[Feature] Support setting npmAlwaysAuth with npm login command

• I’d be willing to implement this feature
• This feature can already be implemented through a plugin

Describe the user story

I believe there’s a larger problem around configuration of always-auth behavior that I’ll get into, but there’s at least a couple solid reasons I think Yarn should implement this command-line switch:

• parity with the npm login/adduser command: https://docs.npmjs.com/cli/v6/commands/npm-adduser
• it simplifies the process of logging into a registry requiring auth down to a single command

In the meantime, my current workaround to get npmAlwaysAuth set is to have a wrapper script that runs

$ yarn config set -H "npmRegistries['$(yarn config get npmRegistryServer)'].npmAlwaysAuth" true

after login.

Describe the solution you’d like

Since logging in is always a required step at some point, it would be acceptable if this additional configuration could automatically happen when I run

$ yarn npm login --always-auth

Describe the drawbacks of your solution

Adding the command line flag fortunately doesn’t have any drawbacks I’m aware of. However, the changes I might propose to how npmAlwaysAuth is determined during install would add complexity at the risk of making things more unintuitive.

Describe alternatives you’ve considered

This addition can be avoided for most use cases with some changes to how registry configuration is resolved in RC files.

Additional context

My use case that this solution would solve is for a project that uses a self-hosted registry (JFrog) for all public packages. However, it’s proved difficult to have Yarn understand that authentication is always necessary due to the way it reads registry configuration. Consider the basic example

# ~/.yarnrc.yml
npmRegistries:
  "<my-registry>":
    npmAuthToken: ******

# <my-project>/.yarnrc.yml
npmRegistryServer: "<my-registry>"
npmAlwaysAuth: true

In this case when installing packages from <my-registry>, npmAlwaysAuth is unintuitively false since Yarn prefers the values for registry-specific settings. To elaborate, the npmAlwaysAuth: true in <my-project>/.yarnrc.yml is actually a fallback value that is never used, since <my-registry> exists in npmRegistries, and npmRegistries["npmRegistries"].npmAlwaysAuth has an explicit default value of false.

A potential workaround would be to specify the project’s configuration as

# <my-project>/.yarnrc.yml
npmRegistryServer: "<my-registry>"
npmRegistries:
  "<my-registry>":
    npmAlwaysAuth: true

but because Yarn doesn’t perform deep-merging for registry configuration, the value for npmAuthToken in the user’s home folder is masked away, and now all requests are unauthenticated. Therefore, there is no possible configuration at the project level that can convince Yarn to always authenticate requests for default registry. Configuration must happen in the user’s home folder configuration since adding the auth token in the project rc isn’t an option.