deps: upgrade npm to 6.1.0

PR-URL: https://github.com/nodejs/node/pull/20190
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>

1 files changed, 132 insertions, 0 deletions

diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1
new file mode 100644
index 0000000000..8a4283d4cf
--- /dev/null
+++ b/deps/npm/man/man1/npm-audit.1
@@ -0,0 +1,132 @@
+.TH "NPM\-AUDIT" "1" "May 2018" "" ""
+.SH "NAME"
+\fBnpm-audit\fR \- Run a security audit
+.SH SYNOPSIS
+.P
+.RS 2
+.nf
+npm audit [\-\-json]
+npm audit fix [\-\-force|\-\-package\-lock\-only|\-\-dry\-run|\-\-production|\-\-only=dev]
+.fi
+.RE
+.SH EXAMPLES
+.P
+Scan your project for vulnerabilities and automatically install any compatible
+updates to vulnerable dependencies:
+.P
+.RS 2
+.nf
+$ npm audit fix
+.fi
+.RE
+.P
+Run \fBaudit fix\fP without modifying \fBnode_modules\fP, but still updating the
+pkglock:
+.P
+.RS 2
+.nf
+$ npm audit fix \-\-package\-lock\-only
+.fi
+.RE
+.P
+Skip updating \fBdevDependencies\fP:
+.P
+.RS 2
+.nf
+$ npm audit fix \-\-only=prod
+.fi
+.RE
+.P
+Have \fBaudit fix\fP install semver\-major updates to toplevel dependencies, not just
+semver\-compatible ones:
+.P
+.RS 2
+.nf
+$ npm audit fix \-\-force
+.fi
+.RE
+.P
+Do a dry run to get an idea of what \fBaudit fix\fP will do, and \fIalso\fR output
+install information in JSON format:
+.P
+.RS 2
+.nf
+$ npm audit fix \-\-dry\-run \-\-json
+.fi
+.RE
+.P
+Scan your project for vulnerabilities and just show the details, without fixing
+anything:
+.P
+.RS 2
+.nf
+$ npm audit
+.fi
+.RE
+.P
+Get the detailed audit report in JSON format:
+.P
+.RS 2
+.nf
+$ npm audit \-\-json
+.fi
+.RE
+.SH DESCRIPTION
+.P
+The audit command submits a description of the dependencies configured in
+your project to your default registry and asks for a report of known
+vulnerabilities\. The report returned includes instructions on how to act on
+this information\.
+.P
+You can also have npm automatically fix the vulnerabilities by running \fBnpm
+audit fix\fP\|\. Note that some vulnerabilities cannot be fixed automatically and
+will require manual intervention or review\. Also note that since \fBnpm audit fix\fP
+runs a full\-fledged \fBnpm install\fP under the hood, all configs that apply to the
+installer will also apply to \fBnpm install\fP \-\- so things like \fBnpm audit fix
+\-\-package\-lock\-only\fP will work as expected\.
+.SH CONTENT SUBMITTED
+.RS 0
+.IP \(bu 2
+npm_version
+.IP \(bu 2
+node_version
+.IP \(bu 2
+platform
+.IP \(bu 2
+node_env
+.IP \(bu 2
+A scrubbed version of your package\-lock\.json or npm\-shrinkwrap\.json
+
+.RE
+.SS SCRUBBING
+.P
+In order to ensure that potentially sensitive information is not included in
+the audit data bundle, some dependencies may have their names (and sometimes
+versions) replaced with opaque non\-reversible identifiers\.  It is done for
+the following dependency types:
+.RS 0
+.IP \(bu 2
+Any module referencing a scope that is configured for a non\-default
+registry has its name scrubbed\.  (That is, a scope you did a \fBnpm login \-\-scope=@ourscope\fP for\.)
+.IP \(bu 2
+All git dependencies have their names and specifiers scrubbed\.
+.IP \(bu 2
+All remote tarball dependencies have their names and specifiers scrubbed\.
+.IP \(bu 2
+All local directory and tarball dependencies have their names and specifiers scrubbed\.
+
+.RE
+.P
+The non\-reversible identifiers are a sha256 of a session\-specific UUID and the
+value being replaced, ensuring a consistent value within the payload that is
+different between runs\.
+.SH SEE ALSO
+.RS 0
+.IP \(bu 2
+npm help install
+.IP \(bu 2
+npm help 5 package\-locks
+.IP \(bu 2
+npm help 7 config
+
+.RE