diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmaccess/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmhook/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmorg/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmsearch/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/libnpmteam/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md b/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js b/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/npm-profile/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/node_modules/npm-registry-fetch/README.md b/node_modules/npm-registry-fetch/README.md
index e660940e30dc4..f5ae9cac31a03 100644
--- a/node_modules/npm-registry-fetch/README.md
+++ b/node_modules/npm-registry-fetch/README.md
@@ -1,11 +1,5 @@
# npm-registry-fetch
-[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
-[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
-[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
-[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
-[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
-
[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
library that implements a `fetch`-like API for accessing npm registry APIs
consistently. It's able to consume npm-style configuration values and has all
diff --git a/node_modules/npm-registry-fetch/auth.js b/node_modules/npm-registry-fetch/auth.js
index 11c3bde6b4e6c..e096a6f98f9a4 100644
--- a/node_modules/npm-registry-fetch/auth.js
+++ b/node_modules/npm-registry-fetch/auth.js
@@ -5,7 +5,8 @@ const url = require('url')
module.exports = getAuth
function getAuth (registry, opts_ = {}) {
- if (!registry) { throw new Error('registry is required') }
+ if (!registry)
+ throw new Error('registry is required')
const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
const AUTH = {}
const regKey = registry && registryKey(registry)
@@ -19,9 +20,9 @@ function getAuth (registry, opts_ = {}) {
doKey('_auth')
doKey('otp')
doKey('always-auth', 'alwaysAuth')
- if (AUTH.password) {
+ if (AUTH.password)
AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
- }
+
if (AUTH._auth && !(AUTH.username && AUTH.password)) {
let auth = Buffer.from(AUTH._auth, 'base64').toString()
auth = auth.split(':')
@@ -33,12 +34,11 @@ function getAuth (registry, opts_ = {}) {
}
function addKey (opts, obj, scope, key, objKey) {
- if (opts[key]) {
+ if (opts[key])
obj[objKey || key] = opts[key]
- }
- if (scope && opts[`${scope}:${key}`]) {
+
+ if (scope && opts[`${scope}:${key}`])
obj[objKey || key] = opts[`${scope}:${key}`]
- }
}
// Called a nerf dart in the main codebase. Used as a "safe"
@@ -49,7 +49,7 @@ function registryKey (registry) {
protocol: parsed.protocol,
host: parsed.host,
pathname: parsed.pathname,
- slashes: true
+ slashes: true,
})
return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
}
diff --git a/node_modules/npm-registry-fetch/check-response.js b/node_modules/npm-registry-fetch/check-response.js
index f151711f30160..5154da5349f76 100644
--- a/node_modules/npm-registry-fetch/check-response.js
+++ b/node_modules/npm-registry-fetch/check-response.js
@@ -8,9 +8,9 @@ const defaultOpts = require('./default-opts.js')
module.exports = checkResponse
function checkResponse (method, res, registry, startTime, opts_ = {}) {
const opts = { ...defaultOpts, ...opts_ }
- if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache'))
opts.log.notice('', res.headers.get('npm-notice'))
- }
+
checkWarnings(res, registry, opts)
if (res.status >= 400) {
logRequest(method, res, startTime, opts)
@@ -35,9 +35,9 @@ function logRequest (method, res, startTime, opts) {
try {
const { URL } = require('url')
const url = new URL(res.url)
- if (url.password) {
+ if (url.password)
url.password = '***'
- }
+
urlStr = url.toString()
} catch (er) {
urlStr = res.url
@@ -58,7 +58,8 @@ function checkWarnings (res, registry, opts) {
// note: headers.raw() will preserve case, so we might have a
// key on the object like 'WaRnInG' if that was used first
for (const [key, value] of Object.entries(res.headers.raw())) {
- if (key.toLowerCase() !== 'warning') { continue }
+ if (key.toLowerCase() !== 'warning')
+ continue
value.forEach(w => {
const match = w.match(WARNING_REGEXP)
if (match) {
@@ -66,18 +67,17 @@ function checkWarnings (res, registry, opts) {
code: match[1],
host: match[2],
message: match[3],
- date: new Date(match[4])
+ date: new Date(match[4]),
}
}
})
}
BAD_HOSTS.set(registry, true)
if (warnings['199']) {
- if (warnings['199'].message.match(/ENOTFOUND/)) {
+ if (warnings['199'].message.match(/ENOTFOUND/))
opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
- } else {
+ else
opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
- }
}
if (warnings['111']) {
// 111 Revalidation failed -- we're using stale data
diff --git a/node_modules/npm-registry-fetch/default-opts.js b/node_modules/npm-registry-fetch/default-opts.js
index b742fd5a5fcd4..fb8021d6b742f 100644
--- a/node_modules/npm-registry-fetch/default-opts.js
+++ b/node_modules/npm-registry-fetch/default-opts.js
@@ -18,5 +18,5 @@ module.exports = {
process.arch
} (${
process.platform
- })`
+ })`,
}
diff --git a/node_modules/npm-registry-fetch/errors.js b/node_modules/npm-registry-fetch/errors.js
index c41947e29952d..69671551dc619 100644
--- a/node_modules/npm-registry-fetch/errors.js
+++ b/node_modules/npm-registry-fetch/errors.js
@@ -8,11 +8,10 @@ function packageName (href) {
if (!basePath.match(/^-/)) {
basePath = basePath.split('/')
var index = basePath.indexOf('_rewrite')
- if (index === -1) {
+ if (index === -1)
index = basePath.length - 1
- } else {
+ else
index++
- }
return decodeURIComponent(basePath[index])
}
} catch (_) {
diff --git a/node_modules/npm-registry-fetch/index.js b/node_modules/npm-registry-fetch/index.js
index 2324e7fbfd00b..df3b49eb52969 100644
--- a/node_modules/npm-registry-fetch/index.js
+++ b/node_modules/npm-registry-fetch/index.js
@@ -25,11 +25,10 @@ module.exports = regFetch
function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
const opts = {
...defaultOpts,
- ...opts_
+ ...opts_,
}
const registry = opts.registry = (
(opts.spec && pickRegistry(opts.spec, opts)) ||
- (opts.publishConfig && opts.publishConfig.registry) ||
opts.registry ||
/* istanbul ignore next */
'https://registry.npmjs.org/'
@@ -57,9 +56,8 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
headers['content-type'] = headers['content-type'] || 'application/json'
body = JSON.stringify(body)
- } else if (body && !headers['content-type']) {
+ } else if (body && !headers['content-type'])
headers['content-type'] = 'application/octet-stream'
- }
if (opts.gzip) {
headers['content-encoding'] = 'gzip'
@@ -68,22 +66,19 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
body.on('error', /* istanbul ignore next: unlikely and hard to test */
err => gz.emit('error', err))
body = body.pipe(gz)
- } else if (!bodyIsPromise) {
+ } else if (!bodyIsPromise)
body = new zlib.Gzip().end(body).concat()
- }
}
const parsed = new url.URL(uri)
if (opts.query) {
- const q = typeof opts.query === 'string'
- ? qs.parse(opts.query)
+ const q = typeof opts.query === 'string' ? qs.parse(opts.query)
: opts.query
Object.keys(q).forEach(key => {
- if (q[key] !== undefined) {
+ if (q[key] !== undefined)
parsed.searchParams.set(key, q[key])
- }
})
uri = url.format(parsed)
}
@@ -118,10 +113,10 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
retries: opts.fetchRetries,
factor: opts.fetchRetryFactor,
minTimeout: opts.fetchRetryMintimeout,
- maxTimeout: opts.fetchRetryMaxtimeout
+ maxTimeout: opts.fetchRetryMaxtimeout,
},
strictSSL: opts.strictSSL,
- timeout: opts.timeout || 30 * 1000
+ timeout: opts.timeout || 30 * 1000,
}).then(res => checkResponse(
method, res, registry, startTime, opts
))
@@ -152,48 +147,36 @@ function pickRegistry (spec, opts = {}) {
let registry = spec.scope &&
opts[spec.scope.replace(/^@?/, '@') + ':registry']
- if (!registry && opts.scope) {
+ if (!registry && opts.scope)
registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
- }
-
- if (!registry && opts.publishConfig) {
- registry = opts.publishConfig.registry
- }
- if (!registry) {
+ if (!registry)
registry = opts.registry || 'https://registry.npmjs.org/'
- }
return registry
}
function getCacheMode (opts) {
- return opts.offline
- ? 'only-if-cached'
- : opts.preferOffline
- ? 'force-cache'
- : opts.preferOnline
- ? 'no-cache'
- : 'default'
+ return opts.offline ? 'only-if-cached'
+ : opts.preferOffline ? 'force-cache'
+ : opts.preferOnline ? 'no-cache'
+ : 'default'
}
function getHeaders (registry, uri, opts) {
const headers = Object.assign({
'npm-in-ci': !!opts.isFromCI,
- 'user-agent': opts.userAgent
+ 'user-agent': opts.userAgent,
}, opts.headers || {})
- if (opts.projectScope) {
+ if (opts.projectScope)
headers['npm-scope'] = opts.projectScope
- }
- if (opts.npmSession) {
+ if (opts.npmSession)
headers['npm-session'] = opts.npmSession
- }
- if (opts.npmCommand) {
+ if (opts.npmCommand)
headers['npm-command'] = opts.npmCommand
- }
const auth = getAuth(registry, opts)
// If a tarball is hosted on a different place than the manifest, only send
@@ -202,18 +185,18 @@ function getHeaders (registry, uri, opts) {
auth.alwaysAuth ||
new url.URL(uri).host === new url.URL(registry).host
)
- if (shouldAuth && auth.token) {
+ if (shouldAuth && auth.token)
headers.authorization = `Bearer ${auth.token}`
- } else if (shouldAuth && auth.username && auth.password) {
+ else if (shouldAuth && auth.username && auth.password) {
const encoded = Buffer.from(
`${auth.username}:${auth.password}`, 'utf8'
).toString('base64')
headers.authorization = `Basic ${encoded}`
- } else if (shouldAuth && auth._auth) {
+ } else if (shouldAuth && auth._auth)
headers.authorization = `Basic ${auth._auth}`
- }
- if (shouldAuth && auth.otp) {
+
+ if (shouldAuth && auth.otp)
headers['npm-otp'] = auth.otp
- }
+
return headers
}
diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json
index 5aeddc5b39102..40e0067b4aedb 100644
--- a/node_modules/npm-registry-fetch/package.json
+++ b/node_modules/npm-registry-fetch/package.json
@@ -1,21 +1,22 @@
{
"name": "npm-registry-fetch",
- "version": "8.1.5",
+ "version": "9.0.0",
"description": "Fetch-based http client for use with npm registry APIs",
"main": "index.js",
"files": [
- "*.js",
- "lib"
+ "*.js"
],
"scripts": {
- "postrelease": "npm publish",
- "posttest": "standard",
- "prepublishOnly": "git push --follow-tags",
- "prerelease": "npm t",
- "release": "standard-version -s",
- "test": "tap"
+ "eslint": "eslint",
+ "lint": "npm run eslint -- *.js test/*.js",
+ "lintfix": "npm run lint -- --fix",
+ "prepublishOnly": "git push origin --follow-tags",
+ "preversion": "npm test",
+ "postversion": "npm publish",
+ "test": "tap",
+ "posttest": "npm run lint"
},
- "repository": "https://github.com/npm/registry-fetch",
+ "repository": "https://github.com/npm/npm-registry-fetch",
"keywords": [
"npm",
"registry",
@@ -39,14 +40,17 @@
},
"devDependencies": {
"cacache": "^15.0.0",
+ "eslint": "^6.8.0",
+ "eslint-plugin-import": "^2.18.2",
+ "eslint-plugin-node": "^10.0.0",
+ "eslint-plugin-promise": "^4.2.1",
+ "eslint-plugin-standard": "^4.0.1",
"mkdirp": "^0.5.1",
"nock": "^11.7.0",
"npmlog": "^4.1.2",
"require-inject": "^1.4.4",
"rimraf": "^2.6.2",
"ssri": "^8.0.0",
- "standard": "^14.3.3",
- "standard-version": "^7.1.0",
"tap": "^14.10.7"
},
"tap": {
diff --git a/node_modules/npm-registry-fetch/silentlog.js b/node_modules/npm-registry-fetch/silentlog.js
index 886c5d55b2dbb..483bd44c7086a 100644
--- a/node_modules/npm-registry-fetch/silentlog.js
+++ b/node_modules/npm-registry-fetch/silentlog.js
@@ -10,5 +10,5 @@ module.exports = {
silly: noop,
http: noop,
pause: noop,
- resume: noop
+ resume: noop,
}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md b/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md
new file mode 100644
index 0000000000000..fc26ee1bda4ba
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/CHANGELOG.md
@@ -0,0 +1,384 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+
+### [8.1.5](https://github.com/npm/registry-fetch/compare/v8.1.4...v8.1.5) (2020-10-12)
+
+
+### Bug Fixes
+
+* respect publishConfig.registry when specified ([32e36ef](https://github.com/npm/registry-fetch/commit/32e36efe86302ed319973cd5b1e6ccc3f62e557e)), closes [#35](https://github.com/npm/registry-fetch/issues/35)
+
+### [8.1.4](https://github.com/npm/registry-fetch/compare/v8.1.3...v8.1.4) (2020-08-17)
+
+
+### Bug Fixes
+
+* redact passwords from http logs ([3c294eb](https://github.com/npm/registry-fetch/commit/3c294ebbd7821725db4ff1bc5fe368c49613efcc))
+
+### [8.1.3](https://github.com/npm/registry-fetch/compare/v8.1.2...v8.1.3) (2020-07-21)
+
+### [8.1.2](https://github.com/npm/registry-fetch/compare/v8.1.1...v8.1.2) (2020-07-11)
+
+### [8.1.1](https://github.com/npm/registry-fetch/compare/v8.1.0...v8.1.1) (2020-06-30)
+
+## [8.1.0](https://github.com/npm/registry-fetch/compare/v8.0.3...v8.1.0) (2020-05-20)
+
+
+### Features
+
+* add npm-command HTTP header ([1bb4eb2](https://github.com/npm/registry-fetch/commit/1bb4eb2c66ee8a0dc62558bdcff1b548e2bb9820))
+
+### [8.0.3](https://github.com/npm/registry-fetch/compare/v8.0.2...v8.0.3) (2020-05-13)
+
+
+### Bug Fixes
+
+* update minipass and make-fetch-happen to latest ([3b6c5d0](https://github.com/npm/registry-fetch/commit/3b6c5d0d8ccd4c4a97862a65acef956f19aec127)), closes [#23](https://github.com/npm/registry-fetch/issues/23)
+
+### [8.0.2](https://github.com/npm/registry-fetch/compare/v8.0.1...v8.0.2) (2020-05-04)
+
+
+### Bug Fixes
+
+* update make-fetch-happen to 8.0.6 ([226df2c](https://github.com/npm/registry-fetch/commit/226df2c32e3f9ed8ceefcfdbd11efb178181b442))
+
+## [8.0.0](https://github.com/npm/registry-fetch/compare/v7.0.1...v8.0.0) (2020-02-24)
+
+
+### ⚠ BREAKING CHANGES
+
+* Removes the 'opts.refer' option and the HTTP Referer
+header (unless explicitly added to the 'headers' option, of course).
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/25
+Credit: @isaacs
+
+### Bug Fixes
+
+* remove referer header and opts.refer ([eb8f7af](https://github.com/npm/registry-fetch/commit/eb8f7af3c102834856604c1be664b00ca0fe8ef2)), closes [#25](https://github.com/npm/registry-fetch/issues/25)
+
+### [7.0.1](https://github.com/npm/registry-fetch/compare/v7.0.0...v7.0.1) (2020-02-24)
+
+## [7.0.0](https://github.com/npm/registry-fetch/compare/v6.0.2...v7.0.0) (2020-02-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* figgy pudding is now nowhere to be found.
+* this removes figgy-pudding, and drops several option
+aliases.
+
+Defaults and behavior are all the same, and this module is now using the
+canonical camelCase option names that npm v7 will provide to all its
+deps.
+
+Related to: https://github.com/npm/rfcs/pull/102
+
+PR-URL: https://github.com/npm/npm-registry-fetch/pull/22
+Credit: @isaacs
+
+### Bug Fixes
+
+* Remove figgy-pudding, use canonical option names ([ede3c08](https://github.com/npm/registry-fetch/commit/ede3c087007fd1808e02b1af70562220d03b18a9)), closes [#22](https://github.com/npm/registry-fetch/issues/22)
+
+
+* update cacache, ssri, make-fetch-happen ([57fcc88](https://github.com/npm/registry-fetch/commit/57fcc889bee03edcc0a2025d96a171039108c231))
+
+### [6.0.2](https://github.com/npm/registry-fetch/compare/v6.0.1...v6.0.2) (2020-02-14)
+
+
+### Bug Fixes
+
+* always bypass cache when ?write=true ([83f89f3](https://github.com/npm/registry-fetch/commit/83f89f35abd2ed0507c869e37f90ed746375772c))
+
+### [6.0.1](https://github.com/npm/registry-fetch/compare/v6.0.0...v6.0.1) (2020-02-14)
+
+
+### Bug Fixes
+
+* use 30s default for timeout as per README ([50e8afc](https://github.com/npm/registry-fetch/commit/50e8afc6ff850542feb588f9f9c64ebae59e72a0)), closes [#20](https://github.com/npm/registry-fetch/issues/20)
+
+## [6.0.0](https://github.com/npm/registry-fetch/compare/v5.0.1...v6.0.0) (2019-12-17)
+
+
+### ⚠ BREAKING CHANGES
+
+* This drops support for node < 10.
+
+There are some lint failures due to standard pushing for using WhatWG URL
+objects instead of url.parse/url.resolve. However, the code in this lib
+does some fancy things with the query/search portions of the parsed url
+object, so it'll take a bit of care to make it work properly.
+
+### Bug Fixes
+
+* detect CI so our tests don't fail in CI ([5813da6](https://github.com/npm/registry-fetch/commit/5813da634cef73b12e40373972d7937e6934fce0))
+* Use WhatWG URLs instead of url.parse ([8ccfa8a](https://github.com/npm/registry-fetch/commit/8ccfa8a72c38cfedb0f525b7f453644fd4444f99))
+
+
+* normalize settings, drop old nodes, update deps ([510b125](https://github.com/npm/registry-fetch/commit/510b1255cc7ed4bb397a34e0007757dae33e2275))
+
+
+## [5.0.1](https://github.com/npm/registry-fetch/compare/v5.0.0...v5.0.1) (2019-11-11)
+
+
+
+
+# [5.0.0](https://github.com/npm/registry-fetch/compare/v4.0.2...v5.0.0) (2019-10-04)
+
+
+### Bug Fixes
+
+* prefer const in getAuth function ([90ac7b1](https://github.com/npm/registry-fetch/commit/90ac7b1))
+* use minizlib instead of core zlib ([e64702e](https://github.com/npm/registry-fetch/commit/e64702e))
+
+
+### Features
+
+* refactor to use Minipass streams ([bb37f20](https://github.com/npm/registry-fetch/commit/bb37f20))
+
+
+### BREAKING CHANGES
+
+* this replaces all core streams (except for some
+PassThrough streams in a few tests) with Minipass streams, and updates
+all deps to the latest and greatest Minipass versions of things.
+
+
+
+
+## [4.0.2](https://github.com/npm/registry-fetch/compare/v4.0.0...v4.0.2) (2019-10-04)
+
+
+### Bug Fixes
+
+* Add null check on body on 401 errors ([e3a0186](https://github.com/npm/registry-fetch/commit/e3a0186)), closes [#9](https://github.com/npm/registry-fetch/issues/9)
+* **deps:** Add explicit dependency on safe-buffer ([8eae5f0](https://github.com/npm/registry-fetch/commit/8eae5f0)), closes [npm/libnpmaccess#2](https://github.com/npm/libnpmaccess/issues/2) [#3](https://github.com/npm/registry-fetch/issues/3)
+
+
+
+
+# [4.0.0](https://github.com/npm/registry-fetch/compare/v3.9.1...v4.0.0) (2019-07-15)
+
+
+* cacache@12.0.0, infer uid from cache folder ([0c4f060](https://github.com/npm/registry-fetch/commit/0c4f060))
+
+
+### BREAKING CHANGES
+
+* uid and gid are inferred from cache folder, rather than
+being passed in as options.
+
+
+
+
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
+
+# [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)
+
+
+### Features
+
+* **auth:** support username:password encoded legacy _auth ([a91f90c](https://github.com/npm/registry-fetch/commit/a91f90c))
+
+
+
+
+# [3.8.0](https://github.com/npm/registry-fetch/compare/v3.7.0...v3.8.0) (2018-08-23)
+
+
+### Features
+
+* **mapJson:** add support for passing in json stream mapper ([0600986](https://github.com/npm/registry-fetch/commit/0600986))
+
+
+
+
+# [3.7.0](https://github.com/npm/registry-fetch/compare/v3.6.0...v3.7.0) (2018-08-23)
+
+
+### Features
+
+* **json.stream:** add utility function for streamed JSON parsing ([051d969](https://github.com/npm/registry-fetch/commit/051d969))
+
+
+
+
+# [3.6.0](https://github.com/npm/registry-fetch/compare/v3.5.0...v3.6.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **docs:** document opts.forceAuth ([40bcd65](https://github.com/npm/registry-fetch/commit/40bcd65))
+
+
+### Features
+
+* **opts.ignoreBody:** add a boolean to throw away response bodies ([6923702](https://github.com/npm/registry-fetch/commit/6923702))
+
+
+
+
+# [3.5.0](https://github.com/npm/registry-fetch/compare/v3.4.0...v3.5.0) (2018-08-22)
+
+
+### Features
+
+* **pkgid:** heuristic pkgid calculation for errors ([2e789a5](https://github.com/npm/registry-fetch/commit/2e789a5))
+
+
+
+
+# [3.4.0](https://github.com/npm/registry-fetch/compare/v3.3.0...v3.4.0) (2018-08-22)
+
+
+### Bug Fixes
+
+* **deps:** use new figgy-pudding with aliases fix ([0308f54](https://github.com/npm/registry-fetch/commit/0308f54))
+
+
+### Features
+
+* **auth:** add forceAuth option to force a specific auth mechanism ([4524d17](https://github.com/npm/registry-fetch/commit/4524d17))
+
+
+
+
+# [3.3.0](https://github.com/npm/registry-fetch/compare/v3.2.1...v3.3.0) (2018-08-21)
+
+
+### Bug Fixes
+
+* **query:** stop including undefined keys ([4718b1b](https://github.com/npm/registry-fetch/commit/4718b1b))
+
+
+### Features
+
+* **otp:** use heuristic detection for malformed EOTP responses ([f035194](https://github.com/npm/registry-fetch/commit/f035194))
+
+
+
+
+## [3.2.1](https://github.com/npm/registry-fetch/compare/v3.2.0...v3.2.1) (2018-08-16)
+
+
+### Bug Fixes
+
+* **opts:** pass through non-null opts.retry ([beba040](https://github.com/npm/registry-fetch/commit/beba040))
+
+
+
+
+# [3.2.0](https://github.com/npm/registry-fetch/compare/v3.1.1...v3.2.0) (2018-07-27)
+
+
+### Features
+
+* **gzip:** add opts.gzip convenience opt ([340abe0](https://github.com/npm/registry-fetch/commit/340abe0))
+
+
+
+
+## [3.1.1](https://github.com/npm/registry-fetch/compare/v3.1.0...v3.1.1) (2018-04-09)
+
+
+
+
+# [3.1.0](https://github.com/npm/registry-fetch/compare/v3.0.0...v3.1.0) (2018-04-09)
+
+
+### Features
+
+* **config:** support no-proxy and https-proxy options ([9aa906b](https://github.com/npm/registry-fetch/commit/9aa906b))
+
+
+
+
+# [3.0.0](https://github.com/npm/registry-fetch/compare/v2.1.0...v3.0.0) (2018-04-09)
+
+
+### Bug Fixes
+
+* **api:** pacote integration-related fixes ([a29de4f](https://github.com/npm/registry-fetch/commit/a29de4f))
+* **config:** stop caring about opts.config ([5856a6f](https://github.com/npm/registry-fetch/commit/5856a6f))
+
+
+### BREAKING CHANGES
+
+* **config:** opts.config is no longer supported. Pass the options down in opts itself.
+
+
+
+
+# [2.1.0](https://github.com/npm/registry-fetch/compare/v2.0.0...v2.1.0) (2018-04-08)
+
+
+### Features
+
+* **token:** accept opts.token for opts._authToken ([108c9f0](https://github.com/npm/registry-fetch/commit/108c9f0))
+
+
+
+
+# [2.0.0](https://github.com/npm/registry-fetch/compare/v1.1.1...v2.0.0) (2018-04-08)
+
+
+### meta
+
+* drop support for node@4 ([758536e](https://github.com/npm/registry-fetch/commit/758536e))
+
+
+### BREAKING CHANGES
+
+* node@4 is no longer supported
+
+
+
+
+## [1.1.1](https://github.com/npm/registry-fetch/compare/v1.1.0...v1.1.1) (2018-04-06)
+
+
+
+
+# [1.1.0](https://github.com/npm/registry-fetch/compare/v1.0.1...v1.1.0) (2018-03-16)
+
+
+### Features
+
+* **specs:** can use opts.spec to trigger pickManifest ([85c4ac9](https://github.com/npm/registry-fetch/commit/85c4ac9))
+
+
+
+
+## [1.0.1](https://github.com/npm/registry-fetch/compare/v1.0.0...v1.0.1) (2018-03-16)
+
+
+### Bug Fixes
+
+* **query:** oops console.log ([870e4f5](https://github.com/npm/registry-fetch/commit/870e4f5))
+
+
+
+
+# 1.0.0 (2018-03-16)
+
+
+### Bug Fixes
+
+* **auth:** get auth working with all the little details ([84b94ba](https://github.com/npm/registry-fetch/commit/84b94ba))
+* **deps:** add bluebird as an actual dep ([1286e31](https://github.com/npm/registry-fetch/commit/1286e31))
+* **errors:** Unknown auth errors use default code ([#1](https://github.com/npm/registry-fetch/issues/1)) ([3d91b93](https://github.com/npm/registry-fetch/commit/3d91b93))
+* **standard:** remove args from invocation ([9620a0a](https://github.com/npm/registry-fetch/commit/9620a0a))
+
+
+### Features
+
+* **api:** baseline kinda-working API impl ([bf91f9f](https://github.com/npm/registry-fetch/commit/bf91f9f))
+* **body:** automatic handling of different opts.body values ([f3b97db](https://github.com/npm/registry-fetch/commit/f3b97db))
+* **config:** nicer input config input handling ([b9ce21d](https://github.com/npm/registry-fetch/commit/b9ce21d))
+* **opts:** use figgy-pudding for opts handling ([0abd527](https://github.com/npm/registry-fetch/commit/0abd527))
+* **query:** add query utility support ([65ea8b1](https://github.com/npm/registry-fetch/commit/65ea8b1))
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md
new file mode 100644
index 0000000000000..8d28acf866d93
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/LICENSE.md
@@ -0,0 +1,16 @@
+ISC License
+
+Copyright (c) npm, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/README.md b/node_modules/pacote/node_modules/npm-registry-fetch/README.md
new file mode 100644
index 0000000000000..e660940e30dc4
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/README.md
@@ -0,0 +1,635 @@
+# npm-registry-fetch
+
+[![npm version](https://img.shields.io/npm/v/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![license](https://img.shields.io/npm/l/npm-registry-fetch.svg)](https://npm.im/npm-registry-fetch)
+[![Travis](https://img.shields.io/travis/npm/npm-registry-fetch/latest.svg)](https://travis-ci.org/npm/npm-registry-fetch)
+[![AppVeyor](https://img.shields.io/appveyor/ci/npm/npm-registry-fetch/latest.svg)](https://ci.appveyor.com/project/npm/npm-registry-fetch)
+[![Coverage Status](https://coveralls.io/repos/github/npm/npm-registry-fetch/badge.svg?branch=latest)](https://coveralls.io/github/npm/npm-registry-fetch?branch=latest)
+
+[`npm-registry-fetch`](https://github.com/npm/npm-registry-fetch) is a Node.js
+library that implements a `fetch`-like API for accessing npm registry APIs
+consistently. It's able to consume npm-style configuration values and has all
+the necessary logic for picking registries, handling scopes, and dealing with
+authentication details built-in.
+
+This package is meant to replace the older
+[`npm-registry-client`](https://npm.im/npm-registry-client).
+
+## Example
+
+```javascript
+const npmFetch = require('npm-registry-fetch')
+
+console.log(
+ await npmFetch.json('/-/ping')
+)
+```
+
+## Table of Contents
+
+* [Installing](#install)
+* [Example](#example)
+* [Contributing](#contributing)
+* [API](#api)
+ * [`fetch`](#fetch)
+ * [`fetch.json`](#fetch-json)
+ * [`fetch` options](#fetch-opts)
+
+### Install
+
+`$ npm install npm-registry-fetch`
+
+### Contributing
+
+The npm team enthusiastically welcomes contributions and project participation!
+There's a bunch of things you can do if you want to contribute! The [Contributor
+Guide](CONTRIBUTING.md) has all the information you need for everything from
+reporting bugs to contributing entire new features. Please don't hesitate to
+jump in if you'd like to, or even ask us questions if something isn't clear.
+
+All participants and maintainers in this project are expected to follow [Code of
+Conduct](CODE_OF_CONDUCT.md), and just generally be excellent to each other.
+
+Please refer to the [Changelog](CHANGELOG.md) for project history details, too.
+
+Happy hacking!
+
+### API
+
+#### Caching and `write=true` query strings
+
+Before performing any PUT or DELETE operation, npm clients first make a
+GET request to the registry resource being updated, which includes
+the query string `?write=true`.
+
+The semantics of this are, effectively, "I intend to write to this thing,
+and need to know the latest current value, so that my write can land
+cleanly".
+
+The public npm registry handles these `?write=true` requests by ensuring
+that the cache is re-validated before sending a response. In order to
+maintain the same behavior on the client, and not get tripped up by an
+overeager local cache when we intend to write data to the registry, any
+request that comes through `npm-registry-fetch` that contains `write=true`
+in the query string will forcibly set the `prefer-online` option to `true`,
+and set both `prefer-offline` and `offline` to false, so that any local
+cached value will be revalidated.
+
+#### `> fetch(url, [opts]) -> Promise`
+
+Performs a request to a given URL.
+
+The URL can be either a full URL, or a path to one. The appropriate registry
+will be automatically picked if only a URL path is given.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch('/-/ping')
+console.log(res.headers)
+res.on('data', d => console.log(d.toString('utf8')))
+```
+
+#### `> fetch.json(url, [opts]) -> Promise`
+
+Performs a request to a given registry URL, parses the body of the response as
+JSON, and returns it as its final value. This is a utility shorthand for
+`fetch(url).then(res => res.json())`.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+const res = await fetch.json('/-/ping')
+console.log(res) // Body parsed as JSON
+```
+
+#### `> fetch.json.stream(url, jsonPath, [opts]) -> Stream`
+
+Performs a request to a given registry URL and parses the body of the response
+as JSON, with each entry being emitted through the stream.
+
+The `jsonPath` argument is a [`JSONStream.parse()`
+path](https://github.com/dominictarr/JSONStream#jsonstreamparsepath), and the
+returned stream (unlike default `JSONStream`s), has a valid
+`Symbol.asyncIterator` implementation.
+
+For available options, please see the section on [`fetch` options](#fetch-opts).
+
+##### Example
+
+```javascript
+console.log('https://npm.im/~zkat has access to the following packages:')
+for await (let {key, value} of fetch.json.stream('/-/user/zkat/package', '$*')) {
+ console.log(`https://npm.im/${key} (perms: ${value})`)
+}
+```
+
+#### `fetch` Options
+
+Fetch options are optional, and can be passed in as either a Map-like object
+(one with a `.get()` method), a plain javascript object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) instance.
+
+##### `opts.agent`
+
+* Type: http.Agent
+* Default: an appropriate agent based on URL protocol and proxy settings
+
+An [`Agent`](https://nodejs.org/api/http.html#http_class_http_agent) instance to
+be shared across requests. This allows multiple concurrent `fetch` requests to
+happen on the same socket.
+
+You do _not_ need to provide this option unless you want something particularly
+specialized, since proxy configurations and http/https agents are already
+automatically managed internally when this option is not passed through.
+
+##### `opts.body`
+
+* Type: Buffer | Stream | Object
+* Default: null
+
+Request body to send through the outgoing request. Buffers and Streams will be
+passed through as-is, with a default `content-type` of
+`application/octet-stream`. Plain JavaScript objects will be `JSON.stringify`ed
+and the `content-type` will default to `application/json`.
+
+Use [`opts.headers`](#opts-headers) to set the content-type to something else.
+
+##### `opts.ca`
+
+* Type: String, Array, or null
+* Default: null
+
+The Certificate Authority signing certificate that is trusted for SSL
+connections to the registry. Values should be in PEM format (Windows calls it
+"Base-64 encoded X.509 (.CER)") with newlines replaced by the string `'\n'`. For
+example:
+
+```
+{
+ ca: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+Set to `null` to only allow "known" registrars, or to a specific CA cert
+to trust only that specific signing authority.
+
+Multiple CAs can be trusted by specifying an array of certificates instead of a
+single string.
+
+See also [`opts.strictSSL`](#opts-strictSSL), [`opts.ca`](#opts-ca) and
+[`opts.key`](#opts-key)
+
+##### `opts.cache`
+
+* Type: path
+* Default: null
+
+The location of the http cache directory. If provided, certain cachable requests
+will be cached according to [IETF RFC 7234](https://tools.ietf.org/html/rfc7234)
+rules. This will speed up future requests, as well as make the cached data
+available offline if necessary/requested.
+
+See also [`offline`](#opts-offline), [`preferOffline`](#opts-preferOffline),
+and [`preferOnline`](#opts-preferOnline).
+
+##### `opts.cert`
+
+* Type: String
+* Default: null
+
+A client certificate to pass when accessing the registry. Values should be in
+PEM format (Windows calls it "Base-64 encoded X.509 (.CER)") with newlines
+replaced by the string `'\n'`. For example:
+
+```
+{
+ cert: '-----BEGIN CERTIFICATE-----\nXXXX\nXXXX\n-----END CERTIFICATE-----'
+}
+```
+
+It is _not_ the path to a certificate file (and there is no "certfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.key`](#opts-key)
+
+##### `opts.fetchRetries`
+
+* Type: Number
+* Default: 2
+
+The "retries" config for [`retry`](https://npm.im/retry) to use when fetching
+packages from the registry.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryFactor`
+
+* Type: Number
+* Default: 10
+
+The "factor" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMintimeout`
+
+* Type: Number
+* Default: 10000 (10 seconds)
+
+The "minTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.fetchRetryMaxtimeout`
+
+* Type: Number
+* Default: 60000 (1 minute)
+
+The "maxTimeout" config for [`retry`](https://npm.im/retry) to use when fetching
+packages.
+
+See also [`opts.retry`](#opts-retry) to provide all retry options as a single
+object.
+
+##### `opts.forceAuth`
+
+* Type: Object
+* Default: null
+
+If present, other auth-related values in `opts` will be completely ignored,
+including `alwaysAuth`, `email`, and `otp`, when calculating auth for a request,
+and the auth details in `opts.forceAuth` will be used instead.
+
+##### `opts.gzip`
+
+* Type: Boolean
+* Default: false
+
+If true, `npm-registry-fetch` will set the `Content-Encoding` header to `gzip`
+and use `zlib.gzip()` or `zlib.createGzip()` to gzip-encode
+[`opts.body`](#opts-body).
+
+##### `opts.headers`
+
+* Type: Object
+* Default: null
+
+Additional headers for the outgoing request. This option can also be used to
+override headers automatically generated by `npm-registry-fetch`, such as
+`Content-Type`.
+
+##### `opts.ignoreBody`
+
+* Type: Boolean
+* Default: false
+
+If true, the **response body** will be thrown away and `res.body` set to `null`.
+This will prevent dangling response sockets for requests where you don't usually
+care what the response body is.
+
+##### `opts.integrity`
+
+* Type: String | [SRI object](https://npm.im/ssri)
+* Default: null
+
+If provided, the response body's will be verified against this integrity string,
+using [`ssri`](https://npm.im/ssri). If verification succeeds, the response will
+complete as normal. If verification fails, the response body will error with an
+`EINTEGRITY` error.
+
+Body integrity is only verified if the body is actually consumed to completion --
+that is, if you use `res.json()`/`res.buffer()`, or if you consume the default
+`res` stream data to its end.
+
+Cached data will have its integrity automatically verified using the
+previously-generated integrity hash for the saved request information, so
+`EINTEGRITY` errors can happen if [`opts.cache`](#opts-cache) is used, even if
+`opts.integrity` is not passed in.
+
+##### `opts.isFromCI`
+
+* Type: Boolean
+* Default: Based on environment variables
+
+This is used to populate the `npm-in-ci` request header sent to the registry.
+
+##### `opts.key`
+
+* Type: String
+* Default: null
+
+A client key to pass when accessing the registry. Values should be in PEM
+format with newlines replaced by the string `'\n'`. For example:
+
+```
+{
+ key: '-----BEGIN PRIVATE KEY-----\nXXXX\nXXXX\n-----END PRIVATE KEY-----'
+}
+```
+
+It is _not_ the path to a key file (and there is no "keyfile" option).
+
+See also: [`opts.ca`](#opts-ca) and [`opts.cert`](#opts-cert)
+
+##### `opts.localAddress`
+
+* Type: IP Address String
+* Default: null
+
+The IP address of the local interface to use when making connections
+to the registry.
+
+See also [`opts.proxy`](#opts-proxy)
+
+##### `opts.log`
+
+* Type: [`npmlog`](https://npm.im/npmlog)-like
+* Default: null
+
+Logger object to use for logging operation details. Must have the same methods
+as `npmlog`.
+
+##### `opts.mapJSON`
+
+* Type: Function
+* Default: undefined
+
+When using `fetch.json.stream()` (NOT `fetch.json()`), this will be passed down
+to [`JSONStream`](https://npm.im/JSONStream) as the second argument to
+`JSONStream.parse`, and can be used to transform stream data before output.
+
+##### `opts.maxSockets`
+
+* Type: Integer
+* Default: 12
+
+Maximum number of sockets to keep open during requests. Has no effect if
+[`opts.agent`](#opts-agent) is used.
+
+##### `opts.method`
+
+* Type: String
+* Default: 'GET'
+
+HTTP method to use for the outgoing request. Case-insensitive.
+
+##### `opts.noproxy`
+
+* Type: Boolean
+* Default: process.env.NOPROXY
+
+If true, proxying will be disabled even if [`opts.proxy`](#opts-proxy) is used.
+
+##### `opts.npmSession`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-session` header. This header is used by
+the npm registry to identify individual user sessions (usually individual
+invocations of the CLI).
+
+##### `opts.npmCommand`
+
+* Type: String
+* Default: null
+
+If provided, it will be sent in the `npm-command` header. This yeader is
+used by the npm registry to identify the npm command that caused this
+request to be made.
+
+##### `opts.offline`
+
+* Type: Boolean
+* Default: false
+
+Force offline mode: no network requests will be done during install. To allow
+`npm-registry-fetch` to fill in missing cache data, see
+[`opts.preferOffline`](#opts-preferOffline).
+
+This option is only really useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.otp`
+
+* Type: Number | String
+* Default: null
+
+This is a one-time password from a two-factor authenticator. It is required for
+certain registry interactions when two-factor auth is enabled for a user
+account.
+
+##### `opts.password`
+
+* Alias: `_password`
+* Type: String
+* Default: null
+
+Password used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:password': 't0k3nH34r'
+}
+```
+
+See also [`opts.username`](#opts-username)
+
+##### `opts.preferOffline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be bypassed, but missing data
+will be requested from the server. To force full offline mode, use
+[`opts.offline`](#opts-offline).
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `false` when the request includes `write=true` in the
+query string.
+
+##### `opts.preferOnline`
+
+* Type: Boolean
+* Default: false
+
+If true, staleness checks for cached data will be forced, making the CLI look
+for updates immediately even for fresh package data.
+
+This option is generally only useful if you're also using
+[`opts.cache`](#opts-cache).
+
+This option is set to `true` when the request includes `write=true` in the
+query string.
+
+##### `opts.projectScope`
+
+* Type: String
+* Default: null
+
+If provided, will be sent in the `npm-scope` header. This header is used by the
+npm registry to identify the toplevel package scope that a particular project
+installation is using.
+
+##### `opts.proxy`
+
+* Type: url
+* Default: null
+
+A proxy to use for outgoing http requests. If not passed in, the `HTTP(S)_PROXY`
+environment variable will be used.
+
+##### `opts.query`
+
+* Type: String | Object
+* Default: null
+
+If provided, the request URI will have a query string appended to it using this
+query. If `opts.query` is an object, it will be converted to a query string
+using
+[`querystring.stringify()`](https://nodejs.org/api/querystring.html#querystring_querystring_stringify_obj_sep_eq_options).
+
+If the request URI already has a query string, it will be merged with
+`opts.query`, preferring `opts.query` values.
+
+##### `opts.registry`
+
+* Type: URL
+* Default: `'https://registry.npmjs.org'`
+
+Registry configuration for a request. If a request URL only includes the URL
+path, this registry setting will be prepended. This configuration is also used
+to determine authentication details, so even if the request URL references a
+completely different host, `opts.registry` will be used to find the auth details
+for that request.
+
+See also [`opts.scope`](#opts-scope), [`opts.spec`](#opts-spec), and
+[`opts.:registry`](#opts-scope-registry) which can all affect the actual
+registry URL used by the outgoing request.
+
+##### `opts.retry`
+
+* Type: Object
+* Default: null
+
+Single-object configuration for request retry settings. If passed in, will
+override individually-passed `fetch-retry-*` settings.
+
+##### `opts.scope`
+
+* Type: String
+* Default: null
+
+Associate an operation with a scope for a scoped registry. This option can force
+lookup of scope-specific registries and authentication.
+
+See also [`opts.:registry`](#opts-scope-registry) and
+[`opts.spec`](#opts-spec) for interactions with this option.
+
+##### `opts.:registry`
+
+* Type: String
+* Default: null
+
+This option type can be used to configure the registry used for requests
+involving a particular scope. For example, `opts['@myscope:registry'] =
+'https://scope-specific.registry/'` will make it so requests go out to this
+registry instead of [`opts.registry`](#opts-registry) when
+[`opts.scope`](#opts-scope) is used, or when [`opts.spec`](#opts-spec) is a
+scoped package spec.
+
+The `@` before the scope name is optional, but recommended.
+
+##### `opts.spec`
+
+* Type: String | [`npm-registry-arg`](https://npm.im/npm-registry-arg) object.
+* Default: null
+
+If provided, can be used to automatically configure [`opts.scope`](#opts-scope)
+based on a specific package name. Non-registry package specs will throw an
+error.
+
+##### `opts.strictSSL`
+
+* Type: Boolean
+* Default: true
+
+Whether or not to do SSL key validation when making requests to the
+registry via https.
+
+See also [`opts.ca`](#opts-ca).
+
+##### `opts.timeout`
+
+* Type: Milliseconds
+* Default: 300000 (5 minutes)
+
+Time before a hanging request times out.
+
+##### `opts.token`
+
+* Alias: `opts._authToken`
+* Type: String
+* Default: null
+
+Authentication token string.
+
+Can be scoped to a registry by using a "nerf dart" for that registry. That is:
+
+```
+{
+ '//registry.npmjs.org/:token': 't0k3nH34r'
+}
+```
+
+##### `opts.userAgent`
+
+* Type: String
+* Default: `'npm-registry-fetch@/node@+ ()'`
+
+User agent string to send in the `User-Agent` header.
+
+##### `opts.username`
+
+* Type: String
+* Default: null
+
+Username used for basic authentication. For the more modern authentication
+method, please use the (more secure) [`opts.token`](#opts-token)
+
+Can optionally be scoped to a registry by using a "nerf dart" for that registry.
+That is:
+
+```
+{
+ '//registry.npmjs.org/:username': 't0k3nH34r'
+}
+```
+
+See also [`opts.password`](#opts-password)
+
+##### `opts._auth`
+
+* Type: String
+* Default: null
+
+** DEPRECATED ** This is a legacy authentication token supported only for
+compatibility. Please use [`opts.token`](#opts-token) instead.
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/auth.js b/node_modules/pacote/node_modules/npm-registry-fetch/auth.js
new file mode 100644
index 0000000000000..11c3bde6b4e6c
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/auth.js
@@ -0,0 +1,55 @@
+'use strict'
+
+const defaultOpts = require('./default-opts.js')
+const url = require('url')
+
+module.exports = getAuth
+function getAuth (registry, opts_ = {}) {
+ if (!registry) { throw new Error('registry is required') }
+ const opts = opts_.forceAuth ? opts_.forceAuth : { ...defaultOpts, ...opts_ }
+ const AUTH = {}
+ const regKey = registry && registryKey(registry)
+ const doKey = (key, alias) => addKey(opts, AUTH, regKey, key, alias)
+ doKey('token')
+ doKey('_authToken', 'token')
+ doKey('username')
+ doKey('password')
+ doKey('_password', 'password')
+ doKey('email')
+ doKey('_auth')
+ doKey('otp')
+ doKey('always-auth', 'alwaysAuth')
+ if (AUTH.password) {
+ AUTH.password = Buffer.from(AUTH.password, 'base64').toString('utf8')
+ }
+ if (AUTH._auth && !(AUTH.username && AUTH.password)) {
+ let auth = Buffer.from(AUTH._auth, 'base64').toString()
+ auth = auth.split(':')
+ AUTH.username = auth.shift()
+ AUTH.password = auth.join(':')
+ }
+ AUTH.alwaysAuth = AUTH.alwaysAuth === 'false' ? false : !!AUTH.alwaysAuth
+ return AUTH
+}
+
+function addKey (opts, obj, scope, key, objKey) {
+ if (opts[key]) {
+ obj[objKey || key] = opts[key]
+ }
+ if (scope && opts[`${scope}:${key}`]) {
+ obj[objKey || key] = opts[`${scope}:${key}`]
+ }
+}
+
+// Called a nerf dart in the main codebase. Used as a "safe"
+// key when fetching registry info from config.
+function registryKey (registry) {
+ const parsed = new url.URL(registry)
+ const formatted = url.format({
+ protocol: parsed.protocol,
+ host: parsed.host,
+ pathname: parsed.pathname,
+ slashes: true
+ })
+ return url.format(new url.URL('.', formatted)).replace(/^[^:]+:/, '')
+}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js b/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js
new file mode 100644
index 0000000000000..f151711f30160
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/check-response.js
@@ -0,0 +1,128 @@
+'use strict'
+
+const errors = require('./errors.js')
+const LRU = require('lru-cache')
+const { Response } = require('minipass-fetch')
+const defaultOpts = require('./default-opts.js')
+
+module.exports = checkResponse
+function checkResponse (method, res, registry, startTime, opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ if (res.headers.has('npm-notice') && !res.headers.has('x-local-cache')) {
+ opts.log.notice('', res.headers.get('npm-notice'))
+ }
+ checkWarnings(res, registry, opts)
+ if (res.status >= 400) {
+ logRequest(method, res, startTime, opts)
+ return checkErrors(method, res, startTime, opts)
+ } else {
+ res.body.on('end', () => logRequest(method, res, startTime, opts))
+ if (opts.ignoreBody) {
+ res.body.resume()
+ return new Response(null, res)
+ }
+ return res
+ }
+}
+
+function logRequest (method, res, startTime, opts) {
+ const elapsedTime = Date.now() - startTime
+ const attempt = res.headers.get('x-fetch-attempts')
+ const attemptStr = attempt && attempt > 1 ? ` attempt #${attempt}` : ''
+ const cacheStr = res.headers.get('x-local-cache') ? ' (from cache)' : ''
+
+ let urlStr
+ try {
+ const { URL } = require('url')
+ const url = new URL(res.url)
+ if (url.password) {
+ url.password = '***'
+ }
+ urlStr = url.toString()
+ } catch (er) {
+ urlStr = res.url
+ }
+
+ opts.log.http(
+ 'fetch',
+ `${method.toUpperCase()} ${res.status} ${urlStr} ${elapsedTime}ms${attemptStr}${cacheStr}`
+ )
+}
+
+const WARNING_REGEXP = /^\s*(\d{3})\s+(\S+)\s+"(.*)"\s+"([^"]+)"/
+const BAD_HOSTS = new LRU({ max: 50 })
+
+function checkWarnings (res, registry, opts) {
+ if (res.headers.has('warning') && !BAD_HOSTS.has(registry)) {
+ const warnings = {}
+ // note: headers.raw() will preserve case, so we might have a
+ // key on the object like 'WaRnInG' if that was used first
+ for (const [key, value] of Object.entries(res.headers.raw())) {
+ if (key.toLowerCase() !== 'warning') { continue }
+ value.forEach(w => {
+ const match = w.match(WARNING_REGEXP)
+ if (match) {
+ warnings[match[1]] = {
+ code: match[1],
+ host: match[2],
+ message: match[3],
+ date: new Date(match[4])
+ }
+ }
+ })
+ }
+ BAD_HOSTS.set(registry, true)
+ if (warnings['199']) {
+ if (warnings['199'].message.match(/ENOTFOUND/)) {
+ opts.log.warn('registry', `Using stale data from ${registry} because the host is inaccessible -- are you offline?`)
+ } else {
+ opts.log.warn('registry', `Unexpected warning for ${registry}: ${warnings['199'].message}`)
+ }
+ }
+ if (warnings['111']) {
+ // 111 Revalidation failed -- we're using stale data
+ opts.log.warn(
+ 'registry',
+ `Using stale data from ${registry} due to a request error during revalidation.`
+ )
+ }
+ }
+}
+
+function checkErrors (method, res, startTime, opts) {
+ return res.buffer()
+ .catch(() => null)
+ .then(body => {
+ let parsed = body
+ try {
+ parsed = JSON.parse(body.toString('utf8'))
+ } catch (e) {}
+ if (res.status === 401 && res.headers.get('www-authenticate')) {
+ const auth = res.headers.get('www-authenticate')
+ .split(/,\s*/)
+ .map(s => s.toLowerCase())
+ if (auth.indexOf('ipaddress') !== -1) {
+ throw new errors.HttpErrorAuthIPAddress(
+ method, res, parsed, opts.spec
+ )
+ } else if (auth.indexOf('otp') !== -1) {
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorAuthUnknown(
+ method, res, parsed, opts.spec
+ )
+ }
+ } else if (res.status === 401 && body != null && /one-time pass/.test(body.toString('utf8'))) {
+ // Heuristic for malformed OTP responses that don't include the www-authenticate header.
+ throw new errors.HttpErrorAuthOTP(
+ method, res, parsed, opts.spec
+ )
+ } else {
+ throw new errors.HttpErrorGeneral(
+ method, res, parsed, opts.spec
+ )
+ }
+ })
+}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js b/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js
new file mode 100644
index 0000000000000..b742fd5a5fcd4
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/default-opts.js
@@ -0,0 +1,22 @@
+const pkg = require('./package.json')
+const ciDetect = require('@npmcli/ci-detect')
+module.exports = {
+ isFromCI: ciDetect(),
+ log: require('./silentlog.js'),
+ maxSockets: 12,
+ method: 'GET',
+ registry: 'https://registry.npmjs.org/',
+ timeout: 5 * 60 * 1000, // 5 minutes
+ strictSSL: true,
+ noProxy: process.env.NOPROXY,
+ userAgent: `${pkg.name
+ }@${
+ pkg.version
+ }/node@${
+ process.version
+ }+${
+ process.arch
+ } (${
+ process.platform
+ })`
+}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/errors.js b/node_modules/pacote/node_modules/npm-registry-fetch/errors.js
new file mode 100644
index 0000000000000..c41947e29952d
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/errors.js
@@ -0,0 +1,79 @@
+'use strict'
+
+const url = require('url')
+
+function packageName (href) {
+ try {
+ let basePath = new url.URL(href).pathname.substr(1)
+ if (!basePath.match(/^-/)) {
+ basePath = basePath.split('/')
+ var index = basePath.indexOf('_rewrite')
+ if (index === -1) {
+ index = basePath.length - 1
+ } else {
+ index++
+ }
+ return decodeURIComponent(basePath[index])
+ }
+ } catch (_) {
+ // this is ok
+ }
+}
+
+class HttpErrorBase extends Error {
+ constructor (method, res, body, spec) {
+ super()
+ this.headers = res.headers.raw()
+ this.statusCode = res.status
+ this.code = `E${res.status}`
+ this.method = method
+ this.uri = res.url
+ this.body = body
+ this.pkgid = spec ? spec.toString() : packageName(res.url)
+ }
+}
+module.exports.HttpErrorBase = HttpErrorBase
+
+class HttpErrorGeneral extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = `${res.status} ${res.statusText} - ${
+ this.method.toUpperCase()
+ } ${
+ this.spec || this.uri
+ }${
+ (body && body.error) ? ' - ' + body.error : ''
+ }`
+ Error.captureStackTrace(this, HttpErrorGeneral)
+ }
+}
+module.exports.HttpErrorGeneral = HttpErrorGeneral
+
+class HttpErrorAuthOTP extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'OTP required for authentication'
+ this.code = 'EOTP'
+ Error.captureStackTrace(this, HttpErrorAuthOTP)
+ }
+}
+module.exports.HttpErrorAuthOTP = HttpErrorAuthOTP
+
+class HttpErrorAuthIPAddress extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Login is not allowed from your IP address'
+ this.code = 'EAUTHIP'
+ Error.captureStackTrace(this, HttpErrorAuthIPAddress)
+ }
+}
+module.exports.HttpErrorAuthIPAddress = HttpErrorAuthIPAddress
+
+class HttpErrorAuthUnknown extends HttpErrorBase {
+ constructor (method, res, body, spec) {
+ super(method, res, body, spec)
+ this.message = 'Unable to authenticate, need: ' + res.headers.get('www-authenticate')
+ Error.captureStackTrace(this, HttpErrorAuthUnknown)
+ }
+}
+module.exports.HttpErrorAuthUnknown = HttpErrorAuthUnknown
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/index.js b/node_modules/pacote/node_modules/npm-registry-fetch/index.js
new file mode 100644
index 0000000000000..2324e7fbfd00b
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/index.js
@@ -0,0 +1,219 @@
+'use strict'
+
+const checkResponse = require('./check-response.js')
+const getAuth = require('./auth.js')
+const fetch = require('make-fetch-happen')
+const JSONStream = require('minipass-json-stream')
+const npa = require('npm-package-arg')
+const qs = require('querystring')
+const url = require('url')
+const zlib = require('minizlib')
+const Minipass = require('minipass')
+
+const defaultOpts = require('./default-opts.js')
+
+// WhatWG URL throws if it's not fully resolved
+const urlIsValid = u => {
+ try {
+ return !!new url.URL(u)
+ } catch (_) {
+ return false
+ }
+}
+
+module.exports = regFetch
+function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
+ const opts = {
+ ...defaultOpts,
+ ...opts_
+ }
+ const registry = opts.registry = (
+ (opts.spec && pickRegistry(opts.spec, opts)) ||
+ (opts.publishConfig && opts.publishConfig.registry) ||
+ opts.registry ||
+ /* istanbul ignore next */
+ 'https://registry.npmjs.org/'
+ )
+
+ if (!urlIsValid(uri)) {
+ uri = `${
+ registry.trim().replace(/\/?$/g, '')
+ }/${
+ uri.trim().replace(/^\//, '')
+ }`
+ }
+
+ const method = opts.method || 'GET'
+
+ // through that takes into account the scope, the prefix of `uri`, etc
+ const startTime = Date.now()
+ const headers = getHeaders(registry, uri, opts)
+ let body = opts.body
+ const bodyIsStream = Minipass.isStream(body)
+ const bodyIsPromise = body &&
+ typeof body === 'object' &&
+ typeof body.then === 'function'
+
+ if (body && !bodyIsStream && !bodyIsPromise && typeof body !== 'string' && !Buffer.isBuffer(body)) {
+ headers['content-type'] = headers['content-type'] || 'application/json'
+ body = JSON.stringify(body)
+ } else if (body && !headers['content-type']) {
+ headers['content-type'] = 'application/octet-stream'
+ }
+
+ if (opts.gzip) {
+ headers['content-encoding'] = 'gzip'
+ if (bodyIsStream) {
+ const gz = new zlib.Gzip()
+ body.on('error', /* istanbul ignore next: unlikely and hard to test */
+ err => gz.emit('error', err))
+ body = body.pipe(gz)
+ } else if (!bodyIsPromise) {
+ body = new zlib.Gzip().end(body).concat()
+ }
+ }
+
+ const parsed = new url.URL(uri)
+
+ if (opts.query) {
+ const q = typeof opts.query === 'string'
+ ? qs.parse(opts.query)
+ : opts.query
+
+ Object.keys(q).forEach(key => {
+ if (q[key] !== undefined) {
+ parsed.searchParams.set(key, q[key])
+ }
+ })
+ uri = url.format(parsed)
+ }
+
+ if (parsed.searchParams.get('write') === 'true' && method === 'GET') {
+ // do not cache, because this GET is fetching a rev that will be
+ // used for a subsequent PUT or DELETE, so we need to conditionally
+ // update cache.
+ opts.offline = false
+ opts.preferOffline = false
+ opts.preferOnline = true
+ }
+
+ const doFetch = (body) => fetch(uri, {
+ agent: opts.agent,
+ algorithms: opts.algorithms,
+ body,
+ cache: getCacheMode(opts),
+ cacheManager: opts.cache,
+ ca: opts.ca,
+ cert: opts.cert,
+ headers,
+ integrity: opts.integrity,
+ key: opts.key,
+ localAddress: opts.localAddress,
+ maxSockets: opts.maxSockets,
+ memoize: opts.memoize,
+ method: method,
+ noProxy: opts.noProxy,
+ proxy: opts.httpsProxy || opts.proxy,
+ retry: opts.retry ? opts.retry : {
+ retries: opts.fetchRetries,
+ factor: opts.fetchRetryFactor,
+ minTimeout: opts.fetchRetryMintimeout,
+ maxTimeout: opts.fetchRetryMaxtimeout
+ },
+ strictSSL: opts.strictSSL,
+ timeout: opts.timeout || 30 * 1000
+ }).then(res => checkResponse(
+ method, res, registry, startTime, opts
+ ))
+
+ return Promise.resolve(body).then(doFetch)
+}
+
+module.exports.json = fetchJSON
+function fetchJSON (uri, opts) {
+ return regFetch(uri, opts).then(res => res.json())
+}
+
+module.exports.json.stream = fetchJSONStream
+function fetchJSONStream (uri, jsonPath, /* istanbul ignore next */ opts_ = {}) {
+ const opts = { ...defaultOpts, ...opts_ }
+ const parser = JSONStream.parse(jsonPath, opts.mapJSON)
+ regFetch(uri, opts).then(res =>
+ res.body.on('error',
+ /* istanbul ignore next: unlikely and difficult to test */
+ er => parser.emit('error', er)).pipe(parser)
+ ).catch(er => parser.emit('error', er))
+ return parser
+}
+
+module.exports.pickRegistry = pickRegistry
+function pickRegistry (spec, opts = {}) {
+ spec = npa(spec)
+ let registry = spec.scope &&
+ opts[spec.scope.replace(/^@?/, '@') + ':registry']
+
+ if (!registry && opts.scope) {
+ registry = opts[opts.scope.replace(/^@?/, '@') + ':registry']
+ }
+
+ if (!registry && opts.publishConfig) {
+ registry = opts.publishConfig.registry
+ }
+
+ if (!registry) {
+ registry = opts.registry || 'https://registry.npmjs.org/'
+ }
+
+ return registry
+}
+
+function getCacheMode (opts) {
+ return opts.offline
+ ? 'only-if-cached'
+ : opts.preferOffline
+ ? 'force-cache'
+ : opts.preferOnline
+ ? 'no-cache'
+ : 'default'
+}
+
+function getHeaders (registry, uri, opts) {
+ const headers = Object.assign({
+ 'npm-in-ci': !!opts.isFromCI,
+ 'user-agent': opts.userAgent
+ }, opts.headers || {})
+
+ if (opts.projectScope) {
+ headers['npm-scope'] = opts.projectScope
+ }
+
+ if (opts.npmSession) {
+ headers['npm-session'] = opts.npmSession
+ }
+
+ if (opts.npmCommand) {
+ headers['npm-command'] = opts.npmCommand
+ }
+
+ const auth = getAuth(registry, opts)
+ // If a tarball is hosted on a different place than the manifest, only send
+ // credentials on `alwaysAuth`
+ const shouldAuth = (
+ auth.alwaysAuth ||
+ new url.URL(uri).host === new url.URL(registry).host
+ )
+ if (shouldAuth && auth.token) {
+ headers.authorization = `Bearer ${auth.token}`
+ } else if (shouldAuth && auth.username && auth.password) {
+ const encoded = Buffer.from(
+ `${auth.username}:${auth.password}`, 'utf8'
+ ).toString('base64')
+ headers.authorization = `Basic ${encoded}`
+ } else if (shouldAuth && auth._auth) {
+ headers.authorization = `Basic ${auth._auth}`
+ }
+ if (shouldAuth && auth.otp) {
+ headers['npm-otp'] = auth.otp
+ }
+ return headers
+}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/package.json b/node_modules/pacote/node_modules/npm-registry-fetch/package.json
new file mode 100644
index 0000000000000..5aeddc5b39102
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/package.json
@@ -0,0 +1,59 @@
+{
+ "name": "npm-registry-fetch",
+ "version": "8.1.5",
+ "description": "Fetch-based http client for use with npm registry APIs",
+ "main": "index.js",
+ "files": [
+ "*.js",
+ "lib"
+ ],
+ "scripts": {
+ "postrelease": "npm publish",
+ "posttest": "standard",
+ "prepublishOnly": "git push --follow-tags",
+ "prerelease": "npm t",
+ "release": "standard-version -s",
+ "test": "tap"
+ },
+ "repository": "https://github.com/npm/registry-fetch",
+ "keywords": [
+ "npm",
+ "registry",
+ "fetch"
+ ],
+ "author": {
+ "name": "Kat Marchán",
+ "email": "kzm@sykosomatic.org",
+ "twitter": "maybekatz"
+ },
+ "license": "ISC",
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "devDependencies": {
+ "cacache": "^15.0.0",
+ "mkdirp": "^0.5.1",
+ "nock": "^11.7.0",
+ "npmlog": "^4.1.2",
+ "require-inject": "^1.4.4",
+ "rimraf": "^2.6.2",
+ "ssri": "^8.0.0",
+ "standard": "^14.3.3",
+ "standard-version": "^7.1.0",
+ "tap": "^14.10.7"
+ },
+ "tap": {
+ "check-coverage": true,
+ "test-ignore": "test[\\\\/](util|cache)[\\\\/]"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+}
diff --git a/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js b/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js
new file mode 100644
index 0000000000000..886c5d55b2dbb
--- /dev/null
+++ b/node_modules/pacote/node_modules/npm-registry-fetch/silentlog.js
@@ -0,0 +1,14 @@
+'use strict'
+
+const noop = Function.prototype
+module.exports = {
+ error: noop,
+ warn: noop,
+ notice: noop,
+ info: noop,
+ verbose: noop,
+ silly: noop,
+ http: noop,
+ pause: noop,
+ resume: noop
+}
diff --git a/package-lock.json b/package-lock.json
index 7fb4b05848470..21492b37fd6cd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -124,7 +124,7 @@
"npm-package-arg": "^8.1.0",
"npm-pick-manifest": "^6.1.0",
"npm-profile": "^5.0.1",
- "npm-registry-fetch": "^8.1.4",
+ "npm-registry-fetch": "^9.0.0",
"npm-user-validate": "^1.0.1",
"npmlog": "~4.1.2",
"opener": "^1.5.2",
@@ -3704,6 +3704,25 @@
"node": ">=10"
}
},
+ "node_modules/libnpmaccess/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/libnpmfund": {
"version": "1.0.1",
"inBundle": true,
@@ -3724,6 +3743,25 @@
"node": ">=10"
}
},
+ "node_modules/libnpmhook/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/libnpmorg": {
"version": "2.0.0",
"inBundle": true,
@@ -3736,6 +3774,25 @@
"node": ">=10"
}
},
+ "node_modules/libnpmorg/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/libnpmpack": {
"version": "2.0.0",
"inBundle": true,
@@ -3776,6 +3833,25 @@
"node": ">=10"
}
},
+ "node_modules/libnpmsearch/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/libnpmteam": {
"version": "2.0.1",
"inBundle": true,
@@ -3788,6 +3864,25 @@
"node": ">=10"
}
},
+ "node_modules/libnpmteam/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/libnpmversion": {
"version": "1.0.6",
"resolved": "https://registry.npmjs.org/libnpmversion/-/libnpmversion-1.0.6.tgz",
@@ -4376,10 +4471,30 @@
"node": ">=10"
}
},
- "node_modules/npm-registry-fetch": {
+ "node_modules/npm-profile/node_modules/npm-registry-fetch": {
"version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
+ "node_modules/npm-registry-fetch": {
+ "version": "9.0.0",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-9.0.0.tgz",
+ "integrity": "sha512-PuFYYtnQ8IyVl6ib9d3PepeehcUeHN9IO5N/iCRhyg9tStQcqGQBRVHmfmMWPDERU3KwZoHFvbJ4FPXPspvzbA==",
"inBundle": true,
- "license": "ISC",
"dependencies": {
"@npmcli/ci-detect": "^1.0.0",
"lru-cache": "^6.0.0",
@@ -4791,6 +4906,25 @@
"node": ">=10"
}
},
+ "node_modules/pacote/node_modules/npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "inBundle": true,
+ "dependencies": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/parent-module": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
@@ -11425,6 +11559,23 @@
"minipass": "^3.1.1",
"npm-package-arg": "^8.0.0",
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"libnpmfund": {
@@ -11438,6 +11589,23 @@
"requires": {
"aproba": "^2.0.0",
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"libnpmorg": {
@@ -11445,6 +11613,23 @@
"requires": {
"aproba": "^2.0.0",
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"libnpmpack": {
@@ -11471,6 +11656,23 @@
"version": "3.0.0",
"requires": {
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"libnpmteam": {
@@ -11478,6 +11680,23 @@
"requires": {
"aproba": "^2.0.0",
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"libnpmversion": {
@@ -11886,10 +12105,29 @@
"version": "5.0.1",
"requires": {
"npm-registry-fetch": "^8.0.0"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"npm-registry-fetch": {
- "version": "8.1.5",
+ "version": "9.0.0",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-9.0.0.tgz",
+ "integrity": "sha512-PuFYYtnQ8IyVl6ib9d3PepeehcUeHN9IO5N/iCRhyg9tStQcqGQBRVHmfmMWPDERU3KwZoHFvbJ4FPXPspvzbA==",
"requires": {
"@npmcli/ci-detect": "^1.0.0",
"lru-cache": "^6.0.0",
@@ -12185,6 +12423,23 @@
"rimraf": "^3.0.2",
"ssri": "^8.0.0",
"tar": "^6.0.1"
+ },
+ "dependencies": {
+ "npm-registry-fetch": {
+ "version": "8.1.5",
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-8.1.5.tgz",
+ "integrity": "sha512-yZPNoJK9clx1jhSXU54kU6Aj1SV2p7mXUs1W/6OjQvek3wb1RrjDCrt4iY1+VX9eBQvvSGEpzNmYkRUaTL8rqg==",
+ "requires": {
+ "@npmcli/ci-detect": "^1.0.0",
+ "lru-cache": "^6.0.0",
+ "make-fetch-happen": "^8.0.9",
+ "minipass": "^3.1.3",
+ "minipass-fetch": "^1.3.0",
+ "minipass-json-stream": "^1.0.1",
+ "minizlib": "^2.0.0",
+ "npm-package-arg": "^8.0.0"
+ }
+ }
}
},
"parent-module": {
diff --git a/package.json b/package.json
index 39b55eaa6f08f..2cdef0d53510e 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
"npm-package-arg": "^8.1.0",
"npm-pick-manifest": "^6.1.0",
"npm-profile": "^5.0.1",
- "npm-registry-fetch": "^8.1.4",
+ "npm-registry-fetch": "^9.0.0",
"npm-user-validate": "^1.0.1",
"npmlog": "~4.1.2",
"opener": "^1.5.2",