Update npm to v6.14.6 [SECURITY]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
npm (source)	6.8.0 -> 6.14.6

GitHub Vulnerability Alerts

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user’s system when the package is installed. Only files accessible by the user running the npm install are affected.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Recommendation

Upgrade to version 6.13.3 or later.

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running npm install has access to and it is not possible to over write files that already exist on disk.

This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Recommendation

Upgrade to version 6.13.3 or later.

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations.

For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.

This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Recommendation

Upgrade to version 6.13.4 or later.

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like <protocol>://[<user>[:<password>]@&#8203;]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.

---

Release Notes

npm/cli (npm)

### [`v6.14.6`](https://togithub.com/npm/cli/releases/tag/v6.14.6) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.5...v6.14.6) #### 6.14.6 (2020-07-07) ##### BUG FIXES - [`a9857b8f6`](https://togithub.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc) chore: remove auth info from logs ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`b7ad77598`](https://togithub.com/npm/cli/commit/b7ad77598112908d60195d0fbc472b3c84275fd5) [#​1416](https://togithub.com/npm/cli/pull/1416) fix: wrong `npm doctor` command result ([@​vanishcode](https://togithub.com/vanishcode)) ##### DEPENDENCIES - [`94eca6377`](https://togithub.com/npm/cli/commit/94eca637756376b949edfb697e179a1fdcc231ee) `npm-registry-fetch@4.0.5` ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`c49b6ae28`](https://togithub.com/npm/cli/commit/c49b6ae28791ff7184288be16654f97168aa9705) [#​1418](https://togithub.com/npm/cli/pull/1418) `spdx-license-ids@3.0.5` ([@​kemitchell](https://togithub.com/kemitchell)) ### [`v6.14.5`](https://togithub.com/npm/cli/releases/tag/v6.14.5) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.4...v6.14.5) #### 6.14.5 (2020-05-04) ##### BUG FIXES - [`33ec41f18`](https://togithub.com/npm/cli/commit/33ec41f18f557146607cb14a7a38c707fce6d42c) [#​758](https://togithub.com/npm/cli/pull/758) fix: relativize file links when inflating shrinkwrap ([@​jsnajdr](https://togithub.com/jsnajdr)) - [`94ed456df`](https://togithub.com/npm/cli/commit/94ed456dfb0b122fd4192429024f034d06c3c454) [#​1162](https://togithub.com/npm/cli/pull/1162) fix: npm init help output ([@​mum-never-proud](https://togithub.com/mum-never-proud)) ##### DEPENDENCIES - [`5587ac01f`](https://togithub.com/npm/cli/commit/5587ac01ffd0d2ea830a6bbb67bb34a611ffc409) `npm-registry-fetch@4.0.4` - [`fc5d94c39`](https://togithub.com/npm/npm-registry-fetch/commit/fc5d94c39ca218d78df77249ab3a6bf1d9ed9db1) fix: removed default timeout - [`07a4d8884`](https://togithub.com/npm/cli/commit/07a4d8884448359bac485a49c05fd2d23d06834b) `graceful-fs@4.2.4` - [`8228d1f2e`](https://togithub.com/npm/cli/commit/8228d1f2e427ad9adee617266108acd1ee39b4a5) `mkdirp@0.5.5` - [`e6d208317`](https://togithub.com/npm/cli/commit/e6d20831740a84aea766da2a2913cf82a4d56ada) `nopt@4.0.3` ### [`v6.14.4`](https://togithub.com/npm/cli/releases/tag/v6.14.4) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.3...v6.14.4) #### 6.14.4 (2020-03-25) ##### DEPENDENCIES - [`136832dca`](https://togithub.com/npm/cli/commit/136832dcae13cb5518b1fe17bd63ea9b2a195f92) `mkdirp@0.5.4` - Bump `minimist@1.2.5` transitive dep to resolve security issue - [`9c554fd8c`](https://togithub.com/npm/cli/commit/9c554fd8cd1e9aeb8eb122ccfa3c78d12af4097a) `update-notifier@2.5.0` - bump `deep-extend@1.2.5` - bump `is-ci@1.2.1` - bump `is-retry-allowed@1.2.0` - bump `rc@1.2.8` - bump `registry-auth-token@3.4.0` - bump `widest-line@2.0.1` - [`8bf99b2b5`](https://togithub.com/npm/cli/commit/8bf99b2b58c14d45dc6739fce77de051ebc8ffb7) [#​1053](https://togithub.com/npm/cli/pull/1053) deps: updates term-size to use signed binary ### [`v6.14.3`](https://togithub.com/npm/cli/releases/tag/v6.14.3) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.2...v6.14.3) #### 6.14.3 (2020-03-19) ##### DOCUMENTATION - [`4ad221487`](https://togithub.com/npm/cli/commit4ad2214873cddfd4a0eff1bd188516b08fae9f9e) [#​1020](https://togithub.com/npm/cli/pull/1020) docs(teams): updated team docs to reflect MFA workflow ([@​blkdm0n](https://togithub.com/blkdm0n)) - [`4a31a4ba2`](https://togithub.com/npm/cli/commit/4a31a4ba2db0a5db2d1d0890ee934ba1babb73a6) [#​1034](https://togithub.com/npm/cli/pull/1034) docs: cleanup ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`0eac801cd`](https://togithub.com/npm/cli/commit/0eac801cdef344e9fbda6270145e062211255b0e) [#​1013](https://togithub.com/npm/cli/pull/1013) docs: fix links to cli commands ([@​alenros](https://togithub.com/alenros)) - [`7d8e5b99c`](https://togithub.com/npm/cli/commit/7d8e5b99c4ef8c394cffa7fc845f54a25ff37e3a) [#​755](https://togithub.com/npm/cli/pull/755) docs: correction to `npm update -g` behaviour ([@​johnkennedy9147](https://togithub.com/johnkennedy9147)) ##### DEPENDENCIES - [`e11167646`](https://togithub.com/npm/cli/commit/e111676467f090f73802b97e8da7ece481b18f99) `mkdirp@0.5.3` - [`c5b97d17d`](https://togithub.com/isaacs/node-mkdirp/commit/c5b97d17d45a22bcf4c815645cbb989dab57ddd8) fix: bump `minimist` dep to resolve security issue ([@​isaacs](https://togithub.com/isaacs)) - [`c50d679c6`](https://togithub.com/npm/cli/commit/c50d679c68b39dd03ad127d34f540ddcb1b1e804) `rimraf@2.7.1` - [`a2de99ff9`](https://togithub.com/npm/cli/commit/a2de99ff9e02425a3ccc25280f390178be755a36) `npm-registry-mock@1.3.1` - [`217debeb9`](https://togithub.com/npm/cli/commit/217debeb9812e037a6686cbf6ec67a0cd47fa68a) `npm-registry-couchapp@2.7.4` ### [`v6.14.2`](https://togithub.com/npm/cli/releases/tag/v6.14.2) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.1...v6.14.2) #### 6.14.2 (2020-03-03) ##### DOCUMENTATION - [`f9248c0be`](https://togithub.com/npm/cli/commit/f9248c0be63fba37a30098dc9215c752474380e3) [#​730](https://togithub.com/npm/cli/pull/730) chore(docs): update unpublish docs & policy reference ([@​nomadtechie](https://togithub.com/nomadtechie), [@​mikemimik](https://togithub.com/mikemimik)) ##### DEPENDENCIES - [`909cc3918`](https://togithub.com/npm/cli/commit/909cc39180a352f206898481add5772206c8b65f) `hosted-git-info@2.8.8` ([@​darcyclarke](https://togithub.com/darcyclarke)) - [`5038b1891`](https://togithub.com/npm/hosted-git-info/commit/5038b1891a61ca3cd7453acbf85d7011fe0086bb) fix: regression in old node versions w/ respect to url.URL implmentation - [`9204ffa58`](https://togithub.com/npm/cli/commit/9204ffa584c140c5e22b1ee37f6df2c98f5dc70b) `npm-profile@4.0.4` ([@​isaacs](https://togithub.com/isaacs)) - [`6bcf0860a`](https://togithub.com/npm/npm-profile/commit/6bcf0860a3841865099d0115dbcbde8b78109bd9) fix: treat non-http/https login urls as invalid - [`0365d39bd`](https://togithub.com/npm/cli/commit/0365d39bdc74960a18caac674f51d0e2a98b31e6) `glob@7.1.6` ([@​isaacs](https://togithub.com/isaacs)) - [`dab030536`](https://togithub.com/nodejs/node-gyp/commit/dab030536b6a70ecae37debc74c581db9e5280fd) `node-gyp@5.1.0` ([@​rvagg](https://togithub.com/rvagg)) ### [`v6.14.1`](https://togithub.com/npm/cli/releases/tag/v6.14.1) [Compare Source](https://togithub.com/npm/cli/compare/v6.14.0...v6.14.1) ##### 6.14.1 (2020-02-26) - [`303e5c11e`](https://togithub.com/npm/cli/commit/303e5c11e7db34cf014107aecd2e81c821bfde8d) `hosted-git-info@2.8.7` Fixes a regression where scp-style git urls are passed to the WhatWG URL parser, which does not handle them properly. ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.14.0`](https://togithub.com/npm/cli/releases/tag/v6.14.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.7...v6.14.0) #### 6.14.0 (2020-02-25) ##### FEATURES - [`30f170877`](https://togithub.com/npm/cli/commit/30f170877954acd036cb234a581e4eb155049b82) [#​731](https://togithub.com/npm/cli/pull/731) add support for multiple funding sources ([@​ljharb](https://togithub.com/ljharb) & [@​ruyadorno](https://togithub.com/ruyadorno/)) ##### BUG FIXES - [`55916b130`](https://togithub.com/npm/cli/commit/55916b130ef52984584678f2cc17c15c1f031cb5) [#​508](https://togithub.com/npm/cli/pull/508) fix: check `npm.config` before accessing its members ([@​kaiyoma](https://togithub.com/kaiyoma)) - [`7d0cd65b2`](https://togithub.com/npm/cli/commit/7d0cd65b23c0986b631b9b54d87bbe74902cc023) [#​733](https://togithub.com/npm/cli/pull/733) fix: access grant with unscoped packages ([@​netanelgilad](https://togithub.com/netanelgilad)) - [`28c3d40d6`](https://togithub.com/npm/cli/commit/28c3d40d65eef63f9d6ccb60b99ac57f5057a46e), [`0769c5b20`](https://togithub.com/npm/cli/commit/30f170877954acd036cb234a581e4eb155049b82) [#​945](https://togithub.com/npm/cli/pull/945), [#​697](https://togithub.com/npm/cli/pull/697) fix: allow new major versions of node to be automatically considered "supported" ([@​isaacs](https://togithub.com/isaacs), [@​ljharb](https://togithub.com/ljharb)) ##### DEPENDENCIES - [`6f39e93`](https://togithub.com/npm/hosted-git-info/commit/6f39e93bae9162663af6f15a9d10bce675dd5de3) `hosted-git-info@2.8.6` ([@​darcyclarke](https://togithub.com/darcyclarke)) - fix: passwords & usernames are escaped properly in git deps ([@​stevenhilder](https://togithub.com/stevenhilder)) - [`f14b594ee`](https://togithub.com/npm/cli/commit/f14b594ee9dbfc98ed0b65c65d904782db4f31ad) `chownr@1.1.4` ([@​isaacs](https://togithub.com/isaacs)) - [`77044150b`](https://togithub.com/npm/cli/commit/77044150b763d67d997f9ff108219132ea922678) `npm-packlist@1.4.8` ([@​isaacs](https://togithub.com/isaacs)) - [`1d112461a`](https://togithub.com/npm/cli/commit/1d112461ad8dc99e5ff7fabb5177e8c2f89a9755) `npm-registry-fetch@4.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`ba8b4fe`](https://togithub.com/npm/npm-registry-fetch/commit/ba8b4fe60eb6cdf9b39012560aec596eda8ce924) fix: always bypass cache when ?write=true - [`a47fed760`](https://togithub.com/npm/cli/commit/a47fed7603a6ed31dcc314c0c573805f05a96830) `readable-stream@3.6.0` - [`3bbf2d6`](https://togithub.com/nodejs/readable-stream/commit/3bbf2d6feb45b03f4e46a2ae8251601ad2262121) fix: babel's "loose mode" class transform enbrittles BufferList ([@​ljharb](https://togithub.com/ljharb)) ##### DOCUMENTATION - [`284c1c055`](https://togithub.com/npm/cli/commit/284c1c055a28c4b334496101799acefe3c54ceb3), [`fbb5f0e50`](https://togithub.com/npm/cli/commit/fbb5f0e50e54425119fa3f03c5de93e4cb6bfda7) [#​729](https://togithub.com/npm/cli/pull/729) update lifecycle hooks docs ([@​seanhealy](https://togithub.com/seanhealy), [@​mikemimik](https://togithub.com/mikemimik)) - [`1c272832d`](https://togithub.com/npm/cli/commit/1c272832d048300e409882313305c416dc6f21a2) [#​787](https://togithub.com/npm/cli/pull/787) fix: trademarks typo ([@​dnicolson](https://togithub.com/dnicolson)) - [`f6ff41776`](https://togithub.com/npm/cli/commit/f6ff417767d52418cc8c9e7b9731ede2c3916d2e) [#​936](https://togithub.com/npm/cli/pull/936) fix: postinstall example ([@​ajaymathur](https://togithub.com/ajaymathur)) - [`373224b16`](https://togithub.com/npm/cli/commit/373224b16e019b7b63d8f0b4c5d4adb7e5cb80dd) [#​939](https://togithub.com/npm/cli/pull/939) fix: bad links in publish docs ([@​vit100](https://togithub.com/vit100)) ##### MISCELLANEOUS - [`85c79636d`](https://togithub.com/npm/cli/commit/85c79636df31bac586c0e380c4852ee155a7723c) [#​736](https://togithub.com/npm/cli/pull/736) add script to update dist-tags ([@​mikemimik](https://togithub.com/mikemimik)) ### [`v6.13.7`](https://togithub.com/npm/cli/releases/tag/v6.13.7) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.6...v6.13.7) #### 6.13.7 (2020-01-28) ##### BUG FIXES - [`7dbb91438`](https://togithub.com/npm/cli/commit/7dbb914382ecd2074fffb7eba81d93262e2d23c6) [#​655](https://togithub.com/npm/cli/pull/655) Update CI detection cases ([@​isaacs](https://togithub.com/isaacs)) ##### DEPENDENCIES - [`0fb1296c7`](https://togithub.com/npm/cli/commit/0fb1296c7d6d4bb9e78c96978c433cd65e55c0ea) `libnpx@10.2.2` ([@​mikemimik](https://togithub.com/mikemimik)) - [`c9b69d569`](https://togithub.com/npm/cli/commit/c9b69d569fec7944375a746e9c08a6fa9bec96ff) `node-gyp@5.0.7` ([@​mikemimik](https://togithub.com/mikemimik)) - [`e8dbaf452`](https://togithub.com/npm/cli/commit/e8dbaf452a1f6c5350bb0c37059b89a7448e7986) `bin-links@1.1.7` ([@​mikemimik](https://togithub.com/mikemimik)) - [#​613](https://togithub.com/npm/cli/issues/613) Fixes bin entry for package ### [`v6.13.6`](https://togithub.com/npm/cli/releases/tag/v6.13.6) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.5...v6.13.6) #### 6.13.6 (2020-01-09) ##### DEPENDENCIES - [`6dba897a1`](https://togithub.com/npm/cli/commit/6dba897a1e2d56388fb6df0c814b0bb85af366b4) `pacote@9.5.12`: - [`d2f4176`](https://togithub.com/npm/pacote/commit/d2f4176b6af393d7e29de27e9b638dbcbab9a0c7) fix(git): Do not drop uid/gid when executing in root-owned directory ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.13.5`](https://togithub.com/npm/cli/releases/tag/v6.13.5) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.4...v6.13.5) #### 6.13.5 (2020-01-09) ##### BUG FIXES - [`fd0a802ec`](https://togithub.com/npm/cli/commit/fd0a802ec468ec7b98d6c15934c355fef0e7ff60) [#​550](https://togithub.com/npm/cli/pull/550) Fix cache location for `npm ci` ([@​zhenyavinogradov](https://togithub.com/zhenyavinogradov)) - [`4b30f3cca`](https://togithub.com/npm/cli/commit/4b30f3ccaebf50d6ab3bad130ff94827c017cc16) [#​648](https://togithub.com/npm/cli/pull/648) fix(version): using 'allow-same-version', git commit --allow-empty and git tag -f ([@​rhengles](https://togithub.com/rhengles)) ##### TESTING - [`e16f68d30`](https://togithub.com/npm/cli/commit/e16f68d30d59ce1ddde9fe62f7681b2c07fce84d) test(ci): add failing cache config test ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`3f009fbf2`](https://togithub.com/npm/cli/commit/3f009fbf2c42f68c5127efecc6e22db105a74fe0) [#​659](https://togithub.com/npm/cli/pull/659) test: fix bin-overwriting test on Windows ([@​isaacs](https://togithub.com/isaacs)) - [`43ae0791f`](https://togithub.com/npm/cli/commit/43ae0791f74f68e02850201a64a6af693657b241) [#​601](https://togithub.com/npm/cli/pull/601) ci: Allow builds to run even if one fails ([@​XhmikosR](https://togithub.com/XhmikosR)) - [`4a669bee4`](https://togithub.com/npm/cli/commit/4a669bee4ac54c70adc6979d45cd0605b6dc33fd) [#​603](https://togithub.com/npm/cli/pull/603) Remove the unused appveyor.yml ([@​XhmikosR](https://togithub.com/XhmikosR)) - [`9295046ac`](https://togithub.com/npm/cli/commit/9295046ac92bbe82f4d84e1ec90cc81d3b80bfc7) [#​600](https://togithub.com/npm/cli/pull/600) ci: switch to `actions/checkout@v2` ([@​XhmikosR](https://togithub.com/XhmikosR)) ##### DOCUMENTATION - [`f2d770ac7`](https://togithub.com/npm/cli/commit/f2d770ac768ea84867772b90a3c9acbdd0c1cb6a) [#​569](https://togithub.com/npm/cli/pull/569) fix netlify publish path config ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`462cf0983`](https://togithub.com/npm/cli/commit/462cf0983dbc18a3d93f77212ca69f878060b2ec) [#​627](https://togithub.com/npm/cli/pull/627) update gatsby dependencies ([@​felixonmars](https://togithub.com/felixonmars)) - [`6fb5dbb72`](https://togithub.com/npm/cli/commit/6fb5dbb7213c4c050c9a47a7d5131447b8b7dcc8) [#​532](https://togithub.com/npm/cli/pull/532) docs: clarify usage of global prefix ([@​jgehrcke](https://togithub.com/jgehrcke)) ### [`v6.13.4`](https://togithub.com/npm/cli/releases/tag/v6.13.4) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.3...v6.13.4) ##### 6.13.4 (2019-12-11) ##### BUGFIXES - [`320ac9aee`](https://togithub.com/npm/cli/commit/320ac9aeeafd11bb693c53b31148b8d10c4165e8) [npm/bin-links#12](https://togithub.com/npm/bin-links/pull/12) [npm/gentle-fs#7](https://togithub.com/npm/gentle-fs/pull/7) Do not remove global bin/man links inappropriately ([@​isaacs](https://togithub.com/isaacs)) ##### DEPENDENCIES - [`52fd21061`](https://togithub.com/npm/cli/commit/52fd21061ff8b1a73429294620ffe5ebaaa60d3e) `gentle-fs@2.3.0` ([@​isaacs](https://togithub.com/isaacs)) - [`d06f5c0b0`](https://togithub.com/npm/cli/commit/d06f5c0b0611c43b6e70ded92af24fa5d83a0f48) `bin-links@1.1.6` ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.13.3`](https://togithub.com/npm/cli/releases/tag/v6.13.3) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.2...v6.13.3) #### 6.13.3 (2019-12-09) ##### DEPENDENCIES - [`19ce061a2`](https://togithub.com/npm/cli/commit/19ce061a2ee165d8de862c8f0f733c222846b9e1) `bin-links@1.1.5` Properly normalize, sanitize, and verify `bin` entries in `package.json`. - [`59c836aae`](https://togithub.com/npm/cli/commit/59c836aae8d0104a767e80c540b963c91774012a) `npm-packlist@1.4.7` - [`fb4ecd7d2`](https://togithub.com/npm/cli/commit/fb4ecd7d2810b0b4897daaf081a5e2f3f483b310) `pacote@9.5.11` - [`5f33040`](https://togithub.com/npm/pacote/commit/5f3304028b6985fd380fc77c4840ff12a4898301) [#​476](https://togithub.com/npm/cli/issues/476) [npm/pacote#22](https://togithub.com/npm/pacote/issues/22) [npm/pacote#14](https://togithub.com/npm/pacote/issues/14) fix: Do not drop perms in git when not root ([isaacs](https://togithub.com/isaacs), [@​darcyclarke](https://togithub.com/darcyclarke)) - [`6f229f7`](https://togithub.com/npm/pacote/6f229f78d9911b4734f0a19c6afdc5454034c759) sanitize and normalize package bin field ([isaacs](https://togithub.com/isaacs)) - [`1743cb339`](https://togithub.com/npm/cli/commit/1743cb339767e86431dcd565c7bdb0aed67b293d) `read-package-json@2.1.1` ### [`v6.13.2`](https://togithub.com/npm/cli/releases/tag/v6.13.2) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.1...v6.13.2) #### 6.13.2 (2019-12-03) ##### BUG FIXES - [`4429645b3`](https://togithub.com/npm/cli/commit/4429645b3538e1cda54d8d1b7ecb3da7a88fdd3c) [#​546](https://togithub.com/npm/cli/pull/546) fix docs target typo ([@​richardlau](https://togithub.com/richardlau)) - [`867642942`](https://togithub.com/npm/cli/commit/867642942bec69bb9ab71cff1914fb6a9fe67de8) [#​142](https://togithub.com/npm/cli/pull/142) fix(packageRelativePath): fix 'where' for file deps ([@​larsgw](https://togithub.com/larsgw)) - [`d480f2c17`](https://togithub.com/npm/cli/commit/d480f2c176e6976b3cca3565e4c108b599b0379b) [#​527](https://togithub.com/npm/cli/pull/527) Revert "windows: Add preliminary WSL support for npm and npx" ([@​craigloewen-msft](https://togithub.com/craigloewen-msft)) - [`e4b97962e`](https://togithub.com/npm/cli/commit/e4b97962e5fce0d49beb541ce5a0f96aee0525de) [#​504](https://togithub.com/npm/cli/pull/504) remove unnecessary package.json read when reading shrinkwrap ([@​Lighting-Jack](https://togithub.com/Lighting-Jack)) - [`1c65d26ac`](https://togithub.com/npm/cli/commit/1c65d26ac9f10ac0037094c207d216fbf0e969bf) [#​501](https://togithub.com/npm/cli/pull/501) fix(fund): open url for string shorthand ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`ae7afe565`](https://togithub.com/npm/cli/commit/ae7afe56504dbffabf9f73d55b6dac1e3e9fed4a) [#​263](https://togithub.com/npm/cli/pull/263) Don't log error message if git tagging is disabled ([@​woppa684](https://togithub.com/woppa684)) - [`4c1b16f6a`](https://togithub.com/npm/cli/commit/4c1b16f6aecaf78956b9335734cfde2ac076ee11) [#​182](https://togithub.com/npm/cli/pull/182) Warn the user that it is uninstalling npm-install ([@​Hoidberg](https://togithub.com/Hoidberg)) ### [`v6.13.1`](https://togithub.com/npm/cli/releases/tag/v6.13.1) [Compare Source](https://togithub.com/npm/cli/compare/v6.13.0...v6.13.1) #### 6.13.1 (2019-11-18) ##### BUG FIXES - [`938d6124d`](https://togithub.com/npm/cli/commit/938d6124d6d15d96b5a69d0ae32ef59fceb8ceab) [#​472](https://togithub.com/npm/cli/pull/472) fix(fund): support funding string shorthand ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`b49c5535b`](https://togithub.com/npm/cli/commit/b49c5535b7c41729a8d167b035924c3c66b36de0) [#​471](https://togithub.com/npm/cli/pull/471) should not publish tap-snapshot folder ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`3471d5200`](https://togithub.com/npm/cli/commit/3471d5200217bfa612b1a262e36c9c043a52eb09) [#​253](https://togithub.com/npm/cli/pull/253) Add preliminary WSL support for npm and npx ([@​infinnie](https://togithub.com/infinnie)) - [`3ef295f23`](https://togithub.com/npm/cli/commit/3ef295f23ee1b2300abf13ec19e935c47a455179) [#​486](https://togithub.com/npm/cli/pull/486) print quick audit report for human output ([@​isaacs](https://togithub.com/isaacs)) ##### TESTING - [`dbbf977ac`](https://togithub.com/npm/cli/commit/dbbf977acd1e74bcdec859c562ea4a2bc0536442) [#​278](https://togithub.com/npm/cli/pull/278) added workflow to trigger and run benchmarks ([@​mikemimik](https://togithub.com/mikemimik)) - [`b4f5e3825`](https://togithub.com/npm/cli/commit/b4f5e3825535256aaada09c5e8f104570a3d96a4) [#​457](https://togithub.com/npm/cli/pull/457) feat(docs): adding tests and updating docs to reflect changes in registry teams API. ([@​nomadtechie](https://togithub.com/nomadtechie)) - [`454c7dd60`](https://togithub.com/npm/cli/commit/454c7dd60c78371bf606f11a17ed0299025bc37c) [#​456](https://togithub.com/npm/cli/pull/456) fix git configs for git 2.23 and above ([@​isaacs](https://togithub.com/isaacs)) ##### DOCUMENTATION - [`b8c1576a4`](https://togithub.com/npm/cli/commit/b8c1576a448566397c721655b95fc90bf202b35a) [`30b013ae8`](https://togithub.com/npm/cli/commit/30b013ae8eacd04b1b8a41ce2ed0dd50c8ebae25) [`26c1b2ef6`](https://togithub.com/npm/cli/commit/26c1b2ef6be1595d28d935d35faa8ec72daae544) [`9f943a765`](https://togithub.com/npm/cli/commit/9f943a765faf6ebb8a442e862b808dbb630e018d) [`c0346b158`](https://togithub.com/npm/cli/commit/c0346b158fc25ab6ca9954d4dd78d9e62f573a41) [`8e09d5ad6`](https://togithub.com/npm/cli/commit/8e09d5ad67d4f142241193cecbce61c659389be3) [`4a2f551ee`](https://togithub.com/npm/cli/commit/4a2f551eeb3285f6f200534da33644789715a41a) [`87d67258c`](https://togithub.com/npm/cli/commit/87d67258c213d9ea9a49ce1804294a718f08ff13) [`5c3b32722`](https://togithub.com/npm/cli/commit/5c3b3272234764c8b4d2d798b69af077b5a529c7) [`b150eaeff`](https://togithub.com/npm/cli/commit/b150eaeff428180bfa03be53fd741d5625897758) [`7555a743c`](https://togithub.com/npm/cli/commit/7555a743ce4c3146d6245dd63f91503c7f439a6c) [`b89423e2f`](https://togithub.com/npm/cli/commit/b89423e2f6a09b290b15254e7ff7e8033b434d83) [#​463](https://togithub.com/npm/cli/pull/463) [#​285](https://togithub.com/npm/cli/pull/285) [#​268](https://togithub.com/npm/cli/pull/268) [#​232](https://togithub.com/npm/cli/pull/232) [#​485](https://togithub.com/npm/cli/pull/485) [#​453](https://togithub.com/npm/cli/pull/453) docs cleanup: typos, styling and content ([@​claudiahdz](https://togithub.com/claudiahdz)) ([@​XhmikosR](https://togithub.com/XhmikosR)) ([@​mugli](https://togithub.com/mugli)) ([@​brettz9](https://togithub.com/brettz9)) ([@​mkotsollaris](https://togithub.com/mkotsollaris)) ##### DEPENDENCIES - [`661d86cd2`](https://togithub.com/npm/cli/commit/661d86cd229b14ddf687b7f25a66941a79d233e7) `make-fetch-happen@5.0.2` ([@​claudiahdz](https://togithub.com/claudiahdz)) ### [`v6.13.0`](https://togithub.com/npm/cli/releases/tag/v6.13.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.12.1...v6.13.0) #### 6.13.0 (2019-11-05) ##### NEW FEATURES - [`4414b06d9`](https://togithub.com/npm/cli/commit/4414b06d944c56bee05ccfb85260055a767ee334) [#​273](https://togithub.com/npm/cli/pull/273) add fund command ([@​ruyadorno](https://togithub.com/ruyadorno)) ##### DOCUMENTATION - [`ae4c74d04`](https://togithub.com/npm/cli/commit/ae4c74d04f820a0255a92bdfe77ecf97af134fae) [#​274](https://togithub.com/npm/cli/pull/274) migrate existing docs to gatsby ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`4ff1bb180`](https://togithub.com/npm/cli/commit/4ff1bb180b1db8c72e51b3d57bd4e268b738e049) [#​277](https://togithub.com/npm/cli/pull/277) updated documentation copy ([@​oletizi](https://togithub.com/oletizi)) ##### BUG FIXES - [`e4455409f`](https://togithub.com/npm/cli/commit/e4455409fe6fe9c198b250b488129171f0b4624a) [#​281](https://togithub.com/npm/cli/pull/281) delete ps1 files on package removal ([@​NoDocCat](https://togithub.com/NoDocCat)) - [`cd14d4701`](https://togithub.com/npm/cli/commit/cd14d47014e8c96ffd6a18791e8752028b19d637) [#​279](https://togithub.com/npm/cli/pull/279) update supported node list to remove v6.0, v6.1, v9.0 - v9.2 ([@​ljharb](https://togithub.com/ljharb)) ##### DEPENDENCIES - [`a37296b20`](https://togithub.com/npm/cli/commit/a37296b20ca3e19c2bbfa78fedcfe695e03fda69) `pacote@9.5.9` - [`d3cb3abe8`](https://togithub.com/npm/cli/commit/d3cb3abe8cee54bd2624acdcf8043932ef0d660a) `read-cmd-shim@1.0.5` ##### TESTING - [`688cd97be`](https://togithub.com/npm/cli/commit/688cd97be94ca949719424ff69ff515a68c5caba) [#​272](https://togithub.com/npm/cli/pull/272) use github actions for CI ([@​JasonEtco](https://togithub.com/JasonEtco)) - [`9a2d8af84`](https://togithub.com/npm/cli/commit/9a2d8af84f7328f13d8f578cf4b150b9d5f09517) [#​240](https://togithub.com/npm/cli/pull/240) Clean up some flakiness and inconsistency ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.12.1`](https://togithub.com/npm/cli/releases/tag/v6.12.1) [Compare Source](https://togithub.com/npm/cli/compare/v6.12.0...v6.12.1) #### 6.12.1 (2019-10-29) ##### BUG FIXES - [`6508e833d`](https://togithub.com/npm/cli/commit/6508e833df35a3caeb2b496f120ce67feff306b6) [#​269](https://togithub.com/npm/cli/pull/269) add node v13 as a supported version ([@​ljharb](https://togithub.com/ljharb)) - [`b6588a8f7`](https://togithub.com/npm/cli/commit/b6588a8f74fb8b1ad103060b73c4fd5174b1d1f6) [#​265](https://togithub.com/npm/cli/pull/265) Fix regression in lockfile repair for sub-deps ([@​feelepxyz](https://togithub.com/feelepxyz)) - [`d5dfe57a1`](https://togithub.com/npm/cli/commit/d5dfe57a1d810fe7fd64edefc976633ee3a4da53) [#​266](https://togithub.com/npm/cli/pull/266) resolve circular dependency in pack.js ([@​addaleax](https://togithub.com/addaleax)) ##### DEPENDENCIES - [`73678bb59`](https://togithub.com/npm/cli/commit/73678bb590a8633c3bdbf72e08f1279f9e17fd28) `chownr@1.1.3` - [`4b76926e2`](https://togithub.com/npm/cli/commit/4b76926e2058ef30ab1d5e2541bb96d847653417) `graceful-fs@4.2.3` - [`c691f36a9`](https://togithub.com/npm/cli/commit/c691f36a9c108b6267859fe61e4a38228b190c17) `libcipm@4.0.7` - [`5e1a14975`](https://togithub.com/npm/cli/commit/5e1a14975311bfdc43df8e1eb317ae5690ee580c) `npm-packlist@1.4.6` - [`c194482d6`](https://togithub.com/npm/cli/commit/c194482d65ee81a5a0a6281c7a9f984462286c56) `npm-registry-fetch@4.0.2` - [`bc6a8e0ec`](https://togithub.com/npm/cli/commit/bc6a8e0ec966281e49b1dc66f9c641ea661ab7a6) `tar@4.4.1` - [`4dcca3cbb`](https://togithub.com/npm/cli/commit/4dcca3cbb161da1f261095d9cdd26e1fbb536a8d) `uuid@3.3.3` ### [`v6.12.0`](https://togithub.com/npm/cli/releases/tag/v6.12.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.11.3...v6.12.0) #### 6.12.0 (2019-10-08): Now `npm ci` runs prepare scripts for git dependencies, and respects the `--no-optional` argument. Warnings for `engine` mismatches are printed again. Various other fixes and cleanups. ##### BUG FIXES - [`890b245dc`](https://togithub.com/npm/cli/commit/890b245dc1f609590d8ab993fac7cf5a37ed46a5) [#​252](https://togithub.com/npm/cli/pull/252) ci: add dirPacker to options ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`f3299acd0`](https://togithub.com/npm/cli/commit/f3299acd0b4249500e940776aca77cc6c0977263) [#​257](https://togithub.com/npm/cli/pull/257) [npm.community#4792](https://npm.community/t/engines-and-engines-strict-ignored/4792) warn message on engine mismatch ([@​ruyadorno](https://togithub.com/ruyadorno)) - [`bbc92fb8f`](https://togithub.com/npm/cli/commit/bbc92fb8f3478ff67071ebaff551f01c1ea42ced) [#​259](https://togithub.com/npm/cli/pull/259) [npm.community#10288](https://npm.community/t/npm-token-err-figgypudding-options-cannot-be-modified-use-concat-instead/10288) Fix figgyPudding error in `npm token` ([@​benblank](https://togithub.com/benblank)) - [`70f54dcb5`](https://togithub.com/npm/cli/commit/70f54dcb5693b301c6b357922b7e8d16b57d8b00) [#​241](https://togithub.com/npm/cli/pull/241) doctor: Make OK more consistent ([@​gemal](https://togithub.com/gemal)) ##### FEATURES - [`ed993a29c`](https://togithub.com/npm/cli/commit/ed993a29ccf923425317c433844d55dbea2f23ee) [#​249](https://togithub.com/npm/cli/pull/249) Add CI environment variables to user-agent ([@​isaacs](https://togithub.com/isaacs)) - [`f6b0459a4`](https://togithub.com/npm/cli/commit/f6b0459a466a2c663dbd549cdc331e7732552dca) [#​248](https://togithub.com/npm/cli/pull/248) Add option to save package-lock without formatting Adds a new config `--format-package-lock`, which defaults to true. ([@​bl00mber](https://togithub.com/bl00mber)) ##### DEPENDENCIES - [`0ca063c5d`](https://togithub.com/npm/cli/commit/0ca063c5dc961c4aa17373f4b33fb54c51c8c8d6) `npm-lifecycle@3.1.4`: - fix: filter functions and undefined out of makeEnv ([@​isaacs](https://togithub.com/isaacs)) - [`5df6b0ea2`](https://togithub.com/npm/cli/commit/5df6b0ea2e3106ba65bba649cc8d7f02f4738236) `libcipm@4.0.4`: - fix: pack git directories properly ([@​claudiahdz](https://togithub.com/claudiahdz)) - respect no-optional argument ([@​cruzdanilo](https://togithub.com/cruzdanilo)) - [`7e04f728c`](https://togithub.com/npm/cli/commit/7e04f728cc4cd4853a8fc99e2df0a12988897589) `tar@4.4.12` - [`5c380e5a3`](https://togithub.com/npm/cli/commit/5c380e5a33d760bb66a4285b032ae5f50af27199) `stringify-package@1.0.1` ([@​isaacs](https://togithub.com/isaacs)) - [`62f2ca692`](https://togithub.com/npm/cli/commit/62f2ca692ac0c0467ef4cf74f91777a5175258c4) `node-gyp@5.0.5` ([@​isaacs](https://togithub.com/isaacs)) - [`0ff0ea47a`](https://togithub.com/npm/cli/commit/0ff0ea47a8840dd7d952bde7f7983a5016cda8ea) `npm-install-checks@3.0.2` ([@​isaacs](https://togithub.com/isaacs)) - [`f46edae94`](https://togithub.com/npm/cli/commit/f46edae9450b707650a0efab09aa1e9295a18070) `hosted-git-info@2.8.5` ([@​isaacs](https://togithub.com/isaacs)) ##### TESTING - [`44a2b036b`](https://togithub.com/npm/cli/commit/44a2b036b34324ec85943908264b2e36de5a9435) [#​262](https://togithub.com/npm/cli/pull/262) fix root-ownership race conditions in meta-test ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.11.3`](https://togithub.com/npm/cli/releases/tag/v6.11.3) [Compare Source](https://togithub.com/npm/cli/compare/v6.11.2...v6.11.3) #### 6.11.3 (2019-09-03): Fix npm ci regressions and npm outdated depth. ##### BUG FIXES - [`235ed1d28`](https://togithub.com/npm/cli/commit/235ed1d2838ef302bb995e183980209d16c51b9b)[#​239](https://togithub.com/npm/cli/pull/239) Don't override user specified depth in outdated. Restores ability to update packages using `--depth` as suggested by `npm audit`. ([@​G-Rath](https://togithub.com/G-Rath)) - [`1fafb5151`](https://togithub.com/npm/cli/commit/1fafb51513466cd793866b576dfea9a8963a3335)[#​242](https://togithub.com/npm/cli/pull/242) [npm.community#9586](https://npm.community/t/6-11-1-some-dependencies-are-no-longer-being-installed/9586/4) Revert "install: do not descend into directory deps' child modules" ([@​isaacs](https://togithub.com/isaacs)) - [`cebf542e6`](https://togithub.com/npm/cli/commit/cebf542e61dcabdd2bd3b876272bf8eebf7d01cc)[#​243](https://togithub.com/npm/cli/pull/243) [npm.community#9720](https://npm.community/t/6-11-2-npm-ci-installs-package-with-wrong-permissions/9720) ci: pass appropriate configs for file/dir modes ([@​isaacs](https://togithub.com/isaacs)) ##### DEPENDENCIES - [`e5fbb7ed1`](https://togithub.com/npm/cli/commit/e5fbb7ed1fc7ef5c6ca4790e2d0dc441e0ac1596) `read-cmd-shim@1.0.4` ([@​claudiahdz](https://togithub.com/claudiahdz)) - [`23ce65616`](https://togithub.com/npm/cli/commit/23ce65616c550647c586f7babc3c2f60115af2aa) `npm-pick-manifest@3.0.2` ([@​claudiahdz](https://togithub.com/claudiahdz)) ### [`v6.11.2`](https://togithub.com/npm/cli/releases/tag/v6.11.2) [Compare Source](https://togithub.com/npm/cli/compare/v6.11.1...v6.11.2) #### 6.11.2 (2019-08-22): Fix a recent Windows regression, and two long-standing Windows bugs. Also, get CI running on Windows, so these things are less likely in the future. ##### DEPENDENCIES - [`9778a1b87`](https://togithub.com/npm/cli/commit/9778a1b878aaa817af6e99385e7683c2a389570d) `cmd-shim@3.0.3`: Fix regression where shims fail to preserve exit code ([@​isaacs](https://togithub.com/isaacs)) - [`bf93e91d8`](https://togithub.com/npm/cli/commit/bf93e91d879c816a055d5913e6e4210d7299f299) `npm-package-arg@6.1.1`: Properly handle git+file: urls on Windows when a drive letter is included. ([@​isaacs](https://togithub.com/isaacs)) ##### BUGFIXES - [`6cc4cc66f`](https://togithub.com/npm/cli/commit/6cc4cc66f1fb050dc4113e35cab59197fd48e04a) escape args properly on Windows Bash Despite being bash, Node.js running on windows git mingw bash still executes child processes using cmd.exe. As a result, arguments in this environment need to be escaped in the style of cmd.exe, not bash. ([@​isaacs](https://togithub.com/isaacs)) ##### TESTS - [`291aba7b8`](https://togithub.com/npm/cli/commit/291aba7b821e247b96240b1ec037310ead69a594) make tests pass on Windows ([@​isaacs](https://togithub.com/isaacs)) - [`fea3a023a`](https://togithub.com/npm/cli/commit/fea3a023a80863f32a5f97f5132401b1a16161b8) travis: run tests on Windows as well ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.11.1`](https://togithub.com/npm/cli/releases/tag/v6.11.1) [Compare Source](https://togithub.com/npm/cli/compare/v6.11.0...v6.11.1) ##### 6.11.1 (2019-08-20): Fix a regression for windows command shim syntax. - [`37db29647`](https://togithub.com/npm/cli/commit/37db2964710c80003604b7e3c1527d17be7ed3d0) `cmd-shim@3.0.2` ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.11.0`](https://togithub.com/npm/cli/releases/tag/v6.11.0) [Compare Source](https://togithub.com/npm/cli/compare/v6.10.3...v6.11.0) #### v6.11.0 (2019-08-20): A few meaty bugfixes, and introducing `peerDependenciesMeta`. ##### FEATURES - [`a12341088`](https://togithub.com/npm/cli/commit/a12341088820c0e7ef6c1c0db3c657f0c2b3943e) [#​224](https://togithub.com/npm/cli/pull/224) Implements peerDependenciesMeta ([@​arcanis](https://togithub.com/arcanis)) - [`2f3b79bba`](https://togithub.com/npm/cli/commit/2f3b79bbad820fd4a398aa494b19f79b7fd520a1) [#​234](https://togithub.com/npm/cli/pull/234) add new forbidden 403 error code ([@​claudiahdz](https://togithub.com/claudiahdz)) ##### BUGFIXES - [`24acc9fc8`](https://togithub.com/npm/cli/commit/24acc9fc89d99d87cc66206c6c6f7cdc82fbf763) and [`45772af0d`](https://togithub.com/npm/cli/commit/45772af0ddca54b658cb2ba2182eec26d0a4729d) [#​217](https://togithub.com/npm/cli/pull/217) [npm.community#8863](https://npm.community/t/installing-the-same-module-under-multiple-relative-paths-fails-on-linux/8863) [npm.community#9327](https://npm.community/t/reinstall-breaks-after-npm-update-to-6-10-2/9327,) do not descend into directory deps' child modules, fix shrinkwrap files that inappropriately list child nodes of symlink packages ([@​isaacs](https://togithub.com/isaacs) and [@​salomvary](https://togithub.com/salomvary)) - [`50cfe113d`](https://togithub.com/npm/cli/commit/50cfe113da5fcc59c1d99b0dcf1050ace45803c7) [#​229](https://togithub.com/npm/cli/pull/229) fixed typo in semver doc ([@​gall0ws](https://togithub.com/gall0ws)) - [`e8fb2a1bd`](https://togithub.com/npm/cli/commit/e8fb2a1bd9785e0092e9926f4fd65ad431e38452) [#​231](https://togithub.com/npm/cli/pull/231) Fix spelling mistakes in CHANGELOG-3.md ([@​XhmikosR](https://togithub.com/XhmikosR)) - [`769d2e057`](https://togithub.com/npm/cli/commit/769d2e057daf5a2cbfe0ce86f02550e59825a691) [npm/uid-number#7](https://togithub.com/npm/uid-number/issues/7) Better error on invalid `--user`/`--group` configs. This addresses the issue when people fail to install binary packages on Docker and other environments where there is no 'nobody' user. ([@​isaacs](https://togithub.com/isaacs)) - [`8b43c9624`](https://togithub.com/npm/cli/commit/8b43c962498c8e2707527e4fca442d7a4fa51595) [nodejs/node#28987](https://togithub.com/nodejs/node/issues/28987) [npm.community#6032](https://npm.community/t/npm-ci-doesnt-respect-npmrc-variables/6032) [npm.community#6658](https://npm.community/t/npm-ci-doesnt-fill-anymore-the-process-env-npm-config-cache-variable-on-post-install-scripts/6658) [npm.community#6069](https://npm.community/t/npm-ci-does-not-compile-native-dependencies-according-to-npmrc-configuration/6069) [npm.community#9323](https://npm.community/t/npm-6-9-x-not-passing-environment-to-node-gyp-regression-from-6-4-x/9323/2) Fix the regression where random config values in a .npmrc file are not passed to lifecycle scripts, breaking build processes which rely on them. ([@​isaacs](https://togithub.com/isaacs)) - [`8b85eaa47`](https://togithub.com/npm/cli/commit/8b85eaa47da3abaacc90fe23162a68cc6e1f0404) save files with inferred ownership rather than relying on `SUDO_UID` and `SUDO_GID`. ([@​isaacs](https://togithub.com/isaacs)) - [`b7f6e5f02`](https://togithub.com/npm/cli/commit/b7f6e5f0285515087b4614d81db17206524c0fdb) Infer ownership of shrinkwrap files ([@​isaacs](https://togithub.com/isaacs)) - [`54b095d77`](https://togithub.com/npm/cli/commit/54b095d77b3b131622b3cf4cb5c689aa2dd10b6b) [#​235](https://togithub.com/npm/cli/pull/235) Add spec to dist-tag remove function ([@​theberbie](https://togithub.com/theberbie)) ##### DEPENDENCIES - [`dc8f9e52f`](https://togithub.com/npm/cli/commit/dc8f9e52f0bb107c0a6b20cc0c97cbc3b056c1b3) `pacote@9.5.7`: Infer the ownership of all unpacked files in `node_modules`, so that we never have user-owned files in root-owned folders, or root-owned files in user-owned folders. ([@​isaacs](https://togithub.com/isaacs)) - [`bb33940c3`](https://togithub.com/npm/cli/commit/bb33940c32aad61704084e61ebd1bd8e7cacccc8) `cmd-shim@3.0.0`: - [`9c93ac3`](https://togithub.com/npm/cmd-shim/commit/9c93ac39e95b0d6ae852e842e4c5dba5e19687c2) [#​2](https://togithub.com/npm/cmd-shim/pull/2) [npm#3380](https://togithub.com/npm/npm/issues/3380) Handle environment variables properly ([@​basbossink](https://togithub.com/basbossink)) - [`2d277f8`](https://togithub.com/npm/cmd-shim/commit/2d277f8e84d45401747b0b9470058f168b974ad5) [#​25](https://togithub.com/npm/cmd-shim/pull/25) [#​36](https://togithub.com/npm/cmd-shim/pull/36) [#​35](https://togithub.com/npm/cmd-shim/pull/35) Fix 'no shebang' case by always providing `$basedir` in shell script ([@​igorklopov](https://togithub.com/igorklopov)) - [`adaf20b`](https://togithub.com/npm/cmd-shim/commit/adaf20b7fa2c09c2111a2506c6a3e53ed0831f88) [#​26](https://togithub.com/npm/cmd-shim/pull/26) Fix `$*` causing an error when arguments contain parentheses ([@​satazor](https://togithub.com/satazor)) - [`49f0c13`](https://togithub.com/npm/cmd-shim/commit/49f0c1318fd384e0031c3fd43801f0e22e1e555f) [#​30](https://togithub.com/npm/cmd-shim/pull/30) Fix paths for MSYS/MINGW bash ([@​dscho](https://togithub.com/dscho)) - [`51a8af3`](https://togithub.com/npm/cmd-shim/commit/51a8af30990cb072cb30d67fc1b564b14746bba9) [#​34](https://togithub.com/npm/cmd-shim/pull/34) Add proper support for PowerShell ([@​ExE-Boss](https://togithub.com/ExE-Boss)) - [`4c37e04`](https://togithub.com/npm/cmd-shim/commit/4c37e048dee672237e8962fdffca28e20e9f976d) [#​10](https://togithub.com/npm/cmd-shim/issues/10) Work around quoted batch file names ([@​isaacs](https://togithub.com/isaacs)) - [`a4e279544`](https://togithub.com/npm/cli/commit/a4e279544f7983e0adff1e475e3760f1ea85825a) `npm-lifecycle@3.1.3` ([@​isaacs](https://togithub.com/isaacs)): - fail properly if `uid-number` raises an error - [`7086a1809`](https://togithub.com/npm/cli/commit/7086a1809bbfda9be81344b3949c7d3ac687ffc4) `libcipm@4.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`8845141f9`](https://togithub.com/npm/cli/commit/8845141f9d7827dae572c8cf26f2c775db905bd3) `read-package-json@2.1.0` ([@​isaacs](https://togithub.com/isaacs)) - [`51c028215`](https://togithub.com/npm/cli/commit/51c02821575d80035ebe853492d110db11a7d1b9) `bin-links@1.1.3` ([@​isaacs](https://togithub.com/isaacs)) - [`534a5548c`](https://togithub.com/npm/cli/commit/534a5548c9ebd59f0dd90e9ccca148ed8946efa6) `read-cmd-shim@1.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`3038f2fd5`](https://togithub.com/npm/cli/commit/3038f2fd5b1d7dd886ee72798241d8943690f508) `gentle-fs@2.2.1` ([@​isaacs](https://togithub.com/isaacs)) - [`a609a1648`](https://togithub.com/npm/cli/commit/a609a16489f76791697d270b499fd4949ab1f8c3) `graceful-fs@4.2.2` ([@​isaacs](https://togithub.com/isaacs)) - [`f0346f754`](https://togithub.com/npm/cli/commit/f0346f75490619a81b310bfc18646ae5ae2e0ea4) `cacache@12.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`ca9c615c8`](https://togithub.com/npm/cli/commit/ca9c615c8cff5c7db125735eb09f84d912d18694) `npm-pick-manifest@3.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`b417affbf`](https://togithub.com/npm/cli/commit/b417affbf7133dc7687fd809e4956a43eae3438a) `pacote@9.5.8` ([@​isaacs](https://togithub.com/isaacs)) ##### TESTS - [`b6df0913c`](https://togithub.com/npm/cli/commit/b6df0913ca73246f1fa6cfa0e81e34ba5f2b6204) [#​228](https://togithub.com/npm/cli/pull/228) Proper handing of /usr/bin/node lifecycle-path test ([@​olivr70](https://togithub.com/olivr70)) - [`aaf98e88c`](https://togithub.com/npm/cli/commit/aaf98e88c78fd6c850d0a3d3ee2f61c02f63bc8c) `npm-registry-mock@1.3.0` ([@​isaacs](https://togithub.com/isaacs)) ### [`v6.10.3`](https://togithub.com/npm/cli/releases/tag/v6.10.3) [Compare Source](https://togithub.com/npm/cli/compare/v6.10.2...v6.10.3) #### v6.10.3 (2019-08-06): ##### BUGFIXES - [`27cccfbda`](https://togithub.com/npm/cli/commit/27cccfbdac8526cc807b07f416355949b1372a9b) [#​223](https://togithub.com/npm/cli/pull/223) vulns → vulnerabilities in npm audit output ([@​sapegin](https://togithub.com/sapegin)) - [`d5e865eb7`](https://togithub.com/npm/cli/commit/d5e865eb79329665a927cc2767b4395c03045dbb) [#​222](https://togithub.com/npm/cli/pull/222) [#​226](https://togithub.com/npm/cli/pull/226) install, doctor: don't crash if registry unset ([@​dmitrydvorkin](https://togithub.com/dmitrydvorkin), [@​isaacs](https://togithub.com/isaacs)) - [`5b3890226`](https://togithub.com/npm/cli/commit/5b389022652abeb0e1c278a152550eb95bc6c452) [#​227](https://togithub.com/npm/cli/pull/227) [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5) Handle unhandledRejections, tell user what to do when encountering an `EACCES` error in the cache. ([@​isaacs](https://togithub.com/isaacs)) ##### DEPENDENCIES - [`77516df6e`](https://togithub.com/npm/cli/commit/77516df6eac94a6d7acb5e9ca06feaa0868d779b) `licensee@7.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`ceb993590`](https://togithub.com/npm/cli/commit/ceb993590e4e376a9a78264ce7bb4327fbbb37fe) `query-string@6.8.2` ([@​isaacs](https://togithub.com/isaacs)) - [`4050b9189`](https://togithub.com/npm/cli/commit/4050b91898c60e9b22998cf82b70b9b822de592a) `hosted-git-info@2.8.2` - [#​46](https://togithub.com/npm/hosted-git-info/issues/46) [#​43](https://togithub.com/npm/hosted-git-info/issues/43) [#​47](https://togithub.com/npm/hosted-git-info/pull/47) [#​44](https://togithub.com/npm/hosted-git-info/pull/44) Add support for GitLab subgroups ([@​mterrel](https://togithub.com/mterrel), [@​isaacs](https://togithub.com/isaacs), [@​ybiquitous](https://togithub.com/ybiquitous)) - [`3b1d629`](https://togithub.com/npm/hosted-git-info/commit/3b1d629) [#​48](https://togithub.com/npm/hosted-git-info/issues/48) fix http protocol using sshurl by default ([@​fengmk2](https://togithub.com/fengmk2)) - [`5d4a8d7`](https://togithub.com/npm/hosted-git-info/commit/5d4a8d7) ignore noCommittish on tarball url generation ([@​isaacs](https://togithub.com/isaacs)) - [`1692435`](https://togithub.com/npm/hosted-git-info/commit/1692435) use gist tarball url that works for anonymous gists ([@​isaacs](https://togithub.com/isaacs)) - [`d5cf830`](https://togithub.com/npm/hosted-git-info/commit/d5cf8309be7af884032616c63ea302ce49dd321c) Do not allow invalid gist urls ([@​isaacs](https://togithub.com/isaacs)) - [`e518222`](https://togithub.com/npm/hosted-git-info/commit/e5182224351183ce619dd5ef00019ae700ed37b7) Use LRU cache to prevent unbounded memory consumption ([@​iarna](https://togithub.com/iarna)) ### [`v6.10.2`](https://togithub.com/npm/cli/releases/tag/v6.10.2) [Compare Source](https://togithub.com/npm/cli/compare/v6.10.1...v6.10.2) #### v6.10.2 (2019-07-23): tl;dr - Fixes several issues with the cache when npm is run as `sudo` on Unix systems. ##### TESTING - [`2a78b96f8`](https://togithub.com/npm/cli/commit/2a78b96f830bbd834720ccc9eacccc54915ae6f7) check test cache for root-owned files ([@​isaacs](https://togithub.com/isaacs)) - [`108646ebc`](https://togithub.com/npm/cli/commit/108646ebc12f3eeebaa0a45884c45991a45e57e4) run sudo tests on Travis-CI ([@​isaacs](https://togithub.com/isaacs)) - [`cf984e946`](https://togithub.com/npm/cli/commit/cf984e946f453cbea2fcc7a59608de3f24ab74c3) set --no-esm tap flag ([@​isaacs](https://togithub.com/isaacs)) - [`8e0a3100d`](https://togithub.com/npm/cli/commit/8e0a3100dffb3965bb3dc4240e82980dfadf2f3c) add script to run tests and leave fixtures for inspection and debugging ([@​isaacs](https://togithub.com/isaacs)) ##### BUGFIXES - [`25f4f73f6`](https://togithub.com/npm/cli/commit/25f4f73f6dc9744757787c82351120cd1baee5f8) add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned. ([@​isaacs](https://togithub.com/isaacs)) - [`2c61ce65d`](https://togithub.com/npm/cli/commit/2c61ce65d6b67100fdf3fcb9729055b669cb1a1d) infer cache owner from parent dir in `correct-mkdir` util ([@​isaacs](https://togithub.com/isaacs)) - [`235e5d6df`](https://togithub.com/npm/cli/commit/235e5d6df6f427585ec58425f1f3339d08f39d8a) ensure correct owner on cached all-packages metadata ([@​isaacs](https://togithub.com/isaacs)) - [`e2d377bb6`](https://togithub.com/npm/cli/commit/e2d377bb6419d8a3c1d80a73dba46062b4dad336) [npm.community#8540](https://npm.community/t/npm-audit-fails-with-child-requires-fails-because-requires-must-be-an-object/8540) audit: report server error on failure ([@​isaacs](https://togithub.com/isaacs)) - [`52576a39e`](https://togithub.com/npm/cli/commit/52576a39ed75d94c46bb2c482fd38d2c6ea61c56) [#​216](https://togithub.com/npm/cli/pull/216) [npm.community#5385](https://npm.community/t/6-8-0-npm-ci-fails-with-local-dependency/5385) [npm.community#6076](https://npm.community/t/npm-ci-fail-to-local-packages/6076) Fix `npm ci` with `file:` dependencies. Partially reverts [#​40](https://togithub.com/npm/cli/pull/40)/[#​86](https://togithub.com/npm/cli/pull/86), recording dependencies of linked deps in order for `npm ci` to work. ([@​jfirebaugh](https://togithub.com/jfirebaugh)) ##### DEPENDENCIES - [`0fefdee13`](https://togithub.com/npm/cli/commit/0fefdee130fd7d0dbb240fb9ecb50a793fbf3d29) `cacache@12.0.2` ([@​isaacs](https://togithub.com/isaacs)) - infer uid/gid instead of accepting as options, preventing the overwhelming majority of cases where root-owned files end up in the cache folder. ([ac84d14](https://togithub.com/npm/cacache/commit/ac84d14)) ([@​isaacs](https://togithub.com/isaacs)) ([#​1](https://togithub.com/npm/cacache/pull/1)) - **i18n:** add another error message ([676cb32](https://togithub.com/npm/cacache/commit/676cb32)) ([@​zkat](https://togithub.com/zkat)) - [`e1d87a392`](https://togithub.com/npm/cli/commit/e1d87a392371a070b0788ab7bfc62be18b21e9ad) `pacote@9.5.4` ([@​isaacs](https://togithub.com/isaacs)) - git: ensure stream failures are reported ([7f07b5d](https://togithub.com/npm/pacote/commit/7f07b5d)) [#​1](https://togithub.com/npm/pacote/issues/1) ([@​lddubeau](https://togithub.com/lddubeau)) - [`3f035bf09`](https://togithub.com/npm/cli/commit/3f035bf098e2feea76574cec18b04812659aa16d) `infer-owner@1.0.4` ([@​isaacs](https://togithub.com/isaacs)) - [`ba3283112`](https://togithub.com/npm/cli/commit/ba32831126591d2f6f48e31a4a2329b533b1ff19) `npm-registry-fetch@4.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`ee90c334d`](https://togithub.com/npm/cli/commit/ee90c334d271383d0325af42f20f80f34cb61f07) `libnpm@3.0.1` ([@​isaacs](https://togithub.com/isaacs)) - [`1e480c384`](https://togithub.com/npm/cli/commit/1e480c38416982ae28b5cdd48c698ca59d3c0395) `libnpmaccess@3.0.2` ([@​isaacs](https://togithub.com/isaacs)) - [`7662ee850`](https://togithub.com/npm/cli/commit/7662ee850220c71ecaec639adbc7715286f0d28b) `libnpmhook@5.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`1357fadc6`](https://togithub.com/npm/cli/commit/1357fadc613d0bfeb40f9a8f3ecace2face2fe2c) `libnpmorg@1.0.1` ([@​isaacs](https://togithub.com/isaacs)) - [`a621b5cb6`](https://togithub.com/npm/cli/commit/a621b5cb6c881f95a11af86a8051754a67ae017c) `libnpmsearch@2.0.2` ([@​isaacs](https://togithub.com/isaacs)) - [`560cd31dd`](https://togithub.com/npm/cli/commit/560cd31dd51b6aa2e396ccdd7289fab0a50b5608) `libnpmteam@1.0.2` ([@​isaacs](https://togithub.com/isaacs)) - [`de7ae0867`](https://togithub.com/npm/cli/commit/de7ae0867d4c0180edc283457ce0b4e8e5eee554) `npm-profile@4.0.2` ([@​isaacs](https://togithub.com/isaacs)) - [`e95da463c`](https://togithub.com/npm/cli/commit/e95da463cb7a325457ef411a569d7ef4bf76901d) `libnpm@3.0.1` ([@​isaacs](https://togithub.com/isaacs)) - [`554b641d4`](https://togithub.com/npm/cli/commit/554b641d49d135ae8d137e83aa288897c32dacc6) `npm-registry-fetch@4.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`06772f34a`](https://togithub.com/npm/cli/commit/06772f34ab851440dcd78574736936c674a84aed) `node-gyp@5.0.3` ([@​isaacs](https://togithub.com/isaacs)) - [`85358db80`](https://togithub.com/npm/cli/commit/85358db80d6ccb5f7bc9a0b4d558ac6dd2468394) `npm-lifecycle@3.1.2` ([@​isaacs](https://togithub.com/isaacs)) - [`051cf20`](https://togithub.com/npm/npm-lifecycle/commit/051cf20072a01839c17920d2e841756251c4f924) [#​26](https://togithub.com/npm/npm-lifecycle/pull/26) fix switches for alternative shells on Windows ([@​gucong3000](https://togithub.com/gucong3000)) - [`3aaf954`](https://togithub.com/npm/npm-lifecycle/commit/3aaf95435965e8f7acfd955582cf85237afd2c9b) [#​25](https://togithub.com/npm/npm-lifecycle/pull/25) set only one PATH env variable for child process on Windows ([@​zkochan](https://togithub.com/zkochan)) - [`ea18ed2`](https://togithub.com/npm/npm-lifecycle/commit/ea18ed2b754ca7f11998cad70d88e9004c5bef4a) [#​36](https://togithub.com/npm/npm-lifecycle/pull/36) [#​11](https://togithub.com/npm/npm-lifecycle/issue/11) [#​18](https://togithub.com/npm/npm-lifecycle/issue/18) remove procInterrupt listener on SIGINT in procError ([@​mattshin](https://togithub.com/mattshin)) - [`5523951`](https://togithub.com/npm/npm-lifecycle/commit/55239519c57b82521605622e6c71640a31ed4586) [#​29](https://togithub.com/npm/npm-lifecycle/issue/29) [#​30](https://togithub.com/npm/npm-lifecycle/pull/30) Use platform specific path casing if present ([@​mattezell](https://togithub.com/mattezell)) ### [`v6.10.1`](https://togithub.com/npm/cli/releases/tag/v6.10.1) [Compare Source](https://togithub.com/npm/cli/compare/v6.10.0...v6.10.1) ##### BUGFIXES - [`3cbd57712`](https://togithub.com/npm/cli/commit/3cbd577120a9da6e51bb8b13534d1bf71ea5712c) fix(git): strip GIT environs when running git ([@​isaacs](https://togithub.com/isaacs)) - [`a81a8c4c4`](https://togithub.com/npm/cli/commit/a81a8c4c466f510215a51cef1bb08544d11844fe) [#​206](https://togithub.com/npm/cli/pull/206) improve isOnly(Dev,Optional) ([@​larsgw](https://togithub.com/larsgw)) - [`172f9aca6`](https://togithub.com/npm/cli/commit/172f9aca67a66ee303c17f90a994cd52fc66552a) [#​179](https://togithub.com/npm/cli/pull/179) fix-xmas-underline ([@​raywu0123](https://togithub.com/raywu0123)) - [`f52673fc7`](https://togithub.com/npm/cli/commit/f52673fc7284e58af8c04533e82b76bf7add72cf) [#​212](https://togithub.com/npm/cli/pull/212) build: use `/usr/bin/env` to load bash ([@​rsmarples](https://togithub.com/rsmarples)) ##### DEPENDENCIES - [`ef4445ad3`](https://togithub.com/npm/cli/commit/ef4445ad34a53b5639499c8e3c9752f62ee6f37c) [#​208](https://togithub.com/npm/cli/pull/208) `node-gyp@5.0.2` ([@​irega](https://togithub.com/irega)) - [`c0d611356`](https://togithub.com/npm/cli/commit/c0d611356f7b23077e97574b01c8886e544db425) `npm-lifecycle@3.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`7716ba972`](https://togithub.com/npm/cli/commit/7716ba9720270d5b780755a5bb1ce79702067f1f) `libcipm@4.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`42d22e837`](https://togithub.com/npm/cli/commit/42d22e8374c7d303d94e405d7385d94dd2558814) `libnpm@3.0.0` ([@​isaacs](https://togithub.com/isaacs)) - [`a2ea7f9ff`](https://togithub.com/npm/cli/commit/a2ea7f9ff64ae743d05fdbf7d46fb9afafa8aa6f) `semver@5.7.0` ([@​isaacs](https://togithub.com/isaacs)) - [`429226a5e`](https://togithub.com/npm/cli/commit/429226a5e992cd907d4f19bd738037007cf78c1f) `lru-cache@5.1.1` ([@​isaacs](https://togithub.com/isaacs)) - [`175670ea6`](https://togithub.com/npm/cli/commit/175670ea65cca03f8b2e957df3dd4b8b0efd0e1f) `npm-registry-fetch@3.9.1`: ([@​isaacs](https://togithub.com/isaacs)) - [`0d0517f7f`](https://togithub.com/npm/cli/commit/0d0517f7f8c902b5064ac18fb4015b31750ad2b2) `call-limit@1.1.1` ([@​isaacs](https://togithub.com/isaacs)) - [`741400429`](https://togithub.com/npm/cli/commit/74140042917ea241062a812ceb65c5423c2bafa9) `glob@7.1.4` ([@​isaacs](https://togithub.com/isaacs)) - [`bddd60e30`](https://togithub.com/npm/cli/commit/bddd60e302283a4a70d35f8f742e42bd13f4dabf) `inherits@2.0.4` ([@

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.