Np: ERR 400 2FA when no 2fa is configured on account/repo

Created on 8 Feb 2020  ยท  19Comments  ยท  Source: sindresorhus/np

There is an issue with the latest version 6.0.0 of np after the package is published it tries to do 2fa and it fails. The account doesn't have 2fa enabled, as well as npm repo. Also, the package is published and then it tries to do 2fa, that seems strange I would expect 2fa is a step before publishing.

Description

Commit Range:
v0.4.0...master

Registry:
https://registry.npmjs.org/

? Select semver increment or specify new version patch  0.4.1

  โˆš Prerequisite check
  โˆš Git
  โ†“ Cleanup [skipped]
  โˆš Installing dependencies using npm
  โˆš Running tests using npm
  โˆš Bumping version using npm
  โˆš Publishing package using npm
  ร— Enabling two-factor authentication
    โ†’ npm ERR!     C:\Users\xxxxxxx\AppData\Roaming\npm-cache\_logs\2020-02-07T19_16_24_605Z-debug.log
    Pushing tags
    Creating release draft on GitHub

ร— Command failed with exit code 1: npm access 2fa-required serp-parser
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access

Here is the log file,

info it worked if it ends with ok
1 verbose cli [
1 verbose cli   'C:\\Program Files\\nodejs\\node.exe',
1 verbose cli   'C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli   'access',
1 verbose cli   '2fa-required',
1 verbose cli   'serp-parser'
1 verbose cli ]
2 info using [email protected]
3 info using [email protected]
4 verbose npm-session d2ee52f34a8efa00
5 http fetch POST 400 a 372ms
6 verbose stack Error: 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
6 verbose stack     at C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:104:15
6 verbose stack     at processTicksAndRejections (internal/process/task_queues.js:93:5)
7 verbose statusCode 400
8 verbose pkgid serp-parser@latest
9 verbose cwd C:\GitHub\serp-parser
10 verbose Windows_NT 10.0.18363
11 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "access" "2fa-required" "serp-parser"
12 verbose node v12.13.0
13 verbose npm  v6.12.0
14 error code E400
15 error 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
16 verbose exit [ 1, true ]

Expected behavior

I expect for the script to not try to enable 2fa as there is no configuration for it, and to finish everything up as a previous np v5.x.x

Environment

np - 6.0.0
Node.js - 12.13.x
npm - 6.12.x
Git - x.x.x
OS - WIN10

Most helpful comment

Thanks @papb, that solution worked for me, I used npx for it rather than editing my current set up.

npx https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8 --no-2fa

It would be really good to get this officially resolved though, doing package releases via random tarballs makes me feel dirty.

All 19 comments

Why it is not possible to make this 2fa-required optional? Should be enabled by default if npm has a bug it doesn't work

Also, the package is published and then it tries to do 2fa, that seems strange I would expect 2fa is a step before publishing.

It's so that it can handle when you first publish a new package as you cannot enable 2FA on a package before it's published. Was just easier to have the same logic for both existing and new packages.

Hey there,

Recently published a new package too and encountered the same issue. Because the 2FA step fails and exits, the push to Github isn't happening.

For now I'm pushing manually.

Weirdly enough, I've been using np before and never had this issue, so I don't fully understand what is happening ๐Ÿ˜„

I just downgraded to 5.2.1 because this is broken. Let me know when it's fixed. That said, thanks for the wonderful work!

I'm having the same issue with v6, downgrading works.
It would be nice to have the flag to skip 2fa until the issue with npm cli is solved.

Encountering the same issue. But downgrading to 5.2.1 works. Despite this, np is still a lifesaver!

This is odd, I just had this issue but I am already using v5.2.1... What is happening?

For now I am using @pixelastic's fork from #515, it's working perfectly for me.

  • npm i -D https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8

  • package.json:

    {
    "scripts": {
      "release": "np --no-2fa"
    }
    }
    
  • npm run release

Downgrading to 5.2.1 didn't work for me. npm/cli#650 is for npm access 2fa-required returning an error but that command works OK for me and doesn't throw.

Could there be something else failing too? np still fails for me on 2fa-required.

@nerdyman Can you try my last suggestion just out of curiosity?

Same problem here with 6.10.2 on OS X

I'm having the same issues with a public package, for which 2fa is intentionally off.

np fails with the following error (though the package is published anyway):

$ np patch
Publish a new version of pkg (current: 1.0.2)

  โœ” Prerequisite check
  โœ” Git
  โ†“ Cleanup [skipped]
  โœ” Installing dependencies using npm
  โœ” Running tests using npm
  โœ” Bumping version using npm
  โœ” Publishing package using npm
  โœ– Enabling two-factor authentication
    โ†’ npm ERR!     /Users/me/.npm/_logs/2020-03-23T05_27_47_209Z-debug.log
    Pushing tags
    Creating release draft on GitHub

โœ– Command failed with exit code 1: npm access 2fa-required pkg
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/pkg/access

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2020-03-23T05_27_47_209Z-debug.log

@dhowe Can you try my last suggestion just out of curiosity?

Yes I am using that solution now -- works well, thanks

I also had to downgrade to 5.2.1 to publish a new package because I couldn't get around this. Any chance you could just support the flag from the optional branch posted above? This is clearly a pretty big inconvenience for a lot of people.

Thanks @papb, that solution worked for me, I used npx for it rather than editing my current set up.

npx https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8 --no-2fa

It would be really good to get this officially resolved though, doing package releases via random tarballs makes me feel dirty.

2020-07-18T07_38_21_727Z-debug.log

This is still happening. And bug #427 references this issue as well.

No need to downgrade or install other forks.... I have version 6.5.0 and there is support to the --no-2fa tag

image

The actual --no-2fa support version seems to be 6.4:

https://github.com/sindresorhus/np/releases/tag/v6.4.0

I think we can close this issue!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

natesilva picture natesilva  ยท  5Comments

xxczaki picture xxczaki  ยท  6Comments

mikehardy picture mikehardy  ยท  6Comments

ProfessorManhattan picture ProfessorManhattan  ยท  4Comments

bennycode picture bennycode  ยท  4Comments