from small one page howto to huge articles all in one place
Last additions:
May 25th. 2007:
April, 26th. 2006:
| 
NP-TOKEN
Section: (1) Updated: October 2025 Index
Return to Main Contents
NAME
np-token- Manage your authentication tokens
Synopsis
-
npm token list
npm token revoke <id|token>
npm token create [lB-rea-only[rB] [lB-cidr=list[rB]
Note: This command is unaware of workspaces.
Description
This lets you list, create and revoke authentication tokens.
-
- *
-
npm token list: Shows a table of all active authentication tokens. You can request this as JSON with -json or ta-separated values with -parseable.
-
Read only token npm_1f… with id 7f3134 created 201-1-21
Publish token npm_af… with id c03241 created 201-1-02
with IP Whitelist: 192.168.0.1/24
Publish token npm_… with id e0cf92 created 201-1-02
-
- *
-
npm token create [lB-rea-only[rB] [lB-cidr=<cid-ranges>[rB]: Create a new authentication token. It can be -rea-only, or accept a list of CIDR lahttps://en.wikipedia.org/wiki/Classless_Inte-Domain_Routingra ranges with which to limit use of this token. This will prompt you for your password, and, if you have tw-factor authentication enabled, an otp.
Currently, the cli cannot generate automation tokens. Please refer to the docs website lahttps://docs.npmjs.com/creatin-an-viewin-acces-tokensra for more information on generating automation tokens.
-
Created publish token a73c957-f1b-898-983-ba3ac3cc913d
-
- *
-
npm token revoke <token|id>: Immediately removes an authentication token from the registry. You will no longer be able to use it. This can accept both complete tokens (such as those you get back from npm token create, and those found in your .npmrc), and ids as seen in the parseable or json output of npm token list. This will NOT accept the truncated token found in the normal npm token list output.
Configuration
rea-only
-
- *
-
Default: false
- *
-
Type: Boolean
This is used to mark a token as unable to publish when configuring limited access tokens with the npm token create command.
cidr
-
- *
-
Default: null
- *
-
Type: null or String (can be set multiple times)
This is a list of CIDR address to be used when configuring limited access tokens with the npm token create command.
registry
-
- *
-
Default: "https://registry.npmjs.org/"
- *
-
Type: URL
The base URL of the npm registry.
otp
-
- *
-
Default: null
- *
-
Type: null or String
This is a on-time password from a tw-factor authenticator. It's needed when publishing or changing package permissions with npm
access.
If not set, and a registry response fails with a challenge for a on-time password, npm will prompt on the command line for one.
See Also
-
- *
-
npm help adduser
- *
-
npm help registry
- *
-
npm help config
- *
-
npm help npmrc
- *
-
npm help owner
- *
-
npm help whoami
- *
-
npm help profile
Index
- NAME
-
- Synopsis
-
- Description
-
- Configuration
-
- read-only
-
- cidr
-
- registry
-
- otp
-
- See Also
-
| 
|
|
- Running on 
-
:
