Log Message:
lang/npm: Update tp 6.3.0.

## v6.3.0 (2018-08-01):

- `figgy-pudding@3.2.0`
- `cacache@11.1.0`

## v6.3.0-next.0 (2018-07-25):

### NEW FEATURES

- `npm version` now supports a `--preid` option to specify the preid
  for prereleases. For example, `npm version premajor --preid rc` will tag
  a version like `2.0.0-rc.0`.

### MESSAGING IMPROVEMENTS

- Make `npm audit fix` message provide better instructions for
  vulnerabilities that require manual review.
- Fix missing colon next to tarball url in new `npm view` output.
- Use the defaut OTP explanation everywhere except when the context is
  "OTP-aware" (like when setting double-authentication). This improves
  the overall CLI messaging when prompting for an OTP code.

### MISC

- Use the extracted `stringify-package` package.
- `wrappy` was previously added to dependencies in order to flatten
  it, but we no longer do legacy-style for npm itself, so it has been
  removed from `package.json`.

## v6.2.0 (2018-07-13):

### FEATURES

- Add support for tab-separated output for `npm audit` data with the
  `--parseable` flag.
- Add new `sign-git-commit` config to control whether the git commit
  itself gets signed, or just the tag (which is the default).

### FIXES

- Do not use `SET` to fetch the env in git-bash or Cygwin.

### DEPENDENCY BUMPS

- `request@2.81.0`: Downgraded to allow better deduplication. This
  does introduce a bunch of `hoek`-related audit reports, but they don't
  affect npm itself so we consider it safe. We'll upgrade `request` again
  once `node-gyp` unpins it.
- `node-gyp@3.7.0`
_ `cli-table3@0.5.0`: `cli-table2` is unmaintained and required
  `lodash`. With this dependency bump, we've removed `lodash` from our tree,
  which cut back tarball size by another 300kb.
- `npm-audit-report@1.3.1`
- Add `cli-table3` to bundleDeps.
- Make `standard` happy.

## v6.2.0-next.1 (2018-07-05):

- Remove postinstall script that depended on source files, thus
  preventing `npm@next` from being installable from the registry.

## v6.2.0-next.0 (2018-06-28):

### NEW FEATURES

- You can now disable the update notifier entirely by using
  `--no-update-notifier` or setting it in your config with `npm config
  set update-notifier false`.
- When `npm run-script <script>` fails due to a typo or missing
  script, npm will now do a "did you mean?..." for scripts that do exist.

### BUGFIXES

- Fix the regular expression matching in `xcode_emulation` in
  `node-gyp` to also handle version numbers with multiple-digit major
  versions which would otherwise break under use of XCode 10.
- Stop trying to hoist/dedupe bundles dependencies.
- Add synopsis to brief help for `npm audit` and suppress trailing
  newline.
- Exclude /.github directory from npm tarball.
- Add suggestion to use a temporary cache instead of `npm cache clear
  --force`.

### DEPENDENCY SHUFFLE!

We did some reshuffling and moving around of npm's own dependencies.
This significantly reduces the total bundle size of the npm pack,
from 8MB to 4.8MB for the distributed tarball! We also moved around
what we actually commit to the repo as far as devDeps go.

- Flatten and dedupe our dependencies!
- Remove unused direct dependency `ansi-regex`.
- Reshuffle ansi-regex for better deduping.
- Reshuffle strip-ansi for better deduping.
- Reshuffle is-fullwidth-code-point for better deduping.
- Add fake-registry, npm-registry-mock replacement.

### DEPENDENCIES

- `tar@4.4.3`
- `pacote@8.1.6`
- `libcipm@2.0.0`
- `request@2.87.0`
- `which@1.3.1`
- `tar@4.4.4`
- `JSONStream@1.3.3`
- `is-cidr@2.0.6`
- `marked@0.4.0`
- `tap@12.0.1`
- `npm-profile@3.0.2`
- `uuid@3.3.2`