- npm 是什么?
- 如何安装 npm 并管理 npm 版本
- How to Prevent Permissions Errors
- 如何安装本地包
- Working with package.json
- 如何更新本地安装的包
- 如何卸载本地安装的包
- 如何安装全局包
- 如何更新全局安装的包
- 如何卸载全局安装的包
- 如何创建 Node.js 模块
- How to Publish & Update a Package
- 如何使用语义化版本
- How to Work with Scoped Packages
- How to Label Packages with Dist-tags
- How to Use Two-Factor Authentication
- How to Work with Security Tokens
- How to Change Profile Settings from the CLI
- Understanding Packages and Modules
- npm-access
- npm-adduser
- npm-audit
- npm-bin
- npm-bugs
- npm-build
- npm-bundle
- npm-cache
- npm-ci
- npm-completion
- npm-config
- npm-dedupe
- npm-deprecate
- npm-dist-tag
- npm-docs
- npm-doctor
- npm-edit
- npm-explore
- npm-help
- npm-help-search
- npm-hook
- npm-init
- npm-install
- npm install-ci-test -- Install a project with a clean slate and run tests
- npm install-test -- 安装依赖包并运行测试
- npm-link
- npm-logout
- npm-ls
- npm
- npm-org
- npm-outdated
- npm-owner
- npm-pack
- npm-ping
- npm-prefix
- npm-profile
- npm-prune
- npm-publish
- npm-rebuild
- npm-repo
- npm-restart
- npm-root
- npm-run-script
- npm-search
- npm-shrinkwrap
- npm-star
- npm-stars
- npm-start
- npm-stop
- npm-team
- npm-test
- npm-token
- npm-uninstall
- npm-unpublish
- npm-update
- npm-version
- npm-view
- npm-whoami
- npm-coding-style
- npm-config
- npm-developers
- npm-disputes
- npm-orgs
- npm-registry
- npm-removal
- npm-scope
- npm-scripts
- semver
- npm-folders
- npmrc
- package-lock.json
- npm-package-locks
- package.json
- npm-shrinkwrap.json
- 尝试 node 的最新稳定版本
- Try the latest stable version of npm
- 如果 npm 损坏了
- Try clearing the npm cache
- Common Errors
How to Work with Security Tokens
Requires npm version 5.5.1 or greater
Whenever you login to npm, a security token is generated. Tokens authenticate your account, and give you rights to publish and access your modules.
Because a token is simply a hexadecimal string, you can use the token in other tools, such as continuous integration testing environments, so that the tool can run with the access it needs to complete tasks. For example, Travis-CI provides an environment variable that you can assign to a token value. This gives Travis-CI the ability to run npm as your npm user, including the ability to install private packages to which you have access.
Read this chapter to learn how to manage security tokens.
Note: There are additional steps required if you wish to use tokens for testing and other special purposes. These steps are not in the scope of this chapter.
Token commands empower you to:
- View tokens for easier tracking and management.
- Create new tokens, specifying read-only or full-permission.
- Delete/revoke tokens.
- Limit access according to IP address ranges (CIDR).
How to View the Tokens On Your Account:
To view the tokens associated with your account, type:
npm token list.
The following table explains the token list.
A token can be both read-only as well as CIDR-whitelisted.
If you have enabled two-factor authentication on your profile, you have implemented an additional layer of security.
Note: The token list shows a truncated version of the token. View the How to Create New Tokens
npm token create [--read-only] [--cidr=list]
Before you create a new token, decide which type of token you want:
- read-only (installation/distribution rights)
- full permission (publishing rights)
- CIDR whitelist (restricted by ip address)
The default setting for new tokens is full-permission.
- Read-only tokens allow installation and distribution.
- Full-permission tokens allow installation, distribution, publishing, and all rights that you have on your account
- CIDR whitelist tokens can only be used from specified ip address ranges. Use this to restrict tokens to a single company, or a specified developer team, for example. At this time, only IPv4 is supported.
When a token is read-only, it cannot be used to make changes to a package. If a token is not explicitly set to read-only, it has full permissions, including publish and modification rights.
How to Create a New Full-Permission token:
To create a new full permission token, type:
'npm token create'
If you have set up two-factor authentication, you will be prompted for your npm password, followed by an OTP. npm will display this table:
TIP: Save a screen shot of the token field, as this will be your only chance to view it.
Note that read-only defaults to false.
How to Create a New Read-Only Token
To create a new read-only token, type:
npm token create --read-only
If you have set up two-factor authentication, you will be prompted for an npm password, followed by an OTP. npm will display this table:
Note that read-only is set to true.
How to Create a New CIDR-Restricted Token
To limit the token so that it can only be used from specified ip addresses, you can create a CIDR-restricted token. CIDR is an acronym for Classless Inter-Domain Routing. The How to Create a CIDR-Restricted Read-Only Token
To create a CIDR-restricted token that is also read-only, type:
npm token create --read-only --cidr=list
How to Revoke Tokens
You can delete (revoke) a token, regardless of when it was created. This allows you to gain control of access you may wish to take back.
The command to delete a token is:
npm token delete
Here are the steps:
- Type
npm token list - Find the token ID affiliated with the token you want to delete.
- Type 'npm token delete 123456', where 123456 is the token id. Note: The truncated version of the token will not work.
npm will report 'Removed 1 token'
Type 'npm token list' to confirm that the token has been removed.
The following screen shot demonstrates these steps:
Note: All tokens shown in screen illustrations have been revoked.
Note: In certain cases, there may be a delay of up to an hour before a token is successfully revoked. npm is currently working to make revocation occur immediately in all cases.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论