deps: upgrade npm to 6.2.0

PR-URL: https://github.com/nodejs/node/pull/21592
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

13 files changed, 564 insertions, 19 deletions

diff --git a/deps/npm/test/common-tap.js b/deps/npm/test/common-tap.js
index feb6918720..37d5efe9f8 100644
--- a/deps/npm/test/common-tap.js
+++ b/deps/npm/test/common-tap.js
@@ -19,6 +19,10 @@ var path = require('path')
 
 var port = exports.port = 1337
 exports.registry = 'http://localhost:' + port
+
+var fakeRegistry = require('./fake-registry.js')
+exports.fakeRegistry = fakeRegistry
+
 const ourenv = {}
 ourenv.npm_config_loglevel = 'error'
 ourenv.npm_config_progress = 'false'
@@ -145,18 +149,8 @@ exports.pendIfWindows = function (why) {
   process.exit(0)
 }
 
-let mr
 exports.withServer = cb => {
-  if (!mr) { mr = Bluebird.promisify(require('npm-registry-mock')) }
-  return mr({port: port++, throwOnUnmatched: true})
-    .tap(server => {
-      server.registry = exports.registry.replace(exports.port, server.port)
-      return cb(server)
-    })
-    .then((server) => {
-      server.done()
-      return server.close()
-    })
+  return fakeRegistry.compat().tap(cb).then(server => server.close())
 }
 
 exports.newEnv = function () {
diff --git a/deps/npm/test/fake-registry.js b/deps/npm/test/fake-registry.js
new file mode 100644
index 0000000000..b3563f6ddc
--- /dev/null
+++ b/deps/npm/test/fake-registry.js
@@ -0,0 +1,149 @@
+'use strict'
+const common = require('./common-tap.js')
+const Bluebird = require('bluebird')
+const log = require('npmlog')
+
+const http = require('http')
+const EventEmitter = require('events')
+// See mock-registry.md for details
+
+class FakeRegistry extends EventEmitter {
+  constructor (opts) {
+    if (!opts) opts = {}
+    super(opts)
+    this.mocks = {}
+    this.port = opts.port || common.port
+    this.registry = 'http://localhost:' + this.port
+    this.server = http.createServer()
+    if (!opts.keepNodeAlive) this.server.unref()
+    this.server.on('request', (req, res) => {
+      if (this.mocks[req.method] && this.mocks[req.method][req.url]) {
+        this.mocks[req.method][req.url](req, res)
+      } else {
+        res.statusCode = 404
+        res.end(JSON.stringify({error: 'not found'}))
+      }
+      log.http('fake-registry', res.statusCode || 'unknown', '→', req.method, req.url)
+    })
+    this._error = err => {
+      log.silly('fake-registry', err)
+      this.emit('error', err)
+    }
+    this._addErrorHandler()
+  }
+  reset () {
+    this.mocks = {}
+    return this
+  }
+  close () {
+    this.reset()
+    this._removeErrorHandler()
+    return new Promise((resolve, reject) => {
+      this.server.once('error', reject)
+      this.server.once('close', () => {
+        this.removeListener('error', reject)
+        resolve(this)
+      })
+      this.server.close()
+    })
+  }
+  _addErrorHandler () {
+    this.server.on('error', this._error)
+  }
+  _removeErrorHandler () {
+    if (!this._error) return
+    this.server.removeListener('error', this._error)
+  }
+  listen (cb) {
+    this._removeErrorHandler()
+    return this._findPort(this.port).then(port => {
+      this._addErrorHandler()
+      this.port = port
+      this.registry = 'http://localhost:' + port
+      common.port = this.port
+      common.registry = this.registry
+      return this
+    }).asCallback(cb)
+  }
+  _findPort (port) {
+    return new Bluebird((resolve, reject) => {
+      let onListening
+      const onError = err => {
+        this.server.removeListener('listening', onListening)
+        if (err.code === 'EADDRINUSE') {
+          return resolve(this._findPort(++port))
+        } else {
+          return reject(err)
+        }
+      }
+      onListening = () => {
+        this.server.removeListener('error', onError)
+        resolve(port)
+      }
+      this.server.once('error', onError)
+      this.server.once('listening', onListening)
+      this.server.listen(port)
+    })
+  }
+
+  mock (method, url, respondWith) {
+    log.http('fake-registry', 'mock', method, url, respondWith)
+    if (!this.mocks[method]) this.mocks[method] = {}
+    if (typeof respondWith === 'function') {
+      this.mocks[method][url] = respondWith
+    } else if (Array.isArray(respondWith)) {
+      const [status, body] = respondWith
+      this.mocks[method][url] = (req, res) => {
+        res.statusCode = status
+        if (typeof body === 'object') {
+          res.end(JSON.stringify(body))
+        } else {
+          res.end(String(body))
+        }
+      }
+    } else {
+      throw new Error('Invalid args, expected: mr.mock(method, url, [status, body])')
+    }
+    return this
+  }
+
+  // compat
+  done () {
+    this.reset()
+  }
+  filteringRequestBody () {
+    return this
+  }
+  post (url, matchBody) {
+    return this._createReply('POST', url)
+  }
+  get (url) {
+    return this._createReply('GET', url)
+  }
+  put (url, matchBody) {
+    return this._createReply('PUT', url)
+  }
+  delete (url) {
+    return this._createReply('DELETE', url)
+  }
+  _createReply (method, url) {
+    const mr = this
+    return {
+      twice: function () { return this },
+      reply: function (status, responseBody) {
+        mr.mock(method, url, [status, responseBody])
+        return mr
+      }
+    }
+  }
+}
+
+module.exports = new FakeRegistry()
+module.exports.FakeRegistry = FakeRegistry
+module.exports.compat = function (opts, cb) {
+  if (arguments.length === 1 && typeof opts === 'function') {
+    cb = opts
+    opts = {}
+  }
+  return new FakeRegistry(Object.assign({keepNodeAlive: true}, opts || {})).listen(cb)
+}
diff --git a/deps/npm/test/fake-registry.md b/deps/npm/test/fake-registry.md
new file mode 100644
index 0000000000..5eb469f2a0
--- /dev/null
+++ b/deps/npm/test/fake-registry.md
@@ -0,0 +1,198 @@
+# FakeRegistry
+
+This is a replacement for npm-registry-mock in times where its fixtures are
+not used.  (Adding support for its standard fixtures is TODO, but should be
+straightforward—tacks-ify them and call `mr.mock…`
+
+# Usage
+
+The intent is for this to be a drop in replacement for npm-registry-mock
+(and by extension hock).  New scripts will be better served using its native
+interface, however.
+
+# Main Interface
+
+## Logging
+
+All requests the mock registry receives are logged at the `http` level. You can
+see these by running your tests with:
+
+```
+npm --loglevel=http run tap test/tap/name-of-test.js
+```
+
+Or directly with:
+
+```
+npm_config_loglevel=http node test/tap/name-of-test.js
+```
+
+## Construction
+
+Ordinarily there's no reason to construct more than one FakeRegistyr object
+at a time, as it can be entirely reset between tests, so best practice
+would be to use its singleton.
+
+```
+const common = require('../common-tap.js')
+const mr = common.mockRegistry
+```
+
+If you have need of multiple registries at the same time, you can construct
+them by hand:
+
+```
+const common = require('../common-tap.js')
+const FakeRegistry = common.mockRegistry.FakeRegistry
+const mr = new FakeRegistry(opts)
+```
+
+## new FakeRegistry(opts)
+
+Valid options are:
+
+* `opts.port` is the first port to try when looking for an available port.  If it
+  is unavialable it will be incremented until one available is found.
+
+  The default value of `port` is taken from `common.npm`.
+
+* `opts.keepNodeAlive` will instruct FakeRegistry to not unref the
+  underlying server.
+
+## mr.reset() → this
+
+Reset all mocks to their default values. Further requests
+
+## mr.listen() → Promise(mr)
+
+Start listening for connections.  The promise resolves when the server is
+online and ready to accept connections.
+
+`mr.port` and `mr.registry` contain the port that was actually selected.
+
+To ease compatibility, `common` will also have its `port` and `registry`
+values updated at this time. Note that this means `common.port` refers
+to the port of the most recent listening server. Each server will maintain
+its own `mr.port`.
+
+Any errors emitted by the server while it was coming online will result in a
+promise rejection.
+
+## mr.mock(method, url, respondWith) → this
+
+Adds a new route that matches `method` (should be all caps) and `url`.
+
+`respondWith` can be:
+
+* A function, that takes `(request, response)` as arguments and calls
+  [`response` methods](https://nodejs.org/api/http.html#http_class_http_serverresponse)
+  to do what it wants.  Does not have a return value.  This function may be
+  async (the response isn't complete till its stream completes), typically
+  either because you piped something into it or called `response.end()`.
+* An array of `[statusCode, responseBody]`. `responseBody` may be a string or
+  an object. Objects are serialized with `JSON.stringify`.
+
+## mr.close() → Promise(mr)
+
+Calls `mr.reset()` to clear the mocks.
+
+Calls `.close()` on the http server.  The promise resolves when the http
+server completes closing.  Any errors while the http server was closing will
+result in a rejection. If running with `keepNodeAlive` set this call
+is required for node to exit the event loop.
+
+# Events
+
+## mr.on('error', err => { … })
+
+Error events from the http server are forwarded to the associated fake
+registry instance.
+
+The exception to this is while the `mr.listen()` and `mr.close()` promises
+are waiting to complete. Those promises capture any errors during their duration
+and turn them into rejections. (Errors during those phases are very rare.)
+
+# Compat Interface
+
+## Differences
+
+### Ports
+
+You aren't guaranteed to get the port you ask for.  If the port you asked
+for is in use, it will be incremented until an available port is found.
+
+`server.port` and `server.registry` contain the port that was actually selected.
+
+For compatibility reasons:
+
+`common.port` and `common.registry` will contain the port of the most recent
+instance of FakeRegistry.  Usually these there is only one instance and so
+this has the same value as the per-server attributes.
+
+This means that if your fixtures make use of the port or server address they
+need to be configured _after_ you construct
+
+### Request Bodies
+
+Request bodies are NOT matched against. Two routes for the same URL but different
+request bodies will overwrite one another.
+
+### Call Count Assertions
+
+That is, things like `twice()` that assert that the end point will be hit
+two times are not supported.  This library does not provide any assertions,
+just a barebones http server.
+
+### Default Route Behavior
+
+If no route can be found then a `404` response will be provided.
+
+## Construction
+
+const common = require('../common-tap.js')
+const mr = common.mockRegistry.compat
+
+### mr(options[, callback]) → Promise(server)
+
+Construct a new mock server.  Hybrid, callback/promise constructor. Options
+are `port` and `keepNodeAlive`.  `keepNodeAlive` defaults to `true` for
+compatibility mode and the default value of port comes from `common.port`.
+
+### done()
+
+Resets all of the configured mocks.
+
+### close()
+
+Calls `this.reset()` and `this.server.close()`.  To reopen this instance use
+`this.listen()`.
+
+### filteringRequestBody()
+
+Does nothing. Bodies are never matched when routing anyway so this is unnecessary.
+
+### get(url) → MockReply
+### delete(url) → MockReply
+### post(url, body) → MockReply
+### put(url, body) → MockReply
+
+Begins to add a route for an HTTP method and URL combo.  Does not actually
+add it till `reply()` is called on the returned object.
+
+Note that the body argument for post and put is always ignored.
+
+## MockReply methods
+
+### twice() → this
+
+Does nothing. Call count assertions are not supported.
+
+### reply(status, responseBody)
+
+Actually adds the route, set to reply with the associated status and
+responseBody.
+
+Currently no mime-types are set.
+
+If `responseBody` is `typeof === 'object'` then `JSON.stringify()` will be
+called on it to serialize it, otherwise `String()` will be used.
diff --git a/deps/npm/test/tap/audit-fix.js b/deps/npm/test/tap/audit-fix.js
index 579d43a798..7e95568289 100644
--- a/deps/npm/test/tap/audit-fix.js
+++ b/deps/npm/test/tap/audit-fix.js
@@ -4,7 +4,7 @@ const BB = require('bluebird')
 
 const common = BB.promisifyAll(require('../common-tap.js'))
 const fs = require('fs')
-const mr = BB.promisify(require('npm-registry-mock'))
+const mr = common.fakeRegistry.compat
 const path = require('path')
 const rimraf = BB.promisify(require('rimraf'))
 const Tacks = require('tacks')
@@ -664,6 +664,166 @@ test('nothing to fix', t => {
   })
 })
 
+test('preserves deep deps dev: true', t => {
+  const fixture = new Tacks(new Dir({
+    'package.json': new File({
+      name: 'foo',
+      version: '1.0.0',
+      devDependencies: {
+        gooddep: '^1.0.0'
+      }
+    })
+  }))
+  fixture.create(testDir)
+  return tmock(t).then(srv => {
+    srv.filteringRequestBody(req => 'ok')
+    srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, 'yeah')
+    srv.get('/baddep').reply(200, {
+      name: 'baddep',
+      'dist-tags': {
+        'latest': '1.0.0'
+      },
+      versions: {
+        '1.0.0': {
+          name: 'baddep',
+          version: '1.0.0',
+          _hasShrinkwrap: false,
+          dist: {
+            shasum: 'c0ffee',
+            integrity: 'sha1-c0ffee',
+            tarball: common.registry + '/baddep/-/baddep-1.0.0.tgz'
+          }
+        },
+        '1.2.3': {
+          name: 'baddep',
+          version: '1.2.3',
+          _hasShrinkwrap: false,
+          dist: {
+            shasum: 'bada55',
+            integrity: 'sha1-bada55',
+            tarball: common.registry + '/baddep/-/baddep-1.2.3.tgz'
+          }
+        }
+      }
+    })
+
+    srv.get('/gooddep').reply(200, {
+      name: 'gooddep',
+      'dist-tags': {
+        'latest': '1.0.0'
+      },
+      versions: {
+        '1.0.0': {
+          name: 'gooddep',
+          version: '1.0.0',
+          dependencies: {
+            baddep: '^1.0.0'
+          },
+          _hasShrinkwrap: false,
+          dist: {
+            shasum: '1234',
+            tarball: common.registry + '/gooddep/-/gooddep-1.0.0.tgz'
+          }
+        },
+        '1.2.3': {
+          name: 'gooddep',
+          version: '1.2.3',
+          _hasShrinkwrap: false,
+          dependencies: {
+            baddep: '^1.0.0'
+          },
+          dist: {
+            shasum: '123456',
+            tarball: common.registry + '/gooddep/-/gooddep-1.2.3.tgz'
+          }
+        }
+      }
+    })
+
+    return common.npm([
+      'install',
+      '--audit',
+      '--json',
+      '--global-style',
+      '--package-lock-only',
+      '--registry', common.registry,
+      '--cache', path.join(testDir, 'npm-cache')
+    ], EXEC_OPTS).then(([code, stdout, stderr]) => {
+      t.equal(code, 0, 'exited OK')
+      t.comment(stderr)
+      t.similar(JSON.parse(stdout), {
+        added: [{
+          action: 'add',
+          name: 'baddep',
+          version: '1.0.0'
+        }, {
+          action: 'add',
+          name: 'gooddep',
+          version: '1.0.0'
+        }]
+      }, 'installed bad version')
+      srv.filteringRequestBody(req => 'ok')
+      srv.post('/-/npm/v1/security/audits', 'ok').reply(200, {
+        actions: [{
+          action: 'update',
+          module: 'baddep',
+          target: '1.2.3',
+          resolves: [{path: 'gooddep>baddep'}]
+        }],
+        metadata: {
+          vulnerabilities: {
+            critical: 1
+          }
+        }
+      })
+      return common.npm([
+        'audit', 'fix',
+        '--package-lock-only',
+        '--offline',
+        '--json',
+        '--global-style',
+        '--registry', common.registry,
+        '--cache', path.join(testDir, 'npm-cache')
+      ], EXEC_OPTS).then(([code, stdout, stderr]) => {
+        t.equal(code, 0, 'exited OK')
+        t.comment(stderr)
+        t.similar(JSON.parse(stdout), {
+          added: [{
+            action: 'add',
+            name: 'baddep',
+            version: '1.2.3'
+          }, {
+            action: 'add',
+            name: 'gooddep',
+            version: '1.0.0'
+          }]
+        }, 'reported dependency update')
+        t.similar(JSON.parse(fs.readFileSync(path.join(testDir, 'package-lock.json'), 'utf8')), {
+          dependencies: {
+            gooddep: {
+              dev: true,
+              version: '1.0.0',
+              resolved: common.registry + '/gooddep/-/gooddep-1.0.0.tgz',
+              integrity: 'sha1-EjQ=',
+              requires: {
+                baddep: '^1.0.0'
+              },
+              dependencies: {
+                baddep: {
+                  dev: true,
+                  version: '1.2.3',
+                  resolved: common.registry + '/baddep/-/baddep-1.2.3.tgz',
+                  integrity: 'sha1-bada55'
+                }
+              }
+            }
+          }
+        }, 'pkglock updated correctly')
+      })
+    })
+  })
+})
+
 test('cleanup', t => {
   return rimraf(testDir)
 })
diff --git a/deps/npm/test/tap/config-meta.js b/deps/npm/test/tap/config-meta.js
index 527487f201..735c161fb8 100644
--- a/deps/npm/test/tap/config-meta.js
+++ b/deps/npm/test/tap/config-meta.js
@@ -9,6 +9,7 @@ var fs = require('fs')
 var path = require('path')
 var root = path.resolve(__dirname, '..', '..')
 var lib = path.resolve(root, 'lib')
+var bin = path.resolve(root, 'bin')
 var nm = path.resolve(root, 'node_modules')
 var doc = path.resolve(root, 'doc/misc/npm-config.md')
 var FILES = []
@@ -31,6 +32,7 @@ var exceptions = [
 test('get files', function (t) {
   walk(nm)
   walk(lib)
+  walk(bin)
   t.pass('got files')
   t.end()
 
diff --git a/deps/npm/test/tap/run-script.js b/deps/npm/test/tap/run-script.js
index 2bc381c8ff..f50a963285 100644
--- a/deps/npm/test/tap/run-script.js
+++ b/deps/npm/test/tap/run-script.js
@@ -356,6 +356,17 @@ test('npm run-script keep non-zero exit code', function (t) {
   })
 })
 
+test('npm run-script nonexistent script and display suggestions', function (t) {
+  writeMetadata(directOnly)
+
+  common.npm(['run-script', 'whoop'], opts, function (err, code, stdout, stderr) {
+    t.ifError(err, 'ran run-script without crashing')
+    t.equal(code, 1, 'got expected exit code')
+    t.has(stderr, 'Did you mean this?')
+    t.end()
+  })
+})
+
 test('cleanup', function (t) {
   cleanup()
   t.end()
diff --git a/deps/npm/test/tap/tag-version-prefix.js b/deps/npm/test/tap/tag-version-prefix.js
index 9035e9fbdd..555de1af16 100644
--- a/deps/npm/test/tap/tag-version-prefix.js
+++ b/deps/npm/test/tap/tag-version-prefix.js
@@ -16,7 +16,7 @@ var packagePath = path.resolve(pkg, 'package.json')
 
 var json = { name: 'blah', version: '0.1.2' }
 
-var configContents = 'sign-git-tag=false\nmessage=":bookmark: %s"\n'
+var configContents = 'sign-git-commit=false\nsign-git-tag=false\nmessage=":bookmark: %s"\n'
 
 test('npm version <semver> with message config', function (t) {
   setup()
diff --git a/deps/npm/test/tap/version-from-git.js b/deps/npm/test/tap/version-from-git.js
index 330b0604d8..1dc649beb4 100644
--- a/deps/npm/test/tap/version-from-git.js
+++ b/deps/npm/test/tap/version-from-git.js
@@ -22,6 +22,7 @@ test('npm version from-git with a valid tag creates a new commit', function (t)
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['from-git'], checkVersion)
   }
@@ -51,6 +52,7 @@ test('npm version from-git with a valid tag updates the package.json version', f
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['from-git'], checkManifest)
   }
@@ -75,6 +77,7 @@ test('npm version from-git strips tag-version-prefix', function (t) {
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.config.set('tag-version-prefix', prefix)
     npm.commands.version(['from-git'], checkVersion)
@@ -107,6 +110,7 @@ test('npm version from-git only strips tag-version-prefix if it is a prefix', fu
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.config.set('tag-version-prefix', prefix)
     npm.commands.version(['from-git'], checkVersion)
@@ -137,6 +141,7 @@ test('npm version from-git with an existing version', function (t) {
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['from-git'], checkVersion)
   }
@@ -154,6 +159,7 @@ test('npm version from-git with an invalid version tag', function (t) {
 
   function runVersion (er) {
     t.ifError(er, 'git tag ran without error')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['from-git'], checkVersion)
   }
@@ -170,6 +176,7 @@ test('npm version from-git without any versions', function (t) {
 
   function runVersion (er) {
     t.ifError(er, 'created git repo without errors')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['from-git'], checkVersion)
   }
diff --git a/deps/npm/test/tap/version-git-not-clean.js b/deps/npm/test/tap/version-git-not-clean.js
index 22ffb7c987..43e2549ceb 100644
--- a/deps/npm/test/tap/version-git-not-clean.js
+++ b/deps/npm/test/tap/version-git-not-clean.js
@@ -59,6 +59,7 @@ test('npm version <semver> --force with working directory not clean', function (
   common.npm(
     [
       '--force',
+      '--no-sign-git-commit',
       '--no-sign-git-tag',
       '--registry', common.registry,
       '--prefix', pkg,
diff --git a/deps/npm/test/tap/version-lifecycle.js b/deps/npm/test/tap/version-lifecycle.js
index 3b4fb50b24..e7a7793b44 100644
--- a/deps/npm/test/tap/version-lifecycle.js
+++ b/deps/npm/test/tap/version-lifecycle.js
@@ -11,7 +11,7 @@ var npm = require('../../')
 var pkg = path.resolve(__dirname, 'version-lifecycle')
 var cache = path.resolve(pkg, 'cache')
 var npmrc = path.resolve(pkg, './.npmrc')
-var configContents = 'sign-git-tag=false\n'
+var configContents = 'sign-git-commit=false\nsign-git-tag=false\n'
 
 test('npm version <semver> with failing preversion lifecycle script', function (t) {
   setup()
@@ -25,7 +25,12 @@ test('npm version <semver> with failing preversion lifecycle script', function (
     }
   }), 'utf8')
   fs.writeFileSync(path.resolve(pkg, 'fail.js'), 'process.exit(50)', 'utf8')
-  npm.load({cache: cache, 'sign-git-tag': false, registry: common.registry}, function () {
+  npm.load({
+    cache: cache,
+    'sign-git-commit': false,
+    'sign-git-tag': false,
+    registry: common.registry
+  }, function () {
     var version = require('../../lib/version')
     version(['patch'], function (err) {
       t.ok(err)
@@ -47,7 +52,12 @@ test('npm version <semver> with failing version lifecycle script', function (t)
     }
   }), 'utf8')
   fs.writeFileSync(path.resolve(pkg, 'fail.js'), 'process.exit(50)', 'utf8')
-  npm.load({cache: cache, 'sign-git-tag': false, registry: common.registry}, function () {
+  npm.load({
+    cache: cache,
+    'sign-git-commit': false,
+    'sign-git-tag': false,
+    registry: common.registry
+  }, function () {
     var version = require('../../lib/version')
     version(['patch'], function (err) {
       t.ok(err)
@@ -69,7 +79,12 @@ test('npm version <semver> with failing postversion lifecycle script', function
     }
   }), 'utf8')
   fs.writeFileSync(path.resolve(pkg, 'fail.js'), 'process.exit(50)', 'utf8')
-  npm.load({cache: cache, 'sign-git-tag': false, registry: common.registry}, function () {
+  npm.load({
+    cache: cache,
+    'sign-git-commit': false,
+    'sign-git-tag': false,
+    registry: common.registry
+  }, function () {
     var version = require('../../lib/version')
     version(['patch'], function (err) {
       t.ok(err)
@@ -95,7 +110,12 @@ test('npm version <semver> execution order', function (t) {
   makeScript('preversion')
   makeScript('version')
   makeScript('postversion')
-  npm.load({cache: cache, 'sign-git-tag': false, registry: common.registry}, function () {
+  npm.load({
+    cache: cache,
+    'sign-git-commit': false,
+    'sign-git-tag': false,
+    registry: common.registry
+  }, function () {
     common.makeGitRepo({path: pkg}, function (err, git) {
       t.ifError(err, 'git bootstrap ran without error')
 
diff --git a/deps/npm/test/tap/version-message-config.js b/deps/npm/test/tap/version-message-config.js
index fca0d5d9af..12cb6eb599 100644
--- a/deps/npm/test/tap/version-message-config.js
+++ b/deps/npm/test/tap/version-message-config.js
@@ -16,7 +16,7 @@ var packagePath = path.resolve(pkg, 'package.json')
 
 var json = { name: 'blah', version: '0.1.2' }
 
-var configContents = 'sign-git-tag=false\nmessage=":bookmark: %s"\n'
+var configContents = 'sign-git-commit=false\nsign-git-tag=false\nmessage=":bookmark: %s"\n'
 
 test('npm version <semver> with message config', function (t) {
   setup()
diff --git a/deps/npm/test/tap/version-sub-directory.js b/deps/npm/test/tap/version-sub-directory.js
index 52074a18e7..71c96121ca 100644
--- a/deps/npm/test/tap/version-sub-directory.js
+++ b/deps/npm/test/tap/version-sub-directory.js
@@ -32,6 +32,7 @@ test('npm version <semver> from a subdirectory', function (t) {
   function version (er, stdout, stderr) {
     t.ifError(er, 'git repo initialized without issue')
     t.notOk(stderr, 'no error output')
+    npm.config.set('sign-git-commit', false)
     npm.config.set('sign-git-tag', false)
     npm.commands.version(['patch'], checkVersion)
   }
diff --git a/deps/npm/test/tap/version-update-shrinkwrap.js b/deps/npm/test/tap/version-update-shrinkwrap.js
index d9f54d6872..58264e9926 100644
--- a/deps/npm/test/tap/version-update-shrinkwrap.js
+++ b/deps/npm/test/tap/version-update-shrinkwrap.js
@@ -28,6 +28,7 @@ test('npm version <semver> updates git works with no shrinkwrap', function (t) {
   setup()
   rimraf.sync(path.resolve(pkg, 'npm-shrinkwrap.json'))
 
+  npm.config.set('sign-git-commit', false)
   npm.config.set('sign-git-tag', false)
 
   common.makeGitRepo({
@@ -70,6 +71,7 @@ test('npm version <semver> updates git works with no shrinkwrap', function (t) {
 test('npm version <semver> updates shrinkwrap and updates git', function (t) {
   setup()
 
+  npm.config.set('sign-git-commit', false)
   npm.config.set('sign-git-tag', false)
 
   common.makeGitRepo({