np is turning on two-factor authentication and we don't want it

Created on 17 Mar 2020  Â·  5Comments  Â·  Source: sindresorhus/np

Description

When we publish our private modules, np runs a step called “Enabling two-factor authentication”. This is turning on the setting “Require Two Factor Authentication to publish or modify settings” in NPM. We then have to go into the NPM web site to turn it off.

I’ve seen #288 but that seems to be about turning on 2FA on a new package. We’d be fine with that. But this is enabling it on an existing package.

  • Our package is published on NPM (npmjs.com).
  • It’s a private package scoped to our organization’s paid account.
  • I don’t know if this affects public modules… our usage is with private modules.
  • Yes our devs should have 2FA turned on, now we’ve asked them to, but this caught us by surprise when some devs were no longer able to publish.

Steps to reproduce

Use np to publish a release of an existing private module that does not have 2FA enabled.

Expected behavior

Should not modify package-level 2FA settings.

Environment

np - 6.2.0
Node.js - 12.16.1
npm - 6.13.4
Git - 2.21.1
OS - macOS 10.15.3

Most helpful comment

Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit:

image

All 5 comments

I'm facing this issue as well. Can we add an option np --skip-2fa to skip 2 factor auth?
I saw there was already a PR for it #515 can we merge it?

Experiencing the same issue. Since 2FA is an option, there should be a way to opt-in (or out) for this.

Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit:

image

Another thing I just noticed: since the new tag is pushed _after_ 2FA, lately I ended up having to manually push this commit so I don't (again, manually) create a release based on a previous commit:

image

This happened to me too. The process failed on this unwanted step, and I had to finish manually, which kind of defeats the purpose of this tool.

Whoops I didn't mention this in my implementing PR: @sindresorhus this can be closed via #559

Was this page helpful?
0 / 5 - 0 ratings

Related issues

inker picture inker  Â·  4Comments

xxczaki picture xxczaki  Â·  6Comments

dotconnor picture dotconnor  Â·  4Comments

bennycode picture bennycode  Â·  4Comments

voxpelli picture voxpelli  Â·  5Comments