npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

npm-login-yubikey

v1.0.5

Published

Automated or semi-automated NPM login with a YubiKey as 2FA, simple, no dependencies, auditable.

Downloads

14

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

softwarecreationssoftwarecreations

Keywords

npmloginyubikeysecurityaddusercliautomationautomated2faauthenticationnoninteractiveheadlessconsoleterminal

Readme

npm-login-yubikey

Login to NPM, semi or fully automated, headless, scripted, non-interactive with a YubiCo YubiKey for 2FA (two factor authentication)

Project goals

  • No dependencies
  • Small, simple, easy to audit, yourself

Inspired by my previous project

  • Original version: https://www.npmjs.com/package/npm-automated-login-totp
  • Paranoid version: https://www.npmjs.com/package/npm-login-yubikey < You are here

Read that readme before using this.

Installation - 2 minute setup

Example username is: bob

  1. npm install -g npm-login-yubikey

  2. Install yubikey-manager aka ykman

  • Debian/Ubuntu/PopOS apt install yubikey-manager
  • Fedora/Redhat yum install yubikey-manager
  • In Python: pip install --user yubikey-manager
  • Windows choco install yubikey-manager
  • Mac brew install ykman
  1. Enable 2FA on your NPM account
  • (on a secure computer with YubiKey plugged in)
  • Open your NPMjs.com profile page
  • https://www.npmjs.com/settings/bob/profile > Two-Factor Authentication
  1. Click the link that says "Can't scan and need to type in the text code? Click here."

Let's pretend it says Your two-factor secret is: FOOBAR

  1. Save your secret as 'npm' into your YubiKey
  • (leave out --touch if you want fully-automated, instead of semi-automated)
  • ykman oath accounts add --touch npm FOOBAR
  1. Set environment variables for when you run npm-login-yubikey

On Linux, you could add this to your ~/.profile or ~/.bashrc On Windows/Mac, figure it out then please PR this Readme.

export NPM_USER='bob'
export NPM_PASS='best-password-ever'
export NPM_EMAIL='[email protected]'
export NPM_OTPNAME='npm'

  1. Close and reopen terminal

  2. Run npm-login-yubikey

You should see: Logged in as bob on https://registry.npmjs.org/

Notes

  • Tested with YubiKey 5 Nano
  • We call the TOTP key 'npm' but you can call it whatever you like.

Provide 1 or more additional login options - optional

export NPM_EXTRA0='--registry=https://foo.com'
export NPM_EXTRA1='--scope=@orgname'
# ...
export NPM_EXTRA9='--future=proof'

Have fun!

Say thanks

Star the repo https://github.com/softwarecreations/npm-login-yubikey

Get notified of significant project changes

Subscribe to this issue https://github.com/softwarecreations/npm-login-yubikey/issues/1

PR's or issues

Welcome

License

MIT