deps: upgrade npm to 6.1.0 (!20190) · Merge requests · Rodrigo Test / Test Group-nodejs / node

This is a major release, so it does include breaking changes. They are, however, very minor and important:

npm update and npm outdated now will not suggest versions greater than the version tagged as latest. This is in alignment with the use of tags for release trains or experimental versions, while not requiring the use of prerelease version numbers.
npm install will now do its best to avoid versions that are marked as deprecated. That is makes npm deprecate similar to how the gem yank command works in ruby. If you specifically ask for a deprecated version you will still get it.
npm will now report that it no longer supports node v4 and node v7.

Flattening npm's dependency tree to take advantage of the MacOS installer rewrite will fix #19449 (closed)
npm init now can take an argument and it will run a matching create-… script from the registry. An amalgam of npx and yarn create.
npm audit provides a vulnerability scanner. The registry side of this will be available soon. Details are discussed in the CHANGELOG
npm audit fix to help users automatically fix vulnerabilities found with npm audit.
Webhook management is now included with the cli as the npm hook command. Previously this functionality was found in the module wombat. With webhooks you can request notification whenever a package updates.
Rewrite binaries less. Previously if we found a CRLF in a binary that had a shebang then we would convert the entire file to unix line endings. With this change we only convert the shebang line itself.
Eliminate use of new Buffer in npm
Rewritten and prettier npm view
npm pack and npm publish previews when running them with --dry-run
npm ci, new, faster, lock-file only install mode and npm cit to install and test
Automatic git merge conflict resolution on conflicts in lock-files.
A slew of bug fixes are stabilizing lock-files when using partial installs (eg, --only=production, --no-optional, etc)

Admin message