deps: upgrade npm to 6.10.0

PR-URL: #28525
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Roman Reiss <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Yongsheng Zhang <[email protected]>
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>

Author: isaacs

deps/npm/.licensee.json

@@ -1,7 +1,12 @@
 {
-  "license": "(MIT OR BSD-2-Clause OR BSD-3-Clause OR Apache-2.0 OR ISC OR Unlicense OR CC-BY-3.0 OR CC0-1.0 OR Artistic-2.0)",
+  "licenses": {
+    "spdx": [
+      "CC-BY-3.0"
+    ],
+    "blueOak": "bronze"
+  },
   "corrections": true,
-  "whitelist": {
+  "packages": {
     "config-chain": "1.1.12",
     "cyclist": "0.2.2",
     "json-schema": "0.2.3",

deps/npm/.travis.yml

@@ -7,26 +7,24 @@ language: node_js
 matrix:
   include:
     # LTS is our most important target
-    - node_js: "10"
+    - node_js: "12"
       # DEPLOY_VERSION is used to set the couchapp setup mode for test/tap/registry.js
       # only gather coverage info for LTS
       env: DEPLOY_VERSION=testing COVERALLS_REPO_TOKEN="$COVERALLS_OPTIONAL_TOKEN"
       script:
         - "node . run tap-cover -- \"test/tap/*.js\""
         - "unset COVERALLS_REPO_TOKEN ; node . run tap -- \"test/broken-under-*/*.js\""
     # previous LTS is next most important
-    - node_js: "6"
-      env: DEPLOY_VERSION=testing
-    - node_js: "8"
-      env: DEPLOY_VERSION=testing
-    - node_js: "9"
-      env: DEPLOY_VERSION=testing
-    - node_js: "11"
+    - node_js: "10"
       env: DEPLOY_VERSION=testing
       script:
       - "npx standard"
       - "node . run licenses"
       - "node . run tap -- \"test/tap/*.js\" \"test/broken-under-nyc/*.js\""
+    - node_js: "8"
+      env: DEPLOY_VERSION=testing
+    - node_js: "6"
+      env: DEPLOY_VERSION=testing
 notifications:
     slack: npm-inc:kRqQjto7YbINqHPb1X6nS3g8
 cache:

deps/npm/AUTHORS

@@ -630,3 +630,14 @@ Amadou Sall <[email protected]>
 Chris Manson <[email protected]>
 vlasy <[email protected]>
 Emilis Dambauskas (Tokenmill) <[email protected]>
+George Czabania <[email protected]>
+Jonathan Underwood <[email protected]>
+Nick Graef <[email protected]>
+James George <[email protected]>
+John O'Sullivan <[email protected]>
+ossdev <[email protected]>
+Raphael Goulais <[email protected]>
+COURIER, CALEB [AG/1000] <[email protected]>
+CalebCourier <[email protected]>
+Florian Keller <[email protected]>
+Sreeram Jayan <[email protected]>

deps/npm/CHANGELOG.md

@@ -1,4 +1,189 @@
-## v6.9.0 (2018-02-20):
+## v6.10.0 (2019-07-03):
+
+### FEATURES
+
+* [`87fef4e35`](https://github.com/npm/cli/commit/87fef4e35)
+  [#176](https://github.com/npm/cli/pull/176) fix: Always return JSON for
+  outdated --json ([@sreeramjayan](https://github.com/sreeramjayan))
+* [`f101d44fc`](https://github.com/npm/cli/commit/f101d44fc)
+  [#203](https://github.com/npm/cli/pull/203) fix(unpublish): add space
+  after hyphen ([@ffflorian](https://github.com/ffflorian))
+* [`a4475de4c`](https://github.com/npm/cli/commit/a4475de4c)
+  [#202](https://github.com/npm/cli/pull/202) enable production flag for
+  npm audit ([@CalebCourier](https://github.com/CalebCourier))
+* [`d192904d0`](https://github.com/npm/cli/commit/d192904d0)
+  [#178](https://github.com/npm/cli/pull/178) fix: Return a value for
+  `view` when in silent mode
+  ([@stayradiated](https://github.com/stayradiated))
+* [`39d473adf`](https://github.com/npm/cli/commit/39d473adf)
+  [#185](https://github.com/npm/cli/pull/185) Allow git to follow global
+  tagsign config ([@junderw](https://github.com/junderw))
+
+### BUGFIXES
+
+* [`d9238af0b`](https://github.com/npm/cli/commit/d9238af0b)
+  [#201](https://github.com/npm/cli/pull/163)
+  [npm/npm#17858](https://github.com/npm/npm/issues/17858)
+  [npm/npm#18042](https://github.com/npm/npm/issues/18042)
+  [npm.community#644](https://npm.community/t/644) do not crash when
+  removing nameless packages
+  ([@SteveVanOpstal](https://github.com/SteveVanOpstal) and
+  [@isaacs](https://github.com/isaacs))
+* [`4bec4f111`](https://github.com/npm/cli/commit/4bec4f111)
+  [#200](https://github.com/npm/cli/pull/200) Check for `node` (as well as
+  `node.exe`) in npm's local dir on Windows
+  ([@rgoulais](https://github.com/rgoulais))
+* [`ce93dab2d`](https://github.com/npm/cli/commit/ce93dab2db423ef23b3e08a0612dafbeb2d25789)
+  [#180](https://github.com/npm/cli/pull/180)
+  [npm.community#6187](https://npm.community/t/6187) Fix handling of
+  `remote` deps in `npm outdated` ([@larsgw](https://github.com/larsgw))
+
+### TESTING
+
+* [`a823f3084`](https://github.com/npm/cli/commit/a823f3084) travis: Update
+  to include new v12 LTS ([@isaacs](https://github.com/isaacs))
+* [`33e2d1dac`](https://github.com/npm/cli/commit/33e2d1dac) fix flaky
+  debug-logs test ([@isaacs](https://github.com/isaacs))
+* [`e9411c6cd`](https://github.com/npm/cli/commit/e9411c6cd) Don't time out
+  waiting for gpg user input ([@isaacs](https://github.com/isaacs))
+* [`d2d301704`](https://github.com/npm/cli/commit/d2d301704)
+  [#195](https://github.com/npm/cli/pull/195) Add the arm64 check for
+  legacy-platform-all.js test case.
+  ([@ossdev07](https://github.com/ossdev07))
+* [`a4dc34243`](https://github.com/npm/cli/commit/a4dc34243) parallel tests
+  ([@isaacs](https://github.com/isaacs))
+
+### DOCUMENTATION
+
+* [`f5857e263`](https://github.com/npm/cli/commit/f5857e263)
+  [#192](https://github.com/npm/cli/pull/192) Clarify usage of
+  bundledDependencies
+  ([@john-osullivan](https://github.com/john-osullivan))
+* [`747fdaf66`](https://github.com/npm/cli/commit/747fdaf66)
+  [#159](https://github.com/npm/cli/pull/159) doc: add --audit-level param
+  ([@ngraef](https://github.com/ngraef))
+
+### DEPENDENCIES
+
+* [`e36b3c320`](https://github.com/npm/cli/commit/e36b3c320)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+* [`6bb935c09`](https://github.com/npm/cli/commit/6bb935c09)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+    * [`e9cd536`](https://github.com/npm/read-package-tree/commit/e9cd536)
+      Use custom caching `realpath` implementation, dramatically reducing
+      `lstat` calls when reading the package tree
+      ([@isaacs](https://github.com/isaacs))
+* [`39538b460`](https://github.com/npm/cli/commit/39538b460)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+    * [`f8b1552`](https://github.com/npm/write-file-atomic/commit/f8b1552)
+      [#38](https://github.com/npm/write-file-atomic/pull/38) Ignore errors
+      raised by `fs.closeSync` ([@lukeapage](https://github.com/lukeapage))
+* [`042193069`](https://github.com/npm/cli/commit/042193069) [email protected]
+  ([@isaacs](https://github.com/isaacs))
+    * [`8bbd051`](https://github.com/npm/pacote/commit/8bbd051)
+      [#172](https://github.com/zkat/pacote/pull/172) limit git retry
+      times, avoid unlimited retries ([小秦](https://github.com/xqin))
+    * [`92f5e4c`](https://github.com/npm/pacote/commit/92f5e4c)
+      [#170](https://github.com/zkat/pacote/pull/170) fix(errors): Fix
+      "TypeError: err.code.match is not a function" error
+      ([@jviotti](https://github.com/jviotti))
+* [`8bd8e909f`](https://github.com/npm/cli/commit/8bd8e909f) [email protected]
+  ([@isaacs](https://github.com/isaacs))
+    * [`47de8f5`](https://github.com/npm/cacache/commit/47de8f5)
+      [#146](https://github.com/zkat/cacache/pull/146)
+      [npm.community#2395](https://npm.community/t/2395) fix(config): Add
+      ssri config 'error' option ([@larsgw](https://github.com/larsgw))
+    * [`5156561`](https://github.com/npm/cacache/commit/5156561)
+      fix(write): avoid a `cb never called` situation
+      ([@zkat](https://github.com/zkat))
+    * [`90f40f0`](https://github.com/npm/cacache/commit/90f40f0)
+      [#166](https://github.com/zkat/cacache/pull/166)
+      [#165](https://github.com/zkat/cacache/issues/165) docs: Fix docs for
+      `path` property in get.info
+      ([@hdgarrood](https://github.com/hdgarrood))
+* [`bf61c45c6`](https://github.com/npm/cli/commit/bf61c45c6) [email protected]
+  ([@isaacs](https://github.com/isaacs))
+* [`f75d46a9d`](https://github.com/npm/cli/commit/f75d46a9d) [email protected]
+  ([@isaacs](https://github.com/isaacs))
+    * [`c80341a`](https://github.com/npm/node-tar/commit/c80341a)
+      [#215](https://github.com/npm/node-tar/pull/215) Fix
+      encoding/decoding of base-256 numbers
+      ([@justfalter](https://github.com/justfalter))
+    * [`77522f0`](https://github.com/npm/node-tar/commit/77522f0)
+      [#204](https://github.com/npm/node-tar/issues/204)
+      [#214](https://github.com/npm/node-tar/issues/214) Use `stat` instead
+      of `lstat` when checking CWD ([@stkb](https://github.com/stkb))
+* [`ec6236210`](https://github.com/npm/cli/commit/ec6236210)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+    * [`63d1e3e`](https://github.com/npm/npm-packlist/commit/63d1e3e)
+      [#30](https://github.com/npm/npm-packlist/issues/30) Sort package
+      tarball entries by file type for compression benefits
+      ([@isaacs](https://github.com/isaacs))
+    * [`7fcd045`](https://github.com/npm/npm-packlist/commit/7fcd045)
+      Ignore `.DS_Store` files as well as folders
+      ([@isaacs](https://github.com/isaacs))
+    * [`68b7c96`](https://github.com/npm/npm-packlist/commit/68b7c96) Never
+      include .git folders in package root.  (Note: this prevents the issue
+      that broke the v6.9.1 release.)
+      ([@isaacs](https://github.com/isaacs))
+* [`57bef61bc`](https://github.com/npm/cli/commit/57bef61bc) update fstream
+  in node-gyp ([@isaacs](https://github.com/isaacs))
+    * Addresses [security advisory
+      #886](https://www.npmjs.com/advisories/886)
+* [`acbbf7eee`](https://github.com/npm/cli/commit/acbbf7eee)
+  [#183](https://github.com/npm/cli/pull/183) [email protected]
+  ([@kemitchell](https://github.com/kemitchell))
+* [`011ae67f0`](https://github.com/npm/cli/commit/011ae67f0)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+* [`f5e884909`](https://github.com/npm/cli/commit/f5e884909)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+* [`b57d07e35`](https://github.com/npm/cli/commit/b57d07e35)
+  [email protected] ([@isaacs](https://github.com/isaacs))
+
+## v6.9.2 (2019-06-27):
+
+This release is identical to v6.9.1, but we had to publish a new version
+due to [a .git directory in the release](https://npm.community/t/8454).
+
+## v6.9.1 (2019-06-26):
+
+### BUGFIXES
+
+* [`6b1a9da0e`](https://github.com/npm/cli/commit/6b1a9da0e0f5c295cdaf4dea4b73bd221d778611)
+  [#165](https://github.com/npm/cli/pull/165)
+  Update `knownBroken` version.
+  ([@ljharb](https://github.com/ljharb))
+* [`d07547154`](https://github.com/npm/cli/commit/d07547154eb8a88aa4fde8a37e128e1e3272adc1)
+  [npm.community#5929](https://npm.community/t/npm-outdated-throw-an-error-cannot-read-property-length-of-undefined/5929)
+  Fix `outdated` rendering for global dependencies.
+  ([@zkat](https://github.com/zkat))
+* [`e4a1f1745`](https://github.com/npm/cli/commit/e4a1f174514a57580fd5e0fa33eee0f42bba77fc)
+  [npm.community#6259](https://npm.community/t/npm-token-create-doesnt-work-in-6-6-0-6-9-0/6259)
+  Fix OTP for token create and remove.
+  ([@zkat](https://github.com/zkat))
+
+### DEPENDENCIES
+
+* [`a163a9c35`](https://github.com/npm/cli/commit/a163a9c35f6f341de343562368056258bba5d7dc)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+* [`47b08b3b9`](https://github.com/npm/cli/commit/47b08b3b9860438b416efb438e975a628ec2eed5)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+* [`d6a956cff`](https://github.com/npm/cli/commit/d6a956cff6357e6de431848e578c391768685a64)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+* [`10b8bed2b`](https://github.com/npm/cli/commit/10b8bed2bb0afac5451164e87f25924cc1ac6f2e)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+* [`e7483704d`](https://github.com/npm/cli/commit/e7483704dda1acffc8c6b8c165c14c8a7512f3c8)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+* [`3242fe698`](https://github.com/npm/cli/commit/3242fe698ead46a9cda94e1a4d489cd84a85d7e3)
+  `[email protected]`
+  ([@aeschright](https://github.com/aeschright))
+
+## v6.9.0 (2019-02-20):
 
 ### FEATURES
 

deps/npm/bin/npm

@@ -8,6 +8,9 @@ case `uname` in
 esac
 
 NODE_EXE="$basedir/node.exe"
+if ! [ -x "$NODE_EXE" ]; then
+  NODE_EXE="$basedir/node"
+fi
 if ! [ -x "$NODE_EXE" ]; then
   NODE_EXE=node
 fi

deps/npm/doc/cli/npm-audit.md

@@ -3,8 +3,10 @@ npm-audit(1) -- Run a security audit
 
 ## SYNOPSIS
 
-    npm audit [--json|--parseable]
-    npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]
+    npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
+    npm audit fix [--force|--package-lock-only|--dry-run]
+
+    common options: [--production] [--only=(dev|prod)]
 
 ## EXAMPLES
 
@@ -60,6 +62,11 @@ To parse columns, you can use for example `awk`, and just print some of them:
 $ npm audit --parseable | awk -F $'\t' '{print $1,$4}'
 ```
 
+Fail an audit only if the results include a vulnerability with a level of moderate or higher:
+```
+$ npm audit --audit-level=moderate
+```
+
 ## DESCRIPTION
 
 The audit command submits a description of the dependencies configured in
@@ -75,6 +82,12 @@ runs a full-fledged `npm install` under the hood, all configs that apply to the
 installer will also apply to `npm install` -- so things like `npm audit fix
 --package-lock-only` will work as expected.
 
+By default, the audit command will exit with a non-zero code if any vulnerability
+is found. It may be useful in CI environments to include the `--audit-level` parameter
+to specify the minimum vulnerability level that will cause the command to fail. This
+option does not filter the report output, it simply changes the command's failure
+threshold.
+
 ## CONTENT SUBMITTED
 
 * npm_version

deps/npm/doc/files/package.json.md

@@ -648,7 +648,8 @@ If we define a package.json like this:
 we can obtain `awesome-web-framework-1.0.0.tgz` file by running `npm pack`.
 This file contains the dependencies `renderized` and `super-streams` which
 can be installed in a new project by executing `npm install
-awesome-web-framework-1.0.0.tgz`.
+awesome-web-framework-1.0.0.tgz`.  Note that the package names do not include
+any versions, as that information is specified in `dependencies`.
 
 If this is spelled `"bundleDependencies"`, then that is also honored.
 

deps/npm/html/doc/README.html

@@ -118,5 +118,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@6.9.0</p>
+<p id="footer"><a href="../doc/README.html">README</a> &mdash; npm@6.10.0</p>
 

deps/npm/html/doc/cli/npm-access.html

@@ -93,5 +93,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-access &mdash; npm@6.9.0</p>
+<p id="footer">npm-access &mdash; npm@6.10.0</p>
 

deps/npm/html/doc/cli/npm-adduser.html

@@ -78,5 +78,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-adduser &mdash; npm@6.9.0</p>
+<p id="footer">npm-adduser &mdash; npm@6.10.0</p>
 

deps/npm/html/doc/cli/npm-audit.html

@@ -11,8 +11,10 @@
 
 <h1><a href="../cli/npm-audit.html">npm-audit</a></h1> <p>Run a security audit</p>
 <h2 id="synopsis">SYNOPSIS</h2>
-<pre><code>npm audit [--json|--parseable]
-npm audit fix [--force|--package-lock-only|--dry-run|--production|--only=dev]</code></pre><h2 id="examples">EXAMPLES</h2>
+<pre><code>npm audit [--json|--parseable|--audit-level=(low|moderate|high|critical)]
+npm audit fix [--force|--package-lock-only|--dry-run]
+
+common options: [--production] [--only=(dev|prod)]</code></pre><h2 id="examples">EXAMPLES</h2>
 <p>Scan your project for vulnerabilities and automatically install any compatible
 updates to vulnerable dependencies:</p>
 <pre><code>$ npm audit fix</code></pre><p>Run <code>audit fix</code> without modifying <code>node_modules</code>, but still updating the
@@ -29,7 +31,8 @@ <h2 id="synopsis">SYNOPSIS</h2>
 future reuse in scripting or command line post processing, like for example, selecting
 some of the columns printed:</p>
 <pre><code>$ npm audit --parseable</code></pre><p>To parse columns, you can use for example <code>awk</code>, and just print some of them:</p>
-<pre><code>$ npm audit --parseable | awk -F $&#39;\t&#39; &#39;{print $1,$4}&#39;</code></pre><h2 id="description">DESCRIPTION</h2>
+<pre><code>$ npm audit --parseable | awk -F $&#39;\t&#39; &#39;{print $1,$4}&#39;</code></pre><p>Fail an audit only if the results include a vulnerability with a level of moderate or higher:</p>
+<pre><code>$ npm audit --audit-level=moderate</code></pre><h2 id="description">DESCRIPTION</h2>
 <p>The audit command submits a description of the dependencies configured in
 your project to your default registry and asks for a report of known
 vulnerabilities. The report returned includes instructions on how to act on
@@ -41,6 +44,11 @@ <h2 id="synopsis">SYNOPSIS</h2>
 runs a full-fledged <code>npm install</code> under the hood, all configs that apply to the
 installer will also apply to <code>npm install</code> -- so things like <code>npm audit fix
 --package-lock-only</code> will work as expected.</p>
+<p>By default, the audit command will exit with a non-zero code if any vulnerability
+is found. It may be useful in CI environments to include the <code>--audit-level</code> parameter
+to specify the minimum vulnerability level that will cause the command to fail. This
+option does not filter the report output, it simply changes the command&#39;s failure
+threshold.</p>
 <h2 id="content-submitted">CONTENT SUBMITTED</h2>
 <ul>
 <li>npm_version</li>
@@ -86,4 +94,4 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-audit &mdash; npm@6.9.0</p>
+<p id="footer">npm-audit &mdash; npm@6.10.0</p>

deps/npm/html/doc/cli/npm-bin.html

@@ -34,5 +34,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bin &mdash; npm@6.9.0</p>
+<p id="footer">npm-bin &mdash; npm@6.10.0</p>
 

deps/npm/html/doc/cli/npm-bugs.html

@@ -54,5 +54,5 @@ <h2 id="see-also">SEE ALSO</h2>
 <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6>&nbsp;</td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)">&nbsp;</td></tr>
 <tr><td colspan=5 style="width:50px;height:10px;background:#fff">&nbsp;</td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4>&nbsp;</td><td style="width:90px;height:10px;background:#fff" colspan=9>&nbsp;</td></tr>
 </table>
-<p id="footer">npm-bugs &mdash; npm@6.9.0</p>
+<p id="footer">npm-bugs &mdash; npm@6.10.0</p>