statusboard icon indicating copy to clipboard operation
statusboard copied to clipboard

Published 20 hours ago verified publisher icon npm

feat(token): support automation tokens via `--token-type`

Open darcyclarke opened this issue 3 years ago • 0 comments

Summary

The CLI should support automation tokens (which are already available on the website)

Exit Criteria

  • [ ] npm token create supports a new --token-type flag
    • default value is: read-write, other values are read & automation
    • legacy --read-only flag should map to --token-type=read
  • [ ] npm token list outputs the corresponding token type (no longer just the "read-only" boolean)
  • [ ] Tests are written to reflect new capabilities
  • [ ] Documentation is updated to reflect new capabilities

Examples

npm token create --token-type=read

npm token create --token-name="Actions CI" --token-type=automation

npm token list 

+--------+---------+------------+------------+------------+----------------+
| id     | token   | created    | name       | type       | CIDR whitelist |
+--------+---------+------------+------------+------------+----------------+
| 7f3134 | 1fa9ba… | 2017-10-02 |            | read       |                |
+--------+---------+------------+------------+------------+----------------+
| c03241 | af7aef… | 2017-10-02 | npm login  | read-write |                |
+--------+---------+------------+------------+------------+----------------+
| e0cf92 | 3a436a… | 2017-10-02 | npm login  | read-write |                |
+--------+---------+------------+------------+------------+----------------+
| 63eb9d | 74ef35… | 2017-09-28 | Actions CI | automation |                |
+--------+---------+------------+------------+------------+----------------+

Potential Bikeshedding

  • the website calls read-write tokens "Publish" tokens... if we want to keep this verbiage, feel free to adjust the values noted above accordingly (there may be reasons we want to push forward with read-write though... as it's a standard across GitHub & may more clearly communicate the capabilities of the permissions that token is associated with - ref. https://docs.npmjs.com/creating-and-viewing-access-tokens#creating-tokens-with-the-cli)

References

  • https://www.npmjs.com/settings/<tokens>/tokens
  • https://github.blog/changelog/2020-10-02-npm-automation-tokens/

darcyclarke avatar Jan 13 '22 03:01 darcyclarke