Setting Up npm 2FA with Authenticator App
Step 1: Enable 2FA on npm
npm profile enable-2fa auth-and-writesThis will:
Step 2: Scan QR Code
Use any authenticator app:
- Google Authenticator (iOS/Android)
- Authy (iOS/Android/Desktop)
- 1Password (has built-in authenticator)
- Microsoft Authenticator
- Any TOTP app
Step 3: Enter Confirmation Code
# npm will ask for a code - enter it from your app
Enter OTP: [type 6-digit code]Step 4: Save Recovery Codes
npm will show you recovery codes - SAVE THESE!
Recovery codes:
xxxx-xxxx-xxxx
xxxx-xxxx-xxxx
(save somewhere safe!)Done! Now Publishing Works
Publishing with 2FA:
cd packages/core
npm publish --otp=123456 # Get code from appThe code changes every 30 seconds, so:
Alternative: Use Automation Token (No 2FA Needed)
If you want to skip entering OTP every time:
Create an Automation Token:
npm_...)Use the Token:
# Set the token (one-time setup)
npm set //registry.npmjs.org/:_authToken npm_XXXXXXXXXXXXXXXX
# Now publish without OTP
cd packages/core
npm publish # No --otp needed!Troubleshooting
"Invalid OTP"
- Code expires every 30 seconds - try a fresh one
- Make sure you're using the code for "npm" (not another service)
- Time on your computer and phone must be synchronized
"Already enabled"
Check your current 2FA status:npm profile getDisable 2FA (if needed):
npm profile disable-2faQuick Reference
# Enable 2FA
npm profile enable-2fa auth-and-writes
# Check 2FA status
npm profile get
# Publish with OTP
npm publish --otp=123456
# Use automation token instead
npm set //registry.npmjs.org/:_authToken npm_XXXXX