Login to NPM, semi or fully automated, headless, scripted, non-interactive with a YubiCo YubiKey for 2FA (two factor authentication)
- No dependencies
- Small, simple, easy to audit, yourself
Inspired by my previous project
- Original version: https://www.npmjs.com/package/npm-automated-login-totp
- Paranoid version: https://www.npmjs.com/package/npm-login-yubikey < You are here
Read that readme before using this.
Example username is: bob
-
npm install -g npm-login-yubikey -
Install yubikey-manager aka
ykman
- Debian/Ubuntu/PopOS
apt install yubikey-manager- Fedora/Redhat
yum install yubikey-manager- In Python:
pip install --user yubikey-manager- Windows
choco install yubikey-manager- Mac
brew install ykman
- Enable 2FA on your NPM account
- (on a secure computer with YubiKey plugged in)
- Open your NPMjs.com profile page
- https://www.npmjs.com/settings/bob/profile > Two-Factor Authentication
- Click the link that says "Can't scan and need to type in the text code? Click here."
Let's pretend it says Your two-factor secret is: FOOBAR
- Save your secret as 'npm' into your YubiKey
- (leave out --touch if you want fully-automated, instead of semi-automated)
ykman oath accounts add --touch npm FOOBAR
- Set environment variables for when you run
npm-login-yubikey
On Linux, you could add this to your
~/.profileor~/.bashrcOn Windows/Mac, figure it out then please PR this Readme.export NPM_USER='bob' export NPM_PASS='best-password-ever' export NPM_EMAIL='bob@email.com' export NPM_OTPNAME='npm'
-
Close and reopen terminal
-
Run
npm-login-yubikey
You should see: Logged in as bob on https://registry.npmjs.org/
- Tested with YubiKey 5 Nano
- We call the TOTP key 'npm' but you can call it whatever you like.
export NPM_EXTRA0='--registry=https://foo.com'
export NPM_EXTRA1='--scope=@orgname'
# ...
export NPM_EXTRA9='--future=proof'
Have fun!
Star the repo https://github.com/softwarecreations/npm-login-yubikey
Subscribe to this issue #1
Welcome
MIT