v6.4.0-next.0

NEW FEATURES

6e9f04b0b npm/cli#8 Search for authentication token defined by environment variables by preventing the translation layer from env variable to npm option from breaking :_authToken. (@mkhl)
84bfd23e7 npm/cli#35 Stop filtering out non-IPv4 addresses from local-addrs, making npm actually use IPv6 addresses when it must. (@valentin2105)
792c8c709 npm/cli#31 configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found. Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected. (@lennym)

BUGFIXES

d81146181 npm/cli#32 Don’t check for updates to npm when we are updating npm itself. (@olore)

DEPENDENCY UPDATES

A very special dependency update event! Since the release of node-gyp@3.8.0, an awkward version conflict that was preventing request from begin flattened was resolved. This means two things:

We’ve cut down the npm tarball size by another 200kb, to 4.6MB
npm audit now shows no vulnerabilities for npm itself!

Thanks, @rvagg!

866d776c2 request@2.87.0 (@simov)
f861c2b57 node-gyp@3.8.0 (@rvagg)
32e6947c6 npm/cli#39 colors@1.1.2: REVERT REVERT, newer versions of this library are broken and print ansi codes even when disabled. (@iarna)
beb96b92c libcipm@2.0.1 (@zkat)
348fc91ad validate-npm-package-license@3.0.4: Fixes errors with empty or string-only license fields. (@Gudahtt)
e57d34575 iferr@1.0.2 (@shesek)
46f1c6ad4 tar@4.4.6 (@isaacs)
50df1bf69 hosted-git-info@2.7.1 (@iarna) (@Erveon) (@huochunpeng)

DOCUMENTATION

af98e76ed npm/cli#34 Remove npm publish from list of commands not affected by --dry-run. (@joebowbeer)
e2b0f0921 npm/cli#36 Tweak formatting in repository field examples. (@noahbenham)
e2346e770 npm/cli#14 Used process.env examples to make accessing certain npm run-scripts environment variables more clear. (@mwarger)