Skip to searchSkip to content
npm Docs
npmjs.comStatusSupport

Revoking access tokens

See DetailsTable of contents

To keep your account and packages secure, we strongly recommend revoking (deleting) tokens you no longer need or that have been compromised. You can revoke any token you have created, including legacy tokens and granular access tokens (with or without bypass 2FA enabled).

Revoking tokens on the website

  1. In the upper right corner of the page, click your profile picture, then click Access Tokens.

  2. Find the token you want to delete in the token list.

  3. Click the × button next to the token, or select multiple tokens and click Delete Selected Tokens.

  4. Confirm the deletion when prompted.

Revoking tokens from the command line

  1. To see a list of your tokens, on the command line, run:

    npm token list

  2. In the tokens table, find and copy the ID of the token you want to delete.

  3. On the command line, run the following command, replacing 123456 with the ID of the token you want to delete:

    npm token delete 123456

    npm will report Removed 1 token

  4. To confirm that the token has been removed, run:

    npm token list

Note: You must use the token ID to delete a token, not the truncated version of the token. In some cases, there may be a delay of up to an hour before a token is successfully revoked.

Edit this page on GitHub
3 contributorslukekarrysMylesBorinsethomson
Last edited by lukekarrys on October 14, 2023

Table of contents