6 files changed, 48 insertions, 150 deletions
diff --git a/deps/npm/lib/utils/error-handler.js b/deps/npm/lib/utils/error-handler.js
index c6481abf67..ba9d9f8e25 100644
--- a/deps/npm/lib/utils/error-handler.js
+++ b/deps/npm/lib/utils/error-handler.js
@@ -202,7 +202,7 @@ function errorHandler (er) {
   msg.summary.concat(msg.detail).forEach(function (errline) {
     log.error.apply(log, errline)
   })
-  if (npm.config.get('json')) {
+  if (npm.config && npm.config.get('json')) {
     var error = {
       error: {
         code: er.code,
diff --git a/deps/npm/lib/utils/error-message.js b/deps/npm/lib/utils/error-message.js
index 6e14898183..55c5463454 100644
--- a/deps/npm/lib/utils/error-message.js
+++ b/deps/npm/lib/utils/error-message.js
@@ -103,8 +103,7 @@ function errorMessage (er) {
 
     case 'EOTP':
     case 'E401':
-      // the E401 message checking is a hack till we replace npm-registry-client with something
-      // OTP aware.
+      // E401 is for places where we accidentally neglect OTP stuff
       if (er.code === 'EOTP' || /one-time pass/.test(er.message)) {
         short.push(['', 'This operation requires a one-time password from your authenticator.'])
         detail.push([
diff --git a/deps/npm/lib/utils/get-publish-config.js b/deps/npm/lib/utils/get-publish-config.js
deleted file mode 100644
index ac0ef09342..0000000000
--- a/deps/npm/lib/utils/get-publish-config.js
+++ /dev/null
@@ -1,29 +0,0 @@
-'use strict'
-
-const clientConfig = require('../config/reg-client.js')
-const Conf = require('../config/core.js').Conf
-const log = require('npmlog')
-const npm = require('../npm.js')
-const RegClient = require('npm-registry-client')
-
-module.exports = getPublishConfig
-
-function getPublishConfig (publishConfig, defaultConfig, defaultClient) {
-  let config = defaultConfig
-  let client = defaultClient
-  log.verbose('getPublishConfig', publishConfig)
-  if (publishConfig) {
-    config = new Conf(defaultConfig)
-    config.save = defaultConfig.save.bind(defaultConfig)
-
-    // don't modify the actual publishConfig object, in case we have
-    // to set a login token or some other data.
-    config.unshift(Object.keys(publishConfig).reduce(function (s, k) {
-      s[k] = publishConfig[k]
-      return s
-    }, {}))
-    client = new RegClient(clientConfig(npm, log, config))
-  }
-
-  return { config: config, client: client }
-}
diff --git a/deps/npm/lib/utils/map-to-registry.js b/deps/npm/lib/utils/map-to-registry.js
deleted file mode 100644
index d6e0a5b01f..0000000000
--- a/deps/npm/lib/utils/map-to-registry.js
+++ /dev/null
@@ -1,103 +0,0 @@
-var url = require('url')
-
-var log = require('npmlog')
-var npa = require('npm-package-arg')
-var config
-
-module.exports = mapToRegistry
-
-function mapToRegistry (name, config, cb) {
-  log.silly('mapToRegistry', 'name', name)
-  var registry
-
-  // the name itself takes precedence
-  var data = npa(name)
-  if (data.scope) {
-    // the name is definitely scoped, so escape now
-    name = name.replace('/', '%2f')
-
-    log.silly('mapToRegistry', 'scope (from package name)', data.scope)
-
-    registry = config.get(data.scope + ':registry')
-    if (!registry) {
-      log.verbose('mapToRegistry', 'no registry URL found in name for scope', data.scope)
-    }
-  }
-
-  // ...then --scope=@scope or --scope=scope
-  var scope = config.get('scope')
-  if (!registry && scope) {
-    // I'm an enabler, sorry
-    if (scope.charAt(0) !== '@') scope = '@' + scope
-
-    log.silly('mapToRegistry', 'scope (from config)', scope)
-
-    registry = config.get(scope + ':registry')
-    if (!registry) {
-      log.verbose('mapToRegistry', 'no registry URL found in config for scope', scope)
-    }
-  }
-
-  // ...and finally use the default registry
-  if (!registry) {
-    log.silly('mapToRegistry', 'using default registry')
-    registry = config.get('registry')
-  }
-
-  log.silly('mapToRegistry', 'registry', registry)
-
-  var auth = config.getCredentialsByURI(registry)
-
-  // normalize registry URL so resolution doesn't drop a piece of registry URL
-  var normalized = registry.slice(-1) !== '/' ? registry + '/' : registry
-  var uri
-  log.silly('mapToRegistry', 'data', data)
-  if (data.type === 'remote') {
-    uri = data.fetchSpec
-  } else {
-    uri = url.resolve(normalized, name)
-  }
-
-  log.silly('mapToRegistry', 'uri', uri)
-
-  cb(null, uri, scopeAuth(uri, registry, auth), normalized)
-}
-
-function scopeAuth (uri, registry, auth) {
-  var cleaned = {
-    scope: auth.scope,
-    email: auth.email,
-    alwaysAuth: auth.alwaysAuth,
-    token: undefined,
-    username: undefined,
-    password: undefined,
-    auth: undefined
-  }
-
-  var requestHost
-  var registryHost
-
-  if (auth.token || auth.auth || (auth.username && auth.password)) {
-    requestHost = url.parse(uri).hostname
-    registryHost = url.parse(registry).hostname
-
-    if (requestHost === registryHost) {
-      cleaned.token = auth.token
-      cleaned.auth = auth.auth
-      cleaned.username = auth.username
-      cleaned.password = auth.password
-    } else if (auth.alwaysAuth) {
-      log.verbose('scopeAuth', 'alwaysAuth set for', registry)
-      cleaned.token = auth.token
-      cleaned.auth = auth.auth
-      cleaned.username = auth.username
-      cleaned.password = auth.password
-    } else {
-      log.silly('scopeAuth', uri, "doesn't share host with registry", registry)
-    }
-    if (!config) config = require('../npm').config
-    if (config.get('otp')) cleaned.otp = config.get('otp')
-  }
-
-  return cleaned
-}
diff --git a/deps/npm/lib/utils/metrics.js b/deps/npm/lib/utils/metrics.js
index c51136e78c..0f99c841db 100644
--- a/deps/npm/lib/utils/metrics.js
+++ b/deps/npm/lib/utils/metrics.js
@@ -4,12 +4,13 @@ exports.stop = stopMetrics
 exports.save = saveMetrics
 exports.send = sendMetrics
 
-var fs = require('fs')
-var path = require('path')
-var npm = require('../npm.js')
-var uuid = require('uuid')
+const fs = require('fs')
+const path = require('path')
+const npm = require('../npm.js')
+const regFetch = require('libnpm/fetch')
+const uuid = require('uuid')
 
-var inMetrics = false
+let inMetrics = false
 
 function startMetrics () {
   if (inMetrics) return
@@ -59,15 +60,18 @@ function saveMetrics (itWorked) {
 function sendMetrics (metricsFile, metricsRegistry) {
   inMetrics = true
   var cliMetrics = JSON.parse(fs.readFileSync(metricsFile))
-  npm.load({}, function (err) {
-    if (err) return
-    npm.registry.config.retry.retries = 0
-    npm.registry.sendAnonymousCLIMetrics(metricsRegistry, cliMetrics, function (err) {
-      if (err) {
-        fs.writeFileSync(path.join(path.dirname(metricsFile), 'last-send-metrics-error.txt'), err.stack)
-      } else {
-        fs.unlinkSync(metricsFile)
-      }
-    })
+  regFetch(
+    `/-/npm/anon-metrics/v1/${encodeURIComponent(cliMetrics.metricId)}`,
+    // NOTE: skip npmConfig() to prevent auth
+    {
+      registry: metricsRegistry,
+      method: 'PUT',
+      body: cliMetrics.metrics,
+      retry: false
+    }
+  ).then(() => {
+    fs.unlinkSync(metricsFile)
+  }, err => {
+    fs.writeFileSync(path.join(path.dirname(metricsFile), 'last-send-metrics-error.txt'), err.stack)
   })
 }
diff --git a/deps/npm/lib/utils/otplease.js b/deps/npm/lib/utils/otplease.js
new file mode 100644
index 0000000000..d0477a896d
--- /dev/null
+++ b/deps/npm/lib/utils/otplease.js
@@ -0,0 +1,27 @@
+'use strict'
+
+const BB = require('bluebird')
+
+const optCheck = require('figgy-pudding')({
+  prompt: {default: 'This operation requires a one-time password.\nEnter OTP:'},
+  otp: {}
+})
+const readUserInfo = require('./read-user-info.js')
+
+module.exports = otplease
+function otplease (opts, fn) {
+  opts = opts.concat ? opts : optCheck(opts)
+  return BB.try(() => {
+    return fn(opts)
+  }).catch(err => {
+    if (err.code !== 'EOTP' && !(err.code === 'E401' && /one-time pass/.test(err.body))) {
+      throw err
+    } else if (!process.stdin.isTTY || !process.stdout.isTTY) {
+      throw err
+    } else {
+      return readUserInfo.otp(
+        optCheck(opts).prompt
+      ).then(otp => fn(opts.concat({otp})))
+    }
+  })
+}