I have enabled 2FA on my NPM account, I think that Yarn won't prompt for OTP code, so I can't publish my package to NPM using Yarn.
Command:
➜ Koguchi-Chino-Messenger-Bot git:(master) yarn publish
yarn publish v1.3.2
[1/4] Bumping version...
info Current version: 1.0.2
question New version: 1.0.3
[2/4] Logging in...
[3/4] Publishing...
error An unexpected error occurred: "https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.".
Log file:
Trace:
Error: https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.
at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
at emitTwo (events.js:126:13)
at Request.emit (events.js:214:7)
at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
at emitOne (events.js:116:13)
at Request.emit (events.js:211:7)
at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:111:20)
I put these in the Yarn Discord back when the feature launched, but I figured it wouldn't hurt to put this info somewhere more permanent:
If an implementer has any questions, I'm easy to get a hold of, easiest is probably Discord where I'm iarna#2841 or DM me on Twitter.
This issue being open implies that yarn cannot be used if 2FA is enabled in my npm account? If so, is there a workaround?
Thanks.
Is anyone working on this? I'm interested in taking it on.
Hey @iansu, I started but not much progress yet. You can pick it up 👍
Alright, I'll start working on it. Do we just want to enable publishing with 2FA enabled (add support for entering 2FA code in login) or also add full profile support (a profile
command similar to npm profile
)? I'm happy to do both. Thoughts?
I think it's ok to do both but better to do it in sperate PRs.
@itaysabato Workarounds are to either remove 2FA from your account or use npm publish
for now.
So keen for this so I can stop using npm publish
:))))
Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm
credentials, and enabled 2FA (which I was glad to see what added recently!).
It would certainly be nice not to have to compromise my security to keep using yarn publish
.
please add this? I am using np && release
to publish and I can't specify --otp
even
Most helpful comment
Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my
npm
credentials, and enabled 2FA (which I was glad to see what added recently!).It would certainly be nice not to have to compromise my security to keep using
yarn publish
.