n4bb12
commented
5 years ago Let me know if you need help with this.
PRs are welcome
Closed derhuerst closed 4 years ago
n4bb12
commented
5 years ago Let me know if you need help with this.
PRs are welcome
n4bb12
commented
5 years ago You can revoke your token on the GitHub UI. This will invalidate the plugin's token within 5s.
npm token support was added in verdaccio v4.3.0 but this plugin currently only supports v3, so I'll close this for now.
n4bb12
commented
4 years ago I'm re-opening this because v4 is now supported, although I'm not sure if we can hook into how Verdaccio handles the npm token command.
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Using GitHub OAuth, it's very easy to get an auth token. Thanks for this lib!
But if I accidentally post my auth token somewhere, I should be able to revoke/invalidate my token using the built-in
npm token revokecommand. Seamless secret invalidation is considered an important security feature.Let me know if you need help with this.