npm: Upgrade to 1.3.19

12 files changed, 291 insertions, 71 deletions

diff --git a/deps/npm/node_modules/npm-registry-client/README.md b/deps/npm/node_modules/npm-registry-client/README.md
index 534c40721..6cef754df 100644
--- a/deps/npm/node_modules/npm-registry-client/README.md
+++ b/deps/npm/node_modules/npm-registry-client/README.md
@@ -34,6 +34,9 @@ also be accepted.
 * `tag` {String} The default tag to use when publishing new packages.
   Default = `"latest"`
 * `ca` {String} Cerficate signing authority certificates to trust.
+* `cert` {String} Client certificate (PEM encoded). Enable access
+  to servers that require client certificates
+* `key` {String} Private key (PEM encoded) for client certificate 'cert'
 * `strict-ssl` {Boolean} Whether or not to be strict with SSL
   certificates.  Default = `true`
 * `user-agent` {String} User agent header to send.  Default =
@@ -82,6 +85,22 @@ around this. one.
 
 Add a user account to the registry, or verify the credentials.
 
+# client.deprecate(name, version, message, cb)
+
+* `name` {String} The package name
+* `version` {String} Semver version range
+* `message` {String} The message to use as a deprecation warning
+* `cb` {Function}
+
+Deprecate a version of a package in the registry.
+
+# client.bugs(name, cb)
+
+* `name` {String} the name of the package
+* `cb` {Function}
+
+Get the url for bugs of a package
+
 # client.get(url, [timeout], [nofollow], [staleOk], cb)
 
 * `url` {String} The url path to fetch
diff --git a/deps/npm/node_modules/npm-registry-client/index.js b/deps/npm/node_modules/npm-registry-client/index.js
index c2d50b6c0..2a28bd5e7 100644
--- a/deps/npm/node_modules/npm-registry-client/index.js
+++ b/deps/npm/node_modules/npm-registry-client/index.js
@@ -1,4 +1,3 @@
-
 // utilities for working with the js-registry site.
 
 module.exports = RegClient
@@ -60,6 +59,8 @@ function RegClient (conf) {
     this.couchLogin.proxy = this.conf.get('proxy')
     this.couchLogin.strictSSL = this.conf.get('strict-ssl')
     this.couchLogin.ca = this.conf.get('ca')
+    this.couchLogin.cert = this.conf.get('cert')
+    this.couchLogin.key = this.conf.get('key')
   }
 
   this.log = conf.log || conf.get('log') || npmlog
diff --git a/deps/npm/node_modules/npm-registry-client/lib/adduser.js b/deps/npm/node_modules/npm-registry-client/lib/adduser.js
index 7106e444d..4ed8e60dd 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/adduser.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/adduser.js
@@ -87,7 +87,7 @@ function adduser (username, password, email, cb) {
                 return cb(er, data, json, response)
               }
               Object.keys(data).forEach(function (k) {
-                if (!userobj[k]) {
+                if (!userobj[k] || k === 'roles') {
                   userobj[k] = data[k]
                 }
               })
diff --git a/deps/npm/node_modules/npm-registry-client/lib/bugs.js b/deps/npm/node_modules/npm-registry-client/lib/bugs.js
new file mode 100644
index 000000000..a04701316
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/bugs.js
@@ -0,0 +1,9 @@
+
+module.exports = bugs
+
+function bugs (name, cb) {
+  this.get(name + "/latest", 3600, function (er, d) {
+    if (er) return cb(er)
+    cb(null, d.bugs)
+  })
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/deprecate.js b/deps/npm/node_modules/npm-registry-client/lib/deprecate.js
new file mode 100644
index 000000000..221e8adf4
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/lib/deprecate.js
@@ -0,0 +1,28 @@
+
+module.exports = deprecate
+
+var semver = require("semver")
+
+function deprecate (name, ver, message, cb) {
+  if (!this.conf.get('username')) {
+    return cb(new Error("Must be logged in to deprecate a package"))
+  }
+
+  if (semver.validRange(ver) === null) {
+    return cb(new Error("invalid version range: "+ver))
+  }
+
+  var users = {}
+
+  this.get(name, function (er, data) {
+    if (er) return cb(er)
+    // filter all the versions that match
+    Object.keys(data.versions).filter(function (v) {
+      return semver.satisfies(v, ver)
+    }).forEach(function (v) {
+      data.versions[v].deprecated = message
+    })
+    // now update the doc on the registry
+    this.request('PUT', data._id, data, cb)
+  }.bind(this))
+}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/publish.js b/deps/npm/node_modules/npm-registry-client/lib/publish.js
index d6a7496f1..9404a129d 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/publish.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/publish.js
@@ -3,9 +3,11 @@ module.exports = publish
 
 var path = require("path")
   , url = require("url")
+  , semver = require("semver")
+  , crypto = require("crypto")
+  , fs = require("fs")
 
 function publish (data, tarball, cb) {
-
   var email = this.conf.get('email')
   var auth = this.conf.get('_auth')
   var username = this.conf.get('username')
@@ -16,14 +18,30 @@ function publish (data, tarball, cb) {
     return cb(er)
   }
 
-  // add the dist-url to the data, pointing at the tarball.
-  // if the {name} isn't there, then create it.
-  // if the {version} is already there, then fail.
-  // then:
-  // PUT the data to {config.registry}/{data.name}/{data.version}
-  var registry = this.conf.get('registry')
+  if (data.name !== encodeURIComponent(data.name).toLowerCase())
+    return cb(new Error('invalid name: must be lowercase and url-safe'))
+
+  var ver = semver.clean(data.version)
+  if (!ver)
+    return cb(new Error('invalid semver: ' + data.version))
+  data.version = ver
+
+  var self = this
+  fs.stat(tarball, function(er, s) {
+    if (er) return cb(er)
+    fs.readFile(tarball, 'base64', function(er, tardata) {
+      if (er) return cb(er)
+      putFirst.call(self, data, tardata, s, username, email, cb)
+    })
+  })
+}
 
-  var fullData =
+function putFirst (data, tardata, stat, username, email, cb) {
+  // optimistically try to PUT all in one single atomic thing.
+  // If 409, then GET and merge, try again.
+  // If other error, then fail.
+
+  var root =
     { _id : data.name
     , name : data.name
     , description : data.description
@@ -37,76 +55,93 @@ function publish (data, tarball, cb) {
       ]
     }
 
+  root.versions[ data.version ] = data
+  var tag = data.tag || this.conf.get('tag') || "latest"
+  root["dist-tags"][tag] = data.version
+
+  var registry = this.conf.get('registry')
   var tbName = data.name + "-" + data.version + ".tgz"
     , tbURI = data.name + "/-/" + tbName
 
   data._id = data.name+"@"+data.version
   data.dist = data.dist || {}
+  data.dist.shasum = crypto.createHash("sha1").update(tardata).digest("hex")
   data.dist.tarball = url.resolve(registry, tbURI)
                          .replace(/^https:\/\//, "http://")
 
-
-  // first try to just PUT the whole fullData, and this will fail if it's
-  // already there, because it'll be lacking a _rev, so couch'll bounce it.
-  this.request("PUT", encodeURIComponent(data.name), fullData,
-      function (er, parsed, json, response) {
-    // get the rev and then upload the attachment
-    // a 409 is expected here, if this is a new version of an existing package.
-    if (er
-        && !(response && response.statusCode === 409)
-        && !( parsed
-            && parsed.reason ===
-              "must supply latest _rev to update existing package" )) {
-      this.log.error("publish", "Failed PUT response "
-                    +(response && response.statusCode))
+  root._attachments = {}
+  root._attachments[ tbName ] = {
+    content_type: 'application/octet-stream',
+    data: tardata,
+    length: stat.size
+  };
+
+  this.request("PUT", data.name, root, function (er, parsed, json, res) {
+    var r409 = "must supply latest _rev to update existing package"
+    var r409b = "Document update conflict."
+    var conflict = res && res.statusCode === 409
+    if (parsed && (parsed.reason === r409 || parsed.reason === r409b))
+      conflict = true
+
+    // a 409 is typical here.  GET the data and merge in.
+    if (er && !conflict) {
+      this.log.error("publish", "Failed PUT "
+                    +(res && res.statusCode))
       return cb(er)
     }
-    var dataURI = encodeURIComponent(data.name)
-                + "/" + encodeURIComponent(data.version)
 
-    var tag = data.tag || this.conf.get('tag') || "latest"
-    dataURI += "/-tag/" + tag
+    if (!er && !conflict)
+      return cb(er, parsed, json, res)
 
     // let's see what versions are already published.
-    // could be that we just need to update the bin dist values.
-    this.request("GET", data.name, function (er, fullData) {
-      if (er) return cb(er)
-
-      function handle(er) {
-        if (er.message.indexOf("conflict Document update conflict.") === 0) {
-          return cb(conflictError.call(this, data._id));
-        }
-        this.log.error("publish", "Error uploading package");
+    this.request("GET", data.name, function (er, current) {
+      if (er)
         return cb(er)
-      }
-
-      var exists = fullData.versions && fullData.versions[data.version]
-      if (exists) return cb(conflictError.call(this, data._id))
-
-      var rev = fullData._rev;
-      attach.call(this, data.name, tarball, tbName, rev, function (er) {
-        if (er) return handle.call(this, er)
-        this.log.verbose("publish", "attached", [data.name, tarball, tbName])
-        this.request("PUT", dataURI, data, function (er) {
-          if (er) return handle.call(this, er)
-          return cb(er)
-        }.bind(this))
-      }.bind(this))
+      putNext.call(this, data.version, root, current, cb)
     }.bind(this))
-  }.bind(this)) // pining for fat arrows.
+  }.bind(this))
+}
+
+function putNext(newVersion, root, current, cb) {
+  // already have the tardata on the root object
+  // just merge in existing stuff
+  // if the version already exists, and not a --force, then raise error
+  var force = this.conf.get('force')
+  var curVers = Object.keys(current.versions || {}).map(function (v) {
+    return semver.clean(v, true)
+  })
+
+  if (!force && curVers.indexOf(newVersion) !== -1) {
+    return cb(conflictError(root.name))
+  }
+
+  current.versions[newVersion] = root.versions[newVersion]
+  for (var i in root) {
+    switch (i) {
+      // objects that copy over the new stuffs
+      case 'dist-tags':
+      case 'versions':
+      case '_attachments':
+        for (var j in root[i])
+          current[i][j] = root[i][j]
+        break
+
+      // ignore these
+      case 'maintainers':
+        break;
+
+      // copy
+      default:
+        current[i] = root[i]
+    }
+  }
+
+  this.request("PUT", root.name, current, cb)
 }
 
 function conflictError (pkgid) {
-  var e = new Error("publish fail")
+  var e = new Error("cannot modify existing version")
   e.code = "EPUBLISHCONFLICT"
   e.pkgid = pkgid
   return e
 }
-
-function attach (doc, file, filename, rev, cb) {
-  doc = encodeURIComponent(doc)
-  var revu = "-rev/"+rev
-    , attURI = doc + "/-/" + encodeURIComponent(filename) + "/" + revu
-  this.log.verbose("uploading", [attURI, file])
-  this.upload(attURI, file, cb)
-}
diff --git a/deps/npm/node_modules/npm-registry-client/lib/request.js b/deps/npm/node_modules/npm-registry-client/lib/request.js
index d1a86bbbc..6812e5ca5 100644
--- a/deps/npm/node_modules/npm-registry-client/lib/request.js
+++ b/deps/npm/node_modules/npm-registry-client/lib/request.js
@@ -163,6 +163,9 @@ function makeRequest (method, remote, where, what, etag, nofollow, tok, cb_) {
   var opts = { url: remote
              , method: method
              , ca: this.conf.get('ca')
+             , localAddress: this.conf.get('local-address')
+             , cert: this.conf.get('cert')
+             , key: this.conf.get('key')
              , strictSSL: strict }
     , headers = opts.headers = {}
   if (etag) {
diff --git a/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json b/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
index 0df26c0e8..b287d0286 100644
--- a/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
+++ b/deps/npm/node_modules/npm-registry-client/node_modules/couch-login/package.json
@@ -28,9 +28,5 @@
   },
   "homepage": "https://github.com/isaacs/couch-login",
   "_id": "couch-login@0.1.19",
-  "dist": {
-    "shasum": "5c472f64670dfb43fc381d290629b223edb64afa"
-  },
-  "_from": "couch-login@~0.1.18",
-  "_resolved": "https://registry.npmjs.org/couch-login/-/couch-login-0.1.19.tgz"
+  "_from": "couch-login@~0.1.18"
 }
diff --git a/deps/npm/node_modules/npm-registry-client/package.json b/deps/npm/node_modules/npm-registry-client/package.json
index 540a59ad3..fb5567bc1 100644
--- a/deps/npm/node_modules/npm-registry-client/package.json
+++ b/deps/npm/node_modules/npm-registry-client/package.json
@@ -6,7 +6,7 @@
   },
   "name": "npm-registry-client",
   "description": "Client for the npm registry",
-  "version": "0.2.30",
+  "version": "0.3.0",
   "repository": {
     "url": "git://github.com/isaacs/npm-registry-client"
   },
@@ -33,12 +33,12 @@
     "npmlog": ""
   },
   "license": "BSD",
-  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\n\nclient.get(\"npm\", \"latest\", 1000, function (er, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Configuration\n\nThis program is designed to work with\n[npmconf](https://npmjs.org/package/npmconf), but you can also pass in\na plain-jane object with the appropriate configs, and it'll shim it\nfor you.  Any configuration thingie that has get/set/del methods will\nalso be accepted.\n\n* `registry` **Required** {String} URL to the registry\n* `cache` **Required** {String} Path to the cache folder\n* `always-auth` {Boolean} Auth even for GET requests.\n* `auth` {String} A base64-encoded `username:password`\n* `email` {String} User's email address\n* `tag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `ca` {String} Cerficate signing authority certificates to trust.\n* `strict-ssl` {Boolean} Whether or not to be strict with SSL\n  certificates.  Default = `true`\n* `user-agent` {String} User agent header to send.  Default =\n  `\"node/{process.version} {process.platform} {process.arch}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `fetch-retries` {Number} Number of times to retry on GET failures.\n  Default=2\n* `fetch-retry-factor` {Number} `factor` setting for `node-retry`. Default=10\n* `fetch-retry-mintimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default=10000 (10 seconds)\n* `fetch-retry-maxtimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default=60000 (60 seconds)\n* `proxy` {URL} The url to proxy requests through.\n* `https-proxy` {URL} The url to proxy https requests through.\n  Defaults to be the same as `proxy` if unset.\n* `_auth` {String} The base64-encoded authorization header.\n* `username` `_password` {String} Username/password to use to generate\n  `_auth` if not supplied.\n* `_token` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login)\n\n# client.request(method, where, [what], [etag], [nofollow], cb)\n\n* `method` {String} HTTP method\n* `where` {String} Path to request on the server\n* `what` {Stream | Buffer | String | Object} The request body.  Objects\n  that are not Buffers or Streams are encoded as JSON.\n* `etag` {String} The cached ETag\n* `nofollow` {Boolean} Prevent following 302/301 responses\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a request to the registry.  All the other methods are wrappers\naround this. one.\n\n# client.adduser(username, password, email, cb)\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `cb` {Function}\n\nAdd a user account to the registry, or verify the credentials.\n\n# client.get(url, [timeout], [nofollow], [staleOk], cb)\n\n* `url` {String} The url path to fetch\n* `timeout` {Number} Number of seconds old that a cached copy must be\n  before a new request will be made.\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `staleOk` {Boolean} If there's cached data available, then return that\n  to the callback quickly, and update the cache the background.\n\nFetches data from the registry via a GET request, saving it in\nthe cache folder with the ETag.\n\n# client.publish(data, tarball, [readme], cb)\n\n* `data` {Object} Package data\n* `tarball` {String | Stream} Filename or stream of the package tarball\n* `readme` {String} Contents of the README markdown file\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.  However, it\ncan accept a gzipped tar stream or a filename to a tarball.\n\n# client.star(package, starred, cb)\n\n* `package` {String} Name of the package to star\n* `starred` {Boolean} True to star the package, false to unstar it.\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or\nunstar a package, though other writes do require that the user be the\npackage owner.\n\n# client.stars(username, cb)\n\n* `username` {String} Name of user to fetch starred packages for.\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n# client.tag(project, version, tag, cb)\n\n* `project` {String} Project name\n* `version` {String} Version to tag\n* `tag` {String} Tag name to apply\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag`\nwill fetch the specified version.\n\n# client.unpublish(name, [ver], cb)\n\n* `name` {String} package name\n* `ver` {String} version to unpublish. Leave blank to unpublish all\n  versions.\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When\nthe last version us unpublished, the entire document is removed from the\ndatabase.\n\n# client.upload(where, file, [etag], [nofollow], cb)\n\n* `where` {String} URL path to upload to\n* `file` {String | Stream} Either the filename or a readable stream\n* `etag` {String} Cache ETag\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `cb` {Function}\n\nUpload an attachment.  Mostly used by `client.publish()`.\n",
+  "readme": "# npm-registry-client\n\nThe code that npm uses to talk to the registry.\n\nIt handles all the caching and HTTP calls.\n\n## Usage\n\n```javascript\nvar RegClient = require('npm-registry-client')\nvar client = new RegClient(config)\n\nclient.get(\"npm\", \"latest\", 1000, function (er, data, raw, res) {\n  // error is an error if there was a problem.\n  // data is the parsed data object\n  // raw is the json string\n  // res is the response from couch\n})\n```\n\n# Configuration\n\nThis program is designed to work with\n[npmconf](https://npmjs.org/package/npmconf), but you can also pass in\na plain-jane object with the appropriate configs, and it'll shim it\nfor you.  Any configuration thingie that has get/set/del methods will\nalso be accepted.\n\n* `registry` **Required** {String} URL to the registry\n* `cache` **Required** {String} Path to the cache folder\n* `always-auth` {Boolean} Auth even for GET requests.\n* `auth` {String} A base64-encoded `username:password`\n* `email` {String} User's email address\n* `tag` {String} The default tag to use when publishing new packages.\n  Default = `\"latest\"`\n* `ca` {String} Cerficate signing authority certificates to trust.\n* `cert` {String} Client certificate (PEM encoded). Enable access\n  to servers that require client certificates\n* `key` {String} Private key (PEM encoded) for client certificate 'cert'\n* `strict-ssl` {Boolean} Whether or not to be strict with SSL\n  certificates.  Default = `true`\n* `user-agent` {String} User agent header to send.  Default =\n  `\"node/{process.version} {process.platform} {process.arch}\"`\n* `log` {Object} The logger to use.  Defaults to `require(\"npmlog\")` if\n  that works, otherwise logs are disabled.\n* `fetch-retries` {Number} Number of times to retry on GET failures.\n  Default=2\n* `fetch-retry-factor` {Number} `factor` setting for `node-retry`. Default=10\n* `fetch-retry-mintimeout` {Number} `minTimeout` setting for `node-retry`.\n  Default=10000 (10 seconds)\n* `fetch-retry-maxtimeout` {Number} `maxTimeout` setting for `node-retry`.\n  Default=60000 (60 seconds)\n* `proxy` {URL} The url to proxy requests through.\n* `https-proxy` {URL} The url to proxy https requests through.\n  Defaults to be the same as `proxy` if unset.\n* `_auth` {String} The base64-encoded authorization header.\n* `username` `_password` {String} Username/password to use to generate\n  `_auth` if not supplied.\n* `_token` {Object} A token for use with\n  [couch-login](https://npmjs.org/package/couch-login)\n\n# client.request(method, where, [what], [etag], [nofollow], cb)\n\n* `method` {String} HTTP method\n* `where` {String} Path to request on the server\n* `what` {Stream | Buffer | String | Object} The request body.  Objects\n  that are not Buffers or Streams are encoded as JSON.\n* `etag` {String} The cached ETag\n* `nofollow` {Boolean} Prevent following 302/301 responses\n* `cb` {Function}\n  * `error` {Error | null}\n  * `data` {Object} the parsed data object\n  * `raw` {String} the json\n  * `res` {Response Object} response from couch\n\nMake a request to the registry.  All the other methods are wrappers\naround this. one.\n\n# client.adduser(username, password, email, cb)\n\n* `username` {String}\n* `password` {String}\n* `email` {String}\n* `cb` {Function}\n\nAdd a user account to the registry, or verify the credentials.\n\n# client.deprecate(name, version, message, cb)\n\n* `name` {String} The package name\n* `version` {String} Semver version range\n* `message` {String} The message to use as a deprecation warning\n* `cb` {Function}\n\nDeprecate a version of a package in the registry.\n\n# client.bugs(name, cb)\n\n* `name` {String} the name of the package\n* `cb` {Function}\n\nGet the url for bugs of a package\n\n# client.get(url, [timeout], [nofollow], [staleOk], cb)\n\n* `url` {String} The url path to fetch\n* `timeout` {Number} Number of seconds old that a cached copy must be\n  before a new request will be made.\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `staleOk` {Boolean} If there's cached data available, then return that\n  to the callback quickly, and update the cache the background.\n\nFetches data from the registry via a GET request, saving it in\nthe cache folder with the ETag.\n\n# client.publish(data, tarball, [readme], cb)\n\n* `data` {Object} Package data\n* `tarball` {String | Stream} Filename or stream of the package tarball\n* `readme` {String} Contents of the README markdown file\n* `cb` {Function}\n\nPublish a package to the registry.\n\nNote that this does not create the tarball from a folder.  However, it\ncan accept a gzipped tar stream or a filename to a tarball.\n\n# client.star(package, starred, cb)\n\n* `package` {String} Name of the package to star\n* `starred` {Boolean} True to star the package, false to unstar it.\n* `cb` {Function}\n\nStar or unstar a package.\n\nNote that the user does not have to be the package owner to star or\nunstar a package, though other writes do require that the user be the\npackage owner.\n\n# client.stars(username, cb)\n\n* `username` {String} Name of user to fetch starred packages for.\n* `cb` {Function}\n\nView your own or another user's starred packages.\n\n# client.tag(project, version, tag, cb)\n\n* `project` {String} Project name\n* `version` {String} Version to tag\n* `tag` {String} Tag name to apply\n* `cb` {Function}\n\nMark a version in the `dist-tags` hash, so that `pkg@tag`\nwill fetch the specified version.\n\n# client.unpublish(name, [ver], cb)\n\n* `name` {String} package name\n* `ver` {String} version to unpublish. Leave blank to unpublish all\n  versions.\n* `cb` {Function}\n\nRemove a version of a package (or all versions) from the registry.  When\nthe last version us unpublished, the entire document is removed from the\ndatabase.\n\n# client.upload(where, file, [etag], [nofollow], cb)\n\n* `where` {String} URL path to upload to\n* `file` {String | Stream} Either the filename or a readable stream\n* `etag` {String} Cache ETag\n* `nofollow` {Boolean} Do not follow 301/302 responses\n* `cb` {Function}\n\nUpload an attachment.  Mostly used by `client.publish()`.\n",
   "readmeFilename": "README.md",
   "bugs": {
     "url": "https://github.com/isaacs/npm-registry-client/issues"
   },
   "homepage": "https://github.com/isaacs/npm-registry-client",
-  "_id": "npm-registry-client@0.2.30",
+  "_id": "npm-registry-client@0.3.0",
   "_from": "npm-registry-client@latest"
 }
diff --git a/deps/npm/node_modules/npm-registry-client/test/fixtures/server.js b/deps/npm/node_modules/npm-registry-client/test/fixtures/server.js
index 468a89e5b..80bbf4803 100644
--- a/deps/npm/node_modules/npm-registry-client/test/fixtures/server.js
+++ b/deps/npm/node_modules/npm-registry-client/test/fixtures/server.js
@@ -17,10 +17,10 @@ function handler (req, res) {
   , mu = req.method + ' ' + req.url
 
   var k = server._expect[mu] ? mu : server._expect[u] ? u : null
-  if (!k) throw Error('unexpected request', req.method, req.url)
+  if (!k) throw Error('unexpected request: ' + req.method + ' ' + req.url)
 
   var fn = server._expect[k].shift()
-  if (!fn) throw Error('unexpected request', req.method, req.url)
+  if (!fn) throw Error('unexpected request' + req.method + ' ' + req.url)
 
 
   var remain = (Object.keys(server._expect).reduce(function (s, k) {
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish-again.js b/deps/npm/node_modules/npm-registry-client/test/publish-again.js
new file mode 100644
index 000000000..0170a6f3a
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/publish-again.js
@@ -0,0 +1,81 @@
+var tap = require('tap')
+var server = require('./fixtures/server.js')
+var RC = require('../')
+var client = new RC(
+  { cache: __dirname + '/fixtures/cache'
+  , registry: 'http://localhost:' + server.port
+  , username: "username"
+  , password: "password"
+  , email: "i@izs.me"
+  , _auth: new Buffer("username:password").toString('base64')
+  , "always-auth": true
+  })
+
+var fs = require("fs")
+
+tap.test("publish again", function (t) {
+  var lastTime = null
+  server.expect("/npm-registry-client", function (req, res) {
+    t.equal(req.method, "PUT")
+    var b = ""
+    req.setEncoding('utf8')
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      var o = lastTime = JSON.parse(b)
+      t.equal(o._id, "npm-registry-client")
+      t.equal(o["dist-tags"].latest, pkg.version)
+      t.has(o.versions[pkg.version], pkg)
+      t.same(o.maintainers, [ { name: 'username', email: 'i@izs.me' } ])
+      var att = o._attachments[ pkg.name + '-' + pkg.version + '.tgz' ]
+      t.same(att.data, pd)
+      res.statusCode = 409
+      res.json({reason: "must supply latest _rev to update existing package"})
+    })
+  })
+
+  server.expect("/npm-registry-client", function (req, res) {
+    t.equal(req.method, "GET")
+    t.ok(lastTime)
+    for (var i in lastTime.versions) {
+      var v = lastTime.versions[i]
+      delete lastTime.versions[i]
+      lastTime.versions["0.0.2"] = v
+      lastTime["dist-tags"] = { latest: "0.0.2" }
+    }
+    lastTime._rev = "asdf"
+    res.json(lastTime)
+  })
+
+  server.expect("/npm-registry-client", function (req, res) {
+    t.equal(req.method, "PUT")
+    t.ok(lastTime)
+
+    var b = ""
+    req.setEncoding('utf8')
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function() {
+      var o = JSON.parse(b)
+      t.equal(o._rev, "asdf")
+      t.deepEqual(o.versions["0.0.2"], o.versions[pkg.version])
+      res.statusCode = 201
+      res.json({created: true})
+    })
+  })
+
+
+  // not really a tarball, but doesn't matter
+  var tarball = require.resolve('../package.json')
+  var pd = fs.readFileSync(tarball, 'base64')
+  var pkg = require('../package.json')
+  client.publish(pkg, tarball, function (er, data, raw, res) {
+    if (er) throw er
+    t.deepEqual(data, { created: true })
+    t.end()
+  })
+})
diff --git a/deps/npm/node_modules/npm-registry-client/test/publish.js b/deps/npm/node_modules/npm-registry-client/test/publish.js
new file mode 100644
index 000000000..04dac51d1
--- /dev/null
+++ b/deps/npm/node_modules/npm-registry-client/test/publish.js
@@ -0,0 +1,48 @@
+var tap = require('tap')
+var server = require('./fixtures/server.js')
+var RC = require('../')
+var client = new RC(
+  { cache: __dirname + '/fixtures/cache'
+  , registry: 'http://localhost:' + server.port
+  , username: "username"
+  , password: "password"
+  , email: "i@izs.me"
+  , _auth: new Buffer("username:password").toString('base64')
+  , "always-auth": true
+  })
+
+var fs = require("fs")
+
+tap.test("publish", function (t) {
+  server.expect("/npm-registry-client", function (req, res) {
+    t.equal(req.method, "PUT")
+    var b = ""
+    req.setEncoding('utf8')
+    req.on("data", function (d) {
+      b += d
+    })
+
+    req.on("end", function () {
+      var o = JSON.parse(b)
+      console.error('PUT req', o)
+      t.equal(o._id, "npm-registry-client")
+      t.equal(o["dist-tags"].latest, pkg.version)
+      t.has(o.versions[pkg.version], pkg)
+      t.same(o.maintainers, [ { name: 'username', email: 'i@izs.me' } ])
+      var att = o._attachments[ pkg.name + '-' + pkg.version + '.tgz' ]
+      t.same(att.data, pd)
+      res.statusCode = 201
+      res.json({created:true})
+    })
+  })
+
+  // not really a tarball, but doesn't matter
+  var tarball = require.resolve('../package.json')
+  var pd = fs.readFileSync(tarball, 'base64')
+  var pkg = require('../package.json')
+  client.publish(pkg, tarball, function (er, data, raw, res) {
+    if (er) throw er
+    t.deepEqual(data, { created: true })
+    t.end()
+  })
+})