npm
npm copied to clipboard
semantic-release
Check if 2FA is enabled in verifyConditions
I don't know if this is an npm issue, but my publishes fail since I enabled 2FA. I wanted others to be aware of this
[Semantic release]: Publishing version 1.2.3 to npm registry
[Semantic release]: An error occurred while running semantic-release: { Error: Command failed: npm publish
npm ERR! publish Failed PUT 401
npm ERR! code E401
npm ERR! 404 You must provide a one-time pass. You can provide one using the "--otp" flag. : cli-highlight
npm ERR! 404
npm ERR! 404 'cli-highlight' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/travis/.npm/_logs/2017-11-30T19_59_44_322Z-debug.log
at Promise.all.then.arr (/home/travis/build/felixfbecker/cli-highlight/node_modules/@semantic-release/npm/node_modules/execa/index.js:236:11)
at <anonymous>
at process._tickCallback (internal/process/next_tick.js:188:7)
code: 1,
killed: false,
stdout: '',
stderr: 'npm ERR! publish Failed PUT 401\nnpm ERR! code E401\nnpm ERR! 404 You must provide a one-time pass. You can provide one using the "--otp" flag. : cli-highlight\nnpm ERR! 404 \nnpm ERR! 404 \'cli-highlight\' is not in the npm registry.\nnpm ERR! 404 You should bug the author to publish it (or use the name yourself!)\nnpm ERR! 404 \nnpm ERR! 404 Note that you can also install from a\nnpm ERR! 404 tarball, folder, http url, or git url.\n\nnpm ERR! A complete log of this run can be found in:\nnpm ERR! /home/travis/.npm/_logs/2017-11-30T19_59_44_322Z-debug.log\n',
failed: true,
signal: null,
cmd: 'npm publish',
timedOut: false }
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] semantic-release: `semantic-release`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] semantic-release script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/travis/.npm/_logs/2017-11-30T19_59_44_346Z-debug.log
The command "npm run semantic-release" exited with 1.
npm 5.5.1
Yes, we are aware of the problem. There is not much we can do, besides setting the auth-only. It is something we have to document.
The problem is that if you enable 2FA without it, you cannot automate the release of your packages, which renders semantic-release pretty useless.
I wonder if we can somehow check for that and give a good, explanatory error message ... could you find that out? That’d be super helpful :)
The challenge is that npm profile probably doesn't work with other repo (Artifactory, npm-registry-couchapp).
The the check would have to be done only when the repo is https://registry.npmjs.org/.
I don't know how to write unit tests to verify it works...
Something like this should catch it
let stdout
try {
stdout = await exec('npm profile get "two factor auth"')
} catch {
// ignore
}
if (stdout.trim() === 'auth-and-writes') {
throw new Error('Your two-factor authentication is set to auth-and-writes. To publish packages automatically, please set it to auth-only')
}
Unit test is simple, stub exec to return auth-and-writes, auth-only or throw when called with npm profile get. Integration test would be hard but I don't think we need one.
Ok. Would you like to try a PR?
Ultimately, I'd like to have an integration test solution that works like the real registry. But so far I couldn't find what npm use to handles tokens.