Open npmjs.com instead of asking for OTP

[fregante]

Description

npm now asks to complete 2FA in the browser:

npm notice Publishing to https://registry.npmjs.org/ with tag latest and default access
Authenticate your account at:
https://www.npmjs.com/auth/cli/cda65f41-0edf4e1c6f4b
Press ENTER to open in the browser...

and I find this to be better than what np does:

? Select semver increment or specify new version major 	4.0.0

  ✔ Prerequisite check
  ✔ Git
  ✔ Bumping version using npm
  ⠴ Publishing package using npm (waiting for input…)
    → ? Enter OTP: 
    Pushing tags
    Creating release draft on GitHub

Is the feature request related to a problem?

Compare the two workflows:

1. Press ENTER
2. Click "Use security key" (on a pre-logged-in npmjs.com)
3. Touch ID

with np's:

1. Pick up phone
2. Unlock it
3. Find Authenticator
4. Locate npm on the list
5. Tap it
6. cmd-v on the computer (via Continuity, if it works, within 4 seconds)

Possible implementation

I don't know, but it could skip the "Press enter to continue" step and just use open to open the browser and skip one more step.

Bonus points: this would also resolve another issue because "the notification" is the whole browser getting focus.

• Show a notification when OTP is required #359

Issues

Potentially some people don't like this new workflow

[sindresorhus]

I personally prefer the current approach, but I'm happy to add an option for this.

My workflow is: Trigger 1Password quick window, copy 2FA for npm, paste into terminal. Much faster than jumping into the browser.