ERR 400 2FA when no 2fa is configured on account/repo

[badluck13]

There is an issue with the latest version 6.0.0 of np after the package is published it tries to do 2fa and it fails. The account doesn't have 2fa enabled, as well as npm repo. Also, the package is published and then it tries to do 2fa, that seems strange I would expect 2fa is a step before publishing.

Description

Commit Range:
v0.4.0...master

Registry:
https://registry.npmjs.org/

? Select semver increment or specify new version patch  0.4.1

  √ Prerequisite check
  √ Git
  ↓ Cleanup [skipped]
  √ Installing dependencies using npm
  √ Running tests using npm
  √ Bumping version using npm
  √ Publishing package using npm
  × Enabling two-factor authentication
    → npm ERR!     C:\Users\xxxxxxx\AppData\Roaming\npm-cache\_logs\2020-02-07T19_16_24_605Z-debug.log
    Pushing tags
    Creating release draft on GitHub

× Command failed with exit code 1: npm access 2fa-required serp-parser
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access

Here is the log file,

info it worked if it ends with ok
1 verbose cli [
1 verbose cli   'C:\\Program Files\\nodejs\\node.exe',
1 verbose cli   'C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js',
1 verbose cli   'access',
1 verbose cli   '2fa-required',
1 verbose cli   'serp-parser'
1 verbose cli ]
2 info using npm@6.12.0
3 info using node@v12.13.0
4 verbose npm-session d2ee52f34a8efa00
5 http fetch POST 400 a 372ms
6 verbose stack Error: 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
6 verbose stack     at C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-fetch\check-response.js:104:15
6 verbose stack     at processTicksAndRejections (internal/process/task_queues.js:93:5)
7 verbose statusCode 400
8 verbose pkgid serp-parser@latest
9 verbose cwd C:\GitHub\serp-parser
10 verbose Windows_NT 10.0.18363
11 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "access" "2fa-required" "serp-parser"
12 verbose node v12.13.0
13 verbose npm  v6.12.0
14 error code E400
15 error 400 Bad Request - POST https://registry.npmjs.org/-/package/serp-parser/access
16 verbose exit [ 1, true ]

Expected behavior

I expect for the script to not try to enable 2fa as there is no configuration for it, and to finish everything up as a previous np v5.x.x

Environment

np - 6.0.0
Node.js - 12.13.x
npm - 6.12.x
Git - x.x.x
OS - WIN10

[larsroettig]

Why it is not possible to make this 2fa-required optional? Should be enabled by default if npm has a bug it doesn't work

[sindresorhus]

See: npm/cli#650

[sindresorhus]

Also, the package is published and then it tries to do 2fa, that seems strange I would expect 2fa is a step before publishing.

It's so that it can handle when you first publish a new package as you cannot enable 2FA on a package before it's published. Was just easier to have the same logic for both existing and new packages.

[peduarte]

Hey there,

Recently published a new package too and encountered the same issue. Because the 2FA step fails and exits, the push to Github isn't happening.

For now I'm pushing manually.

Weirdly enough, I've been using np before and never had this issue, so I don't fully understand what is happening 😄

[collincusce]

I just downgraded to 5.2.1 because this is broken. Let me know when it's fixed. That said, thanks for the wonderful work!

[gabdara]

I'm having the same issue with v6, downgrading works.
It would be nice to have the flag to skip 2fa until the issue with npm cli is solved.

[gavinmcfarland]

Encountering the same issue. But downgrading to 5.2.1 works. Despite this, np is still a lifesaver!

[papb]

This is odd, I just had this issue but I am already using v5.2.1... What is happening?

[papb]

For now I am using @pixelastic's fork from #515, it's working perfectly for me.

• npm i -D https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8

• package.json:

  {
    "scripts": {
      "release": "np --no-2fa"
    }
  }

• npm run release

[nerdyman]

Downgrading to 5.2.1 didn't work for me. npm/cli#650 is for npm access 2fa-required returning an error but that command works OK for me and doesn't throw.

Could there be something else failing too? np still fails for me on 2fa-required.

[papb]

@nerdyman Can you try my last suggestion just out of curiosity?

[dhowe]

Same problem here with 6.10.2 on OS X

I'm having the same issues with a public package, for which 2fa is intentionally off.

np fails with the following error (though the package is published anyway):

$ np patch
Publish a new version of pkg (current: 1.0.2)

  ✔ Prerequisite check
  ✔ Git
  ↓ Cleanup [skipped]
  ✔ Installing dependencies using npm
  ✔ Running tests using npm
  ✔ Bumping version using npm
  ✔ Publishing package using npm
  ✖ Enabling two-factor authentication
    → npm ERR!     /Users/me/.npm/_logs/2020-03-23T05_27_47_209Z-debug.log
    Pushing tags
    Creating release draft on GitHub

✖ Command failed with exit code 1: npm access 2fa-required pkg
npm ERR! code E400
npm ERR! 400 Bad Request - POST https://registry.npmjs.org/-/package/pkg/access

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2020-03-23T05_27_47_209Z-debug.log

[papb]

@dhowe Can you try my last suggestion just out of curiosity?

[dhowe]

Yes I am using that solution now -- works well, thanks

[gargrave]

I also had to downgrade to 5.2.1 to publish a new package because I couldn't get around this. Any chance you could just support the flag from the optional branch posted above? This is clearly a pretty big inconvenience for a lot of people.

[nerdyman]

Thanks @papb, that solution worked for me, I used npx for it rather than editing my current set up.

npx https://github.com/pixelastic/np/tarball/c3ab2e3b053c7da0ce40a572ca1616273ac080f8 --no-2fa

It would be really good to get this officially resolved though, doing package releases via random tarballs makes me feel dirty.

[techhead]

2020-07-18T07_38_21_727Z-debug.log

This is still happening. And bug #427 references this issue as well.

[LukeSavefrogs]

No need to downgrade or install other forks.... I have version 6.5.0 and there is support to the --no-2fa tag

[cloud-walker]

The actual --no-2fa support version seems to be 6.4:

https://github.com/sindresorhus/np/releases/tag/v6.4.0

I think we can close this issue!