PR-URL: #60
Credit: @bakkot
Reviewed-By: @zkat

Fixes: https://npm.community/t/npm-audit-making-non-rfc-compliant-requests-to-server-resulting-in-400-bad-request-pr-with-fix/1742
PR-URL: #62
Credit: @maartenba
Reviewd-By: @zkat

Credit: @zkat
Reviewed-By: @jefflembeck

Oops: 7984206 did the
wrong thing with the git params, and it breaks anyone
trying to sign their git commits with npm version.

Fixes: https://npm.community/t/1661
Credit: @zkat

Credit: @zkat

Fixes: https://npm.community/t/crash-invalid-config-key-requested-error/1764
Credit: @zkat

Fix browser opening under Windows Subsystem for Linux (WSL).

Credit: @thijsputman

With some tests I note npm use default branch of repository instead of `master`.

PR-URL: #64
Credit: @zckrs
Reviewed-By: @zkat

PR-URL: #70
Credit: @kemitchell
Reviewed-By: @zkat

I found this page useful for setting up npm command completion. Thank you npm 
documentation team.

This suggested changed is based on my system which runs Ubuntu where
the completion directory path for bash is found in 
/etc/bash_completion.d and not /usr/local/etc/bash_completion.d

I dug around docs for this in The Bash Manual 
https://www.gnu.org/software/bash/manual/bashref.html#Programmable-Completion 
and on some an old (sadly retired) Debian Admin Site
https://debian-administration.org/article/317/An_introduction_to_bash_completion_part_2

which seemed supportive of the dir being in /etc but I do not have access 
to an OS X machine where I guess bash_completion.d could be in /usr/local/etc 
so I left it in.

PR-URL: #72
Credit: @RobertKielty
Reviewed-By: @zkat

See discussion here: https://npm.community/t/npm-dist-tag-add-with-2fa-enabled-fails-for-non-latest-tag-with-500/2432

TL;DR:

> To be clear, you can specify an existing tag and it’ll change it. If you have 2FA enabled, you do need to specify `--otp` and if you don’t, you should get a `401` as above.

Ref: https://npm.community/t/npm-dist-tag-add-with-2fa-enabled-fails-for-non-latest-tag-with-500/2432
PR-URL: #74
Credit: @scotttrinh
Reviewed-By: @iarna
Reviewed-By: @zkat

* edit: fix handling of scoped packages

* edit: fix usage info

* docs: fix docs for the npm-edit command

PR-URL: #75
Credit: @larsgw
Reviewed-By: @iarna

PR-URL: #78
Credit: @hugovk
Reviewed-By: @zkat

Fixes: https://npm.community/t/npm-ci-logs-success-to-stderr/2303
PR-URL: #79
Credit: @alopezsanchez
Reviewed-By: @zkat

This fixes https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3 and the other dozen or so issues that that link references, and possibly many more involving poor error messages from errors thrown by the upload function. 

@zkat you mentioned you could take a look at any fixes / answer any questions, if you could look this over and let me know if this is a good / valid approach that would be fantastic, thanks! (it wasn't a race condition, luckily :P).

it may also be helpful to add something like 
```
    if (!auth.token || !(auth.username && auth.password)) {
      log.warn('publish', 'not logged in')
    }
```
just before we even open the first file descriptor to make sure that even if the error message is completely wrong something in the log will give users a clue what may be going on. I took the method of looking for login creds from the logout method, I'm not sure that's valid or if alternatives to npm exist that don't require credentials but users could still publish to.

Triage of the issue:

1. The upload function throws an error
2. As that error bubbles through [cacache](https://www.npmjs.com/package/cacache#with-tmp) it tries to delete the tmpdir as it should
3. It can't delete the temp dir as the upload function's readFileStream to the tar it was trying to upload is still open.
4. [cacache](https://www.npmjs.com/package/cacache#with-tmp) throws an error about it's inability to remove the dir, which suppresses the upload function's error.

Fixes: https://npm.community/t/unhelpful-error-message-when-publishing-without-logging-in-error-eperm-operation-not-permitted-unlink/1377/3
PR-URL: #80
Credit: @macdja38
Reviewed-By: @zkat

* feat(cli, outdated): Adds 'Homepage' to outdated --long output.

- `package.json`'s `homepage` property is displayed when using the `--long` option for `npm outdated`

* test: npm outdated --long

- Adds `homepage` to `--parseable` output.
- Updates `npm outdated --long` test to include `homepage` in expected output.
- Adds `homepage` to `npm-outdated` documentation.

* fix: javascript standard style updates

PR-URL: #81
Credit: @jbottigliero
Reviewed-By: @zkat

PR-URL: #82
Credit: @seishun
Reviewed-By: @zkat

… publish (#83)

Not sure when `--dry-run` was introduced, I assume it was introduced in npm 6 (correct me if I'm wrong). Anyway, hopefully this will prevent future developers from making the mistake of using it in npm 5 (like I did).

PR-URL: #83
Credit: @kjin
Reviewed-By: @zkat

PR-URL: #96
Credit: @midare
Reviewed-By: @zkat

…doc (#68)

PR-URL: #68
Credit: @neverett
Reviewed-By: @zkat

Credit: @petkaantonov

Credit: @isaacs

Credit: @isaacs

Credit: @isaacs

Credit: @watson

setuid() can not accept a 'nobody' parameter on IBM i.
The default user (QSECOFR) on IBM i has user id 0.

PR-URL: #65
Credit: @dmabupt
Reviewed-By: @zkat

PR-URL: #71
Credit: @GeorgeTaveras1231
Reviewed-By: @zkat

Pass git binary path config to pacote.

Ref: zkat/pacote#164
Fixes: https://npm.community/t/3278
PR-URL: #98
Credit: @larsgw
Reviewed-By: @zkat

I keep typing `npm dist-tags` expecting it to print out a list of
dist-tags and instead it yells at me and that feels very un-npm-y.

PR-URL: #106
Credit: @isaacs
Reviewed-By: @zkat

Fixes: https://npm.community/t/npx-envinfo-preset-jest-fails-on-windows-with-a-stack-trace/2713
PR-URL: #108
Credit: @BeniCheni
Reviewed-By: @zkat