Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RRFC] require authentication only once during one single npm publish using workspaces #778

Open
Lusito opened this issue Jun 2, 2024 · 5 comments
Open

[RRFC] require authentication only once during one single npm publish using workspaces #778

Lusito opened this issue Jun 2, 2024 · 5 comments

Comments

@Lusito
Copy link

Lusito commented Jun 2, 2024

Motivation ("The Why")

I have a lot of mono-repos, which want to be published every once in a while. When using the workspace option to publish multiple packages at once, I get multiple prompts for authentication.

Yes, I can check the checkbox in the web-UI to not be prompted within the next 5 minutes, but that is not my intention in this case. I only want to publish the specified packages. The option to not be bothered for 5 minutes also seems like an unnecessary risk for this use-case.

I remember, that at least some time ago, lerna was able to publish multiple packages with one OTP prompt. Not sure how they did it, but that was comfortable. Not sure if they still support it though, haven't used it in a while.

Example

I have a mono-repo with 3 packages.

  • I adjust the versions on 2 of them and want to publish them via CLI.
  • I run npm publish --access public -w pack1 -w pack2
  • I have published my packages successfully

How

Current Behaviour

When I run npm publish --access public -w pack1 -w pack2, I have two options for authentication:

  • open the web-UI authentication link once per package to be released
  • open the first web-UI authentication link and check the checkbox to not be bothered for the next 5 minutes

Desired Behaviour

When I run npm publish --access public -w pack1 -w pack2, I get only one web-UI authentication link, even if I don't check the checkbox to not be bothered for 5 minutes.

References

  • n/a
@ljharb
Copy link
Contributor

ljharb commented Jun 2, 2024

You can still use the OTP on the cli, and that will give you a time window as well, using the legacy auth config.

@Lusito
Copy link
Author

Lusito commented Jun 2, 2024

Thanks for the quick response. I will try that, but legacy sounds like it might be removed soon.

Aside from that I still think this should work like I proposed.

@Lusito
Copy link
Author

Lusito commented Jun 2, 2024

So, I just tried it and the legacy auth has the same issue: I get asked for the OTP twice.

@ljharb
Copy link
Contributor

ljharb commented Jun 2, 2024

It’s an unfortunate name, yes.

I think i misunderstood your issue; you want to run one publish command for multiple packages at once, but the way npm workspaces works is to run the command once for each package.

@Lusito
Copy link
Author

Lusito commented Jun 2, 2024
edited
Loading

I might have misunderstood you too. I just read, that you can specify the OTP as a CLI parameter (I thought you meant enter it in the CLI prompt). Using the CLI parameter seems to work. I can work with that as long as it's just unfortunate naming and the auth-type doesn't go away soon.

I still think it is an annoying behavior for the web-UI, but I assume there are more important issues to solve, so I can close this issue if that's what you prefer.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljharb @Lusito