Home / PUBLISH-WITH-2FA-OTP

Publishing with 2FA (Simplest Method)

Since npm deprecated classic tokens, the easiest way is to use 2FA with --otp flag.

Quick Setup (if 2FA not enabled)

npm profile enable-2fa auth-and-writes

Follow the prompts:

  • Scan QR code with authenticator app (Google Authenticator, Authy, etc.)
  • Enter the 6-digit code
  • Save recovery codes somewhere safe

    • Publishing with OTP

    cd packages/core

# Get 6-digit code from authenticator app, then:
npm publish --otp=123456

    Replace 123456 with your actual code from the app.

    The code changes every 30 seconds, so have your phone ready!

    Alternative: Granular Access Token (More Complex)

    If you don't want to enter OTP every time:

  • Go to https://www.npmjs.com/settings/cdr420/tokens
  • Click "Generate New Token"
  • Choose "Granular Access Token"
  • Set permissions:
    • - Packages and scopes: Select @larcjs/core - Permissions: Read and write - Organizations: (leave default)
  • Click "Generate Token"
  • Copy token and save to .tmp

    • Then I'll configure it.

    Which Is Easier?

    For one-time publishing: Use --otp (simpler!)
    • Just need authenticator app
    • Run npm publish --otp=CODE
    • Done!
    For frequent publishing: Use Granular Token
    • More setup upfront
    • No OTP needed each time
    • Better for automation

    Ready to Publish?

    If you have 2FA enabled, just run:

    cd packages/core
npm publish --otp=YOUR_CODE

    Get the code from your authenticator app!