fix(webauth): improve error messages around webauth in non-TTY#8952
Merged
wraithgar merged 1 commit intonpm:latestfrom Feb 3, 2026
Merged
fix(webauth): improve error messages around webauth in non-TTY#8952wraithgar merged 1 commit intonpm:latestfrom
wraithgar merged 1 commit intonpm:latestfrom
Conversation
wraithgar
approved these changes
Feb 3, 2026
Member
wraithgar
left a comment
wraithgar
left a comment
There was a problem hiding this comment.
I think this looks good to go. My only concern was spreading json in the output error util, not knowing what else may try to set that attribute. Both the run and view commands also pass an error generated from getError already so we shouldn't have any surprises there.
Contributor
Author
|
Yeah, I definitely had some doubts about the |
Member
|
All good, I think it sets up a nice pattern for future errors to arbitrarily add more context when in json mode. |
wraithgar
changed the title
Merged
reggi
pushed a commit
that referenced
this pull request
Feb 4, 2026
## Add webauth URLs to EOTP error messages When npm returns an EOTP error with `authUrl` and `doneUrl` in the response body (web-based OTP flow), these URLs are now included in the error output. **What:** - Display `authUrl` (for browser authentication) and `doneUrl` (for token retrieval) in non-TTY EOTP error messages - Include both URLs in `--json` output as `error.authUrl` and `error.doneUrl` - Adjusted messaging to differentiate webauth flow from traditional TOTP authenticator flow **Why:** - In non-interactive/CI environments, the webauth URLs were not surfaced, making it impossible to complete authentication - Tools wrapping `npm publish` (like [changesets](changesets/changesets#1773)) need access to these URLs to implement web OTP support - The `doneUrl` is required for polling to retrieve the token after browser authentication completes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add webauth URLs to EOTP error messages
When npm returns an EOTP error with
authUrlanddoneUrlin the response body (web-based OTP flow), these URLs are now included in the error output.What:
authUrl(for browser authentication) anddoneUrl(for token retrieval) in non-TTY EOTP error messages--jsonoutput aserror.authUrlanderror.doneUrlWhy:
npm publish(like changesets) need access to these URLs to implement web OTP supportdoneUrlis required for polling to retrieve the token after browser authentication completes