Cannot publish when requiring 2FA

[fluffynuts]

Instead of allowing npm to prompt for the 2FA code, unleash just dies with a 401 (forbidden).

In this age of hijacked packages, 2FA is becoming more and more important -- and unleash has 99% of the stuff I need, except this ):

Instead of trying to invoke NPM via javascript, perhaps it should be invoked with something like child_process so that user interaction can be preserved?

[rajatkumar]

@fluffynuts I am sure you got around this issue, but in case you need help, use the --no-publish flag. So something like this:

$ npx unleash [-p for patch, -m for minor, -M for major] --no-publish 
# Unleash doesnt support 2FA, hence we use --no-publish flag here.
# This ensures we have the package.json updated, changelog generated, tag created
# and all the changes pushed into origin
# Next, publish to npm manually and do not forget to provide the 2FA code.
$ npm publish

[fluffynuts]

Yeah, that's pretty much what I do (I also include a reminder to publish, otherwise I'll forget!) I settle on having an npm script called release to do release work for me in my projects, whether that's to nuget or npm

Surely unleash can basically hand over to npm publish so that I can be prompted for my otp? I mean, if the publish was simply achieved with spawn, wouldn't I be able to enter my OTP as per usual? Or is there something I'm missing?

[jameswomack]

@fluffynuts I'm able to enter my OTP when publishing via Unleash (at least w/ v2.0.2)—it says something like "Enter OTP:" and I type or paste it in and hit enter. Unleash is delegating to NPM so I'm not sure what the issue is