While it's perfectly fine to expect that people update their npm versions in order to install OTHER things, npm itself is frequently installed using older versions of npm. Give it another year or so before we can use this feature internally.
Fixes mark:true regression that kills readmes
Passing the curl output to sh was failing since the output was an HTML from a 301 redirect, since npmjs.org is redirecting to www.npmjs.org, therefore I changed the places where this was mentioned.
This update adds the notes to use --save, --save-dev, -g, and --save-optional to the uninstall docs.
The `test/tap/git-cache-locking.js` test was creating this npm-4503-c package in the node_modules folder for npm and not cleaning up after itself. This scopes the files to the created pkg folder in `test/tap` and cleans up when its done.
Uses sorted-object package to abstract away code shared by shrinkwrap and install.
- fix failing test, if I do not have mkdirp in my cache - use a dedicated cache dir, so that the reference to the mock registry is not cached
Related to #4557, as this will enforce sorting of all readdir() calls, so dependencies etc will be in consistent orders on systems that don't sort dir listings internally
modifying the url inside the locked section was causing unlock() to be called with a different value than was used in lock()
While the request to foo/latest will be less data over the wire, it's also much less likely to be cached by the registry CDN. This, it's more likely to be a trip to the origin server, which is much slower than serving out of the CDN. Additionally, we can then use that data object to check the versions hash here in outdated.js, rather than doing a full tgz download and unpack for 'cache.add'.