Comments (1)
👋🏻 Hey @evocateur! I apologize this has taken so long to get to (I'm just getting to this now as I'm sifting through the backlog). I don't think we would have ever been open to exposing whether 2FA is required for packages as it would have provided a way to enumerate packages that may be more susceptible to attack/compromise.
That said, 2FA enforcement in general is being pushed through by our registry counterparts (ref. https://github.blog/2021-12-07-enrolling-npm-publishers-enhanced-login-verification-two-factor-authentication-enforcement/) - so this kind of information would sort of be redundant if everyone is going to be required to use 2FA to publish moving forward. Obviously, automation tokens will still be able to circumvent this to some extent but the way in which you'll have to login, to generate those tokens, will likely change to enforce 2FA as a best practice.
Let me know if there's any follow up discussion/thoughts you have on this but I'm going to close this issue for now.
Future feedback/discussions/ideas about the registry/website APIs can be opened here: https://github.com/npm/feedback/
from cli.
Related Issues (20)
- view command could return deprecated versions explicitly HOT 3
- [BUG] `npm ci` hanging on macOS workflows
- [BUG] npm install hangs with installing puppeteer package HOT 4
- Proposal: print a warning when a user adds "dev" package HOT 1
- [BUG] npm update fails with workspace dependencies HOT 2
- [BUG] npm pkg cli command outputs `{}` for missing entries from package.json HOT 2
- [BUG] ssl3_get_record:decryption HOT 1
- [npmjs.com] Add syntaxs support for [!TIP] blockquotes in markdown files
- [BUG] npx is too slow for already cached package with specific version requested HOT 1
- [BUG] Production prune removes peerDeps that are also devDeps HOT 1
- npm ERR! code E429 Too Many Requests : Publishing npm package HOT 1
- [DOCS] package.json#repository should clarify normalization steps and future plans. HOT 1
- [BUG] npm possibly installs wrong dependencies HOT 2
- [BUG] <When create new extension, cannot install using npm> HOT 1
- [BUG] `npm publish` complains on `bin` field examples from npm docs HOT 12
- [BUG] npm does not include prerelease versions when matching with peerDependencies HOT 4
- [BUG] EEXIST: file already exists, open 'C:\npm\cache\_cacache\tmp\e21a7cda' in GitHub Actions CI inconsistently when running under Windows HOT 9
- [BUG] npm arborist realpath.js with UNC paths
- [BUG] Package gets not deleted correctly HOT 2
- [BUG] Installation of scoped packages with specific version ignores the version HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.