It is possible if you want to use a little more services. Using a self-hosted Hashicorp Vault, you can enable TOTP and store your secret key given by npm CLI when you enable 2FA for auth-and-writes
.
When you got that, you can call your Vault server to provide you the OTP needed to publish and give it to the npm publish
command with --otp
option.
For more details, you can read this article, How to deploy npm package with 2FA enabled on write. This article gives an example with Travis, but it should apply to CircleCI without any major changes. The big difference should be how to encrypt your secrets (npm token, Vault token, etc) within your configuration.