Check if 2FA is enabled in verifyConditions about npm HOT 8 OPEN

It only works if you enabled 2fa with auth-only.

from npm.

Yes, we are aware of the problem. There is not much we can do, besides setting the auth-only. It is something we have to document.

The problem is that if you enable 2FA without it, you cannot automate the release of your packages, which renders semantic-release pretty useless.

I wonder if we can somehow check for that and give a good, explanatory error message ... could you find that out? That’d be super helpful :)

from npm.

Yeah, just run

> npm profile get "two factor auth"                                                                                     
auth-only

from npm.

The challenge is that npm profile probably doesn't work with other repo (Artifactory, npm-registry-couchapp).

The the check would have to be done only when the repo is https://registry.npmjs.org/.

I don't know how to write unit tests to verify it works...

from npm.

Something like this should catch it

let stdout
try {
  stdout = await exec('npm profile get "two factor auth"')
} catch {
  // ignore
}
if (stdout.trim() === 'auth-and-writes') {
    throw new Error('Your two-factor authentication is set to auth-and-writes. To publish packages automatically, please set it to auth-only')
}

from npm.

Yes that's a good idea. But how would you write unit tests?

from npm.

Unit test is simple, stub exec to return auth-and-writes, auth-only or throw when called with npm profile get. Integration test would be hard but I don't think we need one.

from npm.

Ok. Would you like to try a PR?

Ultimately, I'd like to have an integration test solution that works like the real registry. But so far I couldn't find what npm use to handles tokens.

from npm.