npm-publish icon indicating copy to clipboard operation
npm-publish copied to clipboard

Published 20 hours ago verified publisher icon JS-DevTools

Authenticate via Username / Password

Open db5rg3ss opened this issue 5 years ago • 1 comments

It would be nice to be able to authenticate via your npm username and password.

db5rg3ss avatar Nov 12 '20 21:11 db5rg3ss

The npm publish command uses your NPM token to authenticate. It does not use your username/password That's why this module needs your NPM token.

It might be possible to have the module run the npm login command and feed your username/password into it via STDIN. However, this would be less secure, since it could potentially expose your NPM credentials. In addition, the npm login command writes your NPM token to the ~/.npmrc file, which is also less secure since any other action can then access the token.

JamesMessinger avatar Dec 30 '20 20:12 JamesMessinger

Thanks for the request, but I'm going to take the opinionated stance that username/password auth to npm in CI is not a good idea from a security standpoint, and this action should not support it

mcous avatar Apr 07 '23 15:04 mcous