Yarn: Can't publish package with NPM account that has enabled 2FA

Created on 11 Nov 2017  ·  10Comments  ·  Source: yarnpkg/yarn

I have enabled 2FA on my NPM account, I think that Yarn won't prompt for OTP code, so I can't publish my package to NPM using Yarn.

Command:

➜  Koguchi-Chino-Messenger-Bot git:(master) yarn publish
yarn publish v1.3.2
[1/4] Bumping version...
info Current version: 1.0.2
question New version: 1.0.3
[2/4] Logging in...
[3/4] Publishing...
error An unexpected error occurred: "https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.".

Log file:

Trace: 
  Error: https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.
      at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
      at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
      at emitTwo (events.js:126:13)
      at Request.emit (events.js:214:7)
      at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
      at emitOne (events.js:116:13)
      at Request.emit (events.js:211:7)
      at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
      at Object.onceWrapper (events.js:313:30)
      at emitNone (events.js:111:20)
cat-compatibility cat-feature help wanted high-priority triaged
Source
picture edisonlee55
👍39

Most helpful comment

Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm credentials, and enabled 2FA (which I was glad to see what added recently!).

It would certainly be nice not to have to compromise my security to keep using yarn publish.

picture lgarron on 13 Jul 2018
👍21

All 10 comments

I put these in the Yarn Discord back when the feature launched, but I figured it wouldn't hurt to put this info somewhere more permanent:

If an implementer has any questions, I'm easy to get a hold of, easiest is probably Discord where I'm iarna#2841 or DM me on Twitter.

iarna picture iarna on 11 Nov 2017
3

This issue being open implies that yarn cannot be used if 2FA is enabled in my npm account? If so, is there a workaround?

Thanks.

itaysabato picture itaysabato on 2 Dec 2017

Is anyone working on this? I'm interested in taking it on.

iansu picture iansu on 20 Dec 2017

Hey @iansu, I started but not much progress yet. You can pick it up 👍

torifat picture torifat on 21 Dec 2017

Alright, I'll start working on it. Do we just want to enable publishing with 2FA enabled (add support for entering 2FA code in login) or also add full profile support (a profile command similar to npm profile)? I'm happy to do both. Thoughts?

iansu picture iansu on 21 Dec 2017
3

I think it's ok to do both but better to do it in sperate PRs.

torifat picture torifat on 21 Dec 2017
👍2

@itaysabato Workarounds are to either remove 2FA from your account or use npm publish for now.

davidjb picture davidjb on 16 Feb 2018

So keen for this so I can stop using npm publish :))))

3stacks picture 3stacks on 8 Mar 2018
👍5

Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm credentials, and enabled 2FA (which I was glad to see what added recently!).

It would certainly be nice not to have to compromise my security to keep using yarn publish.

lgarron picture lgarron on 13 Jul 2018
👍21

please add this? I am using np && release to publish and I can't specify --otp even

niftylettuce picture niftylettuce on 30 Sep 2018
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

victornoel picture victornoel  ·  3Comments
ocolot picture ocolot  ·  3Comments
bouk picture bouk  ·  3Comments
catkins picture catkins  ·  3Comments
seansfkelley picture seansfkelley  ·  3Comments