npm login is an alias to
adduser, which creates or verifies username entered, but I would argue that these are distinct.
Login should be for an existing user, not for registry usear creation.
Though it may be about semantics, I believe login is a distinct action where only an existing member of the system can be authenticated and authorized, as opposed to adding a user to a system which can then login. So I don’t understand why these are bound by the same command.
I believe this causes confusion and leads to plenty of unintended, unused accounts. This is also contradicts any web registration process I’ve ever encountered for any service. You always have to create/register an account before being able to login, at times even with prompts when a username doesn’t exist.
This scenario actually happened to me back in March because I was fiddling around new setup scripts and forgot to add the
--registry flag on the actual attempt to login into a private registry. I contacted support via email about this (said they would pass this to the Product Team for future improvement) in order to have that account deleted as I have intention in using this.
npm login will create a new account if entering credentials that are non-existent on npmjs.org
npm login to do one of the following:
- report account does not exist and exit
- ask to register new account
- have a flag (e.g.
--create) to create account in the eventuality that it doesn’t exist
Creating/registering a new account with a non-existing username/email should not be the default.
npm login Username: nonExistentUsername Password: Email: (this IS public) nonExistentUsername@email.com Logged in as nonExistentUsername on https://registry.npmjs.org/.
- OS: macOS Catalina 10.15.7
- Node: v14.17.1
- npm: 6.14.13
Maybe someone has some insight as to why this is the case and the reasoning behind it.
Sure, it can speed up account creation, but who does that rather than going to the website? And maybe there is a use case for this, but it shouldn’t be the default for
login to be an alias to
adduser, rather it should be a command that could call