The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
npm dist-tag add with 2FA enabled fails for non-latest tag with 500
According to the CLI docs for
If the tag you’re adding is
latestand you have two-factor authentication on auth-and-writes then you’ll need to include an otp on the command line with
However, I just attempted to update my
next tag without passing
--otp <OTP>, and it failed with a 500. I’d be happy to make a PR to the docs, but I wanted to make sure I understood the rule here. Did this fail because it was updating an existing tag, rather than adding a new tag? I looked through the
npm-registry-client code, and I didn’t find the business logic there, but if there is some other place I can look to derive the proper rule, I’d be happy to write something up.
Thanks npm team for being awesome!
This seems to have been an intermittent server issue. At least, I can’t reproduce it. I get 401’s when doing what you described:
npm ERR! code E401 npm ERR! Registry returned 401 for PUT on https://registry.npmjs.org/-/package/aproba/dist-tags/latest
To be clear, you can specify an existing tag and it’ll change it. If you have 2FA enabled, you do need to specify
--otp and if you don’t, you should get a 401 as above.
Awesome, thanks for the clarification Rebecca! So maybe the docs should read:
If you have two-factor authentication on auth-and-writes then you’ll need to include a one-time password on the command line with
--otp <one-time password>.
Does that capture the rule correctly?
Yup, looks good!