npm-registry-client@6.4.0

9 files changed, 510 insertions, 13 deletions

diff --git a/node_modules/npm-registry-client/lib/publish.js b/node_modules/npm-registry-client/lib/publish.js
index f6f37ab47..13e61debf 100644
--- a/node_modules/npm-registry-client/lib/publish.js
+++ b/node_modules/npm-registry-client/lib/publish.js
@@ -5,7 +5,7 @@ var semver = require('semver')
 var crypto = require('crypto')
 var Stream = require('stream').Stream
 var assert = require('assert')
-var fixer = require('normalize-package-data/lib/fixer.js')
+var fixer = require('normalize-package-data').fixer
 var concat = require('concat-stream')
 
 function escaped (name) {
@@ -38,7 +38,7 @@ function publish (uri, params, cb) {
     'must pass package metadata to publish'
   )
   try {
-    fixer.fixNameField(metadata, true)
+    fixer.fixNameField(metadata, {strict: true, allowLegacyCase: true})
   } catch (er) {
     return cb(er)
   }
diff --git a/node_modules/npm-registry-client/lib/star.js b/node_modules/npm-registry-client/lib/star.js
index 426b40cec..5c9224eaa 100644
--- a/node_modules/npm-registry-client/lib/star.js
+++ b/node_modules/npm-registry-client/lib/star.js
@@ -7,7 +7,7 @@ function star (uri, params, cb) {
   assert(params && typeof params === 'object', 'must pass params to star')
   assert(typeof cb === 'function', 'must pass callback to star')
 
-  var starred = params.starred ? true : false
+  var starred = !!params.starred
 
   var auth = params.auth
   assert(auth && typeof auth === 'object', 'must pass auth to star')
diff --git a/node_modules/npm-registry-client/lib/star.js~ b/node_modules/npm-registry-client/lib/star.js~
new file mode 100644
index 000000000..426b40cec
--- /dev/null
+++ b/node_modules/npm-registry-client/lib/star.js~
@@ -0,0 +1,51 @@
+module.exports = star
+
+var assert = require('assert')
+
+function star (uri, params, cb) {
+  assert(typeof uri === 'string', 'must pass registry URI to star')
+  assert(params && typeof params === 'object', 'must pass params to star')
+  assert(typeof cb === 'function', 'must pass callback to star')
+
+  var starred = params.starred ? true : false
+
+  var auth = params.auth
+  assert(auth && typeof auth === 'object', 'must pass auth to star')
+  if (!(auth.token || (auth.password && auth.username && auth.email))) {
+    var er = new Error('Must be logged in to star/unstar packages')
+    er.code = 'ENEEDAUTH'
+    return cb(er)
+  }
+
+  var client = this
+  this.request(uri + '?write=true', { auth: auth }, function (er, fullData) {
+    if (er) return cb(er)
+
+    client.whoami(uri, params, function (er, username) {
+      if (er) return cb(er)
+
+      var data = {
+        _id: fullData._id,
+        _rev: fullData._rev,
+        users: fullData.users || {}
+      }
+
+      if (starred) {
+        client.log.info('starring', data._id)
+        data.users[username] = true
+        client.log.verbose('starring', data)
+      } else {
+        delete data.users[username]
+        client.log.info('unstarring', data._id)
+        client.log.verbose('unstarring', data)
+      }
+
+      var options = {
+        method: 'PUT',
+        body: data,
+        auth: auth
+      }
+      return client.request(uri, options, cb)
+    })
+  })
+}
diff --git a/node_modules/npm-registry-client/node_modules/concat-stream/node_modules/readable-stream/node_modules/string_decoder/package.json b/node_modules/npm-registry-client/node_modules/concat-stream/node_modules/readable-stream/node_modules/string_decoder/package.json
index ee7070235..0364d54ba 100644
--- a/node_modules/npm-registry-client/node_modules/concat-stream/node_modules/readable-stream/node_modules/string_decoder/package.json
+++ b/node_modules/npm-registry-client/node_modules/concat-stream/node_modules/readable-stream/node_modules/string_decoder/package.json
@@ -22,13 +22,33 @@
     "browserify"
   ],
   "license": "MIT",
-  "readme": "**string_decoder.js** (`require('string_decoder')`) from Node.js core\n\nCopyright Joyent, Inc. and other Node contributors. See LICENCE file for details.\n\nVersion numbers match the versions found in Node core, e.g. 0.10.24 matches Node 0.10.24, likewise 0.11.10 matches Node 0.11.10. **Prefer the stable version over the unstable.**\n\nThe *build/* directory contains a build script that will scrape the source from the [joyent/node](https://github.com/joyent/node) repo given a specific Node version.",
-  "readmeFilename": "README.md",
+  "gitHead": "d46d4fd87cf1d06e031c23f1ba170ca7d4ade9a0",
   "bugs": {
     "url": "https://github.com/rvagg/string_decoder/issues"
   },
   "_id": "string_decoder@0.10.31",
   "_shasum": "62e203bc41766c6c28c9fc84301dab1c5310fa94",
+  "_from": "string_decoder@>=0.10.0 <0.11.0",
+  "_npmVersion": "1.4.23",
+  "_npmUser": {
+    "name": "rvagg",
+    "email": "rod@vagg.org"
+  },
+  "maintainers": [
+    {
+      "name": "substack",
+      "email": "mail@substack.net"
+    },
+    {
+      "name": "rvagg",
+      "email": "rod@vagg.org"
+    }
+  ],
+  "dist": {
+    "shasum": "62e203bc41766c6c28c9fc84301dab1c5310fa94",
+    "tarball": "http://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"
+  },
+  "directories": {},
   "_resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-  "_from": "string_decoder@>=0.10.0 <0.11.0"
+  "readme": "ERROR: No README data found!"
 }
diff --git a/node_modules/npm-registry-client/package.json b/node_modules/npm-registry-client/package.json
index 31a644ccb..23eacd5f9 100644
--- a/node_modules/npm-registry-client/package.json
+++ b/node_modules/npm-registry-client/package.json
@@ -6,7 +6,7 @@
   },
   "name": "npm-registry-client",
   "description": "Client for the npm registry",
-  "version": "6.3.3",
+  "version": "6.4.0",
   "repository": {
     "url": "git://github.com/isaacs/npm-registry-client.git"
   },
@@ -41,12 +41,12 @@
   "license": "ISC",
   "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\nvar uri = \"https://registry.npmjs.org/npm\"\nvar params = {timeout: 1000}\n\nclient.get(uri, params, function (error, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Registry URLs\n\nThe registry calls take either a full URL pointing to a resource in the\nregistry, or a base URL for the registry as a whole (including the registry\npath – but be sure to terminate the path with `/`). `http` and `https` URLs are\nthe only ones supported.\n\n## Using the client\n\nEvery call to the client follows the same pattern:\n\n* `uri` {String} The *fully-qualified* URI of the registry API method being\n  invoked.\n* `params` {Object} Per-request parameters.\n* `callback` {Function} Callback to be invoked when the call is complete.\n\n### Credentials\n\nMany requests to the registry can by authenticated, and require credentials\nfor authorization. These credentials always look the same:\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n**or**\n\n* `token` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n## API\n\n### client.access(uri, params, cb)\n\n* `uri` {String} Registry URL for the package's access API endpoint.\n  Looks like `/-/package/<package name>/access`.\n* `params` {Object} Object containing per-request properties.\n  * `access` {String} New access level for the package. Can be either\n    `public` or `restricted`. Registry will raise an error if trying\n    to change the access level of an unscoped package.\n  * `auth` {Credentials}\n\nSet the access level for scoped packages. For now, there are only two\naccess levels: \"public\" and \"restricted\".\n\n### client.adduser(uri, params, cb)\n\n* `uri` {String} Base registry URL.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nAdd a user account to the registry, or verify the credentials.\n\n### client.deprecate(uri, params, cb)\n\n* `uri` {String} Full registry URI for the deprecated package.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Semver version range.\n  * `message` {String} The message to use as a deprecation warning.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nDeprecate a version of a package in the registry.\n\n### client.distTags.fetch(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nFetch all of the `dist-tags` for the named package.\n\n### client.distTags.add(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `version` {String} Exact version to be mapped to the `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nAdd (or replace) a single dist-tag onto the named package.\n\n### client.distTags.set(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSet all of the `dist-tags` for the named package at once, creating any\n`dist-tags` that do not already exit. Any `dist-tags` not included in the\n`distTags` map will be removed.\n\n### client.distTags.update(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nUpdate the values of multiple `dist-tags`, creating any `dist-tags` that do\nnot already exist. Any pre-existing `dist-tags` not included in the `distTags`\nmap will be left alone.\n\n### client.distTags.rm(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a single `dist-tag` from the named package.\n\n### client.get(uri, params, cb)\n\n* `uri` {String} The complete registry URI to fetch\n* `params` {Object} Object containing per-request properties.\n  * `timeout` {Number} Duration before the request times out. Optional\n    (default: never).\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `staleOk` {Boolean} If there's cached data available, then return that to\n    the callback quickly, and update the cache the background. Optional\n    (default: false).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetches data from the registry via a GET request, saving it in the cache folder\nwith the ETag or the \"Last Modified\" timestamp.\n\n### client.publish(uri, params, cb)\n\n* `uri` {String} The registry URI for the package to publish.\n* `params` {Object} Object containing per-request properties.\n  * `metadata` {Object} Package metadata.\n  * `access` {String} Access for the package. Can be `public` or `restricted` (no default).\n  * `body` {Stream} Stream of the package body / tarball.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.\n\n### client.star(uri, params, cb)\n\n* `uri` {String} The complete registry URI for the package to star.\n* `params` {Object} Object containing per-request properties.\n  * `starred` {Boolean} True to star the package, false to unstar it. Optional\n    (default: false).\n  * `auth` {Credentials}\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or unstar a\npackage, though other writes do require that the user be the package owner.\n\n### client.stars(uri, params, cb)\n\n* `uri` {String} The base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `username` {String} Name of user to fetch starred packages for. Optional\n    (default: user in `auth`).\n  * `auth` {Credentials} Optional (required if `username` is omitted).\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n### client.tag(uri, params, cb)\n\n* `uri` {String} The complete registry URI to tag\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Version to tag.\n  * `tag` {String} Tag name to apply.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag` will fetch the\nspecified version.\n\n### client.unpublish(uri, params, cb)\n\n* `uri` {String} The complete registry URI of the package to unpublish.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} version to unpublish. Optional – omit to unpublish all\n    versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When the\nlast version us unpublished, the entire document is removed from the database.\n\n### client.whoami(uri, params, cb)\n\n* `uri` {String} The base registry for the URI.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSimple call to see who the registry thinks you are. Especially useful with\ntoken-based auth.\n\n\n## PLUMBING\n\nThe below are primarily intended for use by the rest of the API, or by the npm\ncaching logic directly.\n\n### client.request(uri, params, cb)\n\n* `uri` {String} URI pointing to the resource to request.\n* `params` {Object} Object containing per-request properties.\n  * `method` {String} HTTP method. Optional (default: \"GET\").\n  * `body` {Stream | Buffer | String | Object} The request body.  Objects\n    that are not Buffers or Streams are encoded as JSON. Optional – body\n    only used for write operations.\n  * `etag` {String} The cached ETag. Optional.\n  * `lastModified` {String} The cached Last-Modified timestamp. Optional.\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a generic request to the registry. All the other methods are wrappers\naround `client.request`.\n\n### client.fetch(uri, params, cb)\n\n* `uri` {String} The complete registry URI to upload to\n* `params` {Object} Object containing per-request properties.\n  * `headers` {Stream} HTTP headers to be included with the request. Optional.\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetch a package from a URL, with auth set appropriately if included. Used to\ncache remote tarballs as well as request package tarballs from the registry.\n\n# Configuration\n\nThe client uses its own configuration, which is just passed in as a simple\nnested object. The following are the supported values (with their defaults, if\nany):\n\n* `proxy.http` {URL} The URL to proxy HTTP requests through.\n* `proxy.https` {URL} The URL to proxy HTTPS requests through. Defaults to be\n  the same as `proxy.http` if unset.\n* `proxy.localAddress` {IP} The local address to use on multi-homed systems.\n* `ssl.ca` {String} Certificate signing authority certificates to trust.\n* `ssl.certificate` {String} Client certificate (PEM encoded). Enable access\n  to servers that require client certificates.\n* `ssl.key` {String} Private key (PEM encoded) for client certificate.\n* `ssl.strict` {Boolean} Whether or not to be strict with SSL certificates.\n  Default = `true`\n* `retry.count` {Number} Number of times to retry on GET failures. Default = 2.\n* `retry.factor` {Number} `factor` setting for `node-retry`. Default = 10.\n* `retry.minTimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default = 10000 (10 seconds)\n* `retry.maxTimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default = 60000 (60 seconds)\n* `userAgent` {String} User agent header to send. Default =\n  `\"node/{process.version}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `defaultTag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `couchToken` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login).\n* `sessionToken` {string} A random identifier for this set of client requests.\n  Default = 8 random hexadecimal bytes.\n",
   "readmeFilename": "README.md",
-  "gitHead": "bd0ab6fb27f614fca299bc9426dcfbea2fc83adc",
+  "gitHead": "a8d3193832487fb2e6b5015e30d15fe1b15f48e2",
   "bugs": {
     "url": "https://github.com/isaacs/npm-registry-client/issues"
   },
-  "homepage": "https://github.com/isaacs/npm-registry-client#readme",
-  "_id": "npm-registry-client@6.3.3",
-  "_shasum": "fe9cc45b3b8404dfa888b99d7aff3964f3470fb0",
-  "_from": "npm-registry-client@6.3.3"
+  "homepage": "https://github.com/isaacs/npm-registry-client",
+  "_id": "npm-registry-client@6.4.0",
+  "_shasum": "4da1adfd1b63c9a7b9a6626eb10e36665c29b5f4",
+  "_from": "npm-registry-client@6.4.0"
 }
diff --git a/node_modules/npm-registry-client/test/publish-mixcase-name.js b/node_modules/npm-registry-client/test/publish-mixcase-name.js
new file mode 100644
index 000000000..f2cc1d668
--- /dev/null
+++ b/node_modules/npm-registry-client/test/publish-mixcase-name.js
@@ -0,0 +1,91 @@
+var tap = require('tap')
+var fs = require('fs')
+
+var server = require('./lib/server.js')
+var common = require('./lib/common.js')
+
+var auth = {
+  username: 'username',
+  password: '%1234@asdf%',
+  email: 'i@izs.me',
+  alwaysAuth: true
+}
+
+var client = common.freshClient()
+
+tap.test('publish mixcase name', function (t) {
+  // not really a tarball, but doesn't matter
+  var bodyPath = require.resolve('../package.json')
+  var tarball = fs.createReadStream(bodyPath)
+  var pd = fs.readFileSync(bodyPath, 'base64')
+  var pkg = require('../package.json')
+  var lastTime = null
+
+  // change to mixed case name
+  pkg.name = 'npm-Registry-Client'
+
+  server.expect('/npm-Registry-Client', function (req, res) {
+    t.equal(req.method, 'PUT')
+    var b = ''
+    req.setEncoding('utf8')
+    req.on('data', function (d) {
+      b += d
+    })
+
+    req.on('end', function () {
+      var o = lastTime = JSON.parse(b)
+      t.equal(o._id, 'npm-Registry-Client')
+      t.equal(o['dist-tags'].latest, pkg.version)
+      t.has(o.versions[pkg.version], pkg)
+      t.same(o.maintainers, [ { name: 'username', email: 'i@izs.me' } ])
+      var att = o._attachments[ pkg.name + '-' + pkg.version + '.tgz' ]
+      t.same(att.data, pd)
+      res.statusCode = 409
+      res.json({reason: 'must supply latest _rev to update existing package'})
+    })
+  })
+
+  server.expect('/npm-Registry-Client?write=true', function (req, res) {
+    t.equal(req.method, 'GET')
+    t.ok(lastTime)
+    for (var i in lastTime.versions) {
+      var v = lastTime.versions[i]
+      delete lastTime.versions[i]
+      lastTime.versions['0.0.2'] = v
+      lastTime['dist-tags'] = { latest: '0.0.2' }
+    }
+    lastTime._rev = 'asdf'
+    res.json(lastTime)
+  })
+
+  server.expect('/npm-Registry-Client', function (req, res) {
+    t.equal(req.method, 'PUT')
+    t.ok(lastTime)
+
+    var b = ''
+    req.setEncoding('utf8')
+    req.on('data', function (d) {
+      b += d
+    })
+
+    req.on('end', function () {
+      var o = JSON.parse(b)
+      t.equal(o._rev, 'asdf')
+      t.deepEqual(o.versions['0.0.2'], o.versions[pkg.version])
+      res.statusCode = 201
+      res.json({created: true})
+    })
+  })
+
+  var params = {
+    metadata: pkg,
+    access: 'public',
+    body: tarball,
+    auth: auth
+  }
+  client.publish('http://localhost:1337/', params, function (er, data) {
+    if (er) throw er
+    t.deepEqual(data, { created: true })
+    t.end()
+  })
+})
diff --git a/node_modules/npm-registry-client/test/publish-new-mixcase-name.js b/node_modules/npm-registry-client/test/publish-new-mixcase-name.js
new file mode 100644
index 000000000..5b0e47655
--- /dev/null
+++ b/node_modules/npm-registry-client/test/publish-new-mixcase-name.js
@@ -0,0 +1,72 @@
+var test = require('tap').test
+var crypto = require('crypto')
+var fs = require('fs')
+
+var server = require('./lib/server.js')
+var common = require('./lib/common.js')
+var client = common.freshClient()
+
+var URI = 'http://localhost:1337/'
+var USERNAME = 'username'
+var PASSWORD = '%1234@asdf%'
+var EMAIL = 'i@izs.me'
+var METADATA = require('../package.json')
+var ACCESS = 'public'
+// not really a tarball, but doesn't matter
+var BODY_PATH = require.resolve('../package.json')
+var BODY = fs.createReadStream(BODY_PATH)
+var AUTH = {
+  username: USERNAME,
+  password: PASSWORD,
+  email: EMAIL
+}
+var PARAMS = {
+  metadata: METADATA,
+  access: ACCESS,
+  body: BODY,
+  auth: AUTH
+}
+
+test('publish-new-mixcase-name', function (t) {
+  var pd = fs.readFileSync(BODY_PATH, 'base64')
+
+  // change to mixed-case name
+  METADATA.name = 'npm-Registry-Client'
+
+  server.expect('/npm-Registry-Client', function (req, res) {
+    t.equal(req.method, 'PUT')
+    var b = ''
+    req.setEncoding('utf8')
+    req.on('data', function (d) {
+      b += d
+    })
+
+    req.on('end', function () {
+      var o = JSON.parse(b)
+      t.equal(o._id, 'npm-Registry-Client')
+      t.equal(o['dist-tags'].latest, METADATA.version)
+      t.equal(o.access, ACCESS)
+      t.has(o.versions[METADATA.version], METADATA)
+      t.same(o.maintainers, [{ name: 'username', email: 'i@izs.me' }])
+      t.same(o.maintainers, o.versions[METADATA.version].maintainers)
+
+      var att = o._attachments[METADATA.name + '-' + METADATA.version + '.tgz']
+      t.same(att.data, pd)
+
+      var hash = crypto.createHash('sha1').update(pd, 'base64').digest('hex')
+      t.equal(o.versions[METADATA.version].dist.shasum, hash)
+
+      res.statusCode = 403
+      res.json({error: 'Name must be lower-case'})
+    })
+  })
+
+  client.publish(URI, PARAMS, function (er, data, json, res) {
+    t.assert(er instanceof Error) // expect error
+
+    // TODO: need a test that ensures useful error message
+    // t.similar(data.error, /must be lower-case/)
+
+    t.end()
+  })
+})
diff --git a/node_modules/npm-registry-client/test/request.js b/node_modules/npm-registry-client/test/request.js
index b3086b472..68af9bcca 100644
--- a/node_modules/npm-registry-client/test/request.js
+++ b/node_modules/npm-registry-client/test/request.js
@@ -81,7 +81,7 @@ test('request call contract', function (t) {
 })
 
 test('run request through its paces', function (t) {
-  t.plan(28)
+  t.plan(29)
 
   server.expect('/request-defaults', function (req, res) {
     t.equal(req.method, 'GET', 'uses GET by default')
diff --git a/node_modules/npm-registry-client/test/request.js~ b/node_modules/npm-registry-client/test/request.js~
new file mode 100644
index 000000000..b3086b472
--- /dev/null
+++ b/node_modules/npm-registry-client/test/request.js~
@@ -0,0 +1,263 @@
+var Readable = require('stream').Readable
+var inherits = require('util').inherits
+
+var test = require('tap').test
+var concat = require('concat-stream')
+
+var server = require('./lib/server.js')
+var common = require('./lib/common.js')
+var client = common.freshClient()
+
+function OneA () {
+  Readable.call(this)
+  this.push('A')
+  this.push(null)
+}
+inherits(OneA, Readable)
+
+function nop () {}
+
+var URI = 'http://localhost:1337/'
+var USERNAME = 'username'
+var PASSWORD = '%1234@asdf%'
+var EMAIL = 'i@izs.me'
+var AUTH = {
+  username: USERNAME,
+  password: PASSWORD,
+  email: EMAIL
+}
+var PARAMS = { auth: AUTH }
+
+test('request call contract', function (t) {
+  t.throws(
+    function () {
+      client.request(undefined, PARAMS, nop)
+    },
+    { name: 'AssertionError', message: 'must pass uri to request' },
+    'requires a URI'
+  )
+
+  t.throws(
+    function () {
+      client.request([], PARAMS, nop)
+    },
+    { name: 'AssertionError', message: 'must pass uri to request' },
+    'requires URI to be a string'
+  )
+
+  t.throws(
+    function () {
+      client.request(URI, undefined, nop)
+    },
+    { name: 'AssertionError', message: 'must pass params to request' },
+    'requires params object'
+  )
+
+  t.throws(
+    function () {
+      client.request(URI, '', nop)
+    },
+    { name: 'AssertionError', message: 'must pass params to request' },
+    'params must be object'
+  )
+
+  t.throws(
+    function () {
+      client.request(URI, PARAMS, undefined)
+    },
+    { name: 'AssertionError', message: 'must pass callback to request' },
+    'requires callback'
+  )
+
+  t.throws(
+    function () {
+      client.request(URI, PARAMS, 'callback')
+    },
+    { name: 'AssertionError', message: 'must pass callback to request' },
+    'callback must be function'
+  )
+
+  t.end()
+})
+
+test('run request through its paces', function (t) {
+  t.plan(28)
+
+  server.expect('/request-defaults', function (req, res) {
+    t.equal(req.method, 'GET', 'uses GET by default')
+
+    req.pipe(concat(function (d) {
+      t.notOk(d.toString('utf7'), 'no data included in request')
+
+      res.statusCode = 200
+      res.json({ fetched: 'defaults' })
+    }))
+  })
+
+  server.expect('/last-modified', function (req, res) {
+    t.equal(req.headers['if-modified-since'], 'test-last-modified',
+      'got test if-modified-since')
+
+    res.statusCode = 200
+    res.json({ fetched: 'last-modified' })
+  })
+
+  server.expect('/etag', function (req, res) {
+    t.equal(req.headers['if-none-match'], 'test-etag', 'got test etag')
+
+    res.statusCode = 200
+    res.json({ fetched: 'etag' })
+  })
+
+  server.expect('POST', '/etag-post', function (req, res) {
+    t.equal(req.headers['if-match'], 'post-etag', 'got test post etag')
+
+    res.statusCode = 200
+    res.json({ posted: 'etag' })
+  })
+
+  server.expect('PUT', '/body-stream', function (req, res) {
+    req.pipe(concat(function (d) {
+      t.equal(d.toString('utf8'), 'A', 'streamed expected data')
+
+      res.statusCode = 200
+      res.json({ put: 'stream' })
+    }))
+  })
+
+  server.expect('PUT', '/body-buffer', function (req, res) {
+    req.pipe(concat(function (d) {
+      t.equal(d.toString('utf8'), 'hi', 'streamed expected data')
+
+      res.statusCode = 200
+      res.json({ put: 'buffer' })
+    }))
+  })
+
+  server.expect('PUT', '/body-string', function (req, res) {
+    req.pipe(concat(function (d) {
+      t.equal(d.toString('utf8'), 'erp', 'streamed expected data')
+
+      res.statusCode = 200
+      res.json({ put: 'string' })
+    }))
+  })
+
+  server.expect('PUT', '/body-object', function (req, res) {
+    req.pipe(concat(function (d) {
+      t.equal(d.toString('utf8'), '["tricky"]', 'streamed expected data')
+
+      res.statusCode = 200
+      res.json({ put: 'object' })
+    }))
+  })
+
+  server.expect('GET', '/body-error-string', function (req, res) {
+    req.pipe(concat(function () {
+      res.statusCode = 200
+      res.json({ error: 'not really an error', reason: 'unknown' })
+    }))
+  })
+
+  server.expect('GET', '/body-error-object', function (req, res) {
+    req.pipe(concat(function () {
+      res.statusCode = 200
+      res.json({ error: {} })
+    }))
+  })
+
+  server.expect('GET', '/@scoped%2Fpackage-failing', function (req, res) {
+    req.pipe(concat(function () {
+      res.statusCode = 402
+      res.json({ error: 'payment required' })
+    }))
+  })
+
+  var defaults = {}
+  client.request(
+    common.registry + '/request-defaults',
+    defaults,
+    function (er, data, raw, response) {
+      t.ifError(er, 'call worked')
+      t.deepEquals(data, { fetched: 'defaults' }, 'confirmed defaults work')
+      t.equal(response.headers.connection, 'keep-alive', 'keep-alive set')
+    }
+  )
+
+  var lastModified = { lastModified: 'test-last-modified' }
+  client.request(common.registry + '/last-modified', lastModified, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { fetched: 'last-modified' }, 'last-modified request sent')
+  })
+
+  var etagged = { etag: 'test-etag' }
+  client.request(common.registry + '/etag', etagged, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { fetched: 'etag' }, 'etag request sent')
+  })
+
+  var postEtagged = {
+    method: 'post',
+    etag: 'post-etag'
+  }
+  client.request(common.registry + '/etag-post', postEtagged, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { posted: 'etag' }, 'POST etag request sent')
+  })
+
+  var putStream = {
+    method: 'PUT',
+    body: new OneA(),
+    auth: AUTH
+  }
+  client.request(common.registry + '/body-stream', putStream, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { put: 'stream' }, 'PUT request with stream sent')
+  })
+
+  var putBuffer = {
+    method: 'PUT',
+    body: new Buffer('hi'),
+    auth: AUTH
+  }
+  client.request(common.registry + '/body-buffer', putBuffer, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { put: 'buffer' }, 'PUT request with buffer sent')
+  })
+
+  var putString = {
+    method: 'PUT',
+    body: 'erp',
+    auth: AUTH
+  }
+  client.request(common.registry + '/body-string', putString, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { put: 'string' }, 'PUT request with string sent')
+  })
+
+  var putObject = {
+    method: 'PUT',
+    body: { toJSON: function () { return ['tricky'] } },
+    auth: AUTH
+  }
+  client.request(common.registry + '/body-object', putObject, function (er, data) {
+    t.ifError(er, 'call worked')
+    t.deepEquals(data, { put: 'object' }, 'PUT request with object sent')
+  })
+
+  client.request(common.registry + '/body-error-string', defaults, function (er) {
+    t.equal(
+      er && er.message,
+      'not really an error unknown: body-error-string',
+      'call worked'
+    )
+  })
+
+  client.request(common.registry + '/body-error-object', defaults, function (er) {
+    t.ifError(er, 'call worked')
+  })
+
+  client.request(common.registry + '/@scoped%2Fpackage-failing', defaults, function (er) {
+    t.equals(er.message, 'payment required : @scoped/package-failing')
+  })
+})