CORRECTION: NPM'S GIT INTEGRATION IS DOING OKAY

A helpful bug report led to another round of changes to hosted-git-info, some additional test-writing, and a bunch of hands-on testing against actual private repositories. While the complexity of npm's git dependency handling is nearly fractal (because npm is very complex, and git is even more complex), it's feeling way more solid than it has for a while. We think this is a substantial improvement over what we had before, so give npm@2.8.1 a shot if you have particularly complex git use cases and let us know how it goes.

(NOTE: These changes mostly affect cloning and saving references to packages hosted in git repositories, and don't address some known issues with things like lifecycle scripts not being run on npm dependencies. Work continues on other issues that affect parity between git and npm registry packages.)

• 66377c6
  #7872 hosted-git-info@2.1.2: Pass
  through credentials embedded in SSH and HTTPs git URLs.
  (@othiym23)
• 15efe12
  #7872 Use the new version of
  hosted-git-info to pass along credentials embedded in git URLs. Test it.
  Test it a lot. (@othiym23)

SCOPED DEPENDENCIES AND PEER DEPENDENCIES: NOT QUITE REESE'S

Big thanks to @ewie for identifying an issue with how npm was handling peerDependencies that were implicitly installed from the package.json files of scoped dependencies. This will be a moot point with the release of npm@3, but until then, it's important that peerDependency auto-installation work as expected.

• b027319
  #7920 Scoped packages with
  peerDependencies were installing the peerDependencies into the wrong
  directory. (@ewie)
• 649e31a
  #7920 Test peerDependency
  installs involving scoped packages using npm-package-arg instead of simple
  path tests, for consistency. (@othiym23)

MAKING IT EASIER TO WRITE NPM TESTS, VERSION 0.0.1

@iarna and I (@othiym23) have been discussing a candidate plan for improving npm's test suite, with the goal of making it easier for new contributors to get involved with npm by reducing the learning curve necessary to be able to write good tests for proposed changes. This is the first substantial piece of that effort. Here's what the commit message for ed7e249 had to say about this work:

It's too difficult for npm contributors to figure out what the conventional
style is for tests. Part of the problem is that the documentation in
CONTRIBUTING.md is inadequate, but another important factor is that the tests
themselves are written in a variety of styles. One of the most notable
examples of this is the fact that many tests use fixture directories to store
precooked test scenarios and package.json files.

This had some negative consequences:

• tests weren't idempotent
• subtle dependencies between tests existed
• new tests get written in this deprecated style because it's not
  obvious that the style is out of favor
• it's hard to figure out why a lot of those directories existed,
  because they served a variety of purposes, so it was difficult to
  tell when it was safe to remove them

All in all, the fixture directories were a major source of technical debt, and
cleaning them up, while time-consuming, makes the whole test suite much more
approachable, and makes it more likely that new tests written by outside
contributors will follow a conventional style. To support that, all of the
tests touched by this changed were cleaned up to pass the standard style
checker.

And here's a little extra context from a comment I left on #7929:

One of the other things that encouraged me was looking at this
presentation on technical debt
from Pycon 2015, especially slide 53, which I interpreted in terms of
difficulty getting new contributors to submit patches to an OSS project like
npm. npm has a long ways to go, but I feel good about this change.

• ed7e249
  #7929 Eliminate fixture directories
  from test/tap, leaving each test self-contained.
  (@othiym23)
• 4928d30
  #7929 Move fixture files from
  test/tap/* to test/fixtures. (@othiym23)
• e925deb
  #7929 Tweak the run scripts to stop
  slaughtering the CPU on doc rebuild.
  (@othiym23)
• 65bf7cf
  #7923 Use an alias of scripts and
  run-scripts in npm run test-all (@watilde)
• 756a3fb
  #7923 Sync timeout time of npm run-script test-all to be the same as test and tap scripts.
  (@watilde)
• 8299b5f
  Set a timeout for tap tests for npm run-script test-all.
  (@othiym23)

THE EVER-BEATING DRUM OF DEPENDENCY UPDATES

• d90d0b9
  #7924 Remove child-process-close,
  as it was included for Node 0.6 compatibility, and npm no longer supports
  0.6. (@robertkowalski)
• 16427c1
lru-cache@2.5.2: More accurate updating of expiry times when maxAge is
  set. (@isaacs)
• 03cce83
nock@1.6.0: Mocked network error handling.
  (@pgte)
• f93b1f0
glob@5.0.5: Use path-is-absolute polyfill, allowing newer Node.js and
  io.js versions to use path.isAbsolute().
  (@sindresorhus)
• a70d694
request@2.55.0: Bug fixes and simplification.
  (@simov)
• 2aecc6f
columnify@1.5.1: Switch to using babel from 6to5.
  (@timoxley)