search

lerna / lerna

Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
https://lerna.js.org
MIT License
35.72k stars 2.25k forks source link

Support npmjs.com security keys for 2FA #3273

Open Frederick888 opened 2 years ago

Frederick888 commented 2 years ago

Description

When publishing a package to npmjs.com, if the account uses security keys for 2FA, offer a https://www.npmjs.com/login/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx link where user can use security key to obtain an OTP.

Motivation

At the moment the only reason for me to have a software authenticator in my npmjs.com account is to publish packages with lerna. It'd be great if I can keep only the hardware tokens which are more secure.

Suggested Implementation

I'm not sure how lerna interacts with npmjs.com, but it'd be nice if we can have something similar to npm publish/yarn publish.

npm publish:

npm notice Publishing to https://registry.npmjs.org/
npm notice Open https://www.npmjs.com/login/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx to use your security key for authentication or enter OTP from your authenticator app
This operation requires a one-time password.
Enter OTP:

yarn publish:

info Two factor authentication enabled.
info Open https://www.npmjs.com/login/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx to use your security key for authentication or enter OTP from your authenticator app
question npm one-time password:

Screenshot_20220801_223821 Screenshot_20220801_223856

Alternate Implementations

JamesHenry commented 1 year ago

Thanks a lot @Frederick888! I had missed this before but it was also just raised on twitter. We can definitely add this 👍