1 files changed, 556 insertions, 0 deletions
diff --git a/deps/node/deps/npm/node_modules/npm-profile/README.md b/deps/node/deps/npm/node_modules/npm-profile/README.md
new file mode 100644
index 00000000..7a80a729
--- /dev/null
+++ b/deps/node/deps/npm/node_modules/npm-profile/README.md
@@ -0,0 +1,556 @@
+# npm-profile
+
+Provides functions for fetching and updating an npmjs.com profile.
+
+```js
+const profile = require('npm-profile')
+const result = await profile.get(registry, {token})
+//...
+```
+
+The API that this implements is documented here:
+
+* [authentication](https://github.com/npm/registry/blob/master/docs/user/authentication.md)
+* [profile editing](https://github.com/npm/registry/blob/master/docs/user/profile.md) (and two-factor authentication)
+
+## Table of Contents
+
+* [API](#api)
+  * Login and Account Creation
+    * [`adduser()`](#adduser)
+    * [`login()`](#login)
+    * [`adduserWeb()`](#adduser-web)
+    * [`loginWeb()`](#login-web)
+    * [`adduserCouch()`](#adduser-couch)
+    * [`loginCouch()`](#login-couch)
+  * Profile Data Management
+    * [`get()`](#get)
+    * [`set()`](#set)
+  * Token Management
+    * [`listTokens()`](#list-tokens)
+    * [`removeToken()`](#remove-token)
+    * [`createToken()`](#create-token)
+
+## API
+
+### <a name="adduser"></a> `> profile.adduser(opener, prompter, [opts]) → Promise`
+
+Tries to create a user new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* `prompter` Function (creds) → Promise, returns a promise that resolves to an object with `username`, `email` and `password` properties.
+* [`opts`](#opts) Object (optional) plus extra keys:
+  * `creds` Object, passed through to prompter, common values are:
+    * `username` String, default value for username
+    * `email` String, default value for email
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### <a name="login"></a> `> profile.login(opener, prompter, [opts]) → Promise`
+
+Tries to login using new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* `prompter` Function (creds) → Promise, returns a promise that resolves to an object with `username`, and `password` properties.
+* [`opts`](#opts) Object (optional) plus extra keys:
+  * `creds` Object, passed through to prompter, common values are:
+    * `name` String, default value for username
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.  This error code can only come from a legacy CouchDB login and so
+this should be retried with loginCouch.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### <a name="adduser-web"></a> `> profile.adduserWeb(opener, [opts]) → Promise`
+
+Tries to create a user new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* [`opts`](#opts) Object
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the registry does not support web-login then an error will be thrown with
+its `code` property set to `ENYI` . You should retry with `adduserCouch`.
+If you use `adduser` then this fallback will be done automatically.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### <a name="login-web"></a> `> profile.loginWeb(opener, [opts]) → Promise`
+
+Tries to login using new web based login, if that fails it falls back to
+using the legacy CouchDB APIs.
+
+* `opener` Function (url) → Promise, returns a promise that resolves after a browser has been opened for the user at `url`.
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the registry does not support web-login then an error will be thrown with
+its `code` property set to `ENYI` . You should retry with `loginCouch`.
+If you use `login` then this fallback will be done automatically.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### <a name="adduser-couch"></a> `> profile.adduserCouch(username, email, password, [opts]) → Promise`
+
+```js
+const {token} = await profile.adduser(username, email, password, {registry})
+// `token` can be passed in through `opts` for authentication.
+```
+
+Creates a new user on the server along with a fresh bearer token for future
+authentication as this user.  This is what you see as an `authToken` in an
+`.npmrc`.
+
+If the user already exists then the npm registry will return an error, but
+this is registry specific and not guaranteed.
+
+* `username` String
+* `email` String
+* `password` String
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be `'E'` followed by the HTTP response code, for
+example a Forbidden response would be `E403`.
+
+### <a name="login-couch"></a> `> profile.loginCouch(username, password, [opts]) → Promise`
+
+```js
+let token
+try {
+  {token} = await profile.login(username, password, {registry})
+} catch (err) {
+  if (err.code === 'otp') {
+    const otp = await getOTPFromSomewhere()
+    {token} = await profile.login(username, password, {otp})
+  }
+}
+// `token` can now be passed in through `opts` for authentication.
+```
+
+Logs you into an existing user.  Does not create the user if they do not
+already exist.  Logging in means generating a new bearer token for use in
+future authentication. This is what you use as an `authToken` in an `.npmrc`.
+
+* `username` String
+* `email` String
+* `password` String
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An object with the following properties:
+
+* `token` String, to be used to authenticate further API calls
+* `username` String, the username the user authenticated as
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+If the object has a `code` property set to `EOTP` then that indicates that
+this account must use two-factor authentication to login.  Try again with a
+one-time password.
+
+If the object has a `code` property set to `EAUTHIP` then that indicates that
+this account is only allowed to login from certain networks and this ip is
+not on one of those networks.
+
+If the error was neither of these then the error object will have a
+`code` property set to the HTTP response code and a `headers` property with
+the HTTP headers in the response.
+
+### <a name="get"></a> `> profile.get([opts]) → Promise`
+
+```js
+const {name, email} = await profile.get({token})
+console.log(`${token} belongs to https://npm.im/~${name}, (mailto:${email})`)
+```
+
+Fetch profile information for the authenticated user.
+
+* [`opts`](#opts) Object
+
+#### **Promise Value**
+
+An object that looks like this:
+
+```js
+// "*" indicates a field that may not always appear
+{
+  tfa: null |
+       false |
+       {"mode": "auth-only", pending: Boolean} |
+       ["recovery", "codes"] |
+       "otpauth://...",
+  name: String,
+  email: String,
+  email_verified: Boolean,
+  created: Date,
+  updated: Date,
+  cidr_whitelist: null | ["192.168.1.1/32", ...],
+  fullname: String, // *
+  homepage: String, // *
+  freenode: String, // *
+  twitter: String,  // *
+  github: String    // *
+}
+```
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### <a name="set"></a> `> profile.set(profileData, [opts]) → Promise`
+
+```js
+await profile.set({github: 'great-github-account-name'}, {token})
+```
+
+Update profile information for the authenticated user.
+
+* `profileData` An object, like that returned from `profile.get`, but see
+  below for caveats relating to `password`, `tfa` and `cidr_whitelist`.
+* [`opts`](#opts) Object (optional)
+
+#### **SETTING `password`**
+
+This is used to change your password and is not visible (for obvious
+reasons) through the `get()` API.  The value should be an object with `old`
+and `new` properties, where the former has the user's current password and
+the latter has the desired new password. For example
+
+```js
+await profile.set({
+  password: {
+    old: 'abc123',
+    new: 'my new (more secure) password'
+  }
+}, {token})
+```
+
+#### **SETTING `cidr_whitelist`**
+
+The value for this is an Array.  Only valid CIDR ranges are allowed in it.
+Be very careful as it's possible to lock yourself out of your account with
+this.  This is not currently exposed in `npm` itself.
+
+```js
+await profile.set({
+  cidr_whitelist: [ '8.8.8.8/32' ]
+}, {token})
+// ↑ only one of google's dns servers can now access this account.
+```
+
+#### **SETTING `tfa`**
+
+Enabling two-factor authentication is a multi-step process.
+
+1. Call `profile.get` and check the status of `tfa`. If `pending` is true then
+   you'll need to disable it with `profile.set({tfa: {password, mode: 'disable'}, …)`.
+2. `profile.set({tfa: {password, mode}}, {registry, token})`
+   * Note that the user's `password` is required here in the `tfa` object,
+     regardless of how you're authenticating.
+   * `mode` is either `auth-only` which requires an `otp` when calling `login`
+     or `createToken`, or `mode` is `auth-and-writes` and an `otp` will be
+     required on login, publishing or when granting others access to your
+     modules.
+   * Be aware that this set call may require otp as part of the auth object.
+     If otp is needed it will be indicated through a rejection in the usual
+     way.
+3. If tfa was already enabled then you're just switch modes and a
+   successful response means that you're done.  If the tfa property is empty
+   and tfa _wasn't_ enabled then it means they were in a pending state.
+3. The response will have a `tfa` property set to an `otpauth` URL, as
+   [used by Google Authenticator](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
+   You will need to show this to the user for them to add to their
+   authenticator application.  This is typically done as a QRCODE, but you
+   can also show the value of the `secret` key in the `otpauth` query string
+   and they can type or copy paste that in.
+4. To complete setting up two factor auth you need to make a second call to
+   `profile.set` with `tfa` set to an array of TWO codes from the user's
+   authenticator, eg: `profile.set(tfa: [otp1, otp2]}, {registry, token})`
+5. On success you'll get a result object with a `tfa` property that has an
+   array of one-time-use recovery codes.  These are used to authenticate
+   later if the second factor is lost and generally should be printed and
+   put somewhere safe.
+
+Disabling two-factor authentication is more straightforward, set the `tfa`
+attribute to an object with a `password` property and a `mode` of `disable`.
+
+```js
+await profile.set({tfa: {password, mode: 'disable'}}, {token})
+```
+
+#### **Promise Value**
+
+An object reflecting the changes you made, see description for `profile.get`.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### <a name="list-tokens"></a> `> profile.listTokens([opts]) → Promise`
+
+```js
+const tokens = await profile.listTokens({registry, token})
+console.log(`Number of tokens in your accounts: ${tokens.length}`)
+```
+
+Fetch a list of all of the authentication tokens the authenticated user has.
+
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+An array of token objects. Each token object has the following properties:
+
+* key — A sha512 that can be used to remove this token.
+* token — The first six characters of the token UUID.  This should be used
+  by the user to identify which token this is.
+* created — The date and time the token was created
+* readonly — If true, this token can only be used to download private modules. Critically, it CAN NOT be used to publish.
+* cidr_whitelist — An array of CIDR ranges that this token is allowed to be used from.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### <a name="remove-token"><a> `> profile.removeToken(token|key, opts) → Promise`
+
+```js
+await profile.removeToken(key, {token})
+// token is gone!
+```
+
+Remove a specific authentication token.
+
+* `token|key` String, either a complete authentication token or the key returned by `profile.listTokens`.
+* [`opts`](#opts) Object (optional)
+
+#### **Promise Value**
+
+No value.
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### <a name="create-token"></a> `> profile.createToken(password, readonly, cidr_whitelist, [opts]) → Promise`
+
+```js
+const newToken = await profile.createToken(
+  password, readonly, cidr_whitelist, {token, otp}
+)
+// do something with the newToken
+```
+
+Create a new authentication token, possibly with restrictions.
+
+* `password` String
+* `readonly` Boolean
+* `cidr_whitelist` Array
+* [`opts`](#opts) Object Optional
+
+#### **Promise Value**
+
+The promise will resolve with an object very much like the one's returned by
+`profile.listTokens`.  The only difference is that `token` is not truncated.
+
+```js
+{
+  token: String,
+  key: String,    // sha512 hash of the token UUID
+  cidr_whitelist: [String],
+  created: Date,
+  readonly: Boolean
+}
+```
+
+#### **Promise Rejection**
+
+An error object indicating what went wrong.
+
+The `headers` property will contain the HTTP headers of the response.
+
+If the action was denied because an OTP is required then `code` will be set
+to `EOTP`.
+
+If the action was denied because it came from an IP address that this action
+on this account isn't allowed from then the `code` will be set to `EAUTHIP`.
+
+Otherwise the code will be the HTTP response code.
+
+### <a name="opts"></a> options objects
+
+The various API functions accept an optional `opts` object as a final
+argument. This opts object can either be a regular Object, or a
+[`figgy-pudding`](https://npm.im/figgy-pudding) options object instance.
+
+Unless otherwise noted, the options accepted are the same as the
+[`npm-registry-fetch`
+options](https://www.npmjs.com/package/npm-registry-fetch#fetch-opts).
+
+Of particular note are `opts.registry`, and the auth-related options:
+
+* `opts.token` - used for Bearer auth
+* `opts.username` and `opts.password` - used for Basic auth
+* `opts.otp` - the 2fa OTP token
+
+## <a name="logging"></a> Logging
+
+This modules logs by emitting `log` events on the global `process` object.
+These events look like this:
+
+```js
+process.emit('log', 'loglevel', 'feature', 'message part 1', 'part 2', 'part 3', 'etc')
+```
+
+`loglevel` can be one of: `error`, `warn`, `notice`, `http`, `timing`, `info`, `verbose`, and `silly`.
+
+`feature` is any brief string that describes the component doing the logging.
+
+The remaining arguments are evaluated like `console.log` and joined together with spaces.
+
+A real world example of this is:
+
+```js
+  process.emit('log', 'http', 'request', '→', conf.method || 'GET', conf.target)
+```
+
+To handle the log events, you would do something like this:
+
+```js
+const log = require('npmlog')
+process.on('log', function (level) {
+  return log[level].apply(log, [].slice.call(arguments, 1))
+})
+```