npm token create [--read-only] [--cidr=<cidr-ranges>]:
Create a new authentication token. It can be --read-only, or accept
a list of
ranges with which to limit use of this token. This will prompt you for
your password, and, if you have two-factor authentication enabled, an
Currently, the cli can not generate automation tokens. Please refer to
for more information on generating automation tokens.
npm token revoke <token|id>:
Immediately removes an authentication token from the registry. You
will no longer be able to use it. This can accept both complete
tokens (such as those you get back from npm token create, and those
found in your .npmrc), and ids as seen in the parseable or json
output of npm token list. This will NOT accept the truncated token
found in the normal npm token list output.
This is used to mark a token as unable to publish when configuring limited
access tokens with the npm token create command.
Type: null or String (can be set multiple times)
This is a list of CIDR address to be used when configuring limited access
tokens with the npm token create command.