npm-registry-client@6.0.7

* ensure that all request settings are copied onto the agent (fix #7226)
* lazily instantiate agents
* properly handle retry failures on fetch
* allow overriding request's environment-based proxy handling

5 files changed, 131 insertions, 20 deletions

diff --git a/node_modules/npm-registry-client/lib/fetch.js b/node_modules/npm-registry-client/lib/fetch.js
index b0764b610..2d1c6f6b8 100644
--- a/node_modules/npm-registry-client/lib/fetch.js
+++ b/node_modules/npm-registry-client/lib/fetch.js
@@ -22,6 +22,9 @@ function fetch (uri, params, cb) {
         if (operation.retry(er)) {
           client.log.info("retry", "will retry, error on last attempt: " + er)
         }
+        else {
+          cb(er)
+        }
       })
 
       req.on("response", function (res) {
diff --git a/node_modules/npm-registry-client/lib/initialize.js b/node_modules/npm-registry-client/lib/initialize.js
index bd5a4caae..e7215bc78 100644
--- a/node_modules/npm-registry-client/lib/initialize.js
+++ b/node_modules/npm-registry-client/lib/initialize.js
@@ -4,8 +4,8 @@ var HttpsAgent = require("https").Agent
 
 var pkg = require("../package.json")
 
-var httpAgent = new HttpAgent({ keepAlive : true })
-var httpsAgent = new HttpsAgent({ keepAlive : true })
+var httpAgent
+var httpsAgent
 
 module.exports = initialize
 
@@ -23,21 +23,28 @@ function initialize (uri, method, accept, headers) {
     strictSSL    : this.config.ssl.strict,
     cert         : this.config.ssl.certificate,
     key          : this.config.ssl.key,
-    ca           : this.config.ssl.ca
+    ca           : this.config.ssl.ca,
+    agent        : getAgent(uri.protocol, this.config)
   }
 
-  // request will not pay attention to the NOPROXY environment variable if a
-  // config value named proxy is passed in, even if it's set to null.
-  var proxy
-  if (uri.protocol === "https:") {
-    proxy = this.config.proxy.https
-    opts.agent = httpsAgent
+  // allow explicit disabling of proxy in environment via CLI
+  //
+  // how false gets here is the CLI's problem (it's gross)
+  if (this.config.proxy.http === false) {
+    opts.proxy = null
   }
   else {
-    proxy = this.config.proxy.http
-    opts.agent = httpAgent
+    // request will not pay attention to the NOPROXY environment variable if a
+    // config value named proxy is passed in, even if it's set to null.
+    var proxy
+    if (uri.protocol === "https:") {
+      proxy = this.config.proxy.https
+    }
+    else {
+      proxy = this.config.proxy.http
+    }
+    if (typeof proxy === "string") opts.proxy = proxy
   }
-  if (typeof proxy === "string") opts.proxy = proxy
 
   headers.version = this.version || pkg.version
   headers.accept = accept
@@ -49,3 +56,30 @@ function initialize (uri, method, accept, headers) {
 
   return opts
 }
+
+function getAgent (protocol, config) {
+  if (protocol === "https:") {
+    if (!httpsAgent) {
+      httpsAgent = new HttpsAgent({
+        keepAlive          : true,
+        localAddress       : config.proxy.localAddress,
+        rejectUnauthorized : config.ssl.strict,
+        ca                 : config.ssl.ca,
+        cert               : config.ssl.cert,
+        key                : config.ssl.key
+      })
+    }
+
+    return httpsAgent
+  }
+  else {
+    if (!httpAgent) {
+      httpAgent = new HttpAgent({
+        keepAlive    : true,
+        localAddress : config.proxy.localAddress
+      })
+    }
+
+    return httpAgent
+  }
+}
diff --git a/node_modules/npm-registry-client/lib/request.js b/node_modules/npm-registry-client/lib/request.js
index fa969ac22..c2a7944e9 100644
--- a/node_modules/npm-registry-client/lib/request.js
+++ b/node_modules/npm-registry-client/lib/request.js
@@ -123,7 +123,7 @@ function makeRequest (uri, params, cb_) {
 
   if (params.lastModified && params.method === "GET") {
     this.log.verbose("lastModified", params.lastModified)
-    headers["if-modified-since"] = params.lastModified;
+    headers["if-modified-since"] = params.lastModified
   }
 
   // figure out wth body is
@@ -226,8 +226,8 @@ function requestDone (method, where, cb) {
       parsed._etag = response.headers.etag
     }
 
-    if (parsed && response.headers['last-modified']) {
-      parsed._lastModified = response.headers['last-modified']
+    if (parsed && response.headers["last-modified"]) {
+      parsed._lastModified = response.headers["last-modified"]
     }
 
     // for the search endpoint, the "error" property can be an object
diff --git a/node_modules/npm-registry-client/package.json b/node_modules/npm-registry-client/package.json
index 323836668..0cd832ad7 100644
--- a/node_modules/npm-registry-client/package.json
+++ b/node_modules/npm-registry-client/package.json
@@ -6,7 +6,7 @@
   },
   "name": "npm-registry-client",
   "description": "Client for the npm registry",
-  "version": "6.0.4",
+  "version": "6.0.7",
   "repository": {
     "url": "git://github.com/isaacs/npm-registry-client"
   },
@@ -38,14 +38,14 @@
     "npmlog": ""
   },
   "license": "ISC",
-  "gitHead": "d0ff500fcce01ac193d4988f442b868c6dcf142f",
   "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\nvar uri = \"npm://registry.npmjs.org/npm\"\nvar params = {timeout: 1000}\n\nclient.get(uri, params, function (error, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Registry URLs\n\nThe registry calls take either a full URL pointing to a resource in the\nregistry, or a base URL for the registry as a whole (including the registry\npath – but be sure to terminate the path with `/`). `http` and `https` URLs are\nthe only ones supported.\n\n## Using the client\n\nEvery call to the client follows the same pattern:\n\n* `uri` {String} The *fully-qualified* URI of the registry API method being\n  invoked.\n* `params` {Object} Per-request parameters.\n* `callback` {Function} Callback to be invoked when the call is complete.\n\n### Credentials\n\nMany requests to the registry can by authenticated, and require credentials\nfor authorization. These credentials always look the same:\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n**or**\n\n* `token` {String}\n* `alwaysAuth` {Boolean} Whether calls to the target registry are always\n  authed.\n\n## API\n\n### client.access(uri, params, cb)\n\n* `uri` {String} Registry URL for the package's access API endpoint.\n  Looks like `/-/package/<package name>/access`.\n* `params` {Object} Object containing per-request properties.\n  * `access` {String} New access level for the package. Can be either\n    `public` or `restricted`. Registry will raise an error if trying\n    to change the access level of an unscoped package.\n  * `auth` {Credentials}\n\nSet the access level for scoped packages. For now, there are only two\naccess levels: \"public\" and \"restricted\".\n\n### client.adduser(uri, params, cb)\n\n* `uri` {String} Base registry URL.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nAdd a user account to the registry, or verify the credentials.\n\n### client.deprecate(uri, params, cb)\n\n* `uri` {String} Full registry URI for the deprecated package.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Semver version range.\n  * `message` {String} The message to use as a deprecation warning.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nDeprecate a version of a package in the registry.\n\n### client.distTags.fetch(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nFetch all of the `dist-tags` for the named package.\n\n### client.distTags.add(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `version` {String} Exact version to be mapped to the `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nAdd (or replace) a single dist-tag onto the named package.\n\n### client.distTags.set(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSet all of the `dist-tags` for the named package at once, creating any\n`dist-tags` that do not already exit. Any `dist-tags` not included in the\n`distTags` map will be removed.\n\n### client.distTags.update(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTags` {Object} Object containing a map from tag names to package\n     versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nUpdate the values of multiple `dist-tags`, creating any `dist-tags` that do\nnot already exist. Any pre-existing `dist-tags` not included in the `distTags`\nmap will be left alone.\n\n### client.distTags.rm(uri, params, cb)\n\n* `uri` {String} Base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `package` {String} Name of the package.\n  * `distTag` {String} Name of the new `dist-tag`.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a single `dist-tag` from the named package.\n\n### client.get(uri, params, cb)\n\n* `uri` {String} The complete registry URI to fetch\n* `params` {Object} Object containing per-request properties.\n  * `timeout` {Number} Duration before the request times out. Optional\n    (default: never).\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `staleOk` {Boolean} If there's cached data available, then return that to\n    the callback quickly, and update the cache the background. Optional\n    (default: false).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetches data from the registry via a GET request, saving it in the cache folder\nwith the ETag or the \"Last Modified\" timestamp.\n\n### client.publish(uri, params, cb)\n\n* `uri` {String} The registry URI for the package to publish.\n* `params` {Object} Object containing per-request properties.\n  * `metadata` {Object} Package metadata.\n  * `access` {String} Access for the package. Can be `public` or `restricted` (no default).\n  * `body` {Stream} Stream of the package body / tarball.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.\n\n### client.star(uri, params, cb)\n\n* `uri` {String} The complete registry URI for the package to star.\n* `params` {Object} Object containing per-request properties.\n  * `starred` {Boolean} True to star the package, false to unstar it. Optional\n    (default: false).\n  * `auth` {Credentials}\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or unstar a\npackage, though other writes do require that the user be the package owner.\n\n### client.stars(uri, params, cb)\n\n* `uri` {String} The base URL for the registry.\n* `params` {Object} Object containing per-request properties.\n  * `username` {String} Name of user to fetch starred packages for. Optional\n    (default: user in `auth`).\n  * `auth` {Credentials} Optional (required if `username` is omitted).\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n### client.tag(uri, params, cb)\n\n* `uri` {String} The complete registry URI to tag\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} Version to tag.\n  * `tag` {String} Tag name to apply.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag` will fetch the\nspecified version.\n\n### client.unpublish(uri, params, cb)\n\n* `uri` {String} The complete registry URI of the package to unpublish.\n* `params` {Object} Object containing per-request properties.\n  * `version` {String} version to unpublish. Optional – omit to unpublish all\n    versions.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When the\nlast version us unpublished, the entire document is removed from the database.\n\n### client.whoami(uri, params, cb)\n\n* `uri` {String} The base registry for the URI.\n* `params` {Object} Object containing per-request properties.\n  * `auth` {Credentials}\n* `cb` {Function}\n\nSimple call to see who the registry thinks you are. Especially useful with\ntoken-based auth.\n\n\n## PLUMBING\n\nThe below are primarily intended for use by the rest of the API, or by the npm\ncaching logic directly.\n\n### client.request(uri, params, cb)\n\n* `uri` {String} URI pointing to the resource to request.\n* `params` {Object} Object containing per-request properties.\n  * `method` {String} HTTP method. Optional (default: \"GET\").\n  * `body` {Stream | Buffer | String | Object} The request body.  Objects\n    that are not Buffers or Streams are encoded as JSON. Optional – body\n    only used for write operations.\n  * `etag` {String} The cached ETag. Optional.\n  * `lastModified` {String} The cached Last-Modified timestamp. Optional.\n  * `follow` {Boolean} Follow 302/301 responses. Optional (default: true).\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a generic request to the registry. All the other methods are wrappers\naround `client.request`.\n\n### client.fetch(uri, params, cb)\n\n* `uri` {String} The complete registry URI to upload to\n* `params` {Object} Object containing per-request properties.\n  * `headers` {Stream} HTTP headers to be included with the request. Optional.\n  * `auth` {Credentials} Optional.\n* `cb` {Function}\n\nFetch a package from a URL, with auth set appropriately if included. Used to\ncache remote tarballs as well as request package tarballs from the registry.\n\n# Configuration\n\nThe client uses its own configuration, which is just passed in as a simple\nnested object. The following are the supported values (with their defaults, if\nany):\n\n* `proxy.http` {URL} The URL to proxy HTTP requests through.\n* `proxy.https` {URL} The URL to proxy HTTPS requests through. Defaults to be\n  the same as `proxy.http` if unset.\n* `proxy.localAddress` {IP} The local address to use on multi-homed systems.\n* `ssl.ca` {String} Certificate signing authority certificates to trust.\n* `ssl.certificate` {String} Client certificate (PEM encoded). Enable access\n  to servers that require client certificates.\n* `ssl.key` {String} Private key (PEM encoded) for client certificate.\n* `ssl.strict` {Boolean} Whether or not to be strict with SSL certificates.\n  Default = `true`\n* `retry.count` {Number} Number of times to retry on GET failures. Default = 2.\n* `retry.factor` {Number} `factor` setting for `node-retry`. Default = 10.\n* `retry.minTimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default = 10000 (10 seconds)\n* `retry.maxTimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default = 60000 (60 seconds)\n* `userAgent` {String} User agent header to send. Default =\n  `\"node/{process.version}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `defaultTag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `couchToken` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login).\n* `sessionToken` {string} A random identifier for this set of client requests.\n  Default = 8 random hexadecimal bytes.\n",
   "readmeFilename": "README.md",
+  "gitHead": "8691eaf8ca1f4c8a4d16389da6e8f6d0a0042ed9",
   "bugs": {
     "url": "https://github.com/isaacs/npm-registry-client/issues"
   },
   "homepage": "https://github.com/isaacs/npm-registry-client",
-  "_id": "npm-registry-client@6.0.4",
-  "_shasum": "34e41475f5208a0c31bb93fe4e8772fbe4c409f8",
-  "_from": "npm-registry-client@>=6.0.4 <6.1.0"
+  "_id": "npm-registry-client@6.0.7",
+  "_shasum": "c9f36f727f0b72f47a9ed11a539829770565e0fb",
+  "_from": "npm-registry-client@>=6.0.7 <6.1.0"
 }
diff --git a/node_modules/npm-registry-client/test/initialize.js b/node_modules/npm-registry-client/test/initialize.js
new file mode 100644
index 000000000..980a9a7d9
--- /dev/null
+++ b/node_modules/npm-registry-client/test/initialize.js
@@ -0,0 +1,74 @@
+var test = require("tap").test
+
+// var server = require("./lib/server.js")
+var Client = require("../")
+
+test("defaulted initialization", function (t) {
+  var client = new Client()
+  var options = client.initialize(
+    "http://localhost:1337/",
+    "GET",
+    "application/json",
+    {}
+  )
+
+  t.equal(options.url, "http://localhost:1337/", "URLs match")
+  t.equal(options.method, "GET", "methods match")
+  t.equal(options.proxy, undefined, "proxy won't overwrite environment")
+  t.equal(options.localAddress, undefined, "localAddress has no default value")
+  t.equal(options.strictSSL, true, "SSL is strict by default")
+
+  t.equal(options.headers.accept, "application/json", "accept header set")
+  t.equal(
+    options.headers.version,
+    require("../package.json").version,
+    "npm-registry-client version is present in headers"
+  )
+  t.ok(options.headers["npm-session"], "request ID generated")
+  t.ok(options.headers["user-agent"], "user-agent preset")
+
+  var HttpAgent = require("http").Agent
+  t.ok(options.agent instanceof HttpAgent, "got an HTTP agent for an HTTP URL")
+
+  t.end()
+})
+
+test("referer set on client", function (t) {
+  var client = new Client()
+  client.refer = "xtestx"
+  var options = client.initialize(
+    "http://localhost:1337/",
+    "GET",
+    "application/json",
+    {}
+  )
+
+  t.equal(options.headers.referer, "xtestx", "referer header set")
+
+  t.end()
+})
+
+test("initializing with proxy explicitly disabled", function (t) {
+  var client = new Client({ proxy : { http : false }})
+  var options = client.initialize(
+    "http://localhost:1337/",
+    "GET",
+    "application/json",
+    {}
+  )
+  t.ok("proxy" in options, "proxy overridden by explicitly setting to false")
+  t.equal(options.proxy, null, "request will override proxy when empty proxy passed in")
+  t.end()
+})
+
+test("initializing with proxy undefined", function (t) {
+  var client = new Client({ proxy : { http : undefined }})
+  var options = client.initialize(
+    "http://localhost:1337/",
+    "GET",
+    "application/json",
+    {}
+  )
+  t.notOk("proxy" in options, "proxy can be read from env.PROXY by request")
+  t.end()
+})