Open npmjs.com instead of asking for OTP · sindresorhus/np#726

(9 comments) (2 reactions) (0 assignees)JavaScript (7,314 stars) (349 forks)batch import

enhancementhelp wanted

説明

Description

npm now asks to complete 2FA in the browser:

npm notice Publishing to https://registry.npmjs.org/ with tag latest and default access
Authenticate your account at:
https://www.npmjs.com/auth/cli/cda65f41-0edf4e1c6f4b
Press ENTER to open in the browser...

and I find this to be better than what np does:

? Select semver increment or specify new version major 	4.0.0

  ✔ Prerequisite check
  ✔ Git
  ✔ Bumping version using npm
  ⠴ Publishing package using npm (waiting for input…)
    → ? Enter OTP: 
    Pushing tags
    Creating release draft on GitHub

Is the feature request related to a problem?

Compare the two workflows:

Press ENTER
Click "Use security key" (on a pre-logged-in npmjs.com)
Touch ID

with np's:

Pick up phone
Unlock it
Find Authenticator
Locate npm on the list
Tap it
cmd-v on the computer (via Continuity, if it works, within 4 seconds)

Possible implementation

I don't know, but it could skip the "Press enter to continue" step and just use open to open the browser and skip one more step.

Bonus points: this would also resolve another issue because "the notification" is the whole browser getting focus.

https://github.com/sindresorhus/np/issues/359

Issues

Potentially some people don't like this new workflow

コントリビューターガイド

技術スタック: nodejsshell
領域: cli
Issue 種別: feature
難度: 3
推定時間: 1-3 hours
活動状況: fresh
明確さ: mostly clear
前提条件: Node.jsnp codebase familiaritynpm publish workflow
初心者向け度: 45
調査方針: Examine the np publish flow in the source code, likely in `source/publish.js` or similar. Investigate how npm's new OTP flow works and how to detect it. Use the `open` package to programmatically open the browser URL. Refer to issue #359 for additional context on browser focus. Test with a dry run or in a sandbox environment.