package-specific tokens (token scopes?)


(Kent C Dodds) #1

Hi friends :wave:

I’d like it if I could create a token that can be used to publish a specific package but no other packages. This would help as I automate my releases with semantic-release and would love it if I could reduce the impact in the event that a contributor goes rogue and steals my token from CI and starts wreaking havoc on the npm ecosystem with my packages.