Creating a strong password

Secure your npm account with a strong and unique password using a password manager.

You must choose or generate a password for your npm account that:

To keep your account secure, we recommend you follow these best practices:

When you type a password to sign in, create an account, or change your password, npm will check if the password you entered is considered weak according to datasets like HaveIBeenPwned. The password may be identified as weak even if you have never used that password before.

npm only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.


< Creating a new user account on the public registry | About two-factor authentication >