Accessing npm using two-factor authentication

Table of contents

Sign in from the command line using security-key flow

  1. On the command line, type the npm login command.

  2. When prompted, provide your username, password, and email address.

    user@host:~$ npm login
    npm notice Log in on https://registry.npmjs.org/
    Username: mona
    Password:
    Email: (this IS public) mona@github.com
    npm notice Open https://www.npmjs.com/login/913c3ab1-89a0-44bd-be8d-d946e2e906f0 to use your security key for authentication or enter OTP from your authenticator app

  3. If you have configured a security-key, open the provided URL shown in the command line. Alternatively, if you have configured a mobile authenticator skip to step 6.

  4. Click on Use security key and follow the browser specific steps to authenticate.

    Screenshot showing security key prompt

  5. Copy the generated token

    Screenshot showing a sample token generated while using WebAuthn for cli login

  6. Enter the one-time password into the CLI prompt.

    Enter one-time password:

Sign in from the command line using --auth-type=web

npm 8.14.0 and higher support login flow through the browsers. This will become the default behavior for the npm public registry in npm 9.

With an existing browser session

  1. On the command line, type the npm login --auth-type=web command.

  2. When prompted hit "ENTER" to open your browser to start the login flow or click the provided URL show in the command line.

    user@host:~$ npm login
    npm notice Log in on https://registry.npmjs.org/
    Authenticate your account at:
    https://www.npmjs.com/login?next=/login/cli/b1a2f96a-ce09-4463-954c-c99f6773b922
    Press ENTER to open in the browser...

  3. Click on Use security key and follow the browser specific steps to authenticate.

    Screenshot showing security key prompt

    Note: If you have configured to use TOTP, you will see an TOTP prompt instead

Without an existing browser session

  1. On the command line, type the npm login --auth-type=web command.

  2. When prompted hit "ENTER" to open your browser to start the login flow or click the provided URL show in the command line.

    user@host:~$ npm login
    npm notice Log in on https://registry.npmjs.org/
    Authenticate your account at:
    https://www.npmjs.com/login?next=/login/cli/b1a2f96a-ce09-4463-954c-c99f6773b922
    Press ENTER to open in the browser...
  3. On the npm "Sign In" page, enter your account details and click Sign In.
    Screenshot of npm login dialog

  4. Click on Use security key and follow the browser specific steps to authenticate.

    Screenshot showing security key prompt

    Note: If you have configured to use TOTP, you will see an TOTP prompt instead

Edit this page on GitHub