[BUG] <title>

[ashishjain0512]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

I am trying to publish a new release for my project. I have 2FA enabled on the package and on my npmjs account.

I am able to do npm login successfully (via authenticator OTP)

But when I do yarn publish I encounter the following error:

error An unexpected error occurred: "https://registry.npmjs.com/mermaid: You must provide a one-time pass. Upgrade your client to npm@latest in order to use 2FA.".
info If you think this is a bug, please open a bug report with the information provided in "/mnt/c/mermaid/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.

Expected Behavior

Ideally it should ask for OTP and allow me to publish.

Steps To Reproduce

1. In this environment...
2. With this config...
3. Run '...'
4. See error...

Environment

• npm: 8.4.1
• Node.js: 12.22.0 to 16.0.0
• OS Name: Same in Window 10 and Linux
• System Model Name:
• npm config:

; {
  "json": true,
  "registry": "https://registry.npmjs.com/",
  "access": null,
  "all": false,
  "allow-same-version": false,
  "also": null,
  "always-auth": false,
  "audit": true,
  "audit-level": null,
  "auth-type": "legacy",
  "before": null,
  "bin-links": true,
  "browser": null,
  "ca": null,
  "cache": "/home/ashishj/.npm",
  "cache-max": null,
  "cache-min": 0,
  "cafile": null,
  "call": "",
  "cert": null,
  "ci-name": null,
  "cidr": null,
  "color": true,
  "commit-hooks": true,
  "depth": null,
  "description": true,
  "dev": false,
  "diff": [],
  "diff-ignore-all-space": false,
  "diff-name-only": false,
  "diff-no-prefix": false,
  "diff-dst-prefix": "b/",
  "diff-src-prefix": "a/",
  "diff-text": false,
  "diff-unified": 3,
  "dry-run": false,
  "editor": "vi",
  "engine-strict": false,
  "fetch-retries": 2,
  "fetch-retry-factor": 10,
  "fetch-retry-maxtimeout": 60000,
  "fetch-retry-mintimeout": 10000,
  "fetch-timeout": 300000,
  "force": false,
  "foreground-scripts": false,
  "format-package-lock": true,
  "fund": true,
  "git": "git",
  "git-tag-version": true,
  "global": false,
  "global-style": false,
  "globalconfig": "/home/ashishj/.nvm/versions/node/v16.0.0/etc/npmrc",
  "heading": "npm",
  "https-proxy": null,
  "if-present": false,
  "ignore-scripts": false,
  "include": [],
  "include-staged": false,
  "init-author-email": "",
  "init-author-name": "",
  "init-author-url": "",
  "init-license": "ISC",
  "init-module": "/home/ashishj/.npm-init.js",
  "init-version": "1.0.0",
  "init.author.email": "",
  "init.author.name": "",
  "init.author.url": "",
  "init.license": "ISC",
  "init.module": "/home/ashishj/.npm-init.js",
  "init.version": "1.0.0",
  "key": null,
  "legacy-bundling": false,
  "legacy-peer-deps": false,
  "link": false,
  "local-address": null,
  "loglevel": "notice",
  "logs-max": 10,
  "long": false,
  "maxsockets": 15,
  "message": "%s",
  "node-options": null,
  "node-version": "v16.0.0",
  "noproxy": [
    ""
  ],
  "npm-version": "7.10.0",
  "offline": false,
  "omit": [],
  "only": null,
  "optional": null,
  "otp": null,
  "package": [],
  "package-lock": true,
  "package-lock-only": false,
  "parseable": false,
  "prefer-offline": false,
  "prefer-online": false,
  "prefix": "/home/ashishj/.nvm/versions/node/v16.0.0",
  "preid": "",
  "production": null,
  "progress": true,
  "proxy": null,
  "read-only": false,
  "rebuild-bundle": true,
  "save": true,
  "save-bundle": false,
  "save-dev": false,
  "save-exact": false,
  "save-optional": false,
  "save-peer": false,
  "save-prefix": "^",
  "save-prod": false,
  "scope": "",
  "script-shell": null,
  "searchexclude": "",
  "searchlimit": 20,
  "searchopts": "",
  "searchstaleness": 900,
  "shell": "/bin/bash",
  "shrinkwrap": true,
  "sign-git-commit": false,
  "sign-git-tag": false,
  "sso-poll-frequency": 500,
  "sso-type": "oauth",
  "strict-peer-deps": false,
  "strict-ssl": true,
  "tag": "latest",
  "tag-version-prefix": "v",
  "timing": false,
  "tmp": "/tmp",
  "umask": 0,
  "unicode": true,
  "update-notifier": true,
  "usage": false,
  "user-agent": "npm/7.10.0 node/v16.0.0 linux x64",
  "userconfig": "/home/ashishj/.npmrc",
  "version": false,
  "versions": false,
  "viewer": "man",
  "which": null,
  "workspace": [],
  "workspaces": false,
  "yes": null,
  "metrics-registry": "https://registry.npmjs.com/"
}

[nlf]

do you get this error also when you run npm publish?

we don't support yarn, so if they're not handling a response from the npm registry correctly you'll need to open an issue on their end.

[JeromeFitz]

@ashishjain0512 A possible workaround is to manually update yarn.lock looking in your git history to:

npm@8.3.1, npm@^8.3.0:
  version "8.3.1"
  ...
  ...

Not ideal, however, has enabled me to proceed while I can spend time debugging like @nlf suggests. 💯

Full disclosure, I have not tested with 8.4.0 to determine when/where yarn diverted. (Possibly #4326 ?)

In happier news, this did cause me to upgrade my tokens to the new npm format. 😆 🔒

[fritzy]

This appears to be a yarn issue.