v25.5.0 failed to publish to npm

[stevenpetryk]

Looking at the publish_to_npm action for the commit that should've published 25.5.0, it failed.

npm ERR! This operation requires a one-time password from your authenticator.
npm ERR! You can provide a one-time password by passing --otp=<code> to the command you ran.
npm ERR! If you already provided a one-time password then it is likely that you either typoed
npm ERR! it, or it timed out. Please try again.

Did you recently add 2FA to your NPM account?

See PR #1598

[ahnpnl]

Yes my account was added 2FA indeed.

@kulshekhar should I remove 2FA or what should we do ?

[kulshekhar]

I haven't been able to find a workaround for this and I'm hesitant to remove 2FA. We'll have to publish this manually I guess.

@ahnpnl if you don't get a chance to publish this manually, I'll do that by eod

[ahnpnl]

ok I will just keep the 2FA and manually publish 👍

[ahnpnl]

tag @anshulguleria the GitHub workflow doesn't work with 2FA

[anshulguleria]

Found out that this is still an open issue.

Does creating another npm account to publish sounds reasonable approach?

Discussion here: nodejs/package-maintenance#244 (comment)

Let me know your thoughts and in the mean time I will look into more options.

[ahnpnl]

It’s up to @kulshekhar to decide :)

Side question, I see the tar file in release page contains lots of unnecessary things. Its content isn’t the same as running npm pack locally. Is there a way we can improve that ?

[kulshekhar]

I've created a new user on npm: https://www.npmjs.com/~tsjest
The user does not have 2fa enabled. I've created a token for that user and have added it as the NPM_TOKEN secret var on Github.

Is there a way to re-run an action?

[ahnpnl]

It is possible to run by going to Actions tab. But I already manually published so I suggest we test the action with v26

[anshulguleria]

You can also test with some patch release incase there is something planned.

[ahnpnl]

haha yes there will be a 25.5.1 soon :) Vue community is most likely broken with 25.5.0

[ahnpnl]

https://github.com/kulshekhar/ts-jest/runs/658599502?check_suite_focus=true still failed

[kulshekhar]

i've disabled the requirement to have 2fa for publishing and have restarted the above job. Let's see if that works

[ahnpnl]

it worked now !! I think the publishing somehow depends on your npm account rather than a sub account that you created for only publishing. Not sure if we can have a workaround for that.

[kulshekhar]

it wasn't my account. The settings for the ts-jest package required 2fa for publishing. That's what I switched off

[ahnpnl]

I see, if it is a setting of the package itself, it looks like not possible to include 2FA into publishing process. Any thoughts @anshulguleria ?

[anshulguleria]

I haven't been able to look into this yet. I found few leads last time and I will follow up on them. For now I think you can disable 2FA and once we have some process we can change the setting.

[ahnpnl]

@kulshekhar seem like now it’s possible with new feature https://github.blog/changelog/2020-10-02-npm-automation-tokens/

[kulshekhar]

@ahnpnl I've replaced the token with an automation token

[kulshekhar]

I think this can be closed now