Skip to searchSkip to content
npm
Nodejs.cn 旗下网站

配置双重身份验证

See Details目录

你可以使用 security-key 在你的 npm 用户账户上启用双重身份验证 (2FA),以防止未经授权访问你的账户和包。

¥You can enable two-factor authentication (2FA) on your npm user account to protect against unauthorized access to your account and packages using a security-key.

重要提示:发布到 npm 需要以下任一选项:

¥Important: Publishing to npm requires either:

  • 你的账户已启用双重身份验证 (2FA),或者

    ¥Two-factor authentication (2FA) enabled on your account, OR

  • 启用绕过双重身份验证 (2FA) 的细粒度访问令牌

    ¥A granular access token with bypass 2FA enabled

更多信息,请参阅 npm 文档中关于 要求包发布时进行双重身份验证 的部分。

¥For more information, see the npm documentation on requiring 2FA for package publishing.

先决条件

¥Prerequisites

在你的 npm 用户账户上启用 2FA 之前,你必须:

¥Before you enable 2FA on your npm user account, you must:

有关支持的 2FA 方法的更多信息,请参阅“关于双重身份验证”。

¥For more information on supported 2FA methods, see "About two-factor authentication".

从网站配置 2FA

¥Configuring 2FA from the website

启用 2FA

¥Enabling 2FA

  1. 在 npm“登录”页面上,输入您的帐户详细信息并单击登录 Screenshot of npm login dialog
  2. 在页面的右上角,点击您的个人资料照片,然后点击帐户 Screenshot of account settings selection in user menu

  3. 在账户设置页面的 "双重身份验证" 下,单击启用 2FA。

    ¥On the account settings page, under "Two-Factor Authentication", click Enable 2FA.

    Screenshot showing Enable 2FA button

  4. 当出现提示时,请提供你当前的账户密码,然后单击确认密码继续。

    ¥When prompted provide your current account password and then click Confirm password to continue.

  5. 在 2FA 方法页面上,选择你要启用的方法,然后单击继续。有关支持的 2FA 方法的更多信息,请参阅“关于双重身份验证”。

    ¥On the 2FA method page, select the method you would like to enable and click Continue. For more information on supported 2FA methods, see "About two-factor authentication".

    Screenshot showing 2FA types

  6. 配置你的安全密钥:

    ¥Configure your security-key:

    • 为你的安全密钥命名,然后点击“添加安全密钥”。按照浏览器特定的步骤添加你的安全密钥。

      ¥Provide a name for your security-key and click Add security key. Follow the browser specific steps to add your security-key.

    Screenshot showing security key setup

  • 以下是在 MacOS 上运行的 Microsoft Edge 的配置示例

    ¥Below is an example of configuration from Microsoft Edge running on a MacOS

    Screenshot showing 2FA device selection

  1. 在恢复代码页上,将恢复代码复制到你的计算机或其他非第二重设备的安全位置。我们建议使用密码管理器。

    ¥On the recovery code page, copy the recovery codes to your computer or other safe location that is not your second factor device. We recommend using a password manager.

    Screenshot showing the Recovery Code page

    如果你无法访问第二重设备,恢复代码是确保你可以恢复账户的唯一方法。每个代码只能使用一次。你可以从 2FA 设置页面 查看并重新生成你的恢复代码。有关辅助账户恢复选项,请参阅“配置账户恢复选项”。

    ¥Recovery codes are the only way to ensure you can recover your account if you lose access to your second factor device. Each code can be used only once. You can view and regenerate your recovery code from your 2FA settings page. For secondary account recovery options, see "Configuring account recovery options."

  2. 确认你已保存代码后,单击返回设置。

    ¥Click Go back to settings after confirming that you have saved your codes.

禁用 2FA

¥Disabling 2FA

如果你启用了 2FA,则可以将其从你的账户设置页面中删除。

¥If you have 2FA enabled, you can remove it from your account settings page.

注意:如果你是执行 2FA 的组织的成员,则不能删除 2FA。你可以从 "组织" 选项卡下的个人资料页面查看组织成员列表。

¥Note: You cannot remove 2FA if you are a member of an organization that enforces 2FA. You can view the list of organizations memberships from your profile page under the "Organizations" tab.

  1. 在 npm“登录”页面上,输入您的帐户详细信息并单击登录 Screenshot of npm login dialog
  2. 在页面的右上角,点击您的个人资料照片,然后点击帐户 Screenshot of account settings selection in user menu

  3. 在账户设置页面的 "双重身份验证" 下,单击修改 2FA。

    ¥On the account settings page, under "Two-Factor Authentication", click Modify 2FA.

    Screenshot showing Modify 2FA button

  4. 滚动到 "管理双重身份验证" 页面的底部,然后单击禁用 2FA。

    ¥Scroll to the bottom of the "Manage Two-Factor Authentication" page and click Disable 2FA.

    Screenshot showing Disable 2FA button

  5. 同意浏览器的提示。

    ¥Agree to the prompt from the browser.

从命令行配置 2FA

¥Configuring 2FA from the command line

从命令行启用 2FA

¥Enabling 2FA from the command line

使用 WebAuthn 的安全密钥可以用于从 Web 和命令行进行身份验证,但只能通过 Web 进行配置。

¥Security-key with WebAuthn can be used for authentication from both the web and the command line, but it can only be configured from the web.

注意:你在命令行上配置的设置也将应用于你在 npm 网站上的配置文件设置。

¥Note: Settings you configure on the command line will also apply to your profile settings on the npm website.

为了获得最佳安全体验,我们建议你通过 Web 界面配置双重身份验证 (2FA),你可以在其中设置安全密钥身份验证。

¥For the best security experience, we recommend configuring 2FA through the web interface where you can set up security-key authentication.

如果你需要从命令行启用双重身份验证 (2FA):

¥If you need to enable 2FA from the command line:

  1. 如果你在命令行上注销,请使用 npm login 命令登录。

    ¥If you are logged out on the command line, log in using npm login command.

  2. 在命令行上,键入 npm profile 命令以及要启用的 2FA 模式的选项:

    ¥On the command line, type the npm profile command along with the option for the 2FA mode you want to enable:

    • 要为授权和写入启用 2FA,请键入:

      ¥To enable 2FA for authorization and writes, type:

      npm profile enable-2fa auth-and-writes

    • 要仅为授权启用 2FA,请键入:

      ¥To enable 2FA for authorization only, type:

      npm profile enable-2fa auth-only

使用命令进行双重身份验证

¥Using 2FA with commands

如果你启用了双重身份验证和写入,则在使用安全密钥时将自动处理身份验证。对于需要 2FA 的命令,系统将提示你使用已配置的 2FA 方法进行身份验证。

¥If you have enabled 2FA auth-and-writes, authentication will be handled automatically when using security-keys. For commands that require 2FA, you will be prompted to authenticate with your configured 2FA method.

从命令行删除 2FA

¥Removing 2FA from the command line

  1. 如果你在命令行上注销,请使用 npm login 命令登录。

    ¥If you are logged out on the command line, log in using npm login command.

  2. 在命令行上,键入以下命令:

    ¥On the command line, type the following command:

    npm profile disable-2fa

  3. 出现提示时,输入你的 npm 密码:

    ¥When prompted, enter your npm password:

    npm password:

  4. 系统将提示你使用已配置的双重身份验证 (2FA) 方法进行身份验证以完成移除操作。

    ¥You will be prompted to authenticate with your configured 2FA method to complete the removal.

配置账户恢复选项

¥Configuring account recovery options

在你的 npm 用户账户上启用 2FA 时,我们强烈建议你将 GitHub 和/或 Twitter 账户链接到你的 npm 用户账户。如果你无法访问 2FA 设备和恢复代码,这些关联账户可用于验证你的身份并加快 npm 账户的恢复。

¥When you enable 2FA on your npm user account, we strongly recommend you link your GitHub and/or Twitter accounts to your npm user account. In the event you lose access to your 2FA device and recovery codes, these linked accounts can be used to verify your identity and expedite the recovery of your npm account.

  1. 在 npm“登录”页面上,输入您的帐户详细信息并单击登录 Screenshot of npm login dialog
  2. 在页面的右上角,点击您的个人资料照片,然后点击帐户 Screenshot of account settings selection in user menu

  3. 对于 链接你的 GitHub 账户,在账户设置页面的 "关联账户和恢复选项" 下,单击链接到 GitHub。

    ¥To link your GitHub account, on the account settings page, under "Linked Accounts & Recovery Option", click Link with GitHub.

    Screenshot showing Link GitHub account button

  4. 在授权页面上,验证所有信息是否正确。然后单击授权 npm 账户链接。

    ¥On the authorization page, verify all information looks correct. Then click Authorize npm account link.

  5. 对于 链接你的推特 账户,在账户设置页面的 "关联账户和恢复选项" 下,单击与 Twitter 链接。

    ¥To link your Twitter account, on the account settings page, under "Linked Accounts & Recovery Option", click Link with Twitter.

    Screenshot showing Link Twitter account button

  6. 在授权页面上,验证所有信息是否正确。然后单击授权应用。

    ¥On the authorization page, verify all information looks correct. Then click Authorize app.

Twitter 或 GitHub 账户现已链接到你的 npm 账户。要删除任一账户的链接,你可以单击要从 npm 账户中删除的账户旁边的“删除”按钮。

¥The Twitter or GitHub account is now linked to your npm account. To remove the link to either account, you can click the Remove button next to the account you want to remove from your npm account.

npm v11.7 中文网 - 粤ICP备13048890号

目录