Yarn: Can't publish package with NPM account that has enabled 2FA

Created on 11 Nov 2017  ·  10Comments  ·  Source: yarnpkg/yarn

I have enabled 2FA on my NPM account, I think that Yarn won't prompt for OTP code, so I can't publish my package to NPM using Yarn.

Command:

➜  Koguchi-Chino-Messenger-Bot git:(master) yarn publish
yarn publish v1.3.2
[1/4] Bumping version...
info Current version: 1.0.2
question New version: 1.0.3
[2/4] Logging in...
[3/4] Publishing...
error An unexpected error occurred: "https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.".

Log file:

Trace: 
  Error: https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.
      at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
      at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
      at emitTwo (events.js:126:13)
      at Request.emit (events.js:214:7)
      at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
      at emitOne (events.js:116:13)
      at Request.emit (events.js:211:7)
      at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
      at Object.onceWrapper (events.js:313:30)
      at emitNone (events.js:111:20)
cat-compatibility cat-feature help wanted high-priority triaged

Most helpful comment

Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm credentials, and enabled 2FA (which I was glad to see what added recently!).

It would certainly be nice not to have to compromise my security to keep using yarn publish.

All 10 comments

I put these in the Yarn Discord back when the feature launched, but I figured it wouldn't hurt to put this info somewhere more permanent:

If an implementer has any questions, I'm easy to get a hold of, easiest is probably Discord where I'm iarna#2841 or DM me on Twitter.

This issue being open implies that yarn cannot be used if 2FA is enabled in my npm account? If so, is there a workaround?

Thanks.

Is anyone working on this? I'm interested in taking it on.

Hey @iansu, I started but not much progress yet. You can pick it up 👍

Alright, I'll start working on it. Do we just want to enable publishing with 2FA enabled (add support for entering 2FA code in login) or also add full profile support (a profile command similar to npm profile)? I'm happy to do both. Thoughts?

I think it's ok to do both but better to do it in sperate PRs.

@itaysabato Workarounds are to either remove 2FA from your account or use npm publish for now.

So keen for this so I can stop using npm publish :))))

Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm credentials, and enabled 2FA (which I was glad to see what added recently!).

It would certainly be nice not to have to compromise my security to keep using yarn publish.

please add this? I am using np && release to publish and I can't specify --otp even

Was this page helpful?
0 / 5 - 0 ratings