np: ERR 400 2FA when no 2fa is configured on account/repo
There is an issue with the latest version 6.0.0 of np after the package is published it tries to do 2fa and it fails. The account doesn’t have 2fa enabled, as well as npm repo. Also, the package is published and then it tries to do 2fa, that seems strange I would expect 2fa is a step before publishing.
Description
Commit Range:
v0.4.0...master
Registry:
https://registry.npmjs.org/
? Select semver increment or specify new version patch 0.4.1
√ Prerequisite check
√ Git
↓ Cleanup [skipped]
√ Installing dependencies using npm
√ Running tests using npm
√ Bumping version using npm
√ Publishing package using npm
× Enabling two-factor authentication
→ npm ERR! C:\Users\xxxxxxx\AppData\Roaming\npm-cache\_logs\2020-02-07T19_16_24_605Z-debug.log
Pushing tags
Creating release draft on GitHub
× Command failed with exit code 1: npm access 2fa-required serp-parser
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
Here is the log file,
info it worked if it ends with ok
1 verbose cli [
1 verbose cli 'C:\\Program Files\\nodejs\\node.exe',
1 verbose cli 'C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli 'access',
1 verbose cli '2fa-required',
1 verbose cli 'serp-parser'
1 verbose cli ]
2 info using npm@6.12.0
3 info using node@v12.13.0
4 verbose npm-session d2ee52f34a8efa00
5 http fetch POST 400 a 372ms
6 verbose stack Error: 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
6 verbose stack at C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:104:15
6 verbose stack at processTicksAndRejections (internal/process/task_queues.js:93:5)
7 verbose statusCode 400
8 verbose pkgid serp-parser@latest
9 verbose cwd C:\GitHub\serp-parser
10 verbose Windows_NT 10.0.18363
11 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "access" "2fa-required" "serp-parser"
12 verbose node v12.13.0
13 verbose npm v6.12.0
14 error code E400
15 error 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
16 verbose exit [ 1, true ]
Expected behavior
I expect for the script to not try to enable 2fa as there is no configuration for it, and to finish everything up as a previous np v5.x.x
Environment
np - 6.0.0 Node.js - 12.13.x npm - 6.12.x Git - x.x.x OS - WIN10
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 31
- Comments: 19 (6 by maintainers)
Commits related to this issue
- Vagrant using np@5.2 (due to https://github.com/sindresorhus/np/issues/494) — committed to aielo/serverless-core-hooks by aielo 4 years ago
- build(release): downgrade np to get around 2fa issues (https://github.com/sindresorhus/np/issues/494) — committed to nerdyman/react-compare-slider by nerdyman 4 years ago
- Make `np` tool to work without 2 factor auth Solution: https://github.com/sindresorhus/np/issues/494#issuecomment-599248871 — committed to kopach/karma-sabarivka-reporter by kopach 4 years ago
- Make `np` tool to work without 2 factor auth Solution: https://github.com/sindresorhus/np/issues/494#issuecomment-599248871 — committed to kopach/karma-sabarivka-reporter by kopach 4 years ago
Thanks @papb, that solution worked for me, I used
npxfor it rather than editing my current set up.It would be really good to get this officially resolved though, doing package releases via random tarballs makes me feel dirty.
I just downgraded to 5.2.1 because this is broken. Let me know when it’s fixed. That said, thanks for the wonderful work!
I’m having the same issue with v6, downgrading works. It would be nice to have the flag to skip 2fa until the issue with npm cli is solved.
For now I am using @pixelastic’s fork from #515, it’s working perfectly for me.
npm i -D https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8package.json:
npm run releaseHey there,
Recently published a new package too and encountered the same issue. Because the 2FA step fails and exits, the push to Github isn’t happening.
For now I’m pushing manually.
Weirdly enough, I’ve been using np before and never had this issue, so I don’t fully understand what is happening 😄
It’s so that it can handle when you first publish a new package as you cannot enable 2FA on a package before it’s published. Was just easier to have the same logic for both existing and new packages.
The actual
--no-2fasupport version seems to be 6.4:https://github.com/sindresorhus/np/releases/tag/v6.4.0
I think we can close this issue!
Same problem here with 6.10.2 on OS X
I’m having the same issues with a public package, for which 2fa is intentionally off.
np fails with the following error (though the package is published anyway):
No need to downgrade or install other forks… I have version 6.5.0 and there is support to the
--no-2fatagI also had to downgrade to 5.2.1 to publish a new package because I couldn’t get around this. Any chance you could just support the flag from the optional branch posted above? This is clearly a pretty big inconvenience for a lot of people.
Yes I am using that solution now – works well, thanks
Encountering the same issue. But downgrading to 5.2.1 works. Despite this,
npis still a lifesaver!Why it is not possible to make this
2fa-requiredoptional? Should be enabled by default ifnpmhas a bug it doesn’t work