npm/docs/output/commands/npm-token.html

a package manager for JavaScript

<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>npm-token</title>
<style>
body {
    background-color: #ffffff;
    color: #24292e;

    margin: 0;

    line-height: 1.5;

    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji";
}
#rainbar {
    height: 10px;
    background-image: linear-gradient(139deg, #fb8817, #ff4b01, #c12127, #e02aff);
}

a {
    text-decoration: none;
    color: #0366d6;
}
a:hover {
    text-decoration: underline;
}

pre {
    margin: 1em 0px;
    padding: 1em;
    border: solid 1px #e1e4e8;
    border-radius: 6px;

    display: block;
    overflow: auto;

    white-space: pre;

    background-color: #f6f8fa;
    color: #393a34;
}
code {
    font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace;
    font-size: 85%;
    padding: 0.2em 0.4em;
    background-color: #f6f8fa;
    color: #393a34;
}
pre > code {
    padding: 0;
    background-color: inherit;
    color: inherit;
}
h1, h2, h3 {
    font-weight: 600;
}

#logobar {
    background-color: #333333;
    margin: 0 auto;
    padding: 1em 4em;
}
#logobar .logo {
    float: left;
}
#logobar .title {
    font-weight: 600;
    color: #dddddd;
    float: left;
    margin: 5px 0 0 1em;
}
#logobar:after {
    content: "";
    display: block;
    clear: both;
}

#content {
    margin: 0 auto;
    padding: 0 4em;
}

#table_of_contents > h2 {
    font-size: 1.17em;
}
#table_of_contents ul:first-child {
    border: solid 1px #e1e4e8;
    border-radius: 6px;
    padding: 1em;
    background-color: #f6f8fa;
    color: #393a34;
}
#table_of_contents ul {
    list-style-type: none;
    padding-left: 1.5em;
}
#table_of_contents li {
    font-size: 0.9em;
}
#table_of_contents li a {
    color: #000000;
}

header.title {
    border-bottom: solid 1px #e1e4e8;
}
header.title > h1 {
    margin-bottom: 0.25em;
}
header.title > .description {
    display: block;
    margin-bottom: 0.5em;
    line-height: 1;
}

header.title .version {
    font-size: 0.8em;
    color: #666666;
}

footer#edit {
    border-top: solid 1px #e1e4e8;
    margin: 3em 0 4em 0;
    padding-top: 2em;
}
</style>
</head>
<body>
<div id="banner">
<div id="rainbar"></div>
<div id="logobar">
<svg class="logo" role="img" height="32" width="32" viewBox="0 0 700 700">
<polygon fill="#cb0000" points="0,700 700,700 700,0 0,0"></polygon>
<polygon fill="#ffffff" points="150,550 350,550 350,250 450,250 450,550 550,550 550,150 150,150"></polygon>
</svg>
<div class="title">
npm command-line interface
</div>
</div>
</div>

<section id="content">
<header class="title">
<h1 id="----npm-token----1170">
    <span>npm-token</span>
    <span class="version">@11.7.0</span>
</h1>
<span class="description">Manage your authentication tokens</span>
</header>

<section id="table_of_contents">
<h2 id="table-of-contents">Table of contents</h2>
<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><ul><li><a href="#listing-tokens">Listing tokens</a></li><li><a href="#generating-tokens">Generating tokens</a></li><li><a href="#revoking-tokens">Revoking tokens</a></li></ul><li><a href="#configuration">Configuration</a></li><ul><li><a href="#name"><code>name</code></a></li><li><a href="#token-description"><code>token-description</code></a></li><li><a href="#expires"><code>expires</code></a></li><li><a href="#packages"><code>packages</code></a></li><li><a href="#packages-all"><code>packages-all</code></a></li><li><a href="#scopes"><code>scopes</code></a></li><li><a href="#orgs"><code>orgs</code></a></li><li><a href="#packages-and-scopes-permission"><code>packages-and-scopes-permission</code></a></li><li><a href="#orgs-permission"><code>orgs-permission</code></a></li><li><a href="#cidr"><code>cidr</code></a></li><li><a href="#bypass-2fa"><code>bypass-2fa</code></a></li><li><a href="#password"><code>password</code></a></li><li><a href="#registry"><code>registry</code></a></li><li><a href="#otp"><code>otp</code></a></li><li><a href="#read-only"><code>read-only</code></a></li></ul><li><a href="#see-also">See Also</a></li></ul></div>
</section>

<div id="_content"><h3 id="synopsis">Synopsis</h3>
<pre><code class="language-bash">npm token list
npm token revoke &lt;id|token&gt;
npm token create
</code></pre>
<p>Note: This command is unaware of workspaces.</p>
<h3 id="description">Description</h3>
<p>This lets you list, create and revoke authentication tokens.</p>
<h4 id="listing-tokens">Listing tokens</h4>
<p>When listing tokens, an abbreviated token will be displayed.  For security purposes the full token is not displayed.</p>
<h4 id="generating-tokens">Generating tokens</h4>
<p>When generating tokens, you will be prompted you for your password and, if you have two-factor authentication enabled, an otp.</p>
<p>Please refer to the <a href="https://docs.npmjs.com/creating-and-viewing-access-tokens">docs website</a> for more information on generating tokens for CI/CD.</p>
<h4 id="revoking-tokens">Revoking tokens</h4>
<p>When revoking a token, you can use the full token (e.g. what you get back from <code>npm token create</code>, or as can be found in an <code>.npmrc</code> file), or a truncated id.  If the given truncated id is not distinct enough to differentiate between multiple existing tokens, you will need to use enough of the id to allow npm to distinguish between them.  Full token ids can be found on the <a href="https://www.npmjs.com">npm website</a>, or in the <code>--parseable</code> or <code>--json</code> output of <code>npm token list</code>.  This command will NOT accept the truncated token found in the normal <code>npm token list</code> output.</p>
<p>A revoked token will immediately be removed from the registry and you will no longer be able to use it.</p>
<h3 id="configuration">Configuration</h3>
<h4 id="name"><code>name</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, this sets the
name/description for the token.</p>
<h4 id="token-description"><code>token-description</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String</li>
</ul>
<p>Description text for the token when using <code>npm token create</code>.</p>
<h4 id="expires"><code>expires</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or Number</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, this sets the
expiration in days. If not specified, the server will determine the default
expiration.</p>
<h4 id="packages"><code>packages</code></h4>
<ul>
<li>Default:</li>
<li>Type: null or String (can be set multiple times)</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, this limits
the token access to specific packages.</p>
<h4 id="packages-all"><code>packages-all</code></h4>
<ul>
<li>Default: false</li>
<li>Type: Boolean</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, grants the
token access to all packages instead of limiting to specific packages.</p>
<h4 id="scopes"><code>scopes</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String (can be set multiple times)</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, this limits
the token access to specific scopes. Provide a scope name (with or without @
prefix).</p>
<h4 id="orgs"><code>orgs</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String (can be set multiple times)</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, this limits
the token access to specific organizations.</p>
<h4 id="packages-and-scopes-permission"><code>packages-and-scopes-permission</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null, "read-only", "read-write", or "no-access"</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, sets the
permission level for packages and scopes. Options are "read-only",
"read-write", or "no-access".</p>
<h4 id="orgs-permission"><code>orgs-permission</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null, "read-only", "read-write", or "no-access"</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, sets the
permission level for organizations. Options are "read-only", "read-write",
or "no-access".</p>
<h4 id="cidr"><code>cidr</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String (can be set multiple times)</li>
</ul>
<p>This is a list of CIDR address to be used when configuring limited access
tokens with the <code>npm token create</code> command.</p>
<h4 id="bypass-2fa"><code>bypass-2fa</code></h4>
<ul>
<li>Default: false</li>
<li>Type: Boolean</li>
</ul>
<p>When creating a Granular Access Token with <code>npm token create</code>, setting this
to true will allow the token to bypass two-factor authentication. This is
useful for automation and CI/CD workflows.</p>
<h4 id="password"><code>password</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String</li>
</ul>
<p>Password for authentication. Can be provided via command line when creating
tokens, though it's generally safer to be prompted for it.</p>
<h4 id="registry"><code>registry</code></h4>
<ul>
<li>Default: "<a href="https://registry.npmjs.org/">https://registry.npmjs.org/</a>"</li>
<li>Type: URL</li>
</ul>
<p>The base URL of the npm registry.</p>
<h4 id="otp"><code>otp</code></h4>
<ul>
<li>Default: null</li>
<li>Type: null or String</li>
</ul>
<p>This is a one-time password from a two-factor authenticator. It's needed
when publishing or changing package permissions with <code>npm access</code>.</p>
<p>If not set, and a registry response fails with a challenge for a one-time
password, npm will prompt on the command line for one.</p>
<h4 id="read-only"><code>read-only</code></h4>
<ul>
<li>Default: false</li>
<li>Type: Boolean</li>
</ul>
<p>This is used to mark a token as unable to publish when configuring limited
access tokens with the <code>npm token create</code> command.</p>
<h3 id="see-also">See Also</h3>
<ul>
<li><a href="../commands/npm-adduser.html">npm adduser</a></li>
<li><a href="../using-npm/registry.html">npm registry</a></li>
<li><a href="../commands/npm-config.html">npm config</a></li>
<li><a href="../configuring-npm/npmrc.html">npmrc</a></li>
<li><a href="../commands/npm-owner.html">npm owner</a></li>
<li><a href="../commands/npm-whoami.html">npm whoami</a></li>
<li><a href="../commands/npm-profile.html">npm profile</a></li>
</ul></div>

<footer id="edit">
<a href="https://github.com/npm/cli/edit/latest/docs/lib/content/commands/npm-token.md">
<svg role="img" viewBox="0 0 16 16" width="16" height="16" fill="currentcolor" style="vertical-align: text-bottom; margin-right: 0.3em;">
<path fill-rule="evenodd" d="M11.013 1.427a1.75 1.75 0 012.474 0l1.086 1.086a1.75 1.75 0 010 2.474l-8.61 8.61c-.21.21-.47.364-.756.445l-3.251.93a.75.75 0 01-.927-.928l.929-3.25a1.75 1.75 0 01.445-.758l8.61-8.61zm1.414 1.06a.25.25 0 00-.354 0L10.811 3.75l1.439 1.44 1.263-1.263a.25.25 0 000-.354l-1.086-1.086zM11.189 6.25L9.75 4.81l-6.286 6.287a.25.25 0 00-.064.108l-.558 1.953 1.953-.558a.249.249 0 00.108-.064l6.286-6.286z"></path>
</svg>
Edit this page on GitHub
</a>
</footer>
</section>



</body></html>