Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't publish package with NPM account that has enabled 2FA #4904

Closed
yuna0x0 opened this issue Nov 11, 2017 · 10 comments
Closed

Can't publish package with NPM account that has enabled 2FA #4904

yuna0x0 opened this issue Nov 11, 2017 · 10 comments
Assignees
@torifat
Labels
cat-compatibility cat-feature help wanted high-priority triaged

Comments

@yuna0x0
Copy link

yuna0x0 commented Nov 11, 2017
edited
Loading

I have enabled 2FA on my NPM account, I think that Yarn won't prompt for OTP code, so I can't publish my package to NPM using Yarn.

Command:

➜  Koguchi-Chino-Messenger-Bot git:(master) yarn publish
yarn publish v1.3.2
[1/4] Bumping version...
info Current version: 1.0.2
question New version: 1.0.3
[2/4] Logging in...
[3/4] Publishing...
error An unexpected error occurred: "https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.".

Log file:

Trace: 
  Error: https://registry.yarnpkg.com/koguchi-chino-messenger-bot: You must provide a one-time pass.
      at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:62098:18)
      at Request.self.callback (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123085:22)
      at emitTwo (events.js:126:13)
      at Request.emit (events.js:214:7)
      at Request.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:124068:10)
      at emitOne (events.js:116:13)
      at Request.emit (events.js:211:7)
      at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:123988:12)
      at Object.onceWrapper (events.js:313:30)
      at emitNone (events.js:111:20)
@ghost ghost assigned torifat Nov 11, 2017
@ghost ghost added the triaged label Nov 11, 2017
@iarna
Copy link
Contributor

iarna commented Nov 11, 2017
edited
Loading

I put these in the Yarn Discord back when the feature launched, but I figured it wouldn't hurt to put this info somewhere more permanent:

If an implementer has any questions, I'm easy to get a hold of, easiest is probably Discord where I'm iarna#2841 or DM me on Twitter.

@itaysabato
Copy link

This issue being open implies that yarn cannot be used if 2FA is enabled in my npm account? If so, is there a workaround?

Thanks.

@iansu
Copy link
Contributor

iansu commented Dec 20, 2017

Is anyone working on this? I'm interested in taking it on.

@torifat
Copy link
Member

torifat commented Dec 20, 2017

Hey @iansu, I started but not much progress yet. You can pick it up 👍

@iansu
Copy link
Contributor

iansu commented Dec 20, 2017

Alright, I'll start working on it. Do we just want to enable publishing with 2FA enabled (add support for entering 2FA code in login) or also add full profile support (a profile command similar to npm profile)? I'm happy to do both. Thoughts?

@torifat
Copy link
Member

torifat commented Dec 21, 2017

I think it's ok to do both but better to do it in sperate PRs.

@davidjb
Copy link

davidjb commented Feb 16, 2018
edited
Loading

@itaysabato Workarounds are to either remove 2FA from your account or use npm publish for now.

@oligot oligot mentioned this issue Feb 21, 2018
Merged
@3stacks
Copy link

3stacks commented Mar 8, 2018

So keen for this so I can stop using npm publish :))))

@tsullivan tsullivan mentioned this issue Mar 30, 2018
Merged
@teppeis teppeis mentioned this issue May 5, 2018
Closed
@lgarron
Copy link

lgarron commented Jul 13, 2018

Due to https://status.npmjs.org/incidents/dn7c1fgrr7ng I rotated my npm credentials, and enabled 2FA (which I was glad to see what added recently!).

It would certainly be nice not to have to compromise my security to keep using yarn publish.

@greenatwork greenatwork mentioned this issue Jul 26, 2018
Open
@lgarron lgarron mentioned this issue Aug 1, 2018
Closed
@boygirl boygirl mentioned this issue Aug 1, 2018
Closed
alangpierce added a commit to alangpierce/sucrase that referenced this issue Aug 27, 2018
@alangpierce
Update release script to use npm publish instead of yarn publish
75e946b 
Still waiting on yarn to support 2FA: yarnpkg/yarn#4904 ,
so this change switches to npm in the meantime.
@niftylettuce
Copy link

please add this? I am using np && release to publish and I can't specify --otp even

@niftylettuce niftylettuce mentioned this issue Sep 30, 2018
Closed
@arcanis arcanis mentioned this issue Oct 12, 2018
Open
neonowy added a commit to neonowy/yarn that referenced this issue Oct 17, 2018
@neonowy
feat(auth): Support two factor authentication for npm accounts
215f7c8 
Fix yarnpkg#4904
neonowy added a commit to neonowy/yarn that referenced this issue Oct 17, 2018
@neonowy
feat(auth): Support two factor authentication for npm accounts
225392f 
Fix yarnpkg#4904
@neonowy neonowy mentioned this issue Oct 18, 2018
Merged
arcanis pushed a commit that referenced this issue Oct 22, 2018
@neonowy @arcanis
feat(auth): Support two factor authentication for NPM accounts (#6555)
b8a565e 
* feat(auth): Support two factor authentication for npm accounts

Fix #4904

* Add basic tests

* Rename OneTimePasswordRequiredError to OneTimePasswordError

Cause it's also thrown when one-time password is invalid.

* Remove misleading config parameter from getOneTimePassword

* Don't reimplement setOtp in npm-registry.js tests

* Update CHANGELOG.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@torifat torifat

Labels
cat-compatibility cat-feature help wanted high-priority triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@BYK @torifat @lgarron @iansu @niftylettuce @iarna @davidjb @itaysabato @yuna0x0 @3stacks