deps: upgrade npm to 6.1.0

PR-URL: https://github.com/nodejs/node/pull/20190
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>

4 files changed, 171 insertions, 0 deletions

diff --git a/deps/npm/node_modules/lock-verify/LICENSE b/deps/npm/node_modules/lock-verify/LICENSE
new file mode 100644
index 0000000000..e0040f6659
--- /dev/null
+++ b/deps/npm/node_modules/lock-verify/LICENSE
@@ -0,0 +1,13 @@
+Copyright (c) 2017, Rebecca Turner <me@re-becca.org>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/deps/npm/node_modules/lock-verify/README.md b/deps/npm/node_modules/lock-verify/README.md
new file mode 100644
index 0000000000..01f0633c09
--- /dev/null
+++ b/deps/npm/node_modules/lock-verify/README.md
@@ -0,0 +1,22 @@
+# lock-verify
+
+Report if your package.json is out of sync with your package-lock.json.
+
+## USAGE
+
+```
+const lockVerify = require('lock-verify')
+lockVerify(moduleDir).then(result => {
+  result.warnings.forEach(w => console.error('Warning:', w))
+  if (!result.status) {
+    result.errors.forEach(e => console.error(e))
+    process.exit(1)
+  }
+})
+```
+
+As a library it's a function that takes the path to a module and returns a
+promise that resolves to an object with `.status`, `.warnings` and `.errors`
+properties.  The first will be true if everything was ok (though warnings
+may exist). If there's no `package.json` or no lockfile in `moduleDir` or they're
+unreadable then the promise will be rejected.
diff --git a/deps/npm/node_modules/lock-verify/index.js b/deps/npm/node_modules/lock-verify/index.js
new file mode 100644
index 0000000000..2272132913
--- /dev/null
+++ b/deps/npm/node_modules/lock-verify/index.js
@@ -0,0 +1,73 @@
+'use strict'
+module.exports = lockVerify
+
+const fs = require('fs')
+const path = require('path')
+const npa = require('npm-package-arg')
+const semver = require('semver')
+
+function lockVerify(check) {
+  if (!check) check = '.'
+
+  const pjson = readJson(`${check}/package.json`)
+  let plock = readJson(`${check}/npm-shrinkwrap.json`)
+    .catch(() => readJson(`${check}/package-lock.json`))
+
+  return Promise.all([pjson, plock]).then(result => {
+    const pjson = result[0]
+    const plock = result[1]
+    let warnings = []
+    let errors = []
+    for (let type of [['dependencies'], ['devDependencies'], ['optionalDependencies', true]]) {
+      const deps = pjson[type[0]]
+      if (!deps) continue
+      const isOptional = type[1]
+      Object.keys(deps).forEach(name => {
+        const spec = npa.resolve(name, deps[name])
+        const lock = plock.dependencies[name]
+        if (!lock) {
+          if (isOptional) {
+            warnings.push('Optional missing: ' + name + '@' + deps[name])
+          } else {
+            errors.push('Missing: ' + name + '@' + deps[name])
+          }
+          return
+        }
+        if (spec.registry) {
+          // Can't match tags to package-lock w/o network
+          if (spec.type === 'tag') return
+          if (!semver.satisfies(lock.version, spec.fetchSpec)) {
+            errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
+            return
+          }
+        } else if (spec.type === 'git') {
+          // can't verify git w/o network
+          return
+        } else if (spec.type === 'remote') {
+          if (lock.version !== spec.fetchSpec) {
+            errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + spec.fetchSpec)
+            return
+          }
+        } else if (spec.type === 'file' || spec.type === 'directory') {
+          const lockSpec = npa.resolve(name, lock.version)
+          if (spec.fetchSpec !== lockSpec.fetchSpec) {
+            errors.push("Invalid: lock file's " + name + '@' + lock.version + ' does not satisfy ' + name + '@' + deps[name])
+            return
+          }
+        } else {
+          console.log(spec)
+        }
+      })
+    }
+    return Promise.resolve({status: errors.length === 0, warnings: warnings, errors: errors})
+  })
+}
+
+function readJson (file) {
+  return new Promise((resolve, reject) => {
+    fs.readFile(file, (err, content) => {
+      if (err) return reject(err)
+      return resolve(JSON.parse(content))
+    })
+  })
+}
diff --git a/deps/npm/node_modules/lock-verify/package.json b/deps/npm/node_modules/lock-verify/package.json
new file mode 100644
index 0000000000..0f2002f549
--- /dev/null
+++ b/deps/npm/node_modules/lock-verify/package.json
@@ -0,0 +1,63 @@
+{
+  "_args": [
+    [
+      "lock-verify@2.0.2",
+      "/Users/rebecca/code/npm"
+    ]
+  ],
+  "_from": "lock-verify@2.0.2",
+  "_id": "lock-verify@2.0.2",
+  "_inBundle": false,
+  "_integrity": "sha512-QNVwK0EGZBS4R3YQ7F1Ox8p41Po9VGl2QG/2GsuvTbkJZYSsPeWHKMbbH6iZMCHWSMww5nrJroZYnGzI4cePuw==",
+  "_location": "/lock-verify",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "version",
+    "registry": true,
+    "raw": "lock-verify@2.0.2",
+    "name": "lock-verify",
+    "escapedName": "lock-verify",
+    "rawSpec": "2.0.2",
+    "saveSpec": null,
+    "fetchSpec": "2.0.2"
+  },
+  "_requiredBy": [
+    "/",
+    "/libcipm"
+  ],
+  "_resolved": "https://registry.npmjs.org/lock-verify/-/lock-verify-2.0.2.tgz",
+  "_spec": "2.0.2",
+  "_where": "/Users/rebecca/code/npm",
+  "author": {
+    "name": "Rebecca Turner",
+    "email": "me@re-becca.org",
+    "url": "http://re-becca.org/"
+  },
+  "bugs": {
+    "url": "https://github.com/iarna/lock-verify/issues"
+  },
+  "dependencies": {
+    "npm-package-arg": "^5.1.2 || 6",
+    "semver": "^5.4.1"
+  },
+  "description": "Report if your package.json is out of sync with your package-lock.json.",
+  "devDependencies": {
+    "@iarna/cli": "^1.2.0"
+  },
+  "files": [
+    "index.js"
+  ],
+  "homepage": "https://github.com/iarna/lock-verify#readme",
+  "keywords": [],
+  "license": "ISC",
+  "main": "index.js",
+  "name": "lock-verify",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/iarna/lock-verify.git"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "version": "2.0.2"
+}