npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

package-specific tokens (token scopes?)

Hi friends :wave:

I’d like it if I could create a token that can be used to publish a specific package but no other packages. This would help as I automate my releases with semantic-release and would love it if I could reduce the impact in the event that a contributor goes rogue and steals my token from CI and starts wreaking havoc on the npm ecosystem with my packages.

+1 for package-scoped tokens.