Log message:
lang/npm: Update tp 6.3.0.

## v6.3.0 (2018-08-01):

- `figgy-pudding@3.2.0`
- `cacache@11.1.0`

## v6.3.0-next.0 (2018-07-25):

### NEW FEATURES

- `npm version` now supports a `--preid` option to specify the preid
  for prereleases. For example, `npm version premajor --preid rc` will tag
  a version like `2.0.0-rc.0`.

### MESSAGING IMPROVEMENTS

- Make `npm audit fix` message provide better instructions for
  vulnerabilities that require manual review.
- Fix missing colon next to tarball url in new `npm view` output.
- Use the defaut OTP explanation everywhere except when the context is
  "OTP-aware" (like when setting double-authentication). This improves
  the overall CLI messaging when prompting for an OTP code.

### MISC

- Use the extracted `stringify-package` package.
- `wrappy` was previously added to dependencies in order to flatten
  it, but we no longer do legacy-style for npm itself, so it has been
  removed from `package.json`.

## v6.2.0 (2018-07-13):

### FEATURES

- Add support for tab-separated output for `npm audit` data with the
  `--parseable` flag.
- Add new `sign-git-commit` config to control whether the git commit
  itself gets signed, or just the tag (which is the default).

### FIXES

- Do not use `SET` to fetch the env in git-bash or Cygwin.

### DEPENDENCY BUMPS

- `request@2.81.0`: Downgraded to allow better deduplication. This
  does introduce a bunch of `hoek`-related audit reports, but they don't
  affect npm itself so we consider it safe. We'll upgrade `request` again
  once `node-gyp` unpins it.
- `node-gyp@3.7.0`
_ `cli-table3@0.5.0`: `cli-table2` is unmaintained and required
  `lodash`. With this dependency bump, we've removed `lodash` from our tree,
  which cut back tarball size by another 300kb.
- `npm-audit-report@1.3.1`
- Add `cli-table3` to bundleDeps.
- Make `standard` happy.

## v6.2.0-next.1 (2018-07-05):

- Remove postinstall script that depended on source files, thus
  preventing `npm@next` from being installable from the registry.

## v6.2.0-next.0 (2018-06-28):

### NEW FEATURES

- You can now disable the update notifier entirely by using
  `--no-update-notifier` or setting it in your config with `npm config
  set update-notifier false`.
- When `npm run-script <script>` fails due to a typo or missing
  script, npm will now do a "did you mean?..." for scripts that do exist.

### BUGFIXES

- Fix the regular expression matching in `xcode_emulation` in
  `node-gyp` to also handle version numbers with multiple-digit major
  versions which would otherwise break under use of XCode 10.
- Stop trying to hoist/dedupe bundles dependencies.
- Add synopsis to brief help for `npm audit` and suppress trailing
  newline.
- Exclude /.github directory from npm tarball.
- Add suggestion to use a temporary cache instead of `npm cache clear
  --force`.

### DEPENDENCY SHUFFLE!

We did some reshuffling and moving around of npm's own dependencies.
This significantly reduces the total bundle size of the npm pack,
from 8MB to 4.8MB for the distributed tarball! We also moved around
what we actually commit to the repo as far as devDeps go.

- Flatten and dedupe our dependencies!
- Remove unused direct dependency `ansi-regex`.
- Reshuffle ansi-regex for better deduping.
- Reshuffle strip-ansi for better deduping.
- Reshuffle is-fullwidth-code-point for better deduping.
- Add fake-registry, npm-registry-mock replacement.

### DEPENDENCIES

- `tar@4.4.3`
- `pacote@8.1.6`
- `libcipm@2.0.0`
- `request@2.87.0`
- `which@1.3.1`
- `tar@4.4.4`
- `JSONStream@1.3.3`
- `is-cidr@2.0.6`
- `marked@0.4.0`
- `tap@12.0.1`
- `npm-profile@3.0.2`
- `uuid@3.3.2`

Log message:
npm: Switch to regular DEPENDS.

This needs to be able to be installed against any nodejs version, and
can be as no native modules are used.  Bump PKGREVISION.

Log message:
extend PYTHON_VERSIONS_ for Python 3.7

Log message:
lang/npm: Set proper env for build/install, ensure FAKEHOME is used.

Log message:
Update lang/npm to 6.1.0.

- NEW FEATURE: npm audit fix
- OTHER NEW audit FEATURES
  - Add support for npm audit --json to print the report in JSON
    format.
  - Include number of audited packages in npm install summary output.
  - Overhaul audit install and detail output format.
- NEW FEATURE: GIT DEPS AND npm init <pkg>!
- FIX WRITE AFTER END ERROR
- DETECT CHANGES IN GIT SPECIFIERS
- OTHER BUGFIXES
  - When requesting the update of a direct dependency that was also a
    transitive dependency to a version incompatible with the
    transitive requirement and you had a lock-file but did not have a
    node_modules folder then npm would fail to provide a new copy of the
    transitive dependency, resulting in an invalid lock-file that could
    not self heal.
  - Cleanup output of npm ci summary report.
  - Node.js now has a test that scans for things that look like
    conflict markers in source code. This was triggering false
    positives on a fixture in a test of npm's ability to heal lockfiles
    with conflicts in them.
  - Make the new npm view work when the license field is an object
    instead of a string.
  - Add support for environments (like Docker) where the expected
    binary for opening external URLs is not available.
  - Fix a spurious colon in the new update notifier message and add
    support for the npm canary.
  - Infer a version range when a package.json has a dist-tag instead
    of a version range in one of its dependency specs. Previously,
    this would cause dependencies to be flagged as invalid.
  - Make sure scoped bundled deps are shown in the new publish
    preview, too.
  - Stop dropping size from metadata on npm cache verify.
  - Fix nested command aliases.
  - Make sure different versions of the Path env var on Windows all
    get node_modules/.bin prepended when running lifecycle scripts.

Log message:
npm: updated to 6.0.1

6.0.1:
CTRL-C OUT DURING PACKAGE EXTRACTION AS MUCH AS YOU WANT!
lockfile@1.0.4: Switches to signal-exit to detect abnormal exits and remove locks.

SHRONKWRAPS AND LACKFILES
If a published modules had legacy npm-shrinkwrap.json we were saving ordinary \ 
registry dependencies (name@version) to your package-lock.json as https:// URLs \ 
instead of versions.

* When saving the lock-file compute how the dependency is being required instead \ 
of using _resolved in the package.json. This fixes the bug that was converting \ 
registry dependencies into https:// dependencies.
* When encountering a https:// URL in our lockfiles that point at our default \ 
registry, extract the version and use them as registry dependencies. This lets \ 
us heal package-lock.json files produced by 6.0.0

AUDIT AUDIT EVERYWHERE
You can't use it quite yet, but we do have a few last moment patches to npm \ 
audit to make it even better when it is turned on!

Log message:
lang/npm: Limit Python version to 2.7, fix path to interpreter.

Log message:
npm: fixes for rebuild; small cleanups

Log message:
lang/npm: Make sure we don't fetch when building.

Log message:
lang/npm: Import npm 6.0.0.

npm is a package manager for node. You can use it to install and
publish your node programs.