The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
package-specific tokens (token scopes?)
I’d like it if I could create a token that can be used to publish a specific package but no other packages. This would help as I automate my releases with semantic-release and would love it if I could reduce the impact in the event that a contributor goes rogue and steals my token from CI and starts wreaking havoc on the npm ecosystem with my packages.
+1 for package-scoped tokens.