deps: throw StackOverflow in JSON.parse

Backport of:

fc6343a79274b6a1e99037ebb131096e2da05306

from v8 upstream.

Original commit message:

    Catch stack overflow in JSON.parse.

    BUG=

    Review URL: https://chromiumcodereview.appspot.com/11275039

    git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@12816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Reviewed-By: Fedor Indutny <fedor@indutny.com>

AUTHORS

@@ -379,3 +379,10 @@ Chris Dent <chris.dent@gmail.com>
 Dan Milon <danmilon@gmail.com>
 Jacob Gable <jacob.gable@gmail.com>
 Rick Yakubowski <richard@orpha-systems.com>
+Dan Kohn <dan@dankohn.com>
+Timothy J Fontaine <tjfontaine@gmail.com>
+Eugene Girshov <eugene.girshov@nixu.com>
+Raymond Feng <enjoyjava@gmail.com>
+Tobias Müllerleile <tobias@muellerleile.net>
+Daniel Chatfield <chatfielddaniel@gmail.com>
+cjihrig <cjihrig@gmail.com>

CONTRIBUTING.md

@@ -29,10 +29,10 @@ In a nutshell, modules are at varying levels of API stability.  Bug fixes are
 always welcome but API or behavioral  changes to modules at stability level 3
 and up are off-limits.
 
-Node.js has several bundled dependencies in the deps/ directory that are not
-part of the project proper.  Any changes to files in that directory or its
-subdirectories should be sent to their respective projects.  Do not send
-that patch to us, we cannot accept it.
+Node.js has several bundled dependencies in the deps/ and the tools/
+directories that are not part of the project proper.  Any changes to files
+in those directories or its subdirectories should be sent to their respective
+projects.  Do not send your patch to us, we cannot accept it.
 
 In case of doubt, open an issue in the [issue tracker][], post your question
 to the [node.js mailing list][] or contact one of the [project maintainers][]

ChangeLog

@@ -1,4 +1,112 @@
-2013.02.06, Version 0.8.19 (Stable)
+2014.07.31, Version 0.8.28 (maintenance)
+
+* v8: Interrupts must not mask stack overflow. (Fedor Indutny)
+
+
+2014.06.09, Version 0.8.27 (maintenance), a69205346b09eb3fd21e9530a75868b92102e039
+
+* openssl: update to 1.0.0m (CVE-2014-0224)
+
+* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
+  - *NOTE* this introduces a breaking change, previously you could construct
+    invalid UTF-8 and invoke an error in a client that was expecting valid
+    UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
+    character. To restore the old functionality simply have NODE_INVALID_UTF8
+    environment variable set.
+
+* tls: fix pool usage race (Fedor Indutny)
+
+* fs: close file if fstat() fails in readFile() (cjihrig)
+
+
+2013.10.13, Version 0.8.26 (maintenance), 6d391bbbe18217ce20c15c3da2bad71ef836922c
+
+* v8: Upgrade to 3.11.10.26
+
+* crypto: clear openssl error stack when handled (Ben Noordhuis)
+
+* crypto: clear errors from verify failure (Timothy J Fontaine)
+
+* crypto: fix memory leak in LoadPKCS12 (Fedor Indutny)
+
+* http: provide backpressure for pipeline flood (isaacs)
+
+* http_parser: expose pause/resume method for parser (Timothy J Fontaine)
+
+* readline: pause stdin before turning off terminal raw mode (Daniel Chatfield)
+
+
+2013.06.13, Version 0.8.25 (maintenance), 0b9bdb2bc7e1c872f0ea4713517fda22a4b0b202
+
+* npm: Upgrade to 1.2.30
+
+* child_process: fix handle delivery (Ben Noordhuis)
+
+
+2013.06.04, Version 0.8.24 (maintenance), c1a1ab067721ea17ef7b05ec5c68b01321017f05
+
+* npm: Upgrade to v1.2.24
+
+* url: Properly parse certain oddly formed urls (isaacs)
+
+* http: Don't try to destroy nonexistent sockets (isaacs)
+
+* handle_wrap: fix NULL pointer dereference (Ben Noordhuis)
+
+
+2013.04.09, Version 0.8.23 (maintenance), c67f8d0500fe15637a623eb759d2ad7eb9fb3b0b
+
+* npm: Upgrade to v1.2.18
+
+* http: Avoid EE warning on ECONNREFUSED handling (isaacs)
+
+* tls: Re-enable check of CN-ID in cert verification (Tobias Müllerleile)
+
+* child_process: fix sending utf-8 to child process (Ben Noordhuis)
+
+* crypto: check key type in GetPeerCertificate() (Ben Noordhuis)
+
+* win/openssl: mark assembled object files as seh safe (Bert Belder)
+
+* windows/msi: fix msi build issue with WiX 3.7/3.8 (Raymond Feng)
+
+
+2013.03.07, Version 0.8.22 (Stable), 67a4cb4fe8c2346e30ffb83f7178e205cc2dab33
+
+* npm: Update to 1.2.14
+
+* cluster: propagate bind errors (Ben Noordhuis)
+
+* crypto: don't assert when calling Cipher#final() twice (Ben Noordhuis)
+
+* build, windows: disable SEH (Ben Noordhuis)
+
+
+2013.02.25, Version 0.8.21 (Stable), 530d8c05d4c546146f18e5ba811d7eb3b7b7c0c5
+
+* http: Do not free the wrong parser on socket close (isaacs)
+
+* http: Handle hangup writes more gently (isaacs)
+
+* zlib: fix assert on bad input (Ben Noordhuis)
+
+* test: add TAP output to the test runner (Timothy J Fontaine)
+
+* unix: Handle EINPROGRESS from domain sockets (Ben Noordhuis)
+
+
+2013.02.15, Version 0.8.20 (Stable), e10c75579b536581ddd7ae4e2c3bf8a9d550d343
+
+* npm: Upgrade to v1.2.11
+
+* http: Do not let Agent hand out destroyed sockets (isaacs)
+
+* http: Raise hangup error on destroyed socket write (isaacs)
+
+* http: protect against response splitting attacks (Bert Belder)
+
+
+2013.02.06, Version 0.8.19 (Stable), 53978bdf420622ff0121c63c0338c9e7c2e60869
 
 * npm: Upgrade to v1.2.10
 

Makefile

@@ -248,7 +248,7 @@ $(PKG): release-only
 	rm -rf out/deps out/Release
 	./configure --prefix=$(PKGDIR)/usr/local --without-snapshot --dest-cpu=x64
 	$(MAKE) install V=$(V)
-	SIGN="$(SIGN)" PKGDIR="$(PKGDIR)" bash tools/osx-codesign.sh
+	SIGN="$(APP_SIGN)" PKGDIR="$(PKGDIR)" bash tools/osx-codesign.sh
 	lipo $(PKGDIR)/32/usr/local/bin/node \
 		$(PKGDIR)/usr/local/bin/node \
 		-output $(PKGDIR)/usr/local/bin/node-universal \
@@ -259,7 +259,7 @@ $(PKG): release-only
 		--id "org.nodejs.Node" \
 		--doc tools/osx-pkg.pmdoc \
 		--out $(PKG)
-	SIGN="$(SIGN)" PKG="$(PKG)" bash tools/osx-productsign.sh
+	SIGN="$(INT_SIGN)" PKG="$(PKG)" bash tools/osx-productsign.sh
 
 $(TARBALL): release-only node doc
 	git archive --format=tar --prefix=$(TARNAME)/ HEAD | tar xf -

deps/npm/.npmignore

@@ -1,4 +1,5 @@
 *.swp
+.*.swp
 npm-debug.log
 /test/bin
 /test/output.log
@@ -20,3 +21,5 @@ html/*.png
 !.npmignore
 
 /npm-*.tgz
+
+*.pyc

deps/npm/.tern-project

@@ -0,0 +1,7 @@
+{
+  "libs": [
+  ],
+  "plugins": {
+    "node": {}
+  }
+}

deps/npm/README.md

@@ -9,7 +9,7 @@ Much more info available via `npm help` once it's installed.
 
 ## IMPORTANT
 
-**You need node v0.6 or higher to run this program.**
+**You need node v0.8 or higher to run this program.**
 
 To install an old **and unsupported** version of npm that works on node 0.3
 and prior, clone the git repo and dig through the old tags and branches.
@@ -42,11 +42,11 @@ There's a pretty robust install script at
 
 You can set any npm configuration params with that script:
 
-npm_config_prefix=/some/path sh install.sh
+    npm_config_prefix=/some/path sh install.sh
 
 Or, you can run it in uber-debuggery mode:
 
-npm_debug=1 sh install.sh
+    npm_debug=1 sh install.sh
 
 ### Even Fancier
 

deps/npm/doc/cli/bugs.md

@@ -15,7 +15,7 @@ config param.
 
 ### browser
 
-* Default: OS X: `"open"`, others: `"google-chrome"`
+* Default: OS X: `"open"`, Windows: `"start"`, Others: `"xdg-open"`
 * Type: String
 
 The browser that is called by the `npm bugs` command to open websites.

deps/npm/doc/cli/config.md

@@ -36,11 +36,15 @@ work the same.
 `$HOME/.npmrc` (or the `userconfig` param, if set above)
 
 This file is an ini-file formatted list of `key = value` parameters.
+Environment variables can be replaced using `${VARIABLE_NAME}`. For example:
+
+    prefix = ${HOME}/.npm-packages
 
 ### Global config file
 
 `$PREFIX/etc/npmrc` (or the `globalconfig` param, if set above):
-This file is an ini-file formatted list of `key = value` parameters
+This file is an ini-file formatted list of `key = value` parameters.
+Environment variables can be replaced as above.
 
 ### Built-in config file
 
@@ -181,7 +185,7 @@ ostensibly Unix systems.
 
 ### browser
 
-* Default: OS X: `"open"`, others: `"google-chrome"`
+* Default: OS X: `"open"`, Windows: `"start"`, Others: `"xdg-open"`
 * Type: String
 
 The browser that is called by the `npm docs` command to open websites.
@@ -717,6 +721,14 @@ character to indicate reverse sort.
 
 The shell to run for the `npm explore` command.
 
+### shrinkwrap
+
+* Default: true
+* Type: Boolean
+
+If set to false, then ignore `npm-shrinkwrap.json` files when
+installing.
+
 ### sign-git-tag
 
 * Default: false

deps/npm/doc/cli/developers.md

@@ -97,10 +97,34 @@ more info.
 ## Keeping files *out* of your package
 
 Use a `.npmignore` file to keep stuff out of your package.  If there's
-no .npmignore file, but there *is* a .gitignore file, then npm will
-ignore the stuff matched by the .gitignore file.  If you *want* to
-include something that is excluded by your .gitignore file, you can
-create an empty .npmignore file to override it.
+no `.npmignore` file, but there *is* a `.gitignore` file, then npm will
+ignore the stuff matched by the `.gitignore` file.  If you *want* to
+include something that is excluded by your `.gitignore` file, you can
+create an empty `.npmignore` file to override it.
+
+By default, the following paths and files are ignored, so there's no
+need to add them to `.npmignore` explicitly:
+
+* `.*.swp`
+* `._*`
+* `.DS_Store`
+* `.git`
+* `.hg`
+* `.lock-wscript`
+* `.svn`
+* `.wafpickle-*`
+* `CVS`
+* `npm-debug.log`
+
+Additionally, everything in `node_modules` is ignored, except for
+bundled dependencies. npm automatically handles this for you, so don't
+bother adding `node_modules` to `.npmignore`.
+
+The following paths and files are never ignored, so adding them to
+`.npmignore` is pointless:
+
+* `package.json`
+* `README.*`
 
 ## Link Packages
 

deps/npm/doc/cli/disputes.md

@@ -15,9 +15,9 @@ There sometimes arise cases where a user publishes a module, and then
 later, some other user wants to use that name.  Here are some common
 ways that happens (each of these is based on actual events.)
 
-1. Bob writes a JavaScript module `foo`, which is not node-specific.
-   Bob doesn't use node at all.  Joe wants to use `foo` in node, so he
-   wraps it in an npm module.  Some time later, Bob starts using node,
+1. Joe writes a JavaScript module `foo`, which is not node-specific.
+   Joe doesn't use node at all.  Bob   wants to use `foo` in node, so he
+   wraps it in an npm module.  Some time later, Joe starts using node,
    and wants to take over management of his program.
 2. Bob writes an npm module `foo`, and publishes it.  Perhaps much
    later, Joe finds a bug in `foo`, and fixes it.  He sends a pull
@@ -49,7 +49,8 @@ Joe's appropriate course of action in each case is the same.
    the `foo` package.
 3. After a reasonable amount of time, if Bob has not responded, or if
    Bob and Joe can't come to any sort of resolution, email isaacs
-   <i@izs.me> and we'll sort it out.
+   <i@izs.me> and we'll sort it out.  ("Reasonable" is usually about 4
+   weeks, but extra time is allowed around common holidays.)
 
 ## REASONING
 
@@ -71,17 +72,23 @@ Some things are not allowed, and will be removed without discussion if
 they are brought to the attention of the npm registry admins, including
 but not limited to:
 
-1. Malware (that is, a module designed to exploit or harm the machine on
-   which it is installed)
+1. Malware (that is, a package designed to exploit or harm the machine on
+   which it is installed).
 2. Violations of copyright or licenses (for example, cloning an
    MIT-licensed program, and then removing or changing the copyright and
-   license statement)
+   license statement).
 3. Illegal content.
 4. "Squatting" on a package name that you *plan* to use, but aren't
    actually using.  Sorry, I don't care how great the name is, or how
    perfect a fit it is for the thing that someday might happen.  If
    someone wants to use it today, and you're just taking up space with
    an empty tarball, you're going to be evicted.
+5. Putting empty packages in the registry.  Packages must have SOME
+   functionality.  It can be silly, but it can't be *nothing*.  (See
+   also: squatting.)
+6. Doing weird things with the registry, like using it as your own
+   personal application database or otherwise putting non-packagey
+   things into it.
 
 If you see bad behavior like this, please report it right away.
 

deps/npm/doc/cli/docs.md

@@ -16,7 +16,7 @@ config param.
 
 ### browser
 
-* Default: OS X: `"open"`, others: `"google-chrome"`
+* Default: OS X: `"open"`, Windows: `"start"`, Others: `"xdg-open"`
 * Type: String
 
 The browser that is called by the `npm docs` command to open websites.

deps/npm/doc/cli/faq.md

@@ -72,6 +72,52 @@ Write your own package manager, then.  It's not that hard.
 
 npm will not help you do something that is known to be a bad idea.
 
+## `"node_modules"` is the name of my deity's arch-rival, and a Forbidden Word in my religion.  Can I configure npm to use a different folder?
+
+No.  This will never happen.  This question comes up sometimes,
+because it seems silly from the outside that npm couldn't just be
+configured to put stuff somewhere else, and then npm could load them
+from there.  It's an arbitrary spelling choice, right?  What's the big
+deal?
+
+At the time of this writing, the string `'node_modules'` appears 151
+times in 53 separate files in npm and node core (excluding tests and
+documentation).
+
+Some of these references are in node's built-in module loader.  Since
+npm is not involved **at all** at run-time, node itself would have to
+be configured to know where you've decided to stick stuff.  Complexity
+hurdle #1.  Since the Node module system is locked, this cannot be
+changed, and is enough to kill this request.  But I'll continue, in
+deference to your deity's delicate feelings regarding spelling.
+
+Many of the others are in dependencies that npm uses, which are not
+necessarily tightly coupled to npm (in the sense that they do not read
+npm's configuration files, etc.)  Each of these would have to be
+configured to take the name of the `node_modules` folder as a
+parameter.  Complexity hurdle #2.
+
+Furthermore, npm has the ability to "bundle" dependencies by adding
+the dep names to the `"bundledDependencies"` list in package.json,
+which causes the folder to be included in the package tarball.  What
+if the author of a module bundles its dependencies, and they use a
+different spelling for `node_modules`?  npm would have to rename the
+folder at publish time, and then be smart enough to unpack it using
+your locally configured name.  Complexity hurdle #3.
+
+Furthermore, what happens when you *change* this name?  Fine, it's
+easy enough the first time, just rename the `node_modules` folders to
+`./blergyblerp/` or whatever name you choose.  But what about when you
+change it again?  npm doesn't currently track any state about past
+configuration settings, so this would be rather difficult to do
+properly.  It would have to track every previous value for this
+config, and always accept any of them, or else yesterday's install may
+be broken tomorrow.  Complexity hurdle #5.
+
+Never going to happen.  The folder is named `node_modules`.  It is
+written indelibly in the Node Way, handed down from the ancient times
+of Node 0.3.
+
 ## Should I check my `node_modules` folder into git?
 
 Mikeal Rogers answered this question very well:
@@ -175,11 +221,18 @@ an argument to `git checkout`.  The default is `master`.
 
 ## How do I install node with npm?
 
-You don't.  Try one of these:
+You don't.  Try one of these node version managers:
 
-* <https://github.com/isaacs/nave>
-* <https://github.com/visionmedia/n>
-* <https://github.com/creationix/nvm>
+Unix:
+
+* <http://github.com/isaacs/nave>
+* <http://github.com/visionmedia/n>
+* <http://github.com/creationix/nvm>
+
+Windows:
+
+* <http://github.com/marcelklehr/nodist>
+* <https://github.com/hakobera/nvmw>
 
 ## How can I use npm for development?
 

deps/npm/doc/cli/folders.md

@@ -157,21 +157,21 @@ In this case, we might expect a folder structure like this:
     +-- node_modules
         +-- blerg (1.2.5) <---[A]
         +-- bar (1.2.3) <---[B]
-        |   +-- node_modules
-        |   |   `-- baz (2.0.2) <---[C]
-        |   |       `-- node_modules
-        |   |           `-- quux (3.2.0)
-        |   `-- asdf (2.3.4)
+        |   `-- node_modules
+        |       +-- baz (2.0.2) <---[C]
+        |       |   `-- node_modules
+        |       |       `-- quux (3.2.0)
+        |       `-- asdf (2.3.4)
         `-- baz (1.2.3) <---[D]
             `-- node_modules
                 `-- quux (3.2.0) <---[E]
 
-Since foo depends directly on bar@1.2.3 and baz@1.2.3, those are
+Since foo depends directly on `bar@1.2.3` and `baz@1.2.3`, those are
 installed in foo's `node_modules` folder.
 
 Even though the latest copy of blerg is 1.3.7, foo has a specific
 dependency on version 1.2.5.  So, that gets installed at [A].  Since the
-parent installation of blerg satisfie's bar's dependency on blerg@1.x,
+parent installation of blerg satisfies bar's dependency on `blerg@1.x`,
 it does not install another copy under [B].
 
 Bar [B] also has dependencies on baz and asdf, so those are installed in
@@ -179,11 +179,11 @@ bar's `node_modules` folder.  Because it depends on `baz@2.x`, it cannot
 re-use the `baz@1.2.3` installed in the parent `node_modules` folder [D],
 and must install its own copy [C].
 
-Underneath bar, the `baz->quux->bar` dependency creates a cycle.
-However, because `bar` is already in `quux`'s ancestry [B], it does not
+Underneath bar, the `baz -> quux -> bar` dependency creates a cycle.
+However, because bar is already in quux's ancestry [B], it does not
 unpack another copy of bar into that folder.
 
-Underneath `foo->baz` [D], quux's [E] folder tree is empty, because its
+Underneath `foo -> baz` [D], quux's [E] folder tree is empty, because its
 dependency on bar is satisfied by the parent folder copy installed at [B].
 
 For a graphical breakdown of what is installed where, use `npm ls`.

deps/npm/doc/cli/index.md

@@ -190,6 +190,10 @@ npm-index(1) -- Index of all npm documentation
 
  Mark your favorite packages
 
+## npm-stars(1)
+
+ View packages marked as favorites
+
 ## npm-start(1)
 
  Start a package

deps/npm/doc/cli/install.md

@@ -168,6 +168,12 @@ local space in some cases.
 The `--no-bin-links` argument will prevent npm from creating symlinks for
 any binaries the package might contain.
 
+The `--no-shrinkwrap` argument, which will ignore an available
+shrinkwrap file and use the package.json instead.
+
+The `--nodedir=/path/to/node/source` argument will allow npm to find the
+node source code so that npm can compile native modules.
+
 See `npm-config(1)`.  Many of the configuration params have some
 effect on installation, since that's most of what npm does.
 

deps/npm/doc/cli/json.md

@@ -118,6 +118,27 @@ you can specify the value for "bugs" as a simple string instead of an object.
 
 If a url is provided, it will be used by the `npm bugs` command.
 
+## license
+
+You should specify a license for your package so that people know how they are
+permitted to use it, and any restrictions you're placing on it.
+
+The simplest way, assuming you're using a common license such as BSD or MIT, is
+to just specify the name of the license you're using, like this:
+
+    { "license" : "BSD" }
+
+If you have more complex licensing terms, or you want to provide more detail
+in your package.json file, you can use the more verbose plural form, like this:
+
+    "licenses" : [
+      { "type" : "MyLicense"
+      , "url" : "http://github.com/owner/project/path/to/license"
+      }
+    ]
+
+It's also a good idea to include a license file at the top level in your package.
+
 ## people fields: author, contributors
 
 The "author" is one person.  "contributors" is an array of people.  A "person"
@@ -416,9 +437,9 @@ In this case, it's best to list these additional items in a
 `devDependencies` hash.
 
 These things will be installed whenever the `--dev` configuration flag
-is set.  This flag is set automatically when doing `npm link`, and can
-be managed like any other npm configuration param.  See `npm-config(1)`
-for more on the topic.
+is set.  This flag is set automatically when doing `npm link` or when doing
+`npm install` from the root of a package, and can be managed like any other npm
+configuration param.  See `npm-config(1)` for more on the topic.
 
 ## bundledDependencies
 

deps/npm/doc/cli/link.md

@@ -16,6 +16,9 @@ symbolic link from `prefix/package-name` to the current folder.
 Next, in some other location, `npm link package-name` will create a
 symlink from the local `node_modules` folder to the global symlink.
 
+Note that `package-name` is taken from `package.json` ,
+not from directory name.
+
 When creating tarballs for `npm publish`, the linked packages are
 "snapshotted" to their current state by resolving the symbolic links.
 

deps/npm/doc/cli/shrinkwrap.md

@@ -7,68 +7,72 @@ npm-shrinkwrap(1) -- Lock down dependency versions
 
 ## DESCRIPTION
 
-This command locks down the versions of a package's dependencies so that you can
-control exactly which versions of each dependency will be used when your package
-is installed.
+This command locks down the versions of a package's dependencies so
+that you can control exactly which versions of each dependency will be
+used when your package is installed. The "package.json" file is still
+required if you want to use "npm install".
 
-By default, "npm install" recursively installs the target's dependencies (as
-specified in package.json), choosing the latest available version that satisfies
-the dependency's semver pattern. In some situations, particularly when shipping
-software where each change is tightly managed, it's desirable to fully specify
-each version of each dependency recursively so that subsequent builds and
-deploys do not inadvertently pick up newer versions of a dependency that satisfy
-the semver pattern. Specifying specific semver patterns in each dependency's
-package.json would facilitate this, but that's not always possible or desirable,
-as when another author owns the npm package. It's also possible to check
-dependencies directly into source control, but that may be undesirable for other
-reasons.
+By default, "npm install" recursively installs the target's
+dependencies (as specified in package.json), choosing the latest
+available version that satisfies the dependency's semver pattern. In
+some situations, particularly when shipping software where each change
+is tightly managed, it's desirable to fully specify each version of
+each dependency recursively so that subsequent builds and deploys do
+not inadvertently pick up newer versions of a dependency that satisfy
+the semver pattern. Specifying specific semver patterns in each
+dependency's package.json would facilitate this, but that's not always
+possible or desirable, as when another author owns the npm package.
+It's also possible to check dependencies directly into source control,
+but that may be undesirable for other reasons.
 
 As an example, consider package A:
 
     {
-        "name": "A",
-        "version": "0.1.0",
-        "dependencies": {
-            "B": "<0.1.0"
-        }
+      "name": "A",
+      "version": "0.1.0",
+      "dependencies": {
+        "B": "<0.1.0"
+      }
     }
 
 package B:
 
     {
-        "name": "B",
-        "version": "0.0.1",
-        "dependencies": {
-            "C": "<0.1.0"
-        }
+      "name": "B",
+      "version": "0.0.1",
+      "dependencies": {
+        "C": "<0.1.0"
+      }
     }
 
 and package C:
 
     {
-        "name": "C,
-        "version": "0.0.1"
+      "name": "C,
+      "version": "0.0.1"
     }
 
-If these are the only versions of A, B, and C available in the registry, then
-a normal "npm install A" will install:
+If these are the only versions of A, B, and C available in the
+registry, then a normal "npm install A" will install:
 
     A@0.1.0
     `-- B@0.0.1
         `-- C@0.0.1
 
-However, if B@0.0.2 is published, then a fresh "npm install A" will install:
+However, if B@0.0.2 is published, then a fresh "npm install A" will
+install:
 
     A@0.1.0
     `-- B@0.0.2
         `-- C@0.0.1
 
-assuming the new version did not modify B's dependencies. Of course, the new
-version of B could include a new version of C and any number of new
-dependencies. If such changes are undesirable, the author of A could specify a
-dependency on B@0.0.1. However, if A's author and B's author are not the same
-person, there's no way for A's author to say that he or she does not want to
-pull in newly published versions of C when B hasn't changed at all.
+assuming the new version did not modify B's dependencies. Of course,
+the new version of B could include a new version of C and any number
+of new dependencies. If such changes are undesirable, the author of A
+could specify a dependency on B@0.0.1. However, if A's author and B's
+author are not the same person, there's no way for A's author to say
+that he or she does not want to pull in newly published versions of C
+when B hasn't changed at all.
 
 In this case, A's author can run
 
@@ -91,78 +95,88 @@ This generates npm-shrinkwrap.json, which will look something like this:
       }
     }
 
-The shrinkwrap command has locked down the dependencies based on what's
-currently installed in node_modules.  When "npm install" installs a package with
-a npm-shrinkwrap.json file in the package root, the shrinkwrap file (rather than
-package.json files) completely drives the installation of that package and all
-of its dependencies (recursively).  So now the author publishes A@0.1.0, and
-subsequent installs of this package will use B@0.0.1 and C@0.1.0, regardless the
-dependencies and versions listed in A's, B's, and C's package.json files.
+The shrinkwrap command has locked down the dependencies based on
+what's currently installed in node_modules.  When "npm install"
+installs a package with a npm-shrinkwrap.json file in the package
+root, the shrinkwrap file (rather than package.json files) completely
+drives the installation of that package and all of its dependencies
+(recursively).  So now the author publishes A@0.1.0, and subsequent
+installs of this package will use B@0.0.1 and C@0.1.0, regardless the
+dependencies and versions listed in A's, B's, and C's package.json
+files.
 
 
 ### Using shrinkwrapped packages
 
-Using a shrinkwrapped package is no different than using any other package: you
-can "npm install" it by hand, or add a dependency to your package.json file and
-"npm install" it.
+Using a shrinkwrapped package is no different than using any other
+package: you can "npm install" it by hand, or add a dependency to your
+package.json file and "npm install" it.
 
 ### Building shrinkwrapped packages
 
 To shrinkwrap an existing package:
 
-1. Run "npm install" in the package root to install the current versions of all
-   dependencies.
+1. Run "npm install" in the package root to install the current
+   versions of all dependencies.
 2. Validate that the package works as expected with these versions.
-3. Run "npm shrinkwrap", add npm-shrinkwrap.json to git, and publish your
-   package.
+3. Run "npm shrinkwrap", add npm-shrinkwrap.json to git, and publish
+   your package.
 
 To add or update a dependency in a shrinkwrapped package:
 
-1. Run "npm install" in the package root to install the current versions of all
+1. Run "npm install" in the package root to install the current
+   versions of all dependencies.
+2. Add or update dependencies. "npm install" each new or updated
+   package individually and then update package.json.  Note that they
+   must be explicitly named in order to be installed: running `npm
+   install` with no arguments will merely reproduce the existing
+   shrinkwrap.
+3. Validate that the package works as expected with the new
    dependencies.
-2. Add or update dependencies. "npm install" each new or updated package
-   individually and then update package.json.  Note that they must be
-   explicitly named in order to be installed: running `npm install` with
-   no arguments will merely reproduce the existing shrinkwrap.
-3. Validate that the package works as expected with the new dependencies.
-4. Run "npm shrinkwrap", commit the new npm-shrinkwrap.json, and publish your
-   package.
+4. Run "npm shrinkwrap", commit the new npm-shrinkwrap.json, and
+   publish your package.
 
-You can use npm-outdated(1) to view dependencies with newer versions available.
+You can use npm-outdated(1) to view dependencies with newer versions
+available.
 
 ### Other Notes
 
-Since "npm shrinkwrap" uses the locally installed packages to construct the
-shrinkwrap file, devDependencies will be included if and only if you've
-installed them already when you make the shrinkwrap.
+A shrinkwrap file must be consistent with the package's package.json
+file. "npm shrinkwrap" will fail if required dependencies are not
+already installed, since that would result in a shrinkwrap that
+wouldn't actually work. Similarly, the command will fail if there are
+extraneous packages (not referenced by package.json), since that would
+indicate that package.json is not correct.
 
-A shrinkwrap file must be consistent with the package's package.json file. "npm
-shrinkwrap" will fail if required dependencies are not already installed, since
-that would result in a shrinkwrap that wouldn't actually work. Similarly, the
-command will fail if there are extraneous packages (not referenced by
-package.json), since that would indicate that package.json is not correct.
+Since "npm shrinkwrap" is intended to lock down your dependencies for
+production use, `devDependencies` will not be included unless you
+explicitly set the `--dev` flag when you run `npm shrinkwrap`.  If
+installed `devDependencies` are excluded, then npm will print a
+warning.  If you want them to be installed with your module by
+default, please consider adding them to `dependencies` instead.
 
-If shrinkwrapped package A depends on shrinkwrapped package B, B's shrinkwrap
-will not be used as part of the installation of A. However, because A's
-shrinkwrap is constructed from a valid installation of B and recursively
-specifies all dependencies, the contents of B's shrinkwrap will implicitly be
-included in A's shrinkwrap.
+If shrinkwrapped package A depends on shrinkwrapped package B, B's
+shrinkwrap will not be used as part of the installation of A. However,
+because A's shrinkwrap is constructed from a valid installation of B
+and recursively specifies all dependencies, the contents of B's
+shrinkwrap will implicitly be included in A's shrinkwrap.
 
 ### Caveats
 
-Shrinkwrap files only lock down package versions, not actual package contents.
-While discouraged, a package author can republish an existing version of a
-package, causing shrinkwrapped packages using that version to pick up different
-code than they were before. If you want to avoid any risk that a byzantine
-author replaces a package you're using with code that breaks your application,
-you could modify the shrinkwrap file to use git URL references rather than
-version numbers so that npm always fetches all packages from git.
+Shrinkwrap files only lock down package versions, not actual package
+contents.  While discouraged, a package author can republish an
+existing version of a package, causing shrinkwrapped packages using
+that version to pick up different code than they were before. If you
+want to avoid any risk that a byzantine author replaces a package
+you're using with code that breaks your application, you could modify
+the shrinkwrap file to use git URL references rather than version
+numbers so that npm always fetches all packages from git.
 
 If you wish to lock down the specific bytes included in a package, for
-example to have 100% confidence in being able to reproduce a deployment
-or build, then you ought to check your dependencies into source control,
-or pursue some other mechanism that can verify contents rather than
-versions.
+example to have 100% confidence in being able to reproduce a
+deployment or build, then you ought to check your dependencies into
+source control, or pursue some other mechanism that can verify
+contents rather than versions.
 
 ## SEE ALSO
 

deps/npm/doc/cli/stars.md

@@ -0,0 +1,22 @@
+npm-stars(1) -- View packages marked as favorites
+=================================================
+
+## SYNOPSIS
+
+    npm stars
+    npm stars [username]
+
+## DESCRIPTION
+
+If you have starred a lot of neat things and want to find them again
+quickly this command lets you do just that.
+
+You may also want to see your friend's favorite packages, in this case
+you will most certainly enjoy this command.
+
+## SEE ALSO
+
+* npm-star(1)
+* npm-view(1)
+* npm-whoami(1)
+* npm-adduser(1)

deps/npm/doc/cli/update.md

@@ -3,7 +3,7 @@ npm-update(1) -- Update a package
 
 ## SYNOPSIS
 
-    npm update [<name> [<name> ...]]
+    npm update [-g] [<name> [<name> ...]]
 
 ## DESCRIPTION
 
@@ -12,6 +12,9 @@ This command will update all the packages listed to the latest version
 
 It will also install missing packages.
 
+If the `-g` flag is specified, this command will update globally installed packages.
+If no package name is specified, all packages in the specified location (global or local) will be updated.
+
 ## SEE ALSO
 
 * npm-install(1)

deps/npm/doc/cli/version.md

@@ -27,7 +27,16 @@ resulting version number.  For example:
 
 If the `sign-git-tag` config is set, then the tag will be signed using
 the `-s` flag to git.  Note that you must have a default GPG key set up
-in your git config for this to work properly.
+in your git config for this to work properly.  For example:
+
+    $ npm config set sign-git-tag true
+    $ npm version patch
+
+    You need a passphrase to unlock the secret key for
+    user: "isaacs (http://blog.izs.me/) <i@izs.me>"
+    2048-bit RSA key, ID 6C481CF6, created 2010-08-31
+
+    Enter passphrase:
 
 ## SEE ALSO
 

deps/npm/html/api/bin.html

@@ -19,7 +19,7 @@
 <p>This function should not be used programmatically.  Instead, just refer
 to the <code>npm.bin</code> member.</p>
 </div>
-<p id="footer">bin &mdash; npm@1.2.10</p>
+<p id="footer">bin &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/bugs.html

@@ -25,7 +25,7 @@ optional version number.</p>
 <p>This command will launch a browser, so this command may not be the most
 friendly for programmatic use.</p>
 </div>
-<p id="footer">bugs &mdash; npm@1.2.10</p>
+<p id="footer">bugs &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/commands.html

@@ -28,7 +28,7 @@ usage, or <code>man 3 npm-&lt;command&gt;</code> for programmatic usage.</p>
 
 <ul><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer">commands &mdash; npm@1.2.10</p>
+<p id="footer">commands &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/config.html

@@ -33,7 +33,7 @@ functions instead.</p>
 
 <ul><li><a href="../api/npm.html">npm(3)</a></li></ul>
 </div>
-<p id="footer">config &mdash; npm@1.2.10</p>
+<p id="footer">config &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/deprecate.html

@@ -32,7 +32,7 @@ install the package.</p></li></ul>
 
 <ul><li><a href="../api/publish.html">publish(3)</a></li><li><a href="../api/unpublish.html">unpublish(3)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">deprecate &mdash; npm@1.2.10</p>
+<p id="footer">deprecate &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/docs.html

@@ -25,7 +25,7 @@ optional version number.</p>
 <p>This command will launch a browser, so this command may not be the most
 friendly for programmatic use.</p>
 </div>
-<p id="footer">docs &mdash; npm@1.2.10</p>
+<p id="footer">docs &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/edit.html

@@ -30,7 +30,7 @@ to open. The package can optionally have a version number attached.</p>
 <p>Since this command opens an editor in a new process, be careful about where
 and how this is used.</p>
 </div>
-<p id="footer">edit &mdash; npm@1.2.10</p>
+<p id="footer">edit &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/explore.html

@@ -24,7 +24,7 @@ sure to use <code>npm rebuild &lt;pkg&gt;</code> if you make any changes.</p>
 
 <p>The first element in the &#39;args&#39; parameter must be a package name.  After that is the optional command, which can be any number of strings. All of the strings will be combined into one, space-delimited command.</p>
 </div>
-<p id="footer">explore &mdash; npm@1.2.10</p>
+<p id="footer">explore &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/help-search.html

@@ -32,7 +32,7 @@ Name of the file that matched</li></ul>
 
 <p>The silent parameter is not neccessary not used, but it may in the future.</p>
 </div>
-<p id="footer">help-search &mdash; npm@1.2.10</p>
+<p id="footer">help-search &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/init.html

@@ -35,7 +35,7 @@ then go ahead and use this programmatically.</p>
 
 <p><a href="../doc/json.html">json(1)</a></p>
 </div>
-<p id="footer">init &mdash; npm@1.2.10</p>
+<p id="footer">init &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/install.html

@@ -25,7 +25,7 @@ the name of a package to be installed.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when all packages have been
 installed or when an error has been encountered.</p>
 </div>
-<p id="footer">install &mdash; npm@1.2.10</p>
+<p id="footer">install &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/link.html

@@ -39,7 +39,7 @@ npm.commands.link(&#39;redis&#39;, cb)  # link-install the package</code></pre>
 <p>Now, any changes to the redis package will be reflected in
 the package in the current working directory</p>
 </div>
-<p id="footer">link &mdash; npm@1.2.10</p>
+<p id="footer">link &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/load.html

@@ -32,7 +32,7 @@ config object.</p>
 
 <p>For a list of all the available command-line configs, see <code>npm help config</code></p>
 </div>
-<p id="footer">load &mdash; npm@1.2.10</p>
+<p id="footer">load &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/ls.html

@@ -59,7 +59,7 @@ project.</p>
 This means that if a submodule a same dependency as a parent module, then the
 dependency will only be output once.</p>
 </div>
-<p id="footer">ls &mdash; npm@1.2.10</p>
+<p id="footer">ls &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/npm.html

@@ -24,7 +24,7 @@ npm.load([configObject,] function (er, npm) {
 
 <h2 id="VERSION">VERSION</h2>
 
-<p>1.2.10</p>
+<p>1.2.30</p>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
 
@@ -92,7 +92,7 @@ method names.  Use the <code>npm.deref</code> method to find the real name.</p>
 
 <pre><code>var cmd = npm.deref(&quot;unp&quot;) // cmd === &quot;unpublish&quot;</code></pre>
 </div>
-<p id="footer">npm &mdash; npm@1.2.10</p>
+<p id="footer">npm &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/outdated.html

@@ -19,7 +19,7 @@ currently outdated.</p>
 
 <p>If the &#39;packages&#39; parameter is left out, npm will check all packages.</p>
 </div>
-<p id="footer">outdated &mdash; npm@1.2.10</p>
+<p id="footer">outdated &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/owner.html

@@ -34,7 +34,7 @@ that is not implemented at this time.</p>
 
 <ul><li><a href="../api/publish.html">publish(3)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">owner &mdash; npm@1.2.10</p>
+<p id="footer">owner &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/pack.html

@@ -25,7 +25,7 @@ overwritten the second time.</p>
 
 <p>If no arguments are supplied, then npm packs the current package folder.</p>
 </div>
-<p id="footer">pack &mdash; npm@1.2.10</p>
+<p id="footer">pack &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/prefix.html

@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically</p>
 </div>
-<p id="footer">prefix &mdash; npm@1.2.10</p>
+<p id="footer">prefix &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/prune.html

@@ -23,7 +23,7 @@
 <p>Extraneous packages are packages that are not listed on the parent
 package&#39;s dependencies list.</p>
 </div>
-<p id="footer">prune &mdash; npm@1.2.10</p>
+<p id="footer">prune &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/publish.html

@@ -32,7 +32,7 @@ the registry.  Overwrites when the "force" environment variable is set
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../api/owner.html">owner(3)</a></li></ul>
 </div>
-<p id="footer">publish &mdash; npm@1.2.10</p>
+<p id="footer">publish &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/rebuild.html

@@ -22,7 +22,7 @@ the new binary. If no 'packages' parameter is specify, every package wil
 
 <p>See <code>npm help build</code></p>
 </div>
-<p id="footer">rebuild &mdash; npm@1.2.10</p>
+<p id="footer">rebuild &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/restart.html

@@ -27,7 +27,7 @@ in the <code>packages</code> parameter.</p>
 
 <ul><li><a href="../api/start.html">start(3)</a></li><li><a href="../api/stop.html">stop(3)</a></li></ul>
 </div>
-<p id="footer">restart &mdash; npm@1.2.10</p>
+<p id="footer">restart &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/root.html

@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically.</p>
 </div>
-<p id="footer">root &mdash; npm@1.2.10</p>
+<p id="footer">root &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/run-script.html

@@ -29,7 +29,7 @@ assumed to be the command to run. All other elements are ignored.</p>
 
 <ul><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../api/test.html">test(3)</a></li><li><a href="../api/start.html">start(3)</a></li><li><a href="../api/restart.html">restart(3)</a></li><li><a href="../api/stop.html">stop(3)</a></li></ul>
 </div>
-<p id="footer">run-script &mdash; npm@1.2.10</p>
+<p id="footer">run-script &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/search.html

@@ -32,7 +32,7 @@ excluded term (the "searchexclude" config). The search is case insensi
 and doesn't try to read your mind (it doesn't do any verb tense matching or the
 like).</p>
 </div>
-<p id="footer">search &mdash; npm@1.2.10</p>
+<p id="footer">search &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/shrinkwrap.html

@@ -26,7 +26,7 @@ but the shrinkwrap file will still be written.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when the shrinkwrap has
 been saved.</p>
 </div>
-<p id="footer">shrinkwrap &mdash; npm@1.2.10</p>
+<p id="footer">shrinkwrap &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/start.html

@@ -19,7 +19,7 @@
 <p>npm can run tests on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">start &mdash; npm@1.2.10</p>
+<p id="footer">start &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/stop.html

@@ -19,7 +19,7 @@
 <p>npm can run stop on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">stop &mdash; npm@1.2.10</p>
+<p id="footer">stop &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/submodule.html

@@ -33,7 +33,7 @@ dependencies into the submodule folder.</p>
 
 <ul><li>npm help json</li><li>git help submodule</li></ul>
 </div>
-<p id="footer">submodule &mdash; npm@1.2.10</p>
+<p id="footer">submodule &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/tag.html

@@ -29,7 +29,7 @@ parameter is missing or falsey (empty), the default froom the config will be
 used. For more information about how to set this config, check
 <code>man 3 npm-config</code> for programmatic usage or <code>man npm-config</code> for cli usage.</p>
 </div>
-<p id="footer">tag &mdash; npm@1.2.10</p>
+<p id="footer">tag &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/test.html

@@ -22,7 +22,7 @@ true.</p>
 <p>npm can run tests on multiple packages. Just specify multiple packages
 in the <code>packages</code> parameter.</p>
 </div>
-<p id="footer">test &mdash; npm@1.2.10</p>
+<p id="footer">test &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/uninstall.html

@@ -22,7 +22,7 @@ the name of a package to be uninstalled.</p>
 <p>Finally, &#39;callback&#39; is a function that will be called when all packages have been
 uninstalled or when an error has been encountered.</p>
 </div>
-<p id="footer">uninstall &mdash; npm@1.2.10</p>
+<p id="footer">uninstall &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/unpublish.html

@@ -26,7 +26,7 @@ is what is meant.</p>
 <p>If no version is specified, or if all versions are removed then
 the root package entry is removed from the registry entirely.</p>
 </div>
-<p id="footer">unpublish &mdash; npm@1.2.10</p>
+<p id="footer">unpublish &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/update.html

@@ -18,7 +18,7 @@
 
 <p>The &#39;packages&#39; argument is an array of packages to update. The &#39;callback&#39; parameter will be called when done or when an error occurs.</p>
 </div>
-<p id="footer">update &mdash; npm@1.2.10</p>
+<p id="footer">update &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/version.html

@@ -24,7 +24,7 @@ fail if the repo is not clean.</p>
 parameter. The difference, however, is this function will fail if it does
 not have exactly one element. The only element should be a version number.</p>
 </div>
-<p id="footer">version &mdash; npm@1.2.10</p>
+<p id="footer">version &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/view.html

@@ -99,7 +99,7 @@ the field name.</p>
 
 <p>corresponding to the list of fields selected.</p>
 </div>
-<p id="footer">view &mdash; npm@1.2.10</p>
+<p id="footer">view &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/api/whoami.html

@@ -21,7 +21,7 @@
 
 <p>This function is not useful programmatically</p>
 </div>
-<p id="footer">whoami &mdash; npm@1.2.10</p>
+<p id="footer">whoami &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/README.html

@@ -16,7 +16,7 @@
 
 <h2 id="IMPORTANT">IMPORTANT</h2>
 
-<p><strong>You need node v0.6 or higher to run this program.</strong></p>
+<p><strong>You need node v0.8 or higher to run this program.</strong></p>
 
 <p>To install an old <strong>and unsupported</strong> version of npm that works on node 0.3
 and prior, clone the git repo and dig through the old tags and branches.</p>
@@ -49,11 +49,11 @@ paths, etc.) then read on.</p>
 
 <p>You can set any npm configuration params with that script:</p>
 
-<p>npm<em>config</em>prefix=/some/path sh install.sh</p>
+<pre><code>npm_config_prefix=/some/path sh install.sh</code></pre>
 
 <p>Or, you can run it in uber-debuggery mode:</p>
 
-<p>npm_debug=1 sh install.sh</p>
+<pre><code>npm_debug=1 sh install.sh</code></pre>
 
 <h3 id="Even-Fancier">Even Fancier</h3>
 
@@ -240,7 +240,7 @@ will no doubt tell you to put the output in a gist or email.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@1.2.10</p>
+<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/adduser.html

@@ -39,7 +39,7 @@ authorize on a new machine.</p>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li><li><a href="../doc/whoami.html">whoami(1)</a></li></ul>
 </div>
-<p id="footer">adduser &mdash; npm@1.2.10</p>
+<p id="footer">adduser &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/bin.html

@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/prefix.html">prefix(1)</a></li><li><a href="../doc/root.html">root(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">bin &mdash; npm@1.2.10</p>
+<p id="footer">bin &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/bugs.html

@@ -22,7 +22,7 @@ config param.</p>
 
 <h3 id="browser">browser</h3>
 
-<ul><li>Default: OS X: <code>&quot;open&quot;</code>, others: <code>&quot;google-chrome&quot;</code></li><li>Type: String</li></ul>
+<ul><li>Default: OS X: <code>&quot;open&quot;</code>, Windows: <code>&quot;start&quot;</code>, Others: <code>&quot;xdg-open&quot;</code></li><li>Type: String</li></ul>
 
 <p>The browser that is called by the <code>npm bugs</code> command to open websites.</p>
 
@@ -36,7 +36,7 @@ config param.</p>
 
 <ul><li><a href="../doc/docs.html">docs(1)</a></li><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">bugs &mdash; npm@1.2.10</p>
+<p id="footer">bugs &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/build.html

@@ -25,7 +25,7 @@ A folder containing a <code>package.json</code> file in its root.</li></ul>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">build &mdash; npm@1.2.10</p>
+<p id="footer">build &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/bundle.html

@@ -20,7 +20,7 @@ install packages into the local space.</p>
 
 <ul><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">bundle &mdash; npm@1.2.10</p>
+<p id="footer">bundle &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/cache.html

@@ -66,7 +66,7 @@ they do not make an HTTP request to the registry.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li></ul>
 </div>
-<p id="footer">cache &mdash; npm@1.2.10</p>
+<p id="footer">cache &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/changelog.html

@@ -65,7 +65,7 @@
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li></ul>
 </div>
-<p id="footer">changelog &mdash; npm@1.2.10</p>
+<p id="footer">changelog &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/coding-style.html

@@ -182,7 +182,7 @@ set to anything.&quot;</p>
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">coding-style &mdash; npm@1.2.10</p>
+<p id="footer">coding-style &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/completion.html

@@ -33,7 +33,7 @@ completions based on the arguments.</p>
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">completion &mdash; npm@1.2.10</p>
+<p id="footer">completion &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/config.html

@@ -42,12 +42,16 @@ work the same.</p>
 
 <p><code>$HOME/.npmrc</code> (or the <code>userconfig</code> param, if set above)</p>
 
-<p>This file is an ini-file formatted list of <code>key = value</code> parameters.</p>
+<p>This file is an ini-file formatted list of <code>key = value</code> parameters.
+Environment variables can be replaced using <code>${VARIABLE_NAME}</code>. For example:</p>
+
+<pre><code>prefix = ${HOME}/.npm-packages</code></pre>
 
 <h3 id="Global-config-file">Global config file</h3>
 
 <p><code>$PREFIX/etc/npmrc</code> (or the <code>globalconfig</code> param, if set above):
-This file is an ini-file formatted list of <code>key = value</code> parameters</p>
+This file is an ini-file formatted list of <code>key = value</code> parameters.
+Environment variables can be replaced as above.</p>
 
 <h3 id="Built-in-config-file">Built-in config file</h3>
 
@@ -165,7 +169,7 @@ ostensibly Unix systems.</p>
 
 <h3 id="browser">browser</h3>
 
-<ul><li>Default: OS X: <code>&quot;open&quot;</code>, others: <code>&quot;google-chrome&quot;</code></li><li>Type: String</li></ul>
+<ul><li>Default: OS X: <code>&quot;open&quot;</code>, Windows: <code>&quot;start&quot;</code>, Others: <code>&quot;xdg-open&quot;</code></li><li>Type: String</li></ul>
 
 <p>The browser that is called by the <code>npm docs</code> command to open websites.</p>
 
@@ -632,6 +636,13 @@ Windows</li><li>Type: path</li></ul>
 
 <p>The shell to run for the <code>npm explore</code> command.</p>
 
+<h3 id="shrinkwrap">shrinkwrap</h3>
+
+<ul><li>Default: true</li><li>Type: Boolean</li></ul>
+
+<p>If set to false, then ignore <code>npm-shrinkwrap.json</code> files when
+installing.</p>
+
 <h3 id="sign-git-tag">sign-git-tag</h3>
 
 <ul><li>Default: false</li><li>Type: Boolean</li></ul>
@@ -767,7 +778,7 @@ then answer &quot;no&quot; to any prompt.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li></ul>
 </div>
-<p id="footer">config &mdash; npm@1.2.10</p>
+<p id="footer">config &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/dedupe.html

@@ -57,7 +57,7 @@ registry.</p>
 
 <ul><li><a href="../doc/ls.html">ls(1)</a></li><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">dedupe &mdash; npm@1.2.10</p>
+<p id="footer">dedupe &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/deprecate.html

@@ -31,7 +31,7 @@ something like this:</p>
 
 <ul><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">deprecate &mdash; npm@1.2.10</p>
+<p id="footer">deprecate &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/developers.html

@@ -82,10 +82,24 @@ more info.</p>
 <h2 id="Keeping-files-out-of-your-package">Keeping files <em>out</em> of your package</h2>
 
 <p>Use a <code>.npmignore</code> file to keep stuff out of your package.  If there&#39;s
-no .npmignore file, but there <em>is</em> a .gitignore file, then npm will
-ignore the stuff matched by the .gitignore file.  If you <em>want</em> to
-include something that is excluded by your .gitignore file, you can
-create an empty .npmignore file to override it.</p>
+no <code>.npmignore</code> file, but there <em>is</em> a <code>.gitignore</code> file, then npm will
+ignore the stuff matched by the <code>.gitignore</code> file.  If you <em>want</em> to
+include something that is excluded by your <code>.gitignore</code> file, you can
+create an empty <code>.npmignore</code> file to override it.</p>
+
+<p>By default, the following paths and files are ignored, so there&#39;s no
+need to add them to <code>.npmignore</code> explicitly:</p>
+
+<ul><li><code>.*.swp</code></li><li><code>._*</code></li><li><code>.DS_Store</code></li><li><code>.git</code></li><li><code>.hg</code></li><li><code>.lock-wscript</code></li><li><code>.svn</code></li><li><code>.wafpickle-*</code></li><li><code>CVS</code></li><li><code>npm-debug.log</code></li></ul>
+
+<p>Additionally, everything in <code>node_modules</code> is ignored, except for
+bundled dependencies. npm automatically handles this for you, so don&#39;t
+bother adding <code>node_modules</code> to <code>.npmignore</code>.</p>
+
+<p>The following paths and files are never ignored, so adding them to
+<code>.npmignore</code> is pointless:</p>
+
+<ul><li><code>package.json</code></li><li><code><a href="../doc/README.html">README</a>.*</code></li></ul>
 
 <h2 id="Link-Packages">Link Packages</h2>
 
@@ -160,7 +174,7 @@ from a fresh checkout.</p>
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/init.html">init(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li></ul>
 </div>
-<p id="footer">developers &mdash; npm@1.2.10</p>
+<p id="footer">developers &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/disputes.html

@@ -20,9 +20,9 @@
 later, some other user wants to use that name.  Here are some common
 ways that happens (each of these is based on actual events.)</p>
 
-<ol><li>Bob writes a JavaScript module <code>foo</code>, which is not node-specific.
-Bob doesn&#39;t use node at all.  Joe wants to use <code>foo</code> in node, so he
-wraps it in an npm module.  Some time later, Bob starts using node,
+<ol><li>Joe writes a JavaScript module <code>foo</code>, which is not node-specific.
+Joe doesn&#39;t use node at all.  Bob   wants to use <code>foo</code> in node, so he
+wraps it in an npm module.  Some time later, Joe starts using node,
 and wants to take over management of his program.</li><li>Bob writes an npm module <code>foo</code>, and publishes it.  Perhaps much
 later, Joe finds a bug in <code>foo</code>, and fixes it.  He sends a pull
 request to Bob, but Bob doesn&#39;t have the time to deal with it,
@@ -49,7 +49,8 @@ isaacs <a href="mailto:i@izs.me">i@izs.me</a> to the CC list of the email.  Ment
 that Bob can run <code>npm owner add joe foo</code> to add Joe as an owner of
 the <code>foo</code> package.</li><li>After a reasonable amount of time, if Bob has not responded, or if
 Bob and Joe can&#39;t come to any sort of resolution, email isaacs
-<a href="mailto:i@izs.me">i@izs.me</a> and we&#39;ll sort it out.</li></ol>
+<a href="mailto:i@izs.me">i@izs.me</a> and we&#39;ll sort it out.  (&quot;Reasonable&quot; is usually about 4
+weeks, but extra time is allowed around common holidays.)</li></ol>
 
 <h2 id="REASONING">REASONING</h2>
 
@@ -71,14 +72,18 @@ feeling good about the interaction.</p>
 they are brought to the attention of the npm registry admins, including
 but not limited to:</p>
 
-<ol><li>Malware (that is, a module designed to exploit or harm the machine on
-which it is installed)</li><li>Violations of copyright or licenses (for example, cloning an
+<ol><li>Malware (that is, a package designed to exploit or harm the machine on
+which it is installed).</li><li>Violations of copyright or licenses (for example, cloning an
 MIT-licensed program, and then removing or changing the copyright and
-license statement)</li><li>Illegal content.</li><li>&quot;Squatting&quot; on a package name that you <em>plan</em> to use, but aren&#39;t
+license statement).</li><li>Illegal content.</li><li>&quot;Squatting&quot; on a package name that you <em>plan</em> to use, but aren&#39;t
 actually using.  Sorry, I don&#39;t care how great the name is, or how
 perfect a fit it is for the thing that someday might happen.  If
 someone wants to use it today, and you&#39;re just taking up space with
-an empty tarball, you&#39;re going to be evicted.</li></ol>
+an empty tarball, you&#39;re going to be evicted.</li><li>Putting empty packages in the registry.  Packages must have SOME
+functionality.  It can be silly, but it can&#39;t be <em>nothing</em>.  (See
+also: squatting.)</li><li>Doing weird things with the registry, like using it as your own
+personal application database or otherwise putting non-packagey
+things into it.</li></ol>
 
 <p>If you see bad behavior like this, please report it right away.</p>
 
@@ -86,7 +91,7 @@ an empty tarball, you&#39;re going to be evicted.</li></ol>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li></ul>
 </div>
-<p id="footer">disputes &mdash; npm@1.2.10</p>
+<p id="footer">disputes &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/docs.html

@@ -23,7 +23,7 @@ config param.</p>
 
 <h3 id="browser">browser</h3>
 
-<ul><li>Default: OS X: <code>&quot;open&quot;</code>, others: <code>&quot;google-chrome&quot;</code></li><li>Type: String</li></ul>
+<ul><li>Default: OS X: <code>&quot;open&quot;</code>, Windows: <code>&quot;start&quot;</code>, Others: <code>&quot;xdg-open&quot;</code></li><li>Type: String</li></ul>
 
 <p>The browser that is called by the <code>npm docs</code> command to open websites.</p>
 
@@ -37,7 +37,7 @@ config param.</p>
 
 <ul><li><a href="../doc/view.html">view(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li></ul>
 </div>
-<p id="footer">docs &mdash; npm@1.2.10</p>
+<p id="footer">docs &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/edit.html

@@ -37,7 +37,7 @@ or <code>&quot;notepad&quot;</code> on Windows.</li><li>Type: path</li></ul>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/explore.html">explore(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">edit &mdash; npm@1.2.10</p>
+<p id="footer">edit &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/explore.html

@@ -40,7 +40,7 @@ Windows</li><li>Type: path</li></ul>
 
 <ul><li><a href="../doc/submodule.html">submodule(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/edit.html">edit(1)</a></li><li><a href="../doc/rebuild.html">rebuild(1)</a></li><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">explore &mdash; npm@1.2.10</p>
+<p id="footer">explore &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/faq.html

@@ -78,6 +78,52 @@ program that uses it.</p>
 
 <p>npm will not help you do something that is known to be a bad idea.</p>
 
+<h2 id="node_modules-is-the-name-of-my-deity-s-arch-rival-and-a-Forbidden-Word-in-my-religion-Can-I-configure-npm-to-use-a-different-folder"><code>&quot;node_modules&quot;</code> is the name of my deity&#39;s arch-rival, and a Forbidden Word in my religion.  Can I configure npm to use a different folder?</h2>
+
+<p>No.  This will never happen.  This question comes up sometimes,
+because it seems silly from the outside that npm couldn&#39;t just be
+configured to put stuff somewhere else, and then npm could load them
+from there.  It&#39;s an arbitrary spelling choice, right?  What&#39;s the big
+deal?</p>
+
+<p>At the time of this writing, the string <code>&#39;node_modules&#39;</code> appears 151
+times in 53 separate files in npm and node core (excluding tests and
+documentation).</p>
+
+<p>Some of these references are in node&#39;s built-in module loader.  Since
+npm is not involved <strong>at all</strong> at run-time, node itself would have to
+be configured to know where you&#39;ve decided to stick stuff.  Complexity
+hurdle #1.  Since the Node module system is locked, this cannot be
+changed, and is enough to kill this request.  But I&#39;ll continue, in
+deference to your deity&#39;s delicate feelings regarding spelling.</p>
+
+<p>Many of the others are in dependencies that npm uses, which are not
+necessarily tightly coupled to npm (in the sense that they do not read
+npm&#39;s configuration files, etc.)  Each of these would have to be
+configured to take the name of the <code>node_modules</code> folder as a
+parameter.  Complexity hurdle #2.</p>
+
+<p>Furthermore, npm has the ability to &quot;bundle&quot; dependencies by adding
+the dep names to the <code>&quot;bundledDependencies&quot;</code> list in package.json,
+which causes the folder to be included in the package tarball.  What
+if the author of a module bundles its dependencies, and they use a
+different spelling for <code>node_modules</code>?  npm would have to rename the
+folder at publish time, and then be smart enough to unpack it using
+your locally configured name.  Complexity hurdle #3.</p>
+
+<p>Furthermore, what happens when you <em>change</em> this name?  Fine, it&#39;s
+easy enough the first time, just rename the <code>node_modules</code> folders to
+<code>./blergyblerp/</code> or whatever name you choose.  But what about when you
+change it again?  npm doesn&#39;t currently track any state about past
+configuration settings, so this would be rather difficult to do
+properly.  It would have to track every previous value for this
+config, and always accept any of them, or else yesterday&#39;s install may
+be broken tomorrow.  Complexity hurdle #5.</p>
+
+<p>Never going to happen.  The folder is named <code>node_modules</code>.  It is
+written indelibly in the Node Way, handed down from the ancient times
+of Node 0.3.</p>
+
 <h2 id="Should-I-check-my-node_modules-folder-into-git">Should I check my <code>node_modules</code> folder into git?</h2>
 
 <p>Mikeal Rogers answered this question very well:</p>
@@ -173,9 +219,15 @@ an argument to <code>git checkout</code>.  The default is <code>master</code>.</
 
 <h2 id="How-do-I-install-node-with-npm">How do I install node with npm?</h2>
 
-<p>You don&#39;t.  Try one of these:</p>
+<p>You don&#39;t.  Try one of these node version managers:</p>
 
-<ul><li><a href="https://github.com/isaacs/nave">https://github.com/isaacs/nave</a></li><li><a href="https://github.com/visionmedia/n">https://github.com/visionmedia/n</a></li><li><a href="https://github.com/creationix/nvm">https://github.com/creationix/nvm</a></li></ul>
+<p>Unix:</p>
+
+<ul><li><a href="http://github.com/isaacs/nave">http://github.com/isaacs/nave</a></li><li><a href="http://github.com/visionmedia/n">http://github.com/visionmedia/n</a></li><li><a href="http://github.com/creationix/nvm">http://github.com/creationix/nvm</a></li></ul>
+
+<p>Windows:</p>
+
+<ul><li><a href="http://github.com/marcelklehr/nodist">http://github.com/marcelklehr/nodist</a></li><li><a href="https://github.com/hakobera/nvmw">https://github.com/hakobera/nvmw</a></li></ul>
 
 <h2 id="How-can-I-use-npm-for-development">How can I use npm for development?</h2>
 
@@ -250,7 +302,7 @@ There is not sufficient need to impose namespace rules on everyone.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li></ul>
 </div>
-<p id="footer">faq &mdash; npm@1.2.10</p>
+<p id="footer">faq &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/folders.html

@@ -160,21 +160,21 @@ highest level possible, below the localized &quot;target&quot; folder.</p>
 +-- node_modules
     +-- blerg (1.2.5) &lt;---[A]
     +-- bar (1.2.3) &lt;---[B]
-    |   +-- node_modules
-    |   |   `-- baz (2.0.2) &lt;---[C]
-    |   |       `-- node_modules
-    |   |           `-- quux (3.2.0)
-    |   `-- asdf (2.3.4)
+    |   `-- node_modules
+    |       +-- baz (2.0.2) &lt;---[C]
+    |       |   `-- node_modules
+    |       |       `-- quux (3.2.0)
+    |       `-- asdf (2.3.4)
     `-- baz (1.2.3) &lt;---[D]
         `-- node_modules
             `-- quux (3.2.0) &lt;---[E]</code></pre>
 
-<p>Since foo depends directly on bar@1.2.3 and baz@1.2.3, those are
+<p>Since foo depends directly on <code>bar@1.2.3</code> and <code>baz@1.2.3</code>, those are
 installed in foo&#39;s <code>node_modules</code> folder.</p>
 
 <p>Even though the latest copy of blerg is 1.3.7, foo has a specific
 dependency on version 1.2.5.  So, that gets installed at [A].  Since the
-parent installation of blerg satisfie&#39;s bar&#39;s dependency on blerg@1.x,
+parent installation of blerg satisfies bar&#39;s dependency on <code>blerg@1.x</code>,
 it does not install another copy under [B].</p>
 
 <p>Bar [B] also has dependencies on baz and asdf, so those are installed in
@@ -182,11 +182,11 @@ bar&#39;s <code>node_modules</code> folder.  Because it depends on <code>baz@2.x
 re-use the <code>baz@1.2.3</code> installed in the parent <code>node_modules</code> folder [D],
 and must install its own copy [C].</p>
 
-<p>Underneath bar, the <code>baz-&gt;quux-&gt;bar</code> dependency creates a cycle.
-However, because <code>bar</code> is already in <code>quux</code>&#39;s ancestry [B], it does not
+<p>Underneath bar, the <code>baz -&gt; quux -&gt; bar</code> dependency creates a cycle.
+However, because bar is already in quux&#39;s ancestry [B], it does not
 unpack another copy of bar into that folder.</p>
 
-<p>Underneath <code>foo-&gt;baz</code> [D], quux&#39;s [E] folder tree is empty, because its
+<p>Underneath <code>foo -&gt; baz</code> [D], quux&#39;s [E] folder tree is empty, because its
 dependency on bar is satisfied by the parent folder copy installed at [B].</p>
 
 <p>For a graphical breakdown of what is installed where, use <code>npm ls</code>.</p>
@@ -205,7 +205,7 @@ cannot be found elsewhere.  See <code><a href="../doc/json.html">json(1)</a></co
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li></ul>
 </div>
-<p id="footer">folders &mdash; npm@1.2.10</p>
+<p id="footer">folders &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/global.html

@@ -205,7 +205,7 @@ cannot be found elsewhere.  See <code><a href="../doc/json.html">json(1)</a></co
 
 <ul><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/pack.html">pack(1)</a></li><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li></ul>
 </div>
-<p id="footer">global &mdash; npm@1.2.10</p>
+<p id="footer">global &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/help-search.html

@@ -38,7 +38,7 @@ where the terms were found in the documentation.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/help.html">help(1)</a></li></ul>
 </div>
-<p id="footer">help-search &mdash; npm@1.2.10</p>
+<p id="footer">help-search &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/help.html

@@ -36,7 +36,7 @@ matches are equivalent to specifying a topic name.</p>
 
 <ul><li><a href="../doc/npm.html">npm(1)</a></li><li><a href="../doc/README.html">README</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/help-search.html">help-search(1)</a></li><li><a href="../doc/index.html">index(1)</a></li></ul>
 </div>
-<p id="footer">help &mdash; npm@1.2.10</p>
+<p id="footer">help &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/index.html

@@ -198,6 +198,10 @@
 
 <p> Mark your favorite packages</p>
 
+<h2 id="npm-stars-1"><a href="../doc/stars.html">stars(1)</a></h2>
+
+<p> View packages marked as favorites</p>
+
 <h2 id="npm-start-1"><a href="../doc/start.html">start(1)</a></h2>
 
 <p> Start a package</p>
@@ -396,7 +400,7 @@
 
 <p> Display npm username</p>
 </div>
-<p id="footer">index &mdash; npm@1.2.10</p>
+<p id="footer">index &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/init.html

@@ -29,7 +29,7 @@ without a really good reason to do so.</p>
 
 <ul><li><a href="https://github.com/isaacs/init-package-json">https://github.com/isaacs/init-package-json</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/version.html">version(1)</a></li></ul>
 </div>
-<p id="footer">init &mdash; npm@1.2.10</p>
+<p id="footer">init &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/install.html

@@ -80,6 +80,12 @@ local space in some cases.</p>
 <p>The <code>--no-bin-links</code> argument will prevent npm from creating symlinks for
 any binaries the package might contain.</p>
 
+<p>The <code>--no-shrinkwrap</code> argument, which will ignore an available
+shrinkwrap file and use the package.json instead.</p>
+
+<p>The <code>--nodedir=/path/to/node/source</code> argument will allow npm to find the
+node source code so that npm can compile native modules.</p>
+
 <p>See <code><a href="../doc/config.html">config(1)</a></code>.  Many of the configuration params have some
 effect on installation, since that&#39;s most of what npm does.</p>
 
@@ -136,7 +142,7 @@ affects a real use-case, it will be investigated.</p>
 
 <ul><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/rebuild.html">rebuild(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/tag.html">tag(1)</a></li><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/shrinkwrap.html">shrinkwrap(1)</a></li></ul>
 </div>
-<p id="footer">install &mdash; npm@1.2.10</p>
+<p id="footer">install &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/json.html

@@ -107,6 +107,27 @@ you can specify the value for "bugs" as a simple string instead of an
 
 <p>If a url is provided, it will be used by the <code>npm bugs</code> command.</p>
 
+<h2 id="license">license</h2>
+
+<p>You should specify a license for your package so that people know how they are
+permitted to use it, and any restrictions you&#39;re placing on it.</p>
+
+<p>The simplest way, assuming you&#39;re using a common license such as BSD or MIT, is
+to just specify the name of the license you&#39;re using, like this:</p>
+
+<pre><code>{ &quot;license&quot; : &quot;BSD&quot; }</code></pre>
+
+<p>If you have more complex licensing terms, or you want to provide more detail
+in your package.json file, you can use the more verbose plural form, like this:</p>
+
+<pre><code>&quot;licenses&quot; : [
+  { &quot;type&quot; : &quot;MyLicense&quot;
+  , &quot;url&quot; : &quot;http://github.com/owner/project/path/to/license&quot;
+  }
+]</code></pre>
+
+<p>It&#39;s also a good idea to include a license file at the top level in your package.</p>
+
 <h2 id="people-fields-author-contributors">people fields: author, contributors</h2>
 
 <p>The &quot;author&quot; is one person.  &quot;contributors&quot; is an array of people.  A &quot;person&quot;
@@ -384,9 +405,9 @@ the external test or documentation framework that you use.</p>
 <code>devDependencies</code> hash.</p>
 
 <p>These things will be installed whenever the <code>--dev</code> configuration flag
-is set.  This flag is set automatically when doing <code>npm link</code>, and can
-be managed like any other npm configuration param.  See <code><a href="../doc/config.html">config(1)</a></code>
-for more on the topic.</p>
+is set.  This flag is set automatically when doing <code>npm link</code> or when doing
+<code>npm install</code> from the root of a package, and can be managed like any other npm
+configuration param.  See <code><a href="../doc/config.html">config(1)</a></code> for more on the topic.</p>
 
 <h2 id="bundledDependencies">bundledDependencies</h2>
 
@@ -525,7 +546,7 @@ overridden.</p>
 
 <ul><li><a href="../doc/semver.html">semver(1)</a></li><li><a href="../doc/init.html">init(1)</a></li><li><a href="../doc/version.html">version(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/rm.html">rm(1)</a></li></ul>
 </div>
-<p id="footer">json &mdash; npm@1.2.10</p>
+<p id="footer">json &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/link.html

@@ -23,6 +23,9 @@ symbolic link from <code>prefix/package-name</code> to the current folder.</p>
 <p>Next, in some other location, <code>npm link package-name</code> will create a
 symlink from the local <code>node_modules</code> folder to the global symlink.</p>
 
+<p>Note that <code>package-name</code> is taken from <code>package.json</code> ,
+not from directory name.</p>
+
 <p>When creating tarballs for <code>npm publish</code>, the linked packages are
 &quot;snapshotted&quot; to their current state by resolving the symbolic links.</p>
 
@@ -58,7 +61,7 @@ installation target into your project&#39;s <code>node_modules</code> folder.</p
 
 <ul><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">link &mdash; npm@1.2.10</p>
+<p id="footer">link &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/ls.html

@@ -25,7 +25,7 @@ limit the results to only the paths to the packages named.  Note that
 nested packages will <em>also</em> show the paths to the specified packages.
 For example, running <code>npm ls promzard</code> in npm&#39;s source tree will show:</p>
 
-<pre><code>npm@1.2.10 /path/to/npm
+<pre><code>npm@1.2.30 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5</code></pre>
 
@@ -64,7 +64,7 @@ project.</p>
 
 <ul><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/link.html">link(1)</a></li><li><a href="../doc/prune.html">prune(1)</a></li><li><a href="../doc/outdated.html">outdated(1)</a></li><li><a href="../doc/update.html">update(1)</a></li></ul>
 </div>
-<p id="footer">ls &mdash; npm@1.2.10</p>
+<p id="footer">ls &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/npm.html

@@ -14,7 +14,7 @@
 
 <h2 id="VERSION">VERSION</h2>
 
-<p>1.2.10</p>
+<p>1.2.30</p>
 
 <h2 id="DESCRIPTION">DESCRIPTION</h2>
 
@@ -135,7 +135,7 @@ will no doubt tell you to put the output in a gist or email.</p>
 
 <ul><li><a href="../doc/help.html">help(1)</a></li><li><a href="../doc/faq.html">faq(1)</a></li><li><a href="../doc/README.html">README</a></li><li><a href="../doc/json.html">json(1)</a></li><li><a href="../doc/install.html">install(1)</a></li><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/index.html">index(1)</a></li><li><a href="../api/npm.html">npm(3)</a></li></ul>
 </div>
-<p id="footer">npm &mdash; npm@1.2.10</p>
+<p id="footer">npm &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/outdated.html

@@ -21,7 +21,7 @@ packages are currently outdated.</p>
 
 <ul><li><a href="../doc/update.html">update(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li></ul>
 </div>
-<p id="footer">outdated &mdash; npm@1.2.10</p>
+<p id="footer">outdated &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/owner.html

@@ -34,7 +34,7 @@ that is not implemented at this time.</p>
 
 <ul><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/disputes.html">disputes(1)</a></li></ul>
 </div>
-<p id="footer">owner &mdash; npm@1.2.10</p>
+<p id="footer">owner &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/pack.html

@@ -29,7 +29,7 @@ overwritten the second time.</p>
 
 <ul><li><a href="../doc/cache.html">cache(1)</a></li><li><a href="../doc/publish.html">publish(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">pack &mdash; npm@1.2.10</p>
+<p id="footer">pack &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/prefix.html

@@ -20,7 +20,7 @@
 
 <ul><li><a href="../doc/root.html">root(1)</a></li><li><a href="../doc/bin.html">bin(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/config.html">config(1)</a></li></ul>
 </div>
-<p id="footer">prefix &mdash; npm@1.2.10</p>
+<p id="footer">prefix &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/prune.html

@@ -25,7 +25,7 @@ package&#39;s dependencies list.</p>
 
 <ul><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/folders.html">folders(1)</a></li><li><a href="../doc/list.html">list(1)</a></li></ul>
 </div>
-<p id="footer">prune &mdash; npm@1.2.10</p>
+<p id="footer">prune &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/publish.html

@@ -29,7 +29,7 @@ the registry.  Overwrites when the &quot;--force&quot; flag is set.</p>
 
 <ul><li><a href="../doc/registry.html">registry(1)</a></li><li><a href="../doc/adduser.html">adduser(1)</a></li><li><a href="../doc/owner.html">owner(1)</a></li><li><a href="../doc/deprecate.html">deprecate(1)</a></li><li><a href="../doc/tag.html">tag(1)</a></li></ul>
 </div>
-<p id="footer">publish &mdash; npm@1.2.10</p>
+<p id="footer">publish &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/rebuild.html

@@ -25,7 +25,7 @@ the new binary.</p>
 
 <ul><li><a href="../doc/build.html">build(1)</a></li><li><a href="../doc/install.html">install(1)</a></li></ul>
 </div>
-<p id="footer">rebuild &mdash; npm@1.2.10</p>
+<p id="footer">rebuild &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/registry.html

@@ -95,7 +95,7 @@ ask for help on the <a href="mailto:npm-@googlegroups.com">npm-@googlegroups.com
 
 <ul><li><a href="../doc/config.html">config(1)</a></li><li><a href="../doc/developers.html">developers(1)</a></li><li><a href="../doc/disputes.html">disputes(1)</a></li></ul>
 </div>
-<p id="footer">registry &mdash; npm@1.2.10</p>
+<p id="footer">registry &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/removing-npm.html

@@ -58,7 +58,7 @@ modules.  To track those down, you can do the following:</p>
 
 <ul><li><a href="../doc/README.html">README</a></li><li><a href="../doc/rm.html">rm(1)</a></li><li><a href="../doc/prune.html">prune(1)</a></li></ul>
 </div>
-<p id="footer">removing-npm &mdash; npm@1.2.10</p>
+<p id="footer">removing-npm &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")

deps/npm/html/doc/restart.html

@@ -24,7 +24,7 @@ the &quot;start&quot; script.</p>
 
 <ul><li><a href="../doc/run-script.html">run-script(1)</a></li><li><a href="../doc/scripts.html">scripts(1)</a></li><li><a href="../doc/test.html">test(1)</a></li><li><a href="../doc/start.html">start(1)</a></li><li><a href="../doc/stop.html">stop(1)</a></li></ul>
 </div>
-<p id="footer">restart &mdash; npm@1.2.10</p>
+<p id="footer">restart &mdash; npm@1.2.30</p>
 <script>
 ;(function () {
 var wrapper = document.getElementById("wrapper")