diff --git a/node_modules/npm-profile/index.js b/node_modules/npm-profile/index.js
index b7f753fb4d41d..d9c48c131bc92 100644
--- a/node_modules/npm-profile/index.js
+++ b/node_modules/npm-profile/index.js
@@ -1,7 +1,7 @@
 'use strict'
 
 const fetch = require('npm-registry-fetch')
-const {HttpErrorBase} = require('npm-registry-fetch/errors.js')
+const { HttpErrorBase } = require('npm-registry-fetch/errors.js')
 const os = require('os')
 const pudding = require('figgy-pudding')
 const validate = require('aproba')
@@ -18,6 +18,16 @@ exports.listTokens = listTokens
 exports.removeToken = removeToken
 exports.createToken = createToken
 
+const url = require('url')
+
+const isValidUrl = u => {
+  if (u && typeof u === 'string') {
+    const p = url.parse(u)
+    return p.slashes && p.host && p.path && /^https?:$/.test(p.protocol)
+  }
+  return false
+}
+
 const ProfileConfig = pudding({
   creds: {},
   hostname: {},
@@ -76,21 +86,16 @@ function webAuth (opener, opts, body) {
   })).then(res => {
     return Promise.all([res, res.json()])
   }).then(([res, content]) => {
-    const {doneUrl, loginUrl} = content
+    const { doneUrl, loginUrl } = content
     process.emit('log', 'verbose', 'web auth', 'got response', content)
-    if (
-      typeof doneUrl !== 'string' ||
-      typeof loginUrl !== 'string' ||
-      !doneUrl ||
-      !loginUrl
-    ) {
+    if (!isValidUrl(doneUrl) || !isValidUrl(loginUrl)) {
       throw new WebLoginInvalidResponse('POST', res, content)
     }
     return content
-  }).then(({doneUrl, loginUrl}) => {
+  }).then(({ doneUrl, loginUrl }) => {
     process.emit('log', 'verbose', 'web auth', 'opening url pair')
     return opener(loginUrl).then(
-      () => webAuthCheckLogin(doneUrl, opts.concat({cache: false}))
+      () => webAuthCheckLogin(doneUrl, opts.concat({ cache: false }))
     )
   }).catch(er => {
     if ((er.statusCode >= 400 && er.statusCode <= 499) || er.statusCode === 500) {
@@ -183,7 +188,7 @@ function loginCouch (username, password, opts) {
     }
     if (err.code !== 'E409') throw err
     return fetch.json(target, opts.concat({
-      query: {write: true}
+      query: { write: true }
     })).then(result => {
       Object.keys(result).forEach(function (k) {
         if (!body[k] || k === 'roles') {
diff --git a/node_modules/npm-profile/package.json b/node_modules/npm-profile/package.json
index 2f252aac85ab0..e90e16ddf975d 100644
--- a/node_modules/npm-profile/package.json
+++ b/node_modules/npm-profile/package.json
@@ -1,28 +1,29 @@
 {
-  "_from": "npm-profile@4.0.2",
-  "_id": "npm-profile@4.0.2",
+  "_from": "npm-profile@4.0.4",
+  "_id": "npm-profile@4.0.4",
   "_inBundle": false,
-  "_integrity": "sha512-VRsC04pvRH+9cF+PoVh2nTmJjiG21yu59IHpsBpkxk+jaGAV8lxx96G4SDc0jOHAkfWLXbc6kIph3dGAuRnotQ==",
+  "_integrity": "sha512-Ta8xq8TLMpqssF0H60BXS1A90iMoM6GeKwsmravJ6wYjWwSzcYBTdyWa3DZCYqPutacBMEm7cxiOkiIeCUAHDQ==",
   "_location": "/npm-profile",
   "_phantomChildren": {},
   "_requested": {
     "type": "version",
     "registry": true,
-    "raw": "npm-profile@4.0.2",
+    "raw": "npm-profile@4.0.4",
     "name": "npm-profile",
     "escapedName": "npm-profile",
-    "rawSpec": "4.0.2",
+    "rawSpec": "4.0.4",
     "saveSpec": null,
-    "fetchSpec": "4.0.2"
+    "fetchSpec": "4.0.4"
   },
   "_requiredBy": [
     "#USER",
-    "/"
+    "/",
+    "/libnpm"
   ],
-  "_resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.2.tgz",
-  "_shasum": "8272a71c19634d0dce9c35a5daf8ee589cbb0f52",
-  "_spec": "npm-profile@4.0.2",
-  "_where": "/Users/isaacs/dev/npm/cli",
+  "_resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.4.tgz",
+  "_shasum": "28ee94390e936df6d084263ee2061336a6a1581b",
+  "_spec": "npm-profile@4.0.4",
+  "_where": "/Users/darcyclarke/Documents/Repos/npm/cli",
   "author": {
     "name": "Rebecca Turner",
     "email": "me@re-becca.org",
@@ -48,9 +49,12 @@
   "license": "ISC",
   "main": "index.js",
   "name": "npm-profile",
+  "publishConfig": {
+    "tag": "legacy-v4"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/npm/npm-profile.git"
   },
-  "version": "4.0.2"
+  "version": "4.0.4"
 }
diff --git a/package-lock.json b/package-lock.json
index f9e6e77f7ac42..7cc82d4bb4822 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3855,9 +3855,9 @@
       }
     },
     "npm-profile": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.2.tgz",
-      "integrity": "sha512-VRsC04pvRH+9cF+PoVh2nTmJjiG21yu59IHpsBpkxk+jaGAV8lxx96G4SDc0jOHAkfWLXbc6kIph3dGAuRnotQ==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/npm-profile/-/npm-profile-4.0.4.tgz",
+      "integrity": "sha512-Ta8xq8TLMpqssF0H60BXS1A90iMoM6GeKwsmravJ6wYjWwSzcYBTdyWa3DZCYqPutacBMEm7cxiOkiIeCUAHDQ==",
       "requires": {
         "aproba": "^1.1.2 || 2",
         "figgy-pudding": "^3.4.1",
diff --git a/package.json b/package.json
index 20c5ecb4c83e1..89f0f1830edef 100644
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
     "npm-package-arg": "^6.1.1",
     "npm-packlist": "^1.4.8",
     "npm-pick-manifest": "^3.0.2",
-    "npm-profile": "^4.0.2",
+    "npm-profile": "^4.0.4",
     "npm-registry-fetch": "^4.0.3",
     "npm-user-validate": "~1.0.0",
     "npmlog": "~4.1.2",