2FA adds security to your npm account but complicates the process of publishing from CI; here's one way around that