When we publish our private modules, np runs a step called “Enabling two-factor authentication”. This is turning on the setting “Require Two Factor Authentication to publish or modify settings” in NPM. We then have to go into the NPM web site to turn it off.
I’ve seen #288 but that seems to be about turning on 2FA on a new package. We’d be fine with that. But this is enabling it on an existing package.
Use np to publish a release of an existing private module that does not have 2FA enabled.
Should not modify package-level 2FA settings.
np - 6.2.0
Node.js - 12.16.1
npm - 6.13.4
Git - 2.21.1
OS - macOS 10.15.3
I'm facing this issue as well. Can we add an option np --skip-2fa to skip 2 factor auth?
I saw there was already a PR for it #515 can we merge it?
Experiencing the same issue. Since 2FA is an option, there should be a way to opt-in (or out) for this.
Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit:

Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit:
This happened to me too. The process failed on this unwanted step, and I had to finish manually, which kind of defeats the purpose of this tool.
Whoops I didn't mention this in my implementing PR: @sindresorhus this can be closed via #559
Most helpful comment
Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit: