v2.0.0) (2017-04-09)
+
+
+### Bug Fixes
+
+* **deps:** manually pull in newer node-fetch to avoid babel prod dep ([66e5e87](https://github.com/zkat/make-fetch-happen/commit/66e5e87))
+* **retry:** be more specific about when we retry ([a47b782](https://github.com/zkat/make-fetch-happen/commit/a47b782))
+
+
+### Features
+
+* **agent:** add ca/cert/key support to auto-agent (#15) ([57585a7](https://github.com/zkat/make-fetch-happen/commit/57585a7))
+
+
+### BREAKING CHANGES
+
+* **agent:** pac proxies are no longer supported.
+* **retry:** Retry logic has changes.
+
+* 404s, 420s, and 429s all retry now.
+* ENOTFOUND no longer retries.
+* Only ECONNRESET, ECONNREFUSED, EADDRINUSE, ETIMEDOUT, and `request-timeout` errors are retried.
+
+
+
+
+# [1.7.0](https://github.com/zkat/make-fetch-happen/compare/v1.6.0...v1.7.0) (2017-04-08)
+
+
+### Features
+
+* **cache:** add useful headers to inform users about cached data ([9bd7b00](https://github.com/zkat/make-fetch-happen/commit/9bd7b00))
+
+
+
+
+# [1.6.0](https://github.com/zkat/make-fetch-happen/compare/v1.5.1...v1.6.0) (2017-04-06)
+
+
+### Features
+
+* **agent:** better, keepalive-supporting, default http agents ([16277f6](https://github.com/zkat/make-fetch-happen/commit/16277f6))
+
+
+
+
+## [1.5.1](https://github.com/zkat/make-fetch-happen/compare/v1.5.0...v1.5.1) (2017-04-05)
+
+
+### Bug Fixes
+
+* **cache:** bump cacache for its fixed error messages ([2f2b916](https://github.com/zkat/make-fetch-happen/commit/2f2b916))
+* **cache:** fix handling of errors in cache reads ([5729222](https://github.com/zkat/make-fetch-happen/commit/5729222))
+
+
+
+
+# [1.5.0](https://github.com/zkat/make-fetch-happen/compare/v1.4.0...v1.5.0) (2017-04-04)
+
+
+### Features
+
+* **retry:** retry requests on 408 timeouts, too ([8d8b5bd](https://github.com/zkat/make-fetch-happen/commit/8d8b5bd))
+
+
+
+
+# [1.4.0](https://github.com/zkat/make-fetch-happen/compare/v1.3.1...v1.4.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** stop relying on BB.catch ([2b04494](https://github.com/zkat/make-fetch-happen/commit/2b04494))
+
+
+### Features
+
+* **retry:** report retry attempt number as extra header ([fd50927](https://github.com/zkat/make-fetch-happen/commit/fd50927))
+
+
+
+
+## [1.3.1](https://github.com/zkat/make-fetch-happen/compare/v1.3.0...v1.3.1) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** pretend cache entry is missing on ENOENT ([9c2bb26](https://github.com/zkat/make-fetch-happen/commit/9c2bb26))
+
+
+
+
+# [1.3.0](https://github.com/zkat/make-fetch-happen/compare/v1.2.1...v1.3.0) (2017-04-04)
+
+
+### Bug Fixes
+
+* **cache:** if metadata is missing for some odd reason, ignore the entry ([a021a6b](https://github.com/zkat/make-fetch-happen/commit/a021a6b))
+
+
+### Features
+
+* **cache:** add special headers when request was loaded straight from cache ([8a7dbd1](https://github.com/zkat/make-fetch-happen/commit/8a7dbd1))
+* **cache:** allow configuring algorithms to be calculated on insertion ([bf4a0f2](https://github.com/zkat/make-fetch-happen/commit/bf4a0f2))
+
+
+
+
+## [1.2.1](https://github.com/zkat/make-fetch-happen/compare/v1.2.0...v1.2.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** update cacache and ssri and change EBADCHECKSUM -> EINTEGRITY ([b6cf6f6](https://github.com/zkat/make-fetch-happen/commit/b6cf6f6))
+
+
+
+
+# [1.2.0](https://github.com/zkat/make-fetch-happen/compare/v1.1.0...v1.2.0) (2017-04-03)
+
+
+### Features
+
+* **integrity:** full Subresource Integrity support (#10) ([a590159](https://github.com/zkat/make-fetch-happen/commit/a590159))
+
+
+
+
+# [1.1.0](https://github.com/zkat/make-fetch-happen/compare/v1.0.1...v1.1.0) (2017-04-01)
+
+
+### Features
+
+* **opts:** fetch.defaults() for default options ([522a65e](https://github.com/zkat/make-fetch-happen/commit/522a65e))
+
+
+
+
+## [1.0.1](https://github.com/zkat/make-fetch-happen/compare/v1.0.0...v1.0.1) (2017-04-01)
+
+
+
+
+# 1.0.0 (2017-04-01)
+
+
+### Bug Fixes
+
+* **cache:** default on cache-control header ([b872a2c](https://github.com/zkat/make-fetch-happen/commit/b872a2c))
+* standard stuff and cache matching ([753f2c2](https://github.com/zkat/make-fetch-happen/commit/753f2c2))
+* **agent:** nudge around things with opts.agent ([ed62b57](https://github.com/zkat/make-fetch-happen/commit/ed62b57))
+* **agent:** {agent: false} has special behavior ([b8cc923](https://github.com/zkat/make-fetch-happen/commit/b8cc923))
+* **cache:** invalidation on non-GET ([fe78fac](https://github.com/zkat/make-fetch-happen/commit/fe78fac))
+* **cache:** make force-cache and only-if-cached work as expected ([f50e9df](https://github.com/zkat/make-fetch-happen/commit/f50e9df))
+* **cache:** more spec compliance ([d5a56db](https://github.com/zkat/make-fetch-happen/commit/d5a56db))
+* **cache:** only cache 200 gets ([0abb25a](https://github.com/zkat/make-fetch-happen/commit/0abb25a))
+* **cache:** only load cache code if cache opt is a string ([250fcd5](https://github.com/zkat/make-fetch-happen/commit/250fcd5))
+* **cache:** oops ([e3fa15a](https://github.com/zkat/make-fetch-happen/commit/e3fa15a))
+* **cache:** refactored warning removal into main file ([5b0a9f9](https://github.com/zkat/make-fetch-happen/commit/5b0a9f9))
+* **cache:** req constructor no longer needed in Cache ([5b74cbc](https://github.com/zkat/make-fetch-happen/commit/5b74cbc))
+* **cache:** standard fetch api calls cacheMode "cache" ([6fba805](https://github.com/zkat/make-fetch-happen/commit/6fba805))
+* **cache:** was using wrong method for non-GET/HEAD cache invalidation ([810763a](https://github.com/zkat/make-fetch-happen/commit/810763a))
+* **caching:** a bunch of cache-related fixes ([8ebda1d](https://github.com/zkat/make-fetch-happen/commit/8ebda1d))
+* **deps:** `cacache[@6](https://github.com/6).3.0` - race condition fixes ([9528442](https://github.com/zkat/make-fetch-happen/commit/9528442))
+* **freshness:** fix regex for cacheControl matching ([070db86](https://github.com/zkat/make-fetch-happen/commit/070db86))
+* **freshness:** fixed default freshness heuristic value ([5d29e88](https://github.com/zkat/make-fetch-happen/commit/5d29e88))
+* **logging:** remove console.log calls ([a1d0a47](https://github.com/zkat/make-fetch-happen/commit/a1d0a47))
+* **method:** node-fetch guarantees uppercase ([a1d68d6](https://github.com/zkat/make-fetch-happen/commit/a1d68d6))
+* **opts:** simplified opts handling ([516fd6e](https://github.com/zkat/make-fetch-happen/commit/516fd6e))
+* **proxy:** pass proxy option directly to ProxyAgent ([3398460](https://github.com/zkat/make-fetch-happen/commit/3398460))
+* **retry:** false -> {retries: 0} ([297fbb6](https://github.com/zkat/make-fetch-happen/commit/297fbb6))
+* **retry:** only retry put if body is not a stream ([a24e599](https://github.com/zkat/make-fetch-happen/commit/a24e599))
+* **retry:** skip retries if body is a stream for ANY method ([780c0f8](https://github.com/zkat/make-fetch-happen/commit/780c0f8))
+
+
+### Features
+
+* **api:** initial implementation -- can make and cache requests ([7d55b49](https://github.com/zkat/make-fetch-happen/commit/7d55b49))
+* **fetch:** injectable cache, and retry support ([87b84bf](https://github.com/zkat/make-fetch-happen/commit/87b84bf))
+
+
+### BREAKING CHANGES
+
+* **cache:** opts.cache -> opts.cacheManager; opts.cacheMode -> opts.cache
+* **fetch:** opts.cache accepts a Cache-like obj or a path. Requests are now retried.
+* **api:** actual api implemented
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/LICENSE b/node_modules/libnpmteam/node_modules/make-fetch-happen/LICENSE
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/LICENSE
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/README.md b/node_modules/libnpmteam/node_modules/make-fetch-happen/README.md
new file mode 100644
index 0000000000000..4d12d8dae7e31
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/README.md
@@ -0,0 +1,404 @@
+# make-fetch-happen [](https://npm.im/make-fetch-happen) [](https://npm.im/make-fetch-happen) [](https://travis-ci.org/zkat/make-fetch-happen) [](https://ci.appveyor.com/project/zkat/make-fetch-happen) [](https://coveralls.io/github/zkat/make-fetch-happen?branch=latest)
+
+
+[`make-fetch-happen`](https://github.com/zkat/make-fetch-happen) is a Node.js
+library that wraps [`node-fetch-npm`](https://github.com/npm/node-fetch-npm) with additional
+features [`node-fetch`](https://github.com/bitinn/node-fetch) doesn't intend to include, including HTTP Cache support, request
+pooling, proxies, retries, [and more](#features)!
+
+## Install
+
+`$ npm install --save make-fetch-happen`
+
+## Table of Contents
+
+* [Example](#example)
+* [Features](#features)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.defaults`](#fetch-defaults)
+ * [`node-fetch` options](#node-fetch-options)
+ * [`make-fetch-happen` options](#extra-options)
+ * [`opts.cacheManager`](#opts-cache-manager)
+ * [`opts.cache`](#opts-cache)
+ * [`opts.proxy`](#opts-proxy)
+ * [`opts.noProxy`](#opts-no-proxy)
+ * [`opts.ca, opts.cert, opts.key`](#https-opts)
+ * [`opts.maxSockets`](#opts-max-sockets)
+ * [`opts.retry`](#opts-retry)
+ * [`opts.onRetry`](#opts-onretry)
+ * [`opts.integrity`](#opts-integrity)
+* [Message From Our Sponsors](#wow)
+
+### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache' // path where cache will be written (and read)
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen').then(res => {
+ return res.json() // download the body as JSON
+}).then(body => {
+ console.log(`got ${body.name} from web`)
+ return fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'no-cache' // forces a conditional request
+ })
+}).then(res => {
+ console.log(res.status) // 304! cache validated!
+ return res.json().then(body => {
+ console.log(`got ${body.name} from cache`)
+ })
+})
+```
+
+### Features
+
+* Builds around [`node-fetch`](https://npm.im/node-fetch) for the core [`fetch` API](https://fetch.spec.whatwg.org) implementation
+* Request pooling out of the box
+* Quite fast, really
+* Automatic HTTP-semantics-aware request retries
+* Cache-fallback automatic "offline mode"
+* Proxy support (http, https, socks, socks4, socks5)
+* Built-in request caching following full HTTP caching rules (`Cache-Control`, `ETag`, `304`s, cache fallback on error, etc).
+* Customize cache storage with any [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache)-compliant `Cache` instance. Cache to Redis!
+* Node.js Stream support
+* Transparent gzip and deflate support
+* [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) support
+* Literally punches nazis
+* (PENDING) Range request caching and resuming
+
+### Contributing
+
+The make-fetch-happen team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The [Contributor Guide](CONTRIBUTING.md) has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(uriOrRequest, [opts]) -> Promise`
+
+This function implements most of the [`fetch` API](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch): given a `uri` string or a `Request` instance, it will fire off an http request and return a Promise containing the relevant response.
+
+If `opts` is provided, the [`node-fetch`-specific options](#node-fetch-options) will be passed to that library. There are also [additional options](#extra-options) specific to make-fetch-happen that add various features, such as HTTP caching, integrity verification, proxy support, and more.
+
+##### Example
+
+```javascript
+fetch('https://google.com').then(res => res.buffer())
+```
+
+#### `> fetch.defaults([defaultUrl], [defaultOpts])`
+
+Returns a new `fetch` function that will call `make-fetch-happen` using `defaultUrl` and `defaultOpts` as default values to any calls.
+
+A defaulted `fetch` will also have a `.defaults()` method, so they can be chained.
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-local-cache'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen') // will always use the cache
+```
+
+#### `> node-fetch options`
+
+The following options for `node-fetch` are used as-is:
+
+* method
+* body
+* redirect
+* follow
+* timeout
+* compress
+* size
+
+These other options are modified or augmented by make-fetch-happen:
+
+* headers - Default `User-Agent` set to make-fetch happen. `Connection` is set to `keep-alive` or `close` automatically depending on `opts.agent`.
+* agent
+ * If agent is null, an http or https Agent will be automatically used. By default, these will be `http.globalAgent` and `https.globalAgent`.
+ * If [`opts.proxy`](#opts-proxy) is provided and `opts.agent` is null, the agent will be set to an appropriate proxy-handling agent.
+ * If `opts.agent` is an object, it will be used as the request-pooling agent argument for this request.
+ * If `opts.agent` is `false`, it will be passed as-is to the underlying request library. This causes a new Agent to be spawned for every request.
+
+For more details, see [the documentation for `node-fetch` itself](https://github.com/bitinn/node-fetch#options).
+
+#### `> make-fetch-happen options`
+
+make-fetch-happen augments the `node-fetch` API with additional features available through extra options. The following extra options are available:
+
+* [`opts.cacheManager`](#opts-cache-manager) - Cache target to read/write
+* [`opts.cache`](#opts-cache) - `fetch` cache mode. Controls cache *behavior*.
+* [`opts.proxy`](#opts-proxy) - Proxy agent
+* [`opts.noProxy`](#opts-no-proxy) - Domain segments to disable proxying for.
+* [`opts.ca, opts.cert, opts.key, opts.strictSSL`](#https-opts)
+* [`opts.localAddress`](#opts-local-address)
+* [`opts.maxSockets`](#opts-max-sockets)
+* [`opts.retry`](#opts-retry) - Request retry settings
+* [`opts.onRetry`](#opts-onretry) - a function called whenever a retry is attempted
+* [`opts.integrity`](#opts-integrity) - [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata.
+
+#### `> opts.cacheManager`
+
+Either a `String` or a `Cache`. If the former, it will be assumed to be a `Path` to be used as the cache root for [`cacache`](https://npm.im/cacache).
+
+If an object is provided, it will be assumed to be a compliant [`Cache` instance](https://developer.mozilla.org/en-US/docs/Web/API/Cache). Only `Cache.match()`, `Cache.put()`, and `Cache.delete()` are required. Options objects will not be passed in to `match()` or `delete()`.
+
+By implementing this API, you can customize the storage backend for make-fetch-happen itself -- for example, you could implement a cache that uses `redis` for caching, or simply keeps everything in memory. Most of the caching logic exists entirely on the make-fetch-happen side, so the only thing you need to worry about is reading, writing, and deleting, as well as making sure `fetch.Response` objects are what gets returned.
+
+You can refer to `cache.js` in the make-fetch-happen source code for a reference implementation.
+
+**NOTE**: Requests will not be cached unless their response bodies are consumed. You will need to use one of the `res.json()`, `res.buffer()`, etc methods on the response, or drain the `res.body` stream, in order for it to be written.
+
+The default cache manager also adds the following headers to cached responses:
+
+* `X-Local-Cache`: Path to the cache the content was found in
+* `X-Local-Cache-Key`: Unique cache entry key for this response
+* `X-Local-Cache-Hash`: Specific integrity hash for the cached entry
+* `X-Local-Cache-Time`: UTCString of the cache insertion time for the entry
+
+Using [`cacache`](https://npm.im/cacache), a call like this may be used to
+manually fetch the cached entry:
+
+```javascript
+const h = response.headers
+cacache.get(h.get('x-local-cache'), h.get('x-local-cache-key'))
+
+// grab content only, directly:
+cacache.get.byDigest(h.get('x-local-cache'), h.get('x-local-cache-hash'))
+```
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cacheManager: './my-local-cache'
+}) // -> 200-level response will be written to disk
+
+fetch('https://npm.im/cacache', {
+ cacheManager: new MyCustomRedisCache(process.env.PORT)
+}) // -> 200-level response will be written to redis
+```
+
+A possible (minimal) implementation for `MyCustomRedisCache`:
+
+```javascript
+const bluebird = require('bluebird')
+const redis = require("redis")
+bluebird.promisifyAll(redis.RedisClient.prototype)
+class MyCustomRedisCache {
+ constructor (opts) {
+ this.redis = redis.createClient(opts)
+ }
+ match (req) {
+ return this.redis.getAsync(req.url).then(res => {
+ if (res) {
+ const parsed = JSON.parse(res)
+ return new fetch.Response(parsed.body, {
+ url: req.url,
+ headers: parsed.headers,
+ status: 200
+ })
+ }
+ })
+ }
+ put (req, res) {
+ return res.buffer().then(body => {
+ return this.redis.setAsync(req.url, JSON.stringify({
+ body: body,
+ headers: res.headers.raw()
+ }))
+ }).then(() => {
+ // return the response itself
+ return res
+ })
+ }
+ 'delete' (req) {
+ return this.redis.unlinkAsync(req.url)
+ }
+}
+```
+
+#### `> opts.cache`
+
+This option follows the standard `fetch` API cache option. This option will do nothing if [`opts.cacheManager`](#opts-cache-manager) is null. The following values are accepted (as strings):
+
+* `default` - Fetch will inspect the HTTP cache on the way to the network. If there is a fresh response it will be used. If there is a stale response a conditional request will be created, and a normal request otherwise. It then updates the HTTP cache with the response. If the revalidation request fails (for example, on a 500 or if you're offline), the stale response will be returned.
+* `no-store` - Fetch behaves as if there is no HTTP cache at all.
+* `reload` - Fetch behaves as if there is no HTTP cache on the way to the network. Ergo, it creates a normal request and updates the HTTP cache with the response.
+* `no-cache` - Fetch creates a conditional request if there is a response in the HTTP cache and a normal request otherwise. It then updates the HTTP cache with the response.
+* `force-cache` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it creates a normal request and updates the HTTP cache with the response.
+* `only-if-cached` - Fetch uses any response in the HTTP cache matching the request, not paying attention to staleness. If there was no response, it returns a network error. (Can only be used when request’s mode is "same-origin". Any cached redirects will be followed assuming request’s redirect mode is "follow" and the redirects do not violate request’s mode.)
+
+(Note: option descriptions are taken from https://fetch.spec.whatwg.org/#http-network-or-cache-fetch)
+
+##### Example
+
+```javascript
+const fetch = require('make-fetch-happen').defaults({
+ cacheManager: './my-cache'
+})
+
+// Will error with ENOTCACHED if we haven't already cached this url
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'only-if-cached'
+})
+
+// Will refresh any local content and cache the new response
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'reload'
+})
+
+// Will use any local data, even if stale. Otherwise, will hit network.
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ cache: 'force-cache'
+})
+```
+
+#### `> opts.proxy`
+
+A string or `url.parse`-d URI to proxy through. Different Proxy handlers will be
+used depending on the proxy's protocol.
+
+Additionally, `process.env.HTTP_PROXY`, `process.env.HTTPS_PROXY`, and
+`process.env.PROXY` are used if present and no `opts.proxy` value is provided.
+
+(Pending) `process.env.NO_PROXY` may also be configured to skip proxying requests for all, or specific domains.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: 'https://corporate.yourcompany.proxy:4445'
+})
+
+fetch('https://registry.npmjs.org/make-fetch-happen', {
+ proxy: {
+ protocol: 'https:',
+ hostname: 'corporate.yourcompany.proxy',
+ port: 4445
+ }
+})
+```
+
+#### `> opts.noProxy`
+
+If present, should be a comma-separated string or an array of domain extensions
+that a proxy should _not_ be used for.
+
+This option may also be provided through `process.env.NO_PROXY`.
+
+#### `> opts.ca, opts.cert, opts.key, opts.strictSSL`
+
+These values are passed in directly to the HTTPS agent and will be used for both
+proxied and unproxied outgoing HTTPS requests. They mostly correspond to the
+same options the `https` module accepts, which will be themselves passed to
+`tls.connect()`. `opts.strictSSL` corresponds to `rejectUnauthorized`.
+
+#### `> opts.localAddress`
+
+Passed directly to `http` and `https` request calls. Determines the local
+address to bind to.
+
+#### `> opts.maxSockets`
+
+Default: 15
+
+Maximum number of active concurrent sockets to use for the underlying
+Http/Https/Proxy agents. This setting applies once per spawned agent.
+
+15 is probably a _pretty good value_ for most use-cases, and balances speed
+with, uh, not knocking out people's routers. 🤓
+
+#### `> opts.retry`
+
+An object that can be used to tune request retry settings. Retries will only be attempted on the following conditions:
+
+* Request method is NOT `POST` AND
+* Request status is one of: `408`, `420`, `429`, or any status in the 500-range. OR
+* Request errored with `ECONNRESET`, `ECONNREFUSED`, `EADDRINUSE`, `ETIMEDOUT`, or the `fetch` error `request-timeout`.
+
+The following are worth noting as explicitly not retried:
+
+* `getaddrinfo ENOTFOUND` and will be assumed to be either an unreachable domain or the user will be assumed offline. If a response is cached, it will be returned immediately.
+* `ECONNRESET` currently has no support for restarting. It will eventually be supported but requires a bit more juggling due to streaming.
+
+If `opts.retry` is `false`, it is equivalent to `{retries: 0}`
+
+If `opts.retry` is a number, it is equivalent to `{retries: num}`
+
+The following retry options are available if you want more control over it:
+
+* retries
+* factor
+* minTimeout
+* maxTimeout
+* randomize
+
+For details on what each of these do, refer to the [`retry`](https://npm.im/retry) documentation.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ retry: {
+ retries: 10,
+ randomize: true
+ }
+})
+
+fetch('http://reliable.site.com', {
+ retry: false
+})
+
+fetch('http://one-more.site.com', {
+ retry: 3
+})
+```
+
+#### `> opts.onRetry`
+
+A function called whenever a retry is attempted.
+
+##### Example
+
+```javascript
+fetch('https://flaky.site.com', {
+ onRetry() {
+ console.log('we will retry!')
+ }
+})
+```
+
+#### `> opts.integrity`
+
+Matches the response body against the given [Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) metadata. If verification fails, the request will fail with an `EINTEGRITY` error.
+
+`integrity` may either be a string or an [`ssri`](https://npm.im/ssri) `Integrity`-like.
+
+##### Example
+
+```javascript
+fetch('https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // -> ok
+
+fetch('https://malicious-registry.org/make-fetch-happen/-/make-fetch-happen-1.0.0.tgz', {
+ integrity: 'sha1-o47j7zAYnedYFn1dF/fR9OV3z8Q='
+}) // Error: EINTEGRITY
+```
+
+### Message From Our Sponsors
+
+
+
+
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/agent.js b/node_modules/libnpmteam/node_modules/make-fetch-happen/agent.js
new file mode 100644
index 0000000000000..55675946ad97d
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/agent.js
@@ -0,0 +1,171 @@
+'use strict'
+const LRU = require('lru-cache')
+const url = require('url')
+
+let AGENT_CACHE = new LRU({ max: 50 })
+let HttpsAgent
+let HttpAgent
+
+module.exports = getAgent
+
+function getAgent (uri, opts) {
+ const parsedUri = url.parse(typeof uri === 'string' ? uri : uri.url)
+ const isHttps = parsedUri.protocol === 'https:'
+ const pxuri = getProxyUri(uri, opts)
+
+ const key = [
+ `https:${isHttps}`,
+ pxuri
+ ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
+ : '>no-proxy<',
+ `local-address:${opts.localAddress || '>no-local-address<'}`,
+ `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
+ `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
+ `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
+ `key:${(isHttps && opts.key) || '>no-key<'}`
+ ].join(':')
+
+ if (opts.agent != null) { // `agent: false` has special behavior!
+ return opts.agent
+ }
+
+ if (AGENT_CACHE.peek(key)) {
+ return AGENT_CACHE.get(key)
+ }
+
+ if (pxuri) {
+ const proxy = getProxy(pxuri, opts, isHttps)
+ AGENT_CACHE.set(key, proxy)
+ return proxy
+ }
+
+ if (isHttps && !HttpsAgent) {
+ HttpsAgent = require('agentkeepalive').HttpsAgent
+ } else if (!isHttps && !HttpAgent) {
+ HttpAgent = require('agentkeepalive')
+ }
+
+ // If opts.timeout is zero, set the agentTimeout to zero as well. A timeout
+ // of zero disables the timeout behavior (OS limits still apply). Else, if
+ // opts.timeout is a non-zero value, set it to timeout + 1, to ensure that
+ // the node-fetch-npm timeout will always fire first, giving us more
+ // consistent errors.
+ const agentTimeout = opts.timeout === 0 ? 0 : opts.timeout + 1
+
+ const agent = isHttps ? new HttpsAgent({
+ maxSockets: opts.maxSockets || 15,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ rejectUnauthorized: opts.strictSSL,
+ timeout: agentTimeout
+ }) : new HttpAgent({
+ maxSockets: opts.maxSockets || 15,
+ localAddress: opts.localAddress,
+ timeout: agentTimeout
+ })
+ AGENT_CACHE.set(key, agent)
+ return agent
+}
+
+function checkNoProxy (uri, opts) {
+ const host = url.parse(uri).hostname.split('.').reverse()
+ let noproxy = (opts.noProxy || getProcessEnv('no_proxy'))
+ if (typeof noproxy === 'string') {
+ noproxy = noproxy.split(/\s*,\s*/g)
+ }
+ return noproxy && noproxy.some(no => {
+ const noParts = no.split('.').filter(x => x).reverse()
+ if (!noParts.length) { return false }
+ for (let i = 0; i < noParts.length; i++) {
+ if (host[i] !== noParts[i]) {
+ return false
+ }
+ }
+ return true
+ })
+}
+
+module.exports.getProcessEnv = getProcessEnv
+
+function getProcessEnv (env) {
+ if (!env) { return }
+
+ let value
+
+ if (Array.isArray(env)) {
+ for (let e of env) {
+ value = process.env[e] ||
+ process.env[e.toUpperCase()] ||
+ process.env[e.toLowerCase()]
+ if (typeof value !== 'undefined') { break }
+ }
+ }
+
+ if (typeof env === 'string') {
+ value = process.env[env] ||
+ process.env[env.toUpperCase()] ||
+ process.env[env.toLowerCase()]
+ }
+
+ return value
+}
+
+function getProxyUri (uri, opts) {
+ const protocol = url.parse(uri).protocol
+
+ const proxy = opts.proxy || (
+ protocol === 'https:' && getProcessEnv('https_proxy')
+ ) || (
+ protocol === 'http:' && getProcessEnv(['https_proxy', 'http_proxy', 'proxy'])
+ )
+ if (!proxy) { return null }
+
+ const parsedProxy = (typeof proxy === 'string') ? url.parse(proxy) : proxy
+
+ return !checkNoProxy(uri, opts) && parsedProxy
+}
+
+let HttpProxyAgent
+let HttpsProxyAgent
+let SocksProxyAgent
+function getProxy (proxyUrl, opts, isHttps) {
+ let popts = {
+ host: proxyUrl.hostname,
+ port: proxyUrl.port,
+ protocol: proxyUrl.protocol,
+ path: proxyUrl.path,
+ auth: proxyUrl.auth,
+ ca: opts.ca,
+ cert: opts.cert,
+ key: opts.key,
+ timeout: opts.timeout === 0 ? 0 : opts.timeout + 1,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets || 15,
+ rejectUnauthorized: opts.strictSSL
+ }
+
+ if (proxyUrl.protocol === 'http:' || proxyUrl.protocol === 'https:') {
+ if (!isHttps) {
+ if (!HttpProxyAgent) {
+ HttpProxyAgent = require('http-proxy-agent')
+ }
+
+ return new HttpProxyAgent(popts)
+ } else {
+ if (!HttpsProxyAgent) {
+ HttpsProxyAgent = require('https-proxy-agent')
+ }
+
+ return new HttpsProxyAgent(popts)
+ }
+ }
+ if (proxyUrl.protocol.startsWith('socks')) {
+ if (!SocksProxyAgent) {
+ SocksProxyAgent = require('socks-proxy-agent')
+ }
+
+ return new SocksProxyAgent(popts)
+ }
+}
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/cache.js b/node_modules/libnpmteam/node_modules/make-fetch-happen/cache.js
new file mode 100644
index 0000000000000..0c519e69fbe81
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/cache.js
@@ -0,0 +1,249 @@
+'use strict'
+
+const cacache = require('cacache')
+const fetch = require('node-fetch-npm')
+const pipe = require('mississippi').pipe
+const ssri = require('ssri')
+const through = require('mississippi').through
+const to = require('mississippi').to
+const url = require('url')
+const stream = require('stream')
+
+const MAX_MEM_SIZE = 5 * 1024 * 1024 // 5MB
+
+function cacheKey (req) {
+ const parsed = url.parse(req.url)
+ return `make-fetch-happen:request-cache:${
+ url.format({
+ protocol: parsed.protocol,
+ slashes: parsed.slashes,
+ host: parsed.host,
+ hostname: parsed.hostname,
+ pathname: parsed.pathname
+ })
+ }`
+}
+
+// This is a cacache-based implementation of the Cache standard,
+// using node-fetch.
+// docs: https://developer.mozilla.org/en-US/docs/Web/API/Cache
+//
+module.exports = class Cache {
+ constructor (path, opts) {
+ this._path = path
+ this._uid = opts && opts.uid
+ this._gid = opts && opts.gid
+ this.Promise = (opts && opts.Promise) || Promise
+ }
+
+ // Returns a Promise that resolves to the response associated with the first
+ // matching request in the Cache object.
+ match (req, opts) {
+ opts = opts || {}
+ const key = cacheKey(req)
+ return cacache.get.info(this._path, key).then(info => {
+ return info && cacache.get.hasContent(
+ this._path, info.integrity, opts
+ ).then(exists => exists && info)
+ }).then(info => {
+ if (info && info.metadata && matchDetails(req, {
+ url: info.metadata.url,
+ reqHeaders: new fetch.Headers(info.metadata.reqHeaders),
+ resHeaders: new fetch.Headers(info.metadata.resHeaders),
+ cacheIntegrity: info.integrity,
+ integrity: opts && opts.integrity
+ })) {
+ const resHeaders = new fetch.Headers(info.metadata.resHeaders)
+ addCacheHeaders(resHeaders, this._path, key, info.integrity, info.time)
+ if (req.method === 'HEAD') {
+ return new fetch.Response(null, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200
+ })
+ }
+ let body
+ const cachePath = this._path
+ // avoid opening cache file handles until a user actually tries to
+ // read from it.
+ if (opts.memoize !== false && info.size > MAX_MEM_SIZE) {
+ body = new stream.PassThrough()
+ const realRead = body._read
+ body._read = function (size) {
+ body._read = realRead
+ pipe(
+ cacache.get.stream.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }),
+ body,
+ err => body.emit(err))
+ return realRead.call(this, size)
+ }
+ } else {
+ let readOnce = false
+ // cacache is much faster at bulk reads
+ body = new stream.Readable({
+ read () {
+ if (readOnce) return this.push(null)
+ readOnce = true
+ cacache.get.byDigest(cachePath, info.integrity, {
+ memoize: opts.memoize
+ }).then(data => {
+ this.push(data)
+ this.push(null)
+ }, err => this.emit('error', err))
+ }
+ })
+ }
+ return this.Promise.resolve(new fetch.Response(body, {
+ url: req.url,
+ headers: resHeaders,
+ status: 200,
+ size: info.size
+ }))
+ }
+ })
+ }
+
+ // Takes both a request and its response and adds it to the given cache.
+ put (req, response, opts) {
+ opts = opts || {}
+ const size = response.headers.get('content-length')
+ const fitInMemory = !!size && opts.memoize !== false && size < MAX_MEM_SIZE
+ const ckey = cacheKey(req)
+ const cacheOpts = {
+ algorithms: opts.algorithms,
+ metadata: {
+ url: req.url,
+ reqHeaders: req.headers.raw(),
+ resHeaders: response.headers.raw()
+ },
+ uid: this._uid,
+ gid: this._gid,
+ size,
+ memoize: fitInMemory && opts.memoize
+ }
+ if (req.method === 'HEAD' || response.status === 304) {
+ // Update metadata without writing
+ return cacache.get.info(this._path, ckey).then(info => {
+ // Providing these will bypass content write
+ cacheOpts.integrity = info.integrity
+ addCacheHeaders(
+ response.headers, this._path, ckey, info.integrity, info.time
+ )
+ return new this.Promise((resolve, reject) => {
+ pipe(
+ cacache.get.stream.byDigest(this._path, info.integrity, cacheOpts),
+ cacache.put.stream(this._path, cacheKey(req), cacheOpts),
+ err => err ? reject(err) : resolve(response)
+ )
+ })
+ }).then(() => response)
+ }
+ let buf = []
+ let bufSize = 0
+ let cacheTargetStream = false
+ const cachePath = this._path
+ let cacheStream = to((chunk, enc, cb) => {
+ if (!cacheTargetStream) {
+ if (fitInMemory) {
+ cacheTargetStream =
+ to({highWaterMark: MAX_MEM_SIZE}, (chunk, enc, cb) => {
+ buf.push(chunk)
+ bufSize += chunk.length
+ cb()
+ }, done => {
+ cacache.put(
+ cachePath,
+ cacheKey(req),
+ Buffer.concat(buf, bufSize),
+ cacheOpts
+ ).then(
+ () => done(),
+ done
+ )
+ })
+ } else {
+ cacheTargetStream =
+ cacache.put.stream(cachePath, cacheKey(req), cacheOpts)
+ }
+ }
+ cacheTargetStream.write(chunk, enc, cb)
+ }, done => {
+ cacheTargetStream ? cacheTargetStream.end(done) : done()
+ })
+ const oldBody = response.body
+ const newBody = through({highWaterMark: fitInMemory && MAX_MEM_SIZE})
+ response.body = newBody
+ oldBody.once('error', err => newBody.emit('error', err))
+ newBody.once('error', err => oldBody.emit('error', err))
+ cacheStream.once('error', err => newBody.emit('error', err))
+ pipe(oldBody, to((chunk, enc, cb) => {
+ cacheStream.write(chunk, enc, () => {
+ newBody.write(chunk, enc, cb)
+ })
+ }, done => {
+ cacheStream.end(() => {
+ newBody.end(() => {
+ done()
+ })
+ })
+ }), err => err && newBody.emit('error', err))
+ return response
+ }
+
+ // Finds the Cache entry whose key is the request, and if found, deletes the
+ // Cache entry and returns a Promise that resolves to true. If no Cache entry
+ // is found, it returns false.
+ 'delete' (req, opts) {
+ opts = opts || {}
+ if (typeof opts.memoize === 'object') {
+ if (opts.memoize.reset) {
+ opts.memoize.reset()
+ } else if (opts.memoize.clear) {
+ opts.memoize.clear()
+ } else {
+ Object.keys(opts.memoize).forEach(k => {
+ opts.memoize[k] = null
+ })
+ }
+ }
+ return cacache.rm.entry(
+ this._path,
+ cacheKey(req)
+ // TODO - true/false
+ ).then(() => false)
+ }
+}
+
+function matchDetails (req, cached) {
+ const reqUrl = url.parse(req.url)
+ const cacheUrl = url.parse(cached.url)
+ const vary = cached.resHeaders.get('Vary')
+ // https://tools.ietf.org/html/rfc7234#section-4.1
+ if (vary) {
+ if (vary.match(/\*/)) {
+ return false
+ } else {
+ const fieldsMatch = vary.split(/\s*,\s*/).every(field => {
+ return cached.reqHeaders.get(field) === req.headers.get(field)
+ })
+ if (!fieldsMatch) {
+ return false
+ }
+ }
+ }
+ if (cached.integrity) {
+ return ssri.parse(cached.integrity).match(cached.cacheIntegrity)
+ }
+ reqUrl.hash = null
+ cacheUrl.hash = null
+ return url.format(reqUrl) === url.format(cacheUrl)
+}
+
+function addCacheHeaders (resHeaders, path, key, hash, time) {
+ resHeaders.set('X-Local-Cache', encodeURIComponent(path))
+ resHeaders.set('X-Local-Cache-Key', encodeURIComponent(key))
+ resHeaders.set('X-Local-Cache-Hash', encodeURIComponent(hash))
+ resHeaders.set('X-Local-Cache-Time', new Date(time).toUTCString())
+}
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/index.js b/node_modules/libnpmteam/node_modules/make-fetch-happen/index.js
new file mode 100644
index 0000000000000..0f2c164e19f28
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/index.js
@@ -0,0 +1,482 @@
+'use strict'
+
+let Cache
+const url = require('url')
+const CachePolicy = require('http-cache-semantics')
+const fetch = require('node-fetch-npm')
+const pkg = require('./package.json')
+const retry = require('promise-retry')
+let ssri
+const Stream = require('stream')
+const getAgent = require('./agent')
+const setWarning = require('./warning')
+
+const isURL = /^https?:/
+const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
+
+const RETRY_ERRORS = [
+ 'ECONNRESET', // remote socket closed on us
+ 'ECONNREFUSED', // remote host refused to open connection
+ 'EADDRINUSE', // failed to bind to a local port (proxy?)
+ 'ETIMEDOUT' // someone in the transaction is WAY TOO SLOW
+ // Known codes we do NOT retry on:
+ // ENOTFOUND (getaddrinfo failure. Either bad hostname, or offline)
+]
+
+const RETRY_TYPES = [
+ 'request-timeout'
+]
+
+// https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
+module.exports = cachingFetch
+cachingFetch.defaults = function (_uri, _opts) {
+ const fetch = this
+ if (typeof _uri === 'object') {
+ _opts = _uri
+ _uri = null
+ }
+
+ function defaultedFetch (uri, opts) {
+ const finalOpts = Object.assign({}, _opts || {}, opts || {})
+ return fetch(uri || _uri, finalOpts)
+ }
+
+ defaultedFetch.defaults = fetch.defaults
+ defaultedFetch.delete = fetch.delete
+ return defaultedFetch
+}
+
+cachingFetch.delete = cacheDelete
+function cacheDelete (uri, opts) {
+ opts = configureOptions(opts)
+ if (opts.cacheManager) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+ return opts.cacheManager.delete(req, opts)
+ }
+}
+
+function initializeCache (opts) {
+ if (typeof opts.cacheManager === 'string') {
+ if (!Cache) {
+ // Default cacache-based cache
+ Cache = require('./cache')
+ }
+
+ opts.cacheManager = new Cache(opts.cacheManager, opts)
+ }
+
+ opts.cache = opts.cache || 'default'
+
+ if (opts.cache === 'default' && isHeaderConditional(opts.headers)) {
+ // If header list contains `If-Modified-Since`, `If-None-Match`,
+ // `If-Unmodified-Since`, `If-Match`, or `If-Range`, fetch will set cache
+ // mode to "no-store" if it is "default".
+ opts.cache = 'no-store'
+ }
+}
+
+function configureOptions (_opts) {
+ const opts = Object.assign({}, _opts || {})
+ opts.method = (opts.method || 'GET').toUpperCase()
+
+ if (opts.retry && typeof opts.retry === 'number') {
+ opts.retry = { retries: opts.retry }
+ }
+
+ if (opts.retry === false) {
+ opts.retry = { retries: 0 }
+ }
+
+ if (opts.cacheManager) {
+ initializeCache(opts)
+ }
+
+ return opts
+}
+
+function initializeSsri () {
+ if (!ssri) {
+ ssri = require('ssri')
+ }
+}
+
+function cachingFetch (uri, _opts) {
+ const opts = configureOptions(_opts)
+
+ if (opts.integrity) {
+ initializeSsri()
+ // if verifying integrity, node-fetch must not decompress
+ opts.compress = false
+ }
+
+ const isCachable = (opts.method === 'GET' || opts.method === 'HEAD') &&
+ opts.cacheManager &&
+ opts.cache !== 'no-store' &&
+ opts.cache !== 'reload'
+
+ if (isCachable) {
+ const req = new fetch.Request(uri, {
+ method: opts.method,
+ headers: opts.headers
+ })
+
+ return opts.cacheManager.match(req, opts).then(res => {
+ if (res) {
+ const warningCode = (res.headers.get('Warning') || '').match(/^\d+/)
+ if (warningCode && +warningCode >= 100 && +warningCode < 200) {
+ // https://tools.ietf.org/html/rfc7234#section-4.3.4
+ //
+ // If a stored response is selected for update, the cache MUST:
+ //
+ // * delete any Warning header fields in the stored response with
+ // warn-code 1xx (see Section 5.5);
+ //
+ // * retain any Warning header fields in the stored response with
+ // warn-code 2xx;
+ //
+ res.headers.delete('Warning')
+ }
+
+ if (opts.cache === 'default' && !isStale(req, res)) {
+ return res
+ }
+
+ if (opts.cache === 'default' || opts.cache === 'no-cache') {
+ return conditionalFetch(req, res, opts)
+ }
+
+ if (opts.cache === 'force-cache' || opts.cache === 'only-if-cached') {
+ // 112 Disconnected operation
+ // SHOULD be included if the cache is intentionally disconnected from
+ // the rest of the network for a period of time.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(res, 112, 'Disconnected operation')
+ return res
+ }
+ }
+
+ if (!res && opts.cache === 'only-if-cached') {
+ const errorMsg = `request to ${
+ uri
+ } failed: cache mode is 'only-if-cached' but no cached response available.`
+
+ const err = new Error(errorMsg)
+ err.code = 'ENOTCACHED'
+ throw err
+ }
+
+ // Missing cache entry, or mode is default (if stale), reload, no-store
+ return remoteFetch(req.url, opts)
+ })
+ }
+
+ return remoteFetch(uri, opts)
+}
+
+function iterableToObject (iter) {
+ const obj = {}
+ for (let k of iter.keys()) {
+ obj[k] = iter.get(k)
+ }
+ return obj
+}
+
+function makePolicy (req, res) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+ const _res = {
+ status: res.status,
+ headers: iterableToObject(res.headers)
+ }
+
+ return new CachePolicy(_req, _res, { shared: false })
+}
+
+// https://tools.ietf.org/html/rfc7234#section-4.2
+function isStale (req, res) {
+ if (!res) {
+ return null
+ }
+
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: iterableToObject(req.headers)
+ }
+
+ const policy = makePolicy(req, res)
+
+ const responseTime = res.headers.get('x-local-cache-time') ||
+ res.headers.get('date') ||
+ 0
+
+ policy._responseTime = new Date(responseTime)
+
+ const bool = !policy.satisfiesWithoutRevalidation(_req)
+ return bool
+}
+
+function mustRevalidate (res) {
+ return (res.headers.get('cache-control') || '').match(/must-revalidate/i)
+}
+
+function conditionalFetch (req, cachedRes, opts) {
+ const _req = {
+ url: req.url,
+ method: req.method,
+ headers: Object.assign({}, opts.headers || {})
+ }
+
+ const policy = makePolicy(req, cachedRes)
+ opts.headers = policy.revalidationHeaders(_req)
+
+ return remoteFetch(req.url, opts)
+ .then(condRes => {
+ const revalidatedPolicy = policy.revalidatedPolicy(_req, {
+ status: condRes.status,
+ headers: iterableToObject(condRes.headers)
+ })
+
+ if (condRes.status >= 500 && !mustRevalidate(cachedRes)) {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ return cachedRes
+ }
+
+ if (condRes.status === 304) { // 304 Not Modified
+ condRes.body = cachedRes.body
+ return opts.cacheManager.put(req, condRes, opts)
+ .then(newRes => {
+ newRes.headers = new fetch.Headers(revalidatedPolicy.policy.responseHeaders())
+ return newRes
+ })
+ }
+
+ return condRes
+ })
+ .then(res => res)
+ .catch(err => {
+ if (mustRevalidate(cachedRes)) {
+ throw err
+ } else {
+ // 111 Revalidation failed
+ // MUST be included if a cache returns a stale response because an
+ // attempt to revalidate the response failed, due to an inability to
+ // reach the server.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(cachedRes, 111, 'Revalidation failed')
+ // 199 Miscellaneous warning
+ // The warning text MAY include arbitrary information to be presented to
+ // a human user, or logged. A system receiving this warning MUST NOT take
+ // any automated action, besides presenting the warning to the user.
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ setWarning(
+ cachedRes,
+ 199,
+ `Miscellaneous Warning ${err.code}: ${err.message}`
+ )
+
+ return cachedRes
+ }
+ })
+}
+
+function remoteFetchHandleIntegrity (res, integrity) {
+ const oldBod = res.body
+ const newBod = ssri.integrityStream({
+ integrity
+ })
+ oldBod.pipe(newBod)
+ res.body = newBod
+ oldBod.once('error', err => {
+ newBod.emit('error', err)
+ })
+ newBod.once('error', err => {
+ oldBod.emit('error', err)
+ })
+}
+
+function remoteFetch (uri, opts) {
+ const agent = getAgent(uri, opts)
+ const headers = Object.assign({
+ 'connection': agent ? 'keep-alive' : 'close',
+ 'user-agent': USER_AGENT
+ }, opts.headers || {})
+
+ const reqOpts = {
+ agent,
+ body: opts.body,
+ compress: opts.compress,
+ follow: opts.follow,
+ headers: new fetch.Headers(headers),
+ method: opts.method,
+ redirect: 'manual',
+ size: opts.size,
+ counter: opts.counter,
+ timeout: opts.timeout
+ }
+
+ return retry(
+ (retryHandler, attemptNum) => {
+ const req = new fetch.Request(uri, reqOpts)
+ return fetch(req)
+ .then(res => {
+ res.headers.set('x-fetch-attempts', attemptNum)
+
+ if (opts.integrity) {
+ remoteFetchHandleIntegrity(res, opts.integrity)
+ }
+
+ const isStream = req.body instanceof Stream
+
+ if (opts.cacheManager) {
+ const isMethodGetHead = req.method === 'GET' ||
+ req.method === 'HEAD'
+
+ const isCachable = opts.cache !== 'no-store' &&
+ isMethodGetHead &&
+ makePolicy(req, res).storable() &&
+ res.status === 200 // No other statuses should be stored!
+
+ if (isCachable) {
+ return opts.cacheManager.put(req, res, opts)
+ }
+
+ if (!isMethodGetHead) {
+ return opts.cacheManager.delete(req).then(() => {
+ if (res.status >= 500 && req.method !== 'POST' && !isStream) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ return res
+ })
+ }
+ }
+
+ const isRetriable = req.method !== 'POST' &&
+ !isStream && (
+ res.status === 408 || // Request Timeout
+ res.status === 420 || // Enhance Your Calm (usually Twitter rate-limit)
+ res.status === 429 || // Too Many Requests ("standard" rate-limiting)
+ res.status >= 500 // Assume server errors are momentary hiccups
+ )
+
+ if (isRetriable) {
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(res)
+ }
+
+ return retryHandler(res)
+ }
+
+ if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+ return res
+ }
+
+ // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+ if (opts.redirect === 'error') {
+ const err = new Error(`redirect mode is set to error: ${uri}`)
+ err.code = 'ENOREDIRECT'
+ throw err
+ }
+
+ if (!res.headers.get('location')) {
+ const err = new Error(`redirect location header missing at: ${uri}`)
+ err.code = 'EINVALIDREDIRECT'
+ throw err
+ }
+
+ if (req.counter >= req.follow) {
+ const err = new Error(`maximum redirect reached at: ${uri}`)
+ err.code = 'EMAXREDIRECT'
+ throw err
+ }
+
+ const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+ let redirectURL = url.parse(resolvedUrl)
+
+ if (isURL.test(res.headers.get('location'))) {
+ redirectURL = url.parse(res.headers.get('location'))
+ }
+
+ // Remove authorization if changing hostnames (but not if just
+ // changing ports or protocols). This matches the behavior of request:
+ // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+ if (url.parse(req.url).hostname !== redirectURL.hostname) {
+ req.headers.delete('authorization')
+ }
+
+ // for POST request with 301/302 response, or any request with 303 response,
+ // use GET when following redirect
+ if (res.status === 303 ||
+ ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+ opts.method = 'GET'
+ opts.body = null
+ req.headers.delete('content-length')
+ }
+
+ opts.headers = {}
+ req.headers.forEach((value, name) => {
+ opts.headers[name] = value
+ })
+
+ opts.counter = ++req.counter
+ return cachingFetch(resolvedUrl, opts)
+ })
+ .catch(err => {
+ const code = err.code === 'EPROMISERETRY' ? err.retried.code : err.code
+
+ const isRetryError = RETRY_ERRORS.indexOf(code) === -1 &&
+ RETRY_TYPES.indexOf(err.type) === -1
+
+ if (req.method === 'POST' || isRetryError) {
+ throw err
+ }
+
+ if (typeof opts.onRetry === 'function') {
+ opts.onRetry(err)
+ }
+
+ return retryHandler(err)
+ })
+ },
+ opts.retry
+ ).catch(err => {
+ if (err.status >= 400) {
+ return err
+ }
+
+ throw err
+ })
+}
+
+function isHeaderConditional (headers) {
+ if (!headers || typeof headers !== 'object') {
+ return false
+ }
+
+ const modifiers = [
+ 'if-modified-since',
+ 'if-none-match',
+ 'if-unmodified-since',
+ 'if-match',
+ 'if-range'
+ ]
+
+ return Object.keys(headers)
+ .some(h => modifiers.indexOf(h.toLowerCase()) !== -1)
+}
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/package.json b/node_modules/libnpmteam/node_modules/make-fetch-happen/package.json
new file mode 100644
index 0000000000000..8436138d1e087
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/package.json
@@ -0,0 +1,94 @@
+{
+ "_from": "make-fetch-happen@^4.0.2",
+ "_id": "make-fetch-happen@4.0.2",
+ "_inBundle": false,
+ "_integrity": "sha512-YMJrAjHSb/BordlsDEcVcPyTbiJKkzqMf48N8dAJZT9Zjctrkb6Yg4TY9Sq2AwSIQJFn5qBBKVTYt3vP5FMIHA==",
+ "_location": "/libnpmteam/make-fetch-happen",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "make-fetch-happen@^4.0.2",
+ "name": "make-fetch-happen",
+ "escapedName": "make-fetch-happen",
+ "rawSpec": "^4.0.2",
+ "saveSpec": null,
+ "fetchSpec": "^4.0.2"
+ },
+ "_requiredBy": [
+ "/libnpmteam/npm-registry-fetch"
+ ],
+ "_resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-4.0.2.tgz",
+ "_shasum": "2d156b11696fb32bffbafe1ac1bc085dd6c78a79",
+ "_spec": "make-fetch-happen@^4.0.2",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmteam/node_modules/npm-registry-fetch",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@zkat.tech"
+ },
+ "bugs": {
+ "url": "https://github.com/zkat/make-fetch-happen/issues"
+ },
+ "bundleDependencies": false,
+ "dependencies": {
+ "agentkeepalive": "^3.4.1",
+ "cacache": "^11.3.3",
+ "http-cache-semantics": "^3.8.1",
+ "http-proxy-agent": "^2.1.0",
+ "https-proxy-agent": "^2.2.1",
+ "lru-cache": "^5.1.1",
+ "mississippi": "^3.0.0",
+ "node-fetch-npm": "^2.0.2",
+ "promise-retry": "^1.1.1",
+ "socks-proxy-agent": "^4.0.0",
+ "ssri": "^6.0.0"
+ },
+ "deprecated": false,
+ "description": "Opinionated, caching, retrying fetch client",
+ "devDependencies": {
+ "bluebird": "^3.5.1",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.2.3",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.2",
+ "rimraf": "^2.6.2",
+ "safe-buffer": "^5.1.1",
+ "standard": "^11.0.1",
+ "standard-version": "^4.3.0",
+ "tacks": "^1.2.6",
+ "tap": "^12.7.0",
+ "weallbehave": "^1.0.0",
+ "weallcontribute": "^1.0.7"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/zkat/make-fetch-happen#readme",
+ "keywords": [
+ "http",
+ "request",
+ "fetch",
+ "mean girls",
+ "caching",
+ "cache",
+ "subresource integrity"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "make-fetch-happen",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/zkat/make-fetch-happen.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap --coverage --nyc-arg=--all --timeout=35 -J test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "4.0.2"
+}
diff --git a/node_modules/libnpmteam/node_modules/make-fetch-happen/warning.js b/node_modules/libnpmteam/node_modules/make-fetch-happen/warning.js
new file mode 100644
index 0000000000000..b8f13cf83195a
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/make-fetch-happen/warning.js
@@ -0,0 +1,24 @@
+const url = require('url')
+
+module.exports = setWarning
+
+function setWarning (reqOrRes, code, message, replace) {
+ // Warning = "Warning" ":" 1#warning-value
+ // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
+ // warn-code = 3DIGIT
+ // warn-agent = ( host [ ":" port ] ) | pseudonym
+ // ; the name or pseudonym of the server adding
+ // ; the Warning header, for use in debugging
+ // warn-text = quoted-string
+ // warn-date = <"> HTTP-date <">
+ // (https://tools.ietf.org/html/rfc2616#section-14.46)
+ const host = url.parse(reqOrRes.url).host
+ const jsonMessage = JSON.stringify(message)
+ const jsonDate = JSON.stringify(new Date().toUTCString())
+ const header = replace ? 'set' : 'append'
+
+ reqOrRes.headers[header](
+ 'Warning',
+ `${code} ${host} ${jsonMessage} ${jsonDate}`
+ )
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..d24e026914c23
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,214 @@
+# Change Log
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..0c3f4f9469955
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,609 @@
+# npm-registry-fetch [](https://npm.im/npm-registry-fetch) [](https://npm.im/npm-registry-fetch) [](https://travis-ci.org/npm/npm-registry-fetch) [](https://ci.appveyor.com/project/npm/npm-registry-fetch) [](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strict-ssl`](#opts-strict-ssl), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`prefer-offline`](#opts-prefer-offline),
+and [`prefer-online`](#opts-prefer-online).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetch-retries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-factor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-mintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetch-retry-maxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.force-auth`
+
+* Alias: `opts.forceAuth`
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignore-body`
+
+* Alias: `opts.ignoreBody`
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.is-from-ci`
+
+* Alias: `opts.isFromCI`
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.local-address`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.map-json`
+
+* Alias: `mapJson`, `mapJSON`
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxsockets`
+
+* Alias: `opts.max-sockets`
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npm-session`
+
+* Alias: `opts.npmSession`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.prefer-offline`](#opts-prefer-offline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: _password
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.prefer-offline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+##### `opts.prefer-online`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+
+##### `opts.project-scope`
+
+* Alias: `opts.projectScope`
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.refer`
+
+* Alias: `opts.referer`
+* Type: String
+* Default: null
+
+Value to use for the `Referer` header. The npm CLI itself uses this to serialize
+the npm command line using the given request.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strict-ssl`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 30000 (30 seconds)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.user-agent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+*compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..d583982d0a8b2
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,57 @@
+'use strict'
+
+const config = require('./config.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts) {
+ if (!registry) { throw new Error('registry is required') }
+ opts = config(opts)
+ let AUTH = {}
+ const regKey = registry && registryKey(registry)
+ if (opts.forceAuth) {
+ opts = opts.forceAuth
+ }
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = url.parse(registry)
+ const formatted = url.format({
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: parsed.slashes
+ })
+ return url.resolve(formatted, '.')
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..bfde699edcfbd
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,109 @@
+'use strict'
+
+const config = require('./config.js')
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts) {
+ opts = config(opts)
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ res.body = null
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${res.url} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ res.headers.raw()['warning'].forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/config.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/config.js
new file mode 100644
index 0000000000000..7fe5dacc94362
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/config.js
@@ -0,0 +1,98 @@
+'use strict'
+
+const pkg = require('./package.json')
+const figgyPudding = require('figgy-pudding')
+const silentLog = require('./silentlog.js')
+
+const AUTH_REGEX = /^(?:.*:)?(token|_authToken|username|_password|password|email|always-auth|_auth|otp)$/
+const SCOPE_REGISTRY_REGEX = /@.*:registry$/gi
+module.exports = figgyPudding({
+ 'agent': {},
+ 'algorithms': {},
+ 'body': {},
+ 'ca': {},
+ 'cache': {},
+ 'cert': {},
+ 'fetch-retries': {},
+ 'fetch-retry-factor': {},
+ 'fetch-retry-maxtimeout': {},
+ 'fetch-retry-mintimeout': {},
+ 'force-auth': {},
+ forceAuth: 'force-auth',
+ 'gid': {},
+ 'gzip': {},
+ 'headers': {},
+ 'https-proxy': {},
+ 'ignore-body': {},
+ ignoreBody: 'ignore-body',
+ 'integrity': {},
+ 'is-from-ci': 'isFromCI',
+ 'isFromCI': {
+ default () {
+ return (
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ )
+ }
+ },
+ 'key': {},
+ 'local-address': {},
+ 'log': {
+ default: silentLog
+ },
+ 'map-json': 'mapJson',
+ 'mapJSON': 'mapJson',
+ 'mapJson': {},
+ 'max-sockets': 'maxsockets',
+ 'maxsockets': {
+ default: 12
+ },
+ 'memoize': {},
+ 'method': {
+ default: 'GET'
+ },
+ 'no-proxy': {},
+ 'noproxy': {},
+ 'npm-session': 'npmSession',
+ 'npmSession': {},
+ 'offline': {},
+ 'otp': {},
+ 'prefer-offline': {},
+ 'prefer-online': {},
+ 'projectScope': {},
+ 'project-scope': 'projectScope',
+ 'Promise': {default: () => Promise},
+ 'proxy': {},
+ 'query': {},
+ 'refer': {},
+ 'referer': 'refer',
+ 'registry': {
+ default: 'https://registry.npmjs.org/'
+ },
+ 'retry': {},
+ 'scope': {},
+ 'spec': {},
+ 'strict-ssl': {},
+ 'timeout': {},
+ 'uid': {},
+ 'user-agent': {
+ default: `${
+ pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+ }
+}, {
+ other (key) {
+ return key.match(AUTH_REGEX) || key.match(SCOPE_REGISTRY_REGEX)
+ }
+})
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..ba78735fce135
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = url.parse(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..4ba3c19243471
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,193 @@
+'use strict'
+
+const Buffer = require('safe-buffer').Buffer
+
+const checkResponse = require('./check-response.js')
+const config = require('./config.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('JSONStream')
+const npa = require('npm-package-arg')
+const {PassThrough} = require('stream')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('zlib')
+
+module.exports = regFetch
+function regFetch (uri, opts) {
+ opts = config(opts)
+ const registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ opts.registry ||
+ 'https://registry.npmjs.org/'
+ )
+ uri = url.parse(uri).protocol
+ ? uri
+ : `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = body &&
+ typeof body === 'object' &&
+ typeof body.pipe === 'function'
+ if (body && !bodyIsStream && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = zlib.createGzip()
+ body.on('error', err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else {
+ body = new opts.Promise((resolve, reject) => {
+ zlib.gzip(body, (err, gz) => err ? reject(err) : resolve(gz))
+ })
+ }
+ }
+ if (opts.query) {
+ let q = opts.query
+ if (typeof q === 'string') {
+ q = qs.parse(q)
+ }
+ Object.keys(q).forEach(key => {
+ if (q[key] === undefined) {
+ delete q[key]
+ }
+ })
+ if (Object.keys(q).length) {
+ const parsed = url.parse(uri)
+ parsed.search = '?' + qs.stringify(
+ parsed.query
+ ? Object.assign(qs.parse(parsed.query), q)
+ : q
+ )
+ uri = url.format(parsed)
+ }
+ }
+ return opts.Promise.resolve(body).then(body => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts['local-address'],
+ maxSockets: opts.maxsockets,
+ memoize: opts.memoize,
+ method: opts.method || 'GET',
+ noProxy: opts['no-proxy'] || opts.noproxy,
+ Promise: opts.Promise,
+ proxy: opts['https-proxy'] || opts.proxy,
+ referer: opts.refer,
+ retry: opts.retry != null ? opts.retry : {
+ retries: opts['fetch-retries'],
+ factor: opts['fetch-retry-factor'],
+ minTimeout: opts['fetch-retry-mintimeout'],
+ maxTimeout: opts['fetch-retry-maxtimeout']
+ },
+ strictSSL: !!opts['strict-ssl'],
+ timeout: opts.timeout,
+ uid: opts.uid,
+ gid: opts.gid
+ }).then(res => checkResponse(
+ opts.method || 'GET', res, registry, startTime, opts
+ )))
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, opts) {
+ opts = config(opts)
+ const parser = JSONStream.parse(jsonPath, opts.mapJson)
+ const pt = parser.pipe(new PassThrough({objectMode: true}))
+ parser.on('error', err => pt.emit('error', err))
+ regFetch(uri, opts).then(res => {
+ res.body.on('error', err => parser.emit('error', err))
+ res.body.pipe(parser)
+ }, err => pt.emit('error', err))
+ return pt
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts) {
+ spec = npa(spec)
+ opts = config(opts)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts['prefer-offline']
+ ? 'force-cache'
+ : opts['prefer-online']
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!(
+ opts['is-from-ci'] ||
+ process.env['CI'] === 'true' ||
+ process.env['TDDIUM'] ||
+ process.env['JENKINS_URL'] ||
+ process.env['bamboo.buildKey'] ||
+ process.env['GO_PIPELINE_NAME']
+ ),
+ 'npm-scope': opts['project-scope'],
+ 'npm-session': opts['npm-session'],
+ 'user-agent': opts['user-agent'],
+ 'referer': opts.refer
+ }, opts.headers)
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ url.parse(uri).host === url.parse(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..32d051b741a1c
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,92 @@
+{
+ "_from": "npm-registry-fetch@^3.8.0",
+ "_id": "npm-registry-fetch@3.9.1",
+ "_inBundle": false,
+ "_integrity": "sha512-VQCEZlydXw4AwLROAXWUR7QDfe2Y8Id/vpAgp6TI1/H78a4SiQ1kQrKZALm5/zxM5n4HIi+aYb+idUAV/RuY0Q==",
+ "_location": "/libnpmteam/npm-registry-fetch",
+ "_phantomChildren": {},
+ "_requested": {
+ "type": "range",
+ "registry": true,
+ "raw": "npm-registry-fetch@^3.8.0",
+ "name": "npm-registry-fetch",
+ "escapedName": "npm-registry-fetch",
+ "rawSpec": "^3.8.0",
+ "saveSpec": null,
+ "fetchSpec": "^3.8.0"
+ },
+ "_requiredBy": [
+ "/libnpmteam"
+ ],
+ "_resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-3.9.1.tgz",
+ "_shasum": "00ff6e4e35d3f75a172b332440b53e93f4cb67de",
+ "_spec": "npm-registry-fetch@^3.8.0",
+ "_where": "/Users/isaacs/dev/npm/cli/node_modules/libnpmteam",
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org"
+ },
+ "bugs": {
+ "url": "https://github.com/npm/registry-fetch/issues"
+ },
+ "bundleDependencies": false,
+ "config": {
+ "nyc": {
+ "exclude": [
+ "node_modules/**",
+ "test/**"
+ ]
+ }
+ },
+ "dependencies": {
+ "JSONStream": "^1.3.4",
+ "bluebird": "^3.5.1",
+ "figgy-pudding": "^3.4.1",
+ "lru-cache": "^5.1.1",
+ "make-fetch-happen": "^4.0.2",
+ "npm-package-arg": "^6.1.0"
+ },
+ "deprecated": false,
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "devDependencies": {
+ "cacache": "^11.3.3",
+ "get-stream": "^4.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^9.4.3",
+ "npmlog": "^4.1.2",
+ "rimraf": "^2.6.2",
+ "ssri": "^6.0.0",
+ "standard": "^11.0.1",
+ "standard-version": "^4.4.0",
+ "tap": "^12.0.1",
+ "weallbehave": "^1.2.0",
+ "weallcontribute": "^1.0.8"
+ },
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "homepage": "https://github.com/npm/registry-fetch#readme",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "license": "ISC",
+ "main": "index.js",
+ "name": "npm-registry-fetch",
+ "repository": {
+ "type": "git",
+ "url": "git+https://github.com/npm/registry-fetch.git"
+ },
+ "scripts": {
+ "postrelease": "npm publish && git push --follow-tags",
+ "prerelease": "npm t",
+ "pretest": "standard",
+ "release": "standard-version -s",
+ "test": "tap -J --coverage test/*.js",
+ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'",
+ "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'"
+ },
+ "version": "3.9.1"
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/make-fetch-happen/CHANGELOG.md b/node_modules/make-fetch-happen/CHANGELOG.md
index a446842f55d80..eb28e410f2b70 100644
--- a/node_modules/make-fetch-happen/CHANGELOG.md
+++ b/node_modules/make-fetch-happen/CHANGELOG.md
@@ -2,6 +2,22 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+# [5.0.0](https://github.com/zkat/make-fetch-happen/compare/v4.0.2...v5.0.0) (2019-07-15)
+
+
+### Features
+
+* cacache@12, no need for uid/gid opts ([fdb956f](https://github.com/zkat/make-fetch-happen/commit/fdb956f))
+
+
+### BREAKING CHANGES
+
+* cache uid and gid are inferred from the cache folder itself,
+not passed in as options.
+
+
+
## [4.0.2](https://github.com/zkat/make-fetch-happen/compare/v4.0.1...v4.0.2) (2019-07-02)
diff --git a/node_modules/make-fetch-happen/cache.js b/node_modules/make-fetch-happen/cache.js
index 0c519e69fbe81..f842ba19da2e1 100644
--- a/node_modules/make-fetch-happen/cache.js
+++ b/node_modules/make-fetch-happen/cache.js
@@ -31,8 +31,6 @@ function cacheKey (req) {
module.exports = class Cache {
constructor (path, opts) {
this._path = path
- this._uid = opts && opts.uid
- this._gid = opts && opts.gid
this.Promise = (opts && opts.Promise) || Promise
}
@@ -118,8 +116,6 @@ module.exports = class Cache {
reqHeaders: req.headers.raw(),
resHeaders: response.headers.raw()
},
- uid: this._uid,
- gid: this._gid,
size,
memoize: fitInMemory && opts.memoize
}
diff --git a/node_modules/make-fetch-happen/node_modules/cacache/CHANGELOG.md b/node_modules/make-fetch-happen/node_modules/cacache/CHANGELOG.md
new file mode 100644
index 0000000000000..b444fa022667a
--- /dev/null
+++ b/node_modules/make-fetch-happen/node_modules/cacache/CHANGELOG.md
@@ -0,0 +1,637 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+## [12.0.0](https://github.com/zkat/cacache/compare/v11.3.3...v12.0.0) (2019-07-15)
+
+
+### Features
+
+* infer uid/gid instead of accepting as options ([ac84d14](https://github.com/zkat/cacache/commit/ac84d14))
+* **i18n:** add another error message ([676cb32](https://github.com/zkat/cacache/commit/676cb32))
+
+
+### BREAKING CHANGES
+
+* the uid gid options are no longer respected or
+necessary. As of this change, cacache will always match the cache
+contents to the ownership of the cache directory (or its parent
+directory), regardless of what the caller passes in.
+
+Reasoning:
+
+The number one reason to use a uid or gid option was to keep root-owned
+files from causing problems in the cache. In npm's case, this meant
+that CLI's ./lib/command.js had to work out the appropriate uid and gid,
+then pass it to the libnpmcommand module, which had to in turn pass the
+uid and gid to npm-registry-fetch, which then passed it to
+make-fetch-happen, which passed it to cacache. (For package fetching,
+pacote would be in that mix as well.)
+
+Added to that, `cacache.rm()` will actually _write_ a file into the
+cache index, but has no way to accept an option so that its call to
+entry-index.js will write the index with the appropriate uid/gid.
+Little ownership bugs were all over the place, and tricky to trace
+through. (Why should make-fetch-happen even care about accepting or
+passing uids and gids? It's an http library.)
+
+This change allows us to keep the cache from having mixed ownership in
+any situation.
+
+Of course, this _does_ mean that if you have a root-owned but
+user-writable folder (for example, `/tmp`), then the cache will try to
+chown everything to root.
+
+The solution is for the user to create a folder, make it user-owned, and
+use that, rather than relying on cacache to create the root cache folder.
+
+If we decide to restore the uid/gid opts, and use ownership inferrence
+only when uid/gid are unset, then take care to also make rm take an
+option object, and pass it through to entry-index.js.
+
+
+
+### [11.3.3](https://github.com/zkat/cacache/compare/v11.3.2...v11.3.3) (2019-06-17)
+
+
+### Bug Fixes
+
+* **audit:** npm audit fix ([200a6d5](https://github.com/zkat/cacache/commit/200a6d5))
+* **config:** Add ssri config 'error' option ([#146](https://github.com/zkat/cacache/issues/146)) ([47de8f5](https://github.com/zkat/cacache/commit/47de8f5))
+* **deps:** npm audit fix ([481a7dc](https://github.com/zkat/cacache/commit/481a7dc))
+* **standard:** standard --fix ([7799149](https://github.com/zkat/cacache/commit/7799149))
+* **write:** avoid another cb never called situation ([5156561](https://github.com/zkat/cacache/commit/5156561))
+
+
+
+
+## [11.3.2](https://github.com/zkat/cacache/compare/v11.3.1...v11.3.2) (2018-12-21)
+
+
+### Bug Fixes
+
+* **get:** make sure to handle errors in the .then ([b10bcd0](https://github.com/zkat/cacache/commit/b10bcd0))
+
+
+
+
+## [11.3.1](https://github.com/zkat/cacache/compare/v11.3.0...v11.3.1) (2018-11-05)
+
+
+### Bug Fixes
+
+* **get:** export hasContent.sync properly ([d76c920](https://github.com/zkat/cacache/commit/d76c920))
+
+
+
+
+# [11.3.0](https://github.com/zkat/cacache/compare/v11.2.0...v11.3.0) (2018-11-05)
+
+
+### Features
+
+* **get:** add sync API for reading ([db1e094](https://github.com/zkat/cacache/commit/db1e094))
+
+
+
+
+# [11.2.0](https://github.com/zkat/cacache/compare/v11.1.0...v11.2.0) (2018-08-08)
+
+
+### Features
+
+* **read:** add sync support to other internal read.js fns ([fe638b6](https://github.com/zkat/cacache/commit/fe638b6))
+
+
+
+
+# [11.1.0](https://github.com/zkat/cacache/compare/v11.0.3...v11.1.0) (2018-08-01)
+
+
+### Features
+
+* **read:** add sync support for low-level content read ([b43af83](https://github.com/zkat/cacache/commit/b43af83))
+
+
+
+
+## [11.0.3](https://github.com/zkat/cacache/compare/v11.0.2...v11.0.3) (2018-08-01)
+
+
+### Bug Fixes
+
+* **config:** add ssri config options ([#136](https://github.com/zkat/cacache/issues/136)) ([10d5d9a](https://github.com/zkat/cacache/commit/10d5d9a))
+* **perf:** refactor content.read to avoid lstats ([c5ac10e](https://github.com/zkat/cacache/commit/c5ac10e))
+* **test:** oops when removing safe-buffer ([1950490](https://github.com/zkat/cacache/commit/1950490))
+
+
+
+
+## [11.0.2](https://github.com/zkat/cacache/compare/v11.0.1...v11.0.2) (2018-05-07)
+
+
+### Bug Fixes
+
+* **verify:** size param no longer lost in a verify ([#131](https://github.com/zkat/cacache/issues/131)) ([c614a19](https://github.com/zkat/cacache/commit/c614a19)), closes [#130](https://github.com/zkat/cacache/issues/130)
+
+
+
+
+## [11.0.1](https://github.com/zkat/cacache/compare/v11.0.0...v11.0.1) (2018-04-10)
+
+
+
+
+# [11.0.0](https://github.com/zkat/cacache/compare/v10.0.4...v11.0.0) (2018-04-09)
+
+
+### Features
+
+* **opts:** use figgy-pudding for opts ([#128](https://github.com/zkat/cacache/issues/128)) ([33d4eed](https://github.com/zkat/cacache/commit/33d4eed))
+
+
+### meta
+
+* drop support for node@4 ([529f347](https://github.com/zkat/cacache/commit/529f347))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [10.0.4](https://github.com/zkat/cacache/compare/v10.0.3...v10.0.4) (2018-02-16)
+
+
+
+
+## [10.0.3](https://github.com/zkat/cacache/compare/v10.0.2...v10.0.3) (2018-02-16)
+
+
+### Bug Fixes
+
+* **content:** rethrow aggregate errors as ENOENT ([fa918f5](https://github.com/zkat/cacache/commit/fa918f5))
+
+
+
+
+## [10.0.2](https://github.com/zkat/cacache/compare/v10.0.1...v10.0.2) (2018-01-07)
+
+
+### Bug Fixes
+
+* **ls:** deleted entries could cause a premature stream EOF ([347dc36](https://github.com/zkat/cacache/commit/347dc36))
+
+
+
+
+## [10.0.1](https://github.com/zkat/cacache/compare/v10.0.0...v10.0.1) (2017-11-15)
+
+
+### Bug Fixes
+
+* **move-file:** actually use the fallback to `move-concurrently` (#110) ([073fbe1](https://github.com/zkat/cacache/commit/073fbe1))
+
+
+
+
+# [10.0.0](https://github.com/zkat/cacache/compare/v9.3.0...v10.0.0) (2017-10-23)
+
+
+### Features
+
+* **license:** relicense to ISC (#111) ([fdbb4e5](https://github.com/zkat/cacache/commit/fdbb4e5))
+
+
+### Performance Improvements
+
+* more copyFile benchmarks ([63787bb](https://github.com/zkat/cacache/commit/63787bb))
+
+
+### BREAKING CHANGES
+
+* **license:** the license has been changed from CC0-1.0 to ISC.
+
+
+
+
+# [9.3.0](https://github.com/zkat/cacache/compare/v9.2.9...v9.3.0) (2017-10-07)
+
+
+### Features
+
+* **copy:** added cacache.get.copy api for fast copies (#107) ([067b5f6](https://github.com/zkat/cacache/commit/067b5f6))
+
+
+
+
+## [9.2.9](https://github.com/zkat/cacache/compare/v9.2.8...v9.2.9) (2017-06-17)
+
+
+
+
+## [9.2.8](https://github.com/zkat/cacache/compare/v9.2.7...v9.2.8) (2017-06-05)
+
+
+### Bug Fixes
+
+* **ssri:** bump ssri for bugfix ([c3232ea](https://github.com/zkat/cacache/commit/c3232ea))
+
+
+
+
+## [9.2.7](https://github.com/zkat/cacache/compare/v9.2.6...v9.2.7) (2017-06-05)
+
+
+### Bug Fixes
+
+* **content:** make verified content completely read-only (#96) ([4131196](https://github.com/zkat/cacache/commit/4131196))
+
+
+
+
+## [9.2.6](https://github.com/zkat/cacache/compare/v9.2.5...v9.2.6) (2017-05-31)
+
+
+### Bug Fixes
+
+* **node:** update ssri to prevent old node 4 crash ([5209ffe](https://github.com/zkat/cacache/commit/5209ffe))
+
+
+
+
+## [9.2.5](https://github.com/zkat/cacache/compare/v9.2.4...v9.2.5) (2017-05-25)
+
+
+### Bug Fixes
+
+* **deps:** fix lockfile issues and bump ssri ([84e1d7e](https://github.com/zkat/cacache/commit/84e1d7e))
+
+
+
+
+## [9.2.4](https://github.com/zkat/cacache/compare/v9.2.3...v9.2.4) (2017-05-24)
+
+
+### Bug Fixes
+
+* **deps:** bumping deps ([bbccb12](https://github.com/zkat/cacache/commit/bbccb12))
+
+
+
+
+## [9.2.3](https://github.com/zkat/cacache/compare/v9.2.2...v9.2.3) (2017-05-24)
+
+
+### Bug Fixes
+
+* **rm:** stop crashing if content is missing on rm ([ac90bc0](https://github.com/zkat/cacache/commit/ac90bc0))
+
+
+
+
+## [9.2.2](https://github.com/zkat/cacache/compare/v9.2.1...v9.2.2) (2017-05-14)
+
+
+### Bug Fixes
+
+* **i18n:** lets pretend this didn't happen ([519b4ee](https://github.com/zkat/cacache/commit/519b4ee))
+
+
+
+
+## [9.2.1](https://github.com/zkat/cacache/compare/v9.2.0...v9.2.1) (2017-05-14)
+
+
+### Bug Fixes
+
+* **docs:** fixing translation messup ([bb9e4f9](https://github.com/zkat/cacache/commit/bb9e4f9))
+
+
+
+
+# [9.2.0](https://github.com/zkat/cacache/compare/v9.1.0...v9.2.0) (2017-05-14)
+
+
+### Features
+
+* **i18n:** add Spanish translation for API ([531f9a4](https://github.com/zkat/cacache/commit/531f9a4))
+
+
+
+
+# [9.1.0](https://github.com/zkat/cacache/compare/v9.0.0...v9.1.0) (2017-05-14)
+
+
+### Features
+
+* **i18n:** Add Spanish translation and i18n setup (#91) ([323b90c](https://github.com/zkat/cacache/commit/323b90c))
+
+
+
+
+# [9.0.0](https://github.com/zkat/cacache/compare/v8.0.0...v9.0.0) (2017-04-28)
+
+
+### Bug Fixes
+
+* **memoization:** actually use the LRU ([0e55dc9](https://github.com/zkat/cacache/commit/0e55dc9))
+
+
+### Features
+
+* **memoization:** memoizers can be injected through opts.memoize (#90) ([e5614c7](https://github.com/zkat/cacache/commit/e5614c7))
+
+
+### BREAKING CHANGES
+
+* **memoization:** If you were passing an object to opts.memoize, it will now be used as an injected memoization object. If you were only passing booleans and other non-objects through that option, no changes are needed.
+
+
+
+
+# [8.0.0](https://github.com/zkat/cacache/compare/v7.1.0...v8.0.0) (2017-04-22)
+
+
+### Features
+
+* **read:** change hasContent to return {sri, size} (#88) ([bad6c49](https://github.com/zkat/cacache/commit/bad6c49)), closes [#87](https://github.com/zkat/cacache/issues/87)
+
+
+### BREAKING CHANGES
+
+* **read:** hasContent now returns an object with `{sri, size}` instead of `sri`. Use `result.sri` anywhere that needed the old return value.
+
+
+
+
+# [7.1.0](https://github.com/zkat/cacache/compare/v7.0.5...v7.1.0) (2017-04-20)
+
+
+### Features
+
+* **size:** handle content size info (#49) ([91230af](https://github.com/zkat/cacache/commit/91230af))
+
+
+
+
+## [7.0.5](https://github.com/zkat/cacache/compare/v7.0.4...v7.0.5) (2017-04-18)
+
+
+### Bug Fixes
+
+* **integrity:** new ssri with fixed integrity stream ([6d13e8e](https://github.com/zkat/cacache/commit/6d13e8e))
+* **write:** wrap stuff in promises to improve errors ([3624fc5](https://github.com/zkat/cacache/commit/3624fc5))
+
+
+
+
+## [7.0.4](https://github.com/zkat/cacache/compare/v7.0.3...v7.0.4) (2017-04-15)
+
+
+### Bug Fixes
+
+* **fix-owner:** throw away ENOENTs on chownr ([d49bbcd](https://github.com/zkat/cacache/commit/d49bbcd))
+
+
+
+
+## [7.0.3](https://github.com/zkat/cacache/compare/v7.0.2...v7.0.3) (2017-04-05)
+
+
+### Bug Fixes
+
+* **read:** fixing error message for integrity verification failures ([9d4f0a5](https://github.com/zkat/cacache/commit/9d4f0a5))
+
+
+
+
+## [7.0.2](https://github.com/zkat/cacache/compare/v7.0.1...v7.0.2) (2017-04-03)
+
+
+### Bug Fixes
+
+* **integrity:** use EINTEGRITY error code and update ssri ([8dc2e62](https://github.com/zkat/cacache/commit/8dc2e62))
+
+
+
+
+## [7.0.1](https://github.com/zkat/cacache/compare/v7.0.0...v7.0.1) (2017-04-03)
+
+
+### Bug Fixes
+
+* **docs:** fix header name conflict in readme ([afcd456](https://github.com/zkat/cacache/commit/afcd456))
+
+
+
+
+# [7.0.0](https://github.com/zkat/cacache/compare/v6.3.0...v7.0.0) (2017-04-03)
+
+
+### Bug Fixes
+
+* **test:** fix content.write tests when running in docker ([d2e9b6a](https://github.com/zkat/cacache/commit/d2e9b6a))
+
+
+### Features
+
+* **integrity:** subresource integrity support (#78) ([b1e731f](https://github.com/zkat/cacache/commit/b1e731f))
+
+
+### BREAKING CHANGES
+
+* **integrity:** The entire API has been overhauled to use SRI hashes instead of digest/hashAlgorithm pairs. SRI hashes follow the Subresource Integrity standard and support strings and objects compatible with [`ssri`](https://npm.im/ssri).
+
+* This change bumps the index version, which will invalidate all previous index entries. Content entries will remain intact, and existing caches will automatically reuse any content from before this breaking change.
+
+* `cacache.get.info()`, `cacache.ls()`, and `cacache.ls.stream()` will now return objects that looks like this:
+
+```
+{
+ key: String,
+ integrity: '-',
+ path: ContentPath,
+ time: Date,
+ metadata: Any
+}
+```
+
+* `opts.digest` and `opts.hashAlgorithm` are obsolete for any API calls that used them.
+
+* Anywhere `opts.digest` was accepted, `opts.integrity` is now an option. Any valid SRI hash is accepted here -- multiple hash entries will be resolved according to the standard: first, the "strongest" hash algorithm will be picked, and then each of the entries for that algorithm will be matched against the content. Content will be validated if *any* of the entries match (so, a single integrity string can be used for multiple "versions" of the same document/data).
+
+* `put.byDigest()`, `put.stream.byDigest`, `get.byDigest()` and `get.stream.byDigest()` now expect an SRI instead of a `digest` + `opts.hashAlgorithm` pairing.
+
+* `get.hasContent()` now expects an integrity hash instead of a digest. If content exists, it will return the specific single integrity hash that was found in the cache.
+
+* `verify()` has learned to handle integrity-based caches, and forgotten how to handle old-style cache indices due to the format change.
+
+* `cacache.rm.content()` now expects an integrity hash instead of a hex digest.
+
+
+
+
+# [6.3.0](https://github.com/zkat/cacache/compare/v6.2.0...v6.3.0) (2017-04-01)
+
+
+### Bug Fixes
+
+* **fixOwner:** ignore EEXIST race condition from mkdirp ([4670e9b](https://github.com/zkat/cacache/commit/4670e9b))
+* **index:** ignore index removal races when inserting ([b9d2fa2](https://github.com/zkat/cacache/commit/b9d2fa2))
+* **memo:** use lru-cache for better mem management (#75) ([d8ac5aa](https://github.com/zkat/cacache/commit/d8ac5aa))
+
+
+### Features
+
+* **dependencies:** Switch to move-concurrently (#77) ([dc6482d](https://github.com/zkat/cacache/commit/dc6482d))
+
+
+
+
+# [6.2.0](https://github.com/zkat/cacache/compare/v6.1.2...v6.2.0) (2017-03-15)
+
+
+### Bug Fixes
+
+* **index:** additional bucket entry verification with checksum (#72) ([f8e0f25](https://github.com/zkat/cacache/commit/f8e0f25))
+* **verify:** return fixOwner.chownr promise ([6818521](https://github.com/zkat/cacache/commit/6818521))
+
+
+### Features
+
+* **tmp:** safe tmp dir creation/management util (#73) ([c42da71](https://github.com/zkat/cacache/commit/c42da71))
+
+
+
+
+## [6.1.2](https://github.com/zkat/cacache/compare/v6.1.1...v6.1.2) (2017-03-13)
+
+
+### Bug Fixes
+
+* **index:** set default hashAlgorithm ([d6eb2f0](https://github.com/zkat/cacache/commit/d6eb2f0))
+
+
+
+
+## [6.1.1](https://github.com/zkat/cacache/compare/v6.1.0...v6.1.1) (2017-03-13)
+
+
+### Bug Fixes
+
+* **coverage:** bumping coverage for verify (#71) ([0b7faf6](https://github.com/zkat/cacache/commit/0b7faf6))
+* **deps:** glob should have been a regular dep :< ([0640bc4](https://github.com/zkat/cacache/commit/0640bc4))
+
+
+
+
+# [6.1.0](https://github.com/zkat/cacache/compare/v6.0.2...v6.1.0) (2017-03-12)
+
+
+### Bug Fixes
+
+* **coverage:** more coverage for content reads (#70) ([ef4f70a](https://github.com/zkat/cacache/commit/ef4f70a))
+* **tests:** use safe-buffer because omfg (#69) ([6ab8132](https://github.com/zkat/cacache/commit/6ab8132))
+
+
+### Features
+
+* **rm:** limited rm.all and fixed bugs (#66) ([d5d25ba](https://github.com/zkat/cacache/commit/d5d25ba)), closes [#66](https://github.com/zkat/cacache/issues/66)
+* **verify:** tested, working cache verifier/gc (#68) ([45ad77a](https://github.com/zkat/cacache/commit/45ad77a))
+
+
+
+
+## [6.0.2](https://github.com/zkat/cacache/compare/v6.0.1...v6.0.2) (2017-03-11)
+
+
+### Bug Fixes
+
+* **index:** segment cache items with another subbucket (#64) ([c3644e5](https://github.com/zkat/cacache/commit/c3644e5))
+
+
+
+
+## [6.0.1](https://github.com/zkat/cacache/compare/v6.0.0...v6.0.1) (2017-03-05)
+
+
+### Bug Fixes
+
+* **docs:** Missed spots in README ([8ffb7fa](https://github.com/zkat/cacache/commit/8ffb7fa))
+
+
+
+
+# [6.0.0](https://github.com/zkat/cacache/compare/v5.0.3...v6.0.0) (2017-03-05)
+
+
+### Bug Fixes
+
+* **api:** keep memo cache mostly-internal ([2f72d0a](https://github.com/zkat/cacache/commit/2f72d0a))
+* **content:** use the rest of the string, not the whole string ([fa8f3c3](https://github.com/zkat/cacache/commit/fa8f3c3))
+* **deps:** removed `format-number[@2](https://github.com/2).0.2` ([1187791](https://github.com/zkat/cacache/commit/1187791))
+* **deps:** removed inflight[@1](https://github.com/1).0.6 ([0d1819c](https://github.com/zkat/cacache/commit/0d1819c))
+* **deps:** rimraf[@2](https://github.com/2).6.1 ([9efab6b](https://github.com/zkat/cacache/commit/9efab6b))
+* **deps:** standard[@9](https://github.com/9).0.0 ([4202cba](https://github.com/zkat/cacache/commit/4202cba))
+* **deps:** tap[@10](https://github.com/10).3.0 ([aa03088](https://github.com/zkat/cacache/commit/aa03088))
+* **deps:** weallcontribute[@1](https://github.com/1).0.8 ([ad4f4dc](https://github.com/zkat/cacache/commit/ad4f4dc))
+* **docs:** add security note to hashKey ([03f81ba](https://github.com/zkat/cacache/commit/03f81ba))
+* **hashes:** change default hashAlgorithm to sha512 ([ea00ba6](https://github.com/zkat/cacache/commit/ea00ba6))
+* **hashes:** missed a spot for hashAlgorithm defaults ([45997d8](https://github.com/zkat/cacache/commit/45997d8))
+* **index:** add length header before JSON for verification ([fb8cb4d](https://github.com/zkat/cacache/commit/fb8cb4d))
+* **index:** change index filenames to sha1s of keys ([bbc5fca](https://github.com/zkat/cacache/commit/bbc5fca))
+* **index:** who cares about race conditions anyway ([b1d3888](https://github.com/zkat/cacache/commit/b1d3888))
+* **perf:** bulk-read get+read for massive speed ([d26cdf9](https://github.com/zkat/cacache/commit/d26cdf9))
+* **perf:** use bulk file reads for index reads ([79a8891](https://github.com/zkat/cacache/commit/79a8891))
+* **put-stream:** remove tmp file on stream insert error ([65f6632](https://github.com/zkat/cacache/commit/65f6632))
+* **put-stream:** robustified and predictibilized ([daf9e08](https://github.com/zkat/cacache/commit/daf9e08))
+* **put-stream:** use new promise API for moves ([1d36013](https://github.com/zkat/cacache/commit/1d36013))
+* **readme:** updated to reflect new default hashAlgo ([c60a2fa](https://github.com/zkat/cacache/commit/c60a2fa))
+* **verify:** tiny typo fix ([db22d05](https://github.com/zkat/cacache/commit/db22d05))
+
+
+### Features
+
+* **api:** converted external api ([7bf032f](https://github.com/zkat/cacache/commit/7bf032f))
+* **cacache:** exported clearMemoized() utility ([8d2c5b6](https://github.com/zkat/cacache/commit/8d2c5b6))
+* **cache:** add versioning to content and index ([31bc549](https://github.com/zkat/cacache/commit/31bc549))
+* **content:** collate content files into subdirs ([c094d9f](https://github.com/zkat/cacache/commit/c094d9f))
+* **deps:** [@npmcorp](https://github.com/npmcorp)/move[@1](https://github.com/1).0.0 ([bdd00bf](https://github.com/zkat/cacache/commit/bdd00bf))
+* **deps:** bluebird[@3](https://github.com/3).4.7 ([3a17aff](https://github.com/zkat/cacache/commit/3a17aff))
+* **deps:** promise-inflight[@1](https://github.com/1).0.1 ([a004fe6](https://github.com/zkat/cacache/commit/a004fe6))
+* **get:** added memoization support for get ([c77d794](https://github.com/zkat/cacache/commit/c77d794))
+* **get:** export hasContent ([2956ec3](https://github.com/zkat/cacache/commit/2956ec3))
+* **index:** add hashAlgorithm and format insert ret val ([b639746](https://github.com/zkat/cacache/commit/b639746))
+* **index:** collate index files into subdirs ([e8402a5](https://github.com/zkat/cacache/commit/e8402a5))
+* **index:** promisify entry index ([cda3335](https://github.com/zkat/cacache/commit/cda3335))
+* **memo:** added memoization lib ([da07b92](https://github.com/zkat/cacache/commit/da07b92))
+* **memo:** export memoization api ([954b1b3](https://github.com/zkat/cacache/commit/954b1b3))
+* **move-file:** add move fallback for weird errors ([5cf4616](https://github.com/zkat/cacache/commit/5cf4616))
+* **perf:** bulk content write api ([51b536e](https://github.com/zkat/cacache/commit/51b536e))
+* **put:** added memoization support to put ([b613a70](https://github.com/zkat/cacache/commit/b613a70))
+* **read:** switched to promises ([a869362](https://github.com/zkat/cacache/commit/a869362))
+* **rm:** added memoization support to rm ([4205cf0](https://github.com/zkat/cacache/commit/4205cf0))
+* **rm:** switched to promises ([a000d24](https://github.com/zkat/cacache/commit/a000d24))
+* **util:** promise-inflight ownership fix requests ([9517cd7](https://github.com/zkat/cacache/commit/9517cd7))
+* **util:** use promises for api ([ae204bb](https://github.com/zkat/cacache/commit/ae204bb))
+* **verify:** converted to Promises ([f0b3974](https://github.com/zkat/cacache/commit/f0b3974))
+
+
+### BREAKING CHANGES
+
+* cache: index/content directories are now versioned. Previous caches are no longer compatible and cannot be migrated.
+* util: fix-owner now uses Promises instead of callbacks
+* index: Previously-generated index entries are no longer compatible and the index must be regenerated.
+* index: The index format has changed and previous caches are no longer compatible. Existing caches will need to be regenerated.
+* hashes: Default hashAlgorithm changed from sha1 to sha512. If you
+rely on the prior setting, pass `opts.hashAlgorithm` in explicitly.
+* content: Previously-generated content directories are no longer compatible
+and must be regenerated.
+* verify: API is now promise-based
+* read: Switches to a Promise-based API and removes callback stuff
+* rm: Switches to a Promise-based API and removes callback stuff
+* index: this changes the API to work off promises instead of callbacks
+* api: this means we are going all in on promises now
diff --git a/node_modules/make-fetch-happen/node_modules/cacache/LICENSE.md b/node_modules/make-fetch-happen/node_modules/cacache/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/make-fetch-happen/node_modules/cacache/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/make-fetch-happen/node_modules/cacache/README.es.md b/node_modules/make-fetch-happen/node_modules/cacache/README.es.md
new file mode 100644
index 0000000000000..55007e20dd4f1
--- /dev/null
+++ b/node_modules/make-fetch-happen/node_modules/cacache/README.es.md
@@ -0,0 +1,628 @@
+# cacache [](https://npm.im/cacache) [](https://npm.im/cacache) [](https://travis-ci.org/zkat/cacache) [](https://ci.appveyor.com/project/zkat/cacache) [](https://coveralls.io/github/zkat/cacache?branch=latest)
+
+[`cacache`](https://github.com/zkat/cacache) es una librería de Node.js para
+manejar caches locales en disco, con acceso tanto con claves únicas como
+direcciones de contenido (hashes/hacheos). Es súper rápida, excelente con el
+acceso concurrente, y jamás te dará datos incorrectos, aún si se corrompen o
+manipulan directamente los ficheros del cache.
+
+El propósito original era reemplazar el caché local de
+[npm](https://npm.im/npm), pero se puede usar por su propia cuenta.
+
+_Traducciones: [English](README.md)_
+
+## Instalación
+
+`$ npm install --save cacache`
+
+## Índice
+
+* [Ejemplo](#ejemplo)
+* [Características](#características)
+* [Cómo Contribuir](#cómo-contribuir)
+* [API](#api)
+ * [Usando el API en español](#localized-api)
+ * Leer
+ * [`ls`](#ls)
+ * [`ls.flujo`](#ls-stream)
+ * [`saca`](#get-data)
+ * [`saca.flujo`](#get-stream)
+ * [`saca.info`](#get-info)
+ * [`saca.tieneDatos`](#get-hasContent)
+ * Escribir
+ * [`mete`](#put-data)
+ * [`mete.flujo`](#put-stream)
+ * [opciones para `mete*`](#put-options)
+ * [`rm.todo`](#rm-all)
+ * [`rm.entrada`](#rm-entry)
+ * [`rm.datos`](#rm-content)
+ * Utilidades
+ * [`ponLenguaje`](#set-locale)
+ * [`limpiaMemoizado`](#clear-memoized)
+ * [`tmp.hazdir`](#tmp-mkdir)
+ * [`tmp.conTmp`](#with-tmp)
+ * Integridad
+ * [Subresource Integrity](#integrity)
+ * [`verifica`](#verify)
+ * [`verifica.ultimaVez`](#verify-last-run)
+
+### Ejemplo
+
+```javascript
+const cacache = require('cacache/es')
+const fs = require('fs')
+
+const tarbol = '/ruta/a/mi-tar.tgz'
+const rutaCache = '/tmp/my-toy-cache'
+const clave = 'mi-clave-única-1234'
+
+// ¡Añádelo al caché! Usa `rutaCache` como raíz del caché.
+cacache.mete(rutaCache, clave, '10293801983029384').then(integrity => {
+ console.log(`Saved content to ${rutaCache}.`)
+})
+
+const destino = '/tmp/mytar.tgz'
+
+// Copia el contenido del caché a otro fichero, pero esta vez con flujos.
+cacache.saca.flujo(
+ rutaCache, clave
+).pipe(
+ fs.createWriteStream(destino)
+).on('finish', () => {
+ console.log('extracción completada')
+})
+
+// La misma cosa, pero accesando el contenido directamente, sin tocar el índice.
+cacache.saca.porHacheo(rutaCache, integridad).then(datos => {
+ fs.writeFile(destino, datos, err => {
+ console.log('datos del tarbol sacados basado en su sha512, y escrito a otro fichero')
+ })
+})
+```
+
+### Características
+
+* Extracción por clave o por dirección de contenido (shasum, etc)
+* Usa el estándard de web, [Subresource Integrity](#integrity)
+* Compatible con multiples algoritmos - usa sha1, sha512, etc, en el mismo caché sin problema
+* Entradas con contenido idéntico comparten ficheros
+* Tolerancia de fallas (inmune a corrupción, ficheros parciales, carreras de proceso, etc)
+* Verificación completa de datos cuando (escribiendo y leyendo)
+* Concurrencia rápida, segura y "lockless"
+* Compatible con `stream`s (flujos)
+* Compatible con `Promise`s (promesas)
+* Bastante rápida -- acceso, incluyendo verificación, en microsegundos
+* Almacenaje de metadatos arbitrarios
+* Colección de basura y verificación adicional fuera de banda
+* Cobertura rigurosa de pruebas
+* Probablente hay un "Bloom filter" por ahí en algún lado. Eso le mola a la gente, ¿Verdad? 🤔
+
+### Cómo Contribuir
+
+El equipo de cacache felizmente acepta contribuciones de código y otras maneras de participación. ¡Hay muchas formas diferentes de contribuir! La [Guía de Colaboradores](CONTRIBUTING.md) (en inglés) tiene toda la información que necesitas para cualquier tipo de contribución: todo desde cómo reportar errores hasta cómo someter parches con nuevas características. Con todo y eso, no se preocupe por si lo que haces está exáctamente correcto: no hay ningún problema en hacer preguntas si algo no está claro, o no lo encuentras.
+
+El equipo de cacache tiene miembros hispanohablantes: es completamente aceptable crear `issues` y `pull requests` en español/castellano.
+
+Todos los participantes en este proyecto deben obedecer el [Código de Conducta](CODE_OF_CONDUCT.md) (en inglés), y en general actuar de forma amable y respetuosa mientras participan en esta comunidad.
+
+Por favor refiérase al [Historial de Cambios](CHANGELOG.md) (en inglés) para detalles sobre cambios importantes incluídos en cada versión.
+
+Finalmente, cacache tiene un sistema de localización de lenguaje. Si te interesa añadir lenguajes o mejorar los que existen, mira en el directorio `./locales` para comenzar.
+
+Happy hacking!
+
+### API
+
+#### Usando el API en español
+
+cacache incluye una traducción completa de su API al castellano, con las mismas
+características. Para usar el API como está documentado en este documento, usa
+`require('cacache/es')`
+
+cacache también tiene otros lenguajes: encuéntralos bajo `./locales`, y podrás
+usar el API en ese lenguaje con `require('cacache/')`
+
+#### `> cacache.ls(cache) -> Promise