Publish on CI with 2fa?


(Kat Marchán) #1

How do I publish on CI when I have two-factor authentication enabled?

I want to have the benefits of two-factor auth for most operations involving humans, but my team’s setup involves publishing packages through CI builds. Is there any way to do this safely?


Allow subset of tokens to bypass 2FA requirement
(Kat Marchán) #2

This isn’t currently possible, and it’s unclear when we’ll have this available.

In the meantime, you might be able to increase security without having to go straight to 2fa by using 2fa for auth-only and creating a CIDR-restricted token for CI:

https://docs.npmjs.com/getting-started/working_with_tokens#how-to-create-a-new-cidr-restricted-token