#398 Check for two factor auth on publish

[jdziat]

#398
Added a check for two-factor auth === enabled before proceeding. Unless the intention was to force 2FA as a best practice. I was looking for a transparent approach but will happily change it to a flag if that makes more sense.

[itaisteinherz]

Could you move the code which determines if the user has enabled 2FA on their account to a separate method in source/npm/util.js (e.g. hasEnabled2fa), and then use it in the skip property here?
This way the functionality would be more reusable and maintainable.

Also: in

np/source/index.js

Line 198 in d4bf883

if (!options.exists && !pkg.private) {

I think that the && !pkg.private part of the clause should be changed to && runPublish.

[sindresorhus]

Unless the intention was to force 2FA as a best practice.

That was the intention, yes.

[wessberg]

Unless the intention was to force 2FA as a best practice.

That was the intention, yes.

In my original issue, #398 , I'm suggesting opt-out, rather than opt-in. I agree that 2FA by default is good, so I'm in favor of something like --no-2fa to explicitly request this behavior (similar to the other existing flags)

[sindresorhus]

I'm ok with a --no-2fa flag, but the docs for it should have a clear discouragement warning.