Update npm release script to accept a token as an alternative to otp

[cknitt]

npm does not allow accounts to add 2FA with OTP anymore, only with passkeys (as I recently learned while trying to switch OTP app 😢).

Therefore the release tagging script now supports these options:

• --opt for those are lucky enough to still have 2FA with OTP
• --token (or setting the NODE_AUTH_TOKEN env var) to use a token instead
• specifying neither of those and having to confirm every single package separately with your passkey

[pkg-pr-new]

Open in StackBlitz

rescript

npm i https://pkg.pr.new/rescript@8269

@rescript/darwin-arm64

npm i https://pkg.pr.new/@rescript/darwin-arm64@8269

@rescript/darwin-x64

npm i https://pkg.pr.new/@rescript/darwin-x64@8269

@rescript/linux-arm64

npm i https://pkg.pr.new/@rescript/linux-arm64@8269

@rescript/linux-x64

npm i https://pkg.pr.new/@rescript/linux-x64@8269

@rescript/runtime

npm i https://pkg.pr.new/@rescript/runtime@8269

@rescript/win32-x64

npm i https://pkg.pr.new/@rescript/win32-x64@8269

commit: 15adbae

[cometkim]

but otp and token for what...?

[cknitt]

but otp and token for what...?

What do you mean?

So that it doesn't do a 2FA prompt for each package.

[cometkim]

Don't we use tokenless publishing anymore?

[cknitt]

We do, but CI publishes with tag "ci", and this script is for manually tagging as "next" or "latest" or whatever is needed afterwards.

We could probably automate this more and have CI publish with the final tag immediately, but we'd need to take care that the right tag is chosen (e.g. not publish maintenance branches as latest).