npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

command similar to whoami for determining current token id

it would be very useful to have a command to determine the id of the current token for situations where we cannot access the actual token value.

for example, my team uses encrypted environment variables on travis ci to supply secrets like the npm token. in some cases we use a token for publishing and restrict cidr ranges. in other cases, we use a read-only token when we only need to install, but need access to private packages.

in the above scenario, we cannot view the encrypted variable or the .npmrc file that it is written to. we wouldn’t want to echo that value to the build log for obvious reasons. however, sometimes we get confused about which token should be used for which project or want to confirm that the current machine is allowed in the cidr restriction, but there isn’t really a way to confirm which is used without replacing it.

if we could run a command to get the id of the current token, we could then compare that id against the output of npm token ls to confirm if it is read-only or if the cidr-restrictions include what we need them to.

would it be reasonable to add a command like this?

had another issue where i needed to confirm which token was available to CI where something along these lines would have been really helpful. is there any interest in something along these lines?