Skip to content

Commit

Permalink
Security: require 2FA for publish
Browse files Browse the repository at this point in the history
  • Loading branch information
@SBoudrias
SBoudrias committed Jan 9, 2025
1 parent b1140f0 commit 32db45e
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ coverage
!.yarn/versions
.turbo
.DS_Store
publish.env
12 changes: 10 additions & 2 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,16 @@ yarn demo

## Publishing new versions

Note: This can only be done by someone with permission to the org on `npm`.
Note: This can only be done by someone with permission to the org on `npm` and requires 2FA setup.

```sh
yarn lerna publish
yarn publish
```

You'll need to add a `./publish.env` at the root of the repo. And inside define your 2FA codes:

```
NPM_CONFIG_OTP=""
```

The publish alias relies on 1password for developer to fetch the private information.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
"internals/*"
],
"scripts": {
"publish": "op run --env-file='./publish.env' -- yarn lerna publish",
"demo": "node --watch-path=packages/ packages/demo/dist/esm/index.js",
"dev": "turbo watch tsc",
"prepare": "husky && turbo tsc attw",
Expand Down

0 comments on commit 32db45e

Please sign in to comment.