Failed within np,scoped package,publishConfig.registry

[seognil]

Description

I failed the scoped package publish process within publishConfig.registry in package.json using np

But works fine without publishConfig.registry

Error message is:

? Select semver increment or specify new version patch  0.0.8
? This scoped repo @seognil-playground/npm-feature-test hasn't been published. Do you want to publish it publicly? Yes

  ✔ Prerequisite check
  ✔ Git
  ✔ Bumping version using npm
  ✔ Publishing package using npm
  ✖ Enabling two-factor authentication
    → npm ERR!     /Users/lc/.npm/_logs/2019-05-30T10_49_13_521Z-debug.log
    Pushing tags

✖ Command failed: npm access 2fa-required @seognil-playground/npm-feature-test
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/%40seognil-playground%2Fnpm-feature-test/access

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/lc/.npm/_logs/2019-05-30T10_49_13_521Z-debug.log

---

I dive into the code and found this:

exports.isExternalRegistry = (pkg) =>
  typeof pkg.publishConfig === 'object' && typeof pkg.publishConfig.registry === 'string';
// ---------> true

exports.isPackageNameAvailable = async (pkg) => {
  const isExternalRegistry = exports.isExternalRegistry(pkg);
  if (isExternalRegistry) {
    return true;
  }

  return npmName(pkg.name);
};
// ---------> true

const isAvailable = flags.publish ? await isPackageNameAvailable(pkg) : false;
// ---------> true

await ui({ ...flags, exists: !isAvailable }, pkg);
// ---------> !true -> false

if (!options.exists && !pkg.private) {
  // ...
  enable2fa();
}
// ---------> !false && !false ---------> enable2fa()

// $ > npm access 2fa-required @seognil-playground/npm-feature-test
// ---------> which I break there

So once If publishConfig.registry is declared in package.json, it'll directly point out the package isAvailable,
(Even if it is also https://registry.npmjs.org/, and already a package there)
(Why this move? Because I'm using a mirror registry for package install speed, and this field will lock the publish registry and save my life.)

So that will trigger enable2fa() and npm access 2fa-required
Which in my case break the pulish process
(Becasue I found it maybe a problem with npm 2fa feature)
(And also I want to keep simple, to not use 2fa)

Steps to reproduce

I made a very simple repo here: https://github.com/seognil/npm-feature-test
and npm address here: https://www.npmjs.com/package/@seognil-playground/npm-feature-test

Won't work

1. fill publishConfig.registry in package.json
2. git commit blahblahblah
3. run np --yolo (without test)

Will work

1. remove publishConfig field
2. git commit blahblahblah
3. run np --yolo (without test)

Expected behavior

I don't know if the code logic above is a feature or something...

But I thought there is one problem and one suggestion

The problem: the isAvailable logic may be improved

The suggestion: an option of np-cli to skip 2FA anyway

So It will not break the publish process in my case...

---

And Thanks for the tool by the way, really helps :)

Notice that there are already some issues maybe related,
I'd also check that later

Environment

np - 5.0.2
Node.js - v12.1.0
npm - 6.9.0
Git - 2.21.0
OS - 64bit Mac OS X 10.14.5 18F132

[itaisteinherz]

It seems like the issue's origin is in npm rather than np, since when I tried running $ npm access 2fa-required @seognil-playground/npm-feature-test locally I got the following error:

❯ npm access 2fa-required @seognil-playground/npm-feature-test
npm ERR! code E400
npm ERR! 400 Bad Request - POST http://registry.npmjs.org/-/package/%40seognil-playground%2Fnpm-feature-test/access

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/Itai/.npm/_logs/2019-06-02T10_22_52_217Z-debug.log

Which is identical to the one you got when using np.

[itaisteinherz]

It would be great if you could open a bug report for this over at npm.

[seognil]

1. yep, maybe that npm 2fa feature also has some issue there.

2. One Thing I thought was a problem is that:
   isPackageNameAvailable is also not check from registry (npmjs.com)
   It just check from the local configuration.

like I said.

So once If publishConfig.registry is declared in package.json, it'll directly point out the package isAvailable,
(Even if it is also https://registry.npmjs.org/, and already a package there)

I mean

// package.json
{
  "publishConfig": {
    "registry": "https://registry.npmjs.org/",
    "access": "public"
  },
}

np will treat the lib always as unpublished and available then go to the init publish process

[itaisteinherz]

I just remembered #356, in which I implemented isPackageNameAvailable. The reason it always returns true when a user sets the registry option in publishConfig is that npm-name doesn't support custom registry URLs yet. However, I've already opened sindresorhus/npm-name#33, which will add that functionality and should fix this as well.

[Romanchuk]

Hello, i'm struggling with same issue.
Trying publish package to my private registry

 "publishConfig": {
    "registry": "http://srv-dkr-l.lime.local:4873"
  },

And as a result i got this

Command failed: npm access 2fa-required @lcgroup/adm-date-controls
npm ERR! code E404
npm ERR! 404 Not Found - POST https://registry.npmjs.org/-/package/%40lcgroup%2Fadm-date-controls/access

Note that after npm access it POSTs to official npmjs registry?!

[sindresorhus]

However, I've already opened sindresorhus/npm-name#33, which will add that functionality and should fix this as well.

@itaisteinherz Is this fixed now? If not, what else needs to be done.

[chinesedfan]

@sindresorhus See #429 (review). Merging #429 is the last thing I think.