You can now create access tokens with limited scope using the new granular access tokens functionality in npm. With granular access tokens, you can:
- Restrict which packages and/or scopes a token has access to
- Grant tokens access to specific organizations for user management
- Set a token expiration date
- Limit token access based on IP address ranges
- Select between read and/or write access
Tokens with least privileges protects your npm packages from accidental or malicious misuse of your token. These tokens also allow you to manage your npm org and teams from a CI/CD pipeline. Granular access tokens are specifically built for automation and do not require 2FA. We recommend using granular access tokens with least privileges while you automate publishing and org management activities.