deps: upgrade npm to 2.6.0

PR-URL: https://github.com/iojs/io.js/pull/904
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

6 files changed, 82 insertions, 13 deletions

diff --git a/deps/npm/doc/cli/npm-dist-tag.md b/deps/npm/doc/cli/npm-dist-tag.md
index b8eabe7157..f8e4566ca7 100644
--- a/deps/npm/doc/cli/npm-dist-tag.md
+++ b/deps/npm/doc/cli/npm-dist-tag.md
@@ -20,7 +20,7 @@ Add, remove, and enumerate distribution tags on a package:
 
 * ls:
   Show all of the dist-tags for a package, defaulting to the package in
-  the curren prefix.
+  the current prefix.
 
 A tag can be used when installing packages as a reference to a version instead
 of using a specific version number:
diff --git a/deps/npm/doc/cli/npm-link.md b/deps/npm/doc/cli/npm-link.md
index 786ad815dc..a48fb97785 100644
--- a/deps/npm/doc/cli/npm-link.md
+++ b/deps/npm/doc/cli/npm-link.md
@@ -38,7 +38,7 @@ For example:
     npm link redis              # link-install the package
 
 Now, any changes to ~/projects/node-redis will be reflected in
-~/projects/node-bloggy/node_modules/redis/
+~/projects/node-bloggy/node_modules/node-redis/
 
 You may also shortcut the two steps in one.  For example, to do the
 above use-case in a shorter way:
@@ -49,7 +49,7 @@ above use-case in a shorter way:
 The second line is the equivalent of doing:
 
     (cd ../node-redis; npm link)
-    npm link redis
+    npm link node-redis
 
 That is, it first creates a global link, and then links the global
 installation target into your project's `node_modules` folder.
diff --git a/deps/npm/doc/cli/npm-logout.md b/deps/npm/doc/cli/npm-logout.md
new file mode 100644
index 0000000000..867953c024
--- /dev/null
+++ b/deps/npm/doc/cli/npm-logout.md
@@ -0,0 +1,50 @@
+npm-logout(1) -- Log out of the registry
+========================================
+
+## SYNOPSIS
+
+    npm logout [--registry=url] [--scope=@orgname]
+
+## DESCRIPTION
+
+When logged into a registry that supports token-based authentication, tell the
+server to end this token's session. This will invalidate the token everywhere
+you're using it, not just for the current environment.
+
+When logged into a legacy registry that uses username and password authentication, this will
+clear the credentials in your user configuration. In this case, it will _only_ affect
+the current environment.
+
+If `--scope` is provided, this will find the credentials for the registry
+connected to that scope, if set.
+
+## CONFIGURATION
+
+### registry
+
+Default: http://registry.npmjs.org/
+
+The base URL of the npm package registry. If `scope` is also specified,
+it takes precedence.
+
+### scope
+
+Default: none
+
+If specified, the user and login credentials given will be associated
+with the specified scope. See `npm-scope(7)`. You can use both at the same time,
+e.g.
+
+    npm adduser --registry=http://myregistry.example.com --scope=@myco
+
+This will set a registry for the given scope and login or create a user for
+that registry at the same time.
+
+## SEE ALSO
+
+* npm-adduser(1)
+* npm-registry(7)
+* npm-config(1)
+* npm-config(7)
+* npmrc(5)
+* npm-whoami(1)
diff --git a/deps/npm/doc/files/package.json.md b/deps/npm/doc/files/package.json.md
index 933c23a64a..3f29a8c35c 100644
--- a/deps/npm/doc/files/package.json.md
+++ b/deps/npm/doc/files/package.json.md
@@ -75,7 +75,7 @@ with your package.
 
 It should look like this:
 
-    { "url" : "http://github.com/owner/project/issues"
+    { "url" : "https://github.com/owner/project/issues"
     , "email" : "project@hostname.com"
     }
 
@@ -219,7 +219,7 @@ will create entries for `man foo` and `man 2 foo`
 
 The CommonJS [Packages](http://wiki.commonjs.org/wiki/Packages/1.0) spec details a
 few ways that you can indicate the structure of your package using a `directories`
-object. If you look at [npm's package.json](http://registry.npmjs.org/npm/latest),
+object. If you look at [npm's package.json](https://registry.npmjs.org/npm/latest),
 you'll see that it has directories for doc, lib, and man.
 
 In the future, this information may be used in other creative ways.
@@ -260,18 +260,23 @@ Do it like this:
 
     "repository" :
       { "type" : "git"
-      , "url" : "http://github.com/npm/npm.git"
+      , "url" : "https://github.com/npm/npm.git"
       }
 
     "repository" :
       { "type" : "svn"
-      , "url" : "http://v8.googlecode.com/svn/trunk/"
+      , "url" : "https://v8.googlecode.com/svn/trunk/"
       }
 
 The URL should be a publicly available (perhaps read-only) url that can be handed
 directly to a VCS program without any modification.  It should not be a url to an
 html project page that you put in your browser.  It's for computers.
 
+For GitHub repositories you can use the same shortcut syntax you use for `npm
+install`:
+
+    "repository": "npm/npm"
+
 ## scripts
 
 The "scripts" property is a dictionary containing script commands that are run
@@ -459,13 +464,19 @@ For example:
     }
 
 This ensures your package `tea-latte` can be installed *along* with the second
-major version of the host package `tea` only. The host package is automatically
-installed if needed. `npm install tea-latte` could possibly yield the following
-dependency graph:
+major version of the host package `tea` only. `npm install tea-latte` could
+possibly yield the following dependency graph:
 
     ├── tea-latte@1.3.5
     └── tea@2.2.0
 
+**NOTE: npm versions 1 and 2 will automatically install `peerDependencies` if
+they are not explicitly depended upon higher in the dependency tree. In the
+next major version of npm (npm@3), this will no longer be the case. You will
+receive a warning that the peerDependency is not installed instead.** The
+behavior in npms 1 & 2 was frequently confusing and could easily put you into
+dependency hell, a situation that npm is designed to avoid as much as possible.
+
 Trying to install another plugin with a conflicting requirement will cause an
 error. For this reason, make sure your plugin requirement is as broad as
 possible, and not to lock it down to specific patch versions.
@@ -534,6 +545,8 @@ field is advisory only.
 
 ## engineStrict
 
+**NOTE: This feature is deprecated and will be removed in npm 3.0.0.**
+
 If you are sure that your module will *definitely not* run properly on
 versions of Node/npm other than those specified in the `engines` object,
 then you can set `"engineStrict": true` in your package.json file.
@@ -542,8 +555,7 @@ This will override the user's `engine-strict` config setting.
 Please do not do this unless you are really very very sure.  If your
 engines object is something overly restrictive, you can quite easily and
 inadvertently lock yourself into obscurity and prevent your users from
-updating to new versions of Node.  Consider this choice carefully.  If
-people abuse it, it will be removed in a future version of npm.
+updating to new versions of Node.  Consider this choice carefully.
 
 ## os
 
diff --git a/deps/npm/doc/misc/npm-index.md b/deps/npm/doc/misc/npm-index.md
index 4cbfbdc8bc..8b9b69a48b 100644
--- a/deps/npm/doc/misc/npm-index.md
+++ b/deps/npm/doc/misc/npm-index.md
@@ -93,6 +93,10 @@ Install a package
 
 Symlink a package folder
 
+### npm-logout(1)
+
+Log out of the registry
+
 ### npm-ls(1)
 
 List installed packages
diff --git a/deps/npm/doc/misc/semver.md b/deps/npm/doc/misc/semver.md
index 3f9555db14..2bd5acc29b 100644
--- a/deps/npm/doc/misc/semver.md
+++ b/deps/npm/doc/misc/semver.md
@@ -106,7 +106,7 @@ similar risk on the *next* set of prerelease versions.
 The method `.inc` takes an additional `identifier` string argument that
 will append the value of the string as a prerelease identifier:
 
-````javascript
+```javascript
 > semver.inc('1.2.3', 'pre', 'beta')
 '1.2.4-beta.0'
 ```
@@ -248,6 +248,9 @@ strings that they parse.
     same as `prepatch`. It increments the patch version, then makes a
     prerelease. If the input version is already a prerelease it simply
     increments it.
+* `major(v)`: Return the major version number.
+* `minor(v)`: Return the minor version number.
+* `patch(v)`: Return the patch version number.
 
 ### Comparison