Giter Site home page Giter Site logo

Comments (8)

felixfbecker avatar felixfbecker commented on August 18, 2024

It only works if you enabled 2fa with auth-only.

from npm.

gr2m avatar gr2m commented on August 18, 2024

Yes, we are aware of the problem. There is not much we can do, besides setting the auth-only. It is something we have to document.

The problem is that if you enable 2FA without it, you cannot automate the release of your packages, which renders semantic-release pretty useless.

I wonder if we can somehow check for that and give a good, explanatory error message ... could you find that out? That’d be super helpful :)

from npm.

felixfbecker avatar felixfbecker commented on August 18, 2024

Yeah, just run

> npm profile get "two factor auth"                                                                                     
auth-only

from npm.

pvdlg avatar pvdlg commented on August 18, 2024

The challenge is that npm profile probably doesn't work with other repo (Artifactory, npm-registry-couchapp).

The the check would have to be done only when the repo is https://registry.npmjs.org/.

I don't know how to write unit tests to verify it works...

from npm.

felixfbecker avatar felixfbecker commented on August 18, 2024

Something like this should catch it

let stdout
try {
  stdout = await exec('npm profile get "two factor auth"')
} catch {
  // ignore
}
if (stdout.trim() === 'auth-and-writes') {
    throw new Error('Your two-factor authentication is set to auth-and-writes. To publish packages automatically, please set it to auth-only')
}

from npm.

pvdlg avatar pvdlg commented on August 18, 2024

Yes that's a good idea. But how would you write unit tests?

from npm.

felixfbecker avatar felixfbecker commented on August 18, 2024

Unit test is simple, stub exec to return auth-and-writes, auth-only or throw when called with npm profile get. Integration test would be hard but I don't think we need one.

from npm.

pvdlg avatar pvdlg commented on August 18, 2024

Ok. Would you like to try a PR?

Ultimately, I'd like to have an integration test solution that works like the real registry. But so far I couldn't find what npm use to handles tokens.

from npm.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.