Summary
Currently Access tokens are scoped to users and have broad permissions, granular access tokens will significantly improve the status quo by having fine grained permissions, default expiration date, and restricted to be accessed only from a given CIDR.
Intended Outcome
Users would be able to create, view and delete granular access tokens from npmjs.com.
How will it work?
Users will be able to create a Granular access token from npmjs.com portal. Users can select one or more packages to provide read or write permissions. Users can also choose one or more orgs if the token needs be used to manage org settings. From the portal users will be able to provide an allowed IP range for the token as well as an expiration date.
Summary
Currently Access tokens are scoped to users and have broad permissions, granular access tokens will significantly improve the status quo by having fine grained permissions, default expiration date, and restricted to be accessed only from a given CIDR.
Intended Outcome
Users would be able to create, view and delete granular access tokens from npmjs.com.
How will it work?
Users will be able to create a Granular access token from npmjs.com portal. Users can select one or more packages to provide read or write permissions. Users can also choose one or more orgs if the token needs be used to manage org settings. From the portal users will be able to provide an allowed IP range for the token as well as an expiration date.