I’m trying to revoke an NPM token because it was accidently published. How can I do that? I tried changing the password, but when adding a new user it just has the same token.
Are you talking about the _authToken assigned to your .npmrc file when you npm login? Or user token? Or something else?
Sorry for my confusion.
-Joe
Hi @jtom ,
I could not figure it out how to generate _authToken . Do you know how to generate one with my credentials ?
I tried with npm login / npm adduser ... and provided credentials but these commands didn’t add these tokens to the .npmrc automatically.
thankyou in advance!
@sanu.solutions npm Security should help you. Notably “Authentication Using Basic Auth” section speaks to generating the token.
@jtom I’m using NPM Authentication Using Realm and Login, and have generated token successfully using steps mentioned at npm Security and also able to read/publish packages to the repository.
Now I want to revoke couple of tokens that I had previously generated.
I could not find any reference around how to do that.
I tried NPM’s default npm token list or npm token delete commands, but they don’t work with Nexus3.
My nexus version is OSS 3.42.0-01
@chetan.goti7 Assuming you mean the _auth tokens, my understanding are the token is just a representation of the username and password. They have nothing to do with Nexus Repository or even really npm. To “revoke” you can either remove from configuration or change the users password. The latter would make the representation invalid.
As I asked Or a while ago in the initial reply, it is not clear what revoke people are speaking of (there is not really an assignment of the token insomuch as a configuration is done) so my answer may not be clear because I may be confused.
Hope that helps.
-Joe
PS: If you are trying to “undo” npm config set, Google tells me you can do it using npm config delete or npm config rm. I have not tested this myself before adding this PS, so recommend due caution if you are using this not on a throwaway machine/environment.