TIP: Enable Two Factor Authentication (2FA) with your NPM account

Since early October it’s possible to enable Two Factor Authentication with your NPM account.

2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access to your npm account.

To enable it, run npm profile enable-2fa with one of these two options:

  1. auth-only: enable it for any login attempt
  2. auth-and-writes: enable it for any login attempt, publish event, profile change, etc.

Once enabled use an authentication application like Google Authenticator or Authy to generate your One-Time-Password.

Additional security measurements announced along with 2FA is the possibility to have read-only tokens — useful for all your CI/CD needs.

Note that NPM 5.5.1 or higher is required.

Protect your npm account with two-factor authentication and read-only tokens →
NPM: Using Two Factor Authentication →

Did this help you out? Like what you see?
Consider donating.

I don’t run ads on my blog nor do I do this for profit. A donation however would always put a smile on my face though. Thanks!

☕️ Buy me a Coffee ($3)

Published by Bramus!

Bramus is a frontend web developer from Belgium, working as a Chrome Developer Relations Engineer at Google. From the moment he discovered view-source at the age of 14 (way back in 1997), he fell in love with the web and has been tinkering with it ever since (more …)

Unless noted otherwise, the contents of this post are licensed under the Creative Commons Attribution 4.0 License and code samples are licensed under the MIT License

Join the Conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.