NodeJS 0.12.13 does not seem to include npm LTS v2.15.1

[elicwhite]

Per this post: https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/

Node 0.12.13 is supposed to include the patched npm version 2.15.1.

$ nvm install 0.12.13
######################################################################## 100.0%
Now using node v0.12.13
$ node -v
v0.12.13
$ npm -v
2.15.0

We confirmed this by compiling from source as well. Are we missing something?

Referencing this PR for more context: #5967

[MylesBorins]

@TheSavior thanks!

I'm digging into this right now.

[elicwhite]

From the email that just went out to nodejs-sec:

Important note: Unfortunately the version of npm that was bundled with Node.js version v0.10.44, v0.12.13 and v4.4.2 did not include the correct version string, npm -v reports 2.15.0, however the code is v2.15.1 and includes the fix for the vulnerability.

[elicwhite]

For those looking, see this PR for the fix: #5988

[Martii]

Same with v4.4.2 ... guess I'll do $ sudo npm install npm@2.15.1 -g again. ;)

[jasnell]

Looks like this was fixed.