目录
目录
你可以 创建 和 查看 从网站和命令行接口 (CLI) 访问令牌。
¥You can create and view access tokens from the website and command line interface (CLI).
创建访问令牌
¥Creating access tokens
在网站上创建旧令牌
¥Creating legacy tokens on the website
注意:为了提高安全性,我们建议使用 粒度访问令牌 而不是旧版只读令牌或旧版自动化令牌。
¥Note: For greater security, we recommend using granular access tokens instead of legacy read-only tokens or legacy automation tokens.
-
在 页面右上角,单击你的个人资料图片,然后单击访问令牌。
¥In the upper right corner of the page, click your profile picture, then click Access Tokens.
-
单击生成新令牌,然后从下拉菜单中选择旧令牌。
¥Click Generate New Token, then select legacy token from the dropdown menu.
-
(可选的)命名你的令牌。
¥(Optional) Name your token.
-
选择访问令牌的类型:
¥Select the type of access token:
-
只读:只读令牌只能用于从注册表下载包。它将有权读取你有权访问的任何私有包。对于安装包但不发布新包的自动化和工作流程,建议使用此方法。
¥Read-only: A read-only token can only be used to download packages from the registry. It will have permission to read any private package that you have access to. This is recommended for automation and workflows where you are installing packages, but not publishing new ones.
-
自动化:自动化令牌可以下载包并发布新包,但如果你在账户上配置了双重身份验证 (2FA),则不会强制执行。即使你无法输入一次性密码,你也可以在持续集成工作流和其他自动化系统中使用自动化令牌来发布包。
¥Automation: An automation token can download packages and publish new ones, but if you have two-factor authentication (2FA) configured on your account, it will not be enforced. You can use an automation token in continuous integration workflows and other automation systems to publish a package even when you cannot enter a one-time passcode.
-
发布:发布令牌可以代表你执行任何操作,包括下载包、发布包以及更改用户设置或包设置。如果你在账户上配置了双重身份验证,则在使用发布令牌时将需要输入一次性密码。建议用于交互式工作流程,例如 CLI。
¥Publish: A publish token can perform any action on your behalf, including downloading packages, publishing packages, and changing user settings or package settings. If you have two-factor authentication configured on your account, you will be required to enter a one-time passcode when using a publish token. This is recommended for interactive workflows such as a CLI.
-
-
单击生成令牌。
¥Click Generate Token.
-
从页面顶部复制令牌。
¥Copy the token from the top of page.
在网站上创建粒度访问令牌
¥Creating granular access tokens on the website
-
在页面右上角,单击你的个人资料图片,然后单击访问令牌。
¥In the upper right corner of the page, click your profile picture, then click Access Tokens.
-
单击“生成新令牌”,然后单击“粒度访问令牌”。
¥Click Generate New Token, then click Granular Access Token.
-
在令牌名称字段中,输入令牌的名称。
¥In the Token name field, enter a name for your token.
-
(可选的)在描述字段中,输入令牌的描述。
¥(Optional) In the Description field, enter a description for your token.
-
在过期字段中,输入令牌过期期限。该日期必须是未来至少 1 天。
¥In the Expiration field, enter a token expiration period. The date must be at least 1 day in the future.
-
(可选的)在允许的 IP 范围字段中,输入要限制访问令牌的 IP 地址范围。你必须使用 CIDR 表示法输入 IP 地址范围。要添加多个允许的 IP 范围,请单击添加 IP 范围并在新文本字段中输入 IP 范围。
¥(Optional) In the Allowed IP Ranges field, enter IP address ranges to restrict your access token to. You must use CIDR notation to enter IP address ranges. To add more than one allowed IP range, click Add IP Range and enter an IP range in the new text field.
-
(可选的)在“包和范围”部分中,配置令牌对包和范围的访问权限。
¥(Optional) In the Packages and scopes section, configure your token's access to packages and scopes.
-
在“权限”下拉菜单中,选择“无访问权限”、“只读”或“读写”。
¥In the Permissions dropdown menu, select No access, Read-only, or Read and write.
-
在选择包下,选择:
¥Under Select Packages, select either:
-
所有包授予用户账户有权访问的所有包的令牌访问权限。
¥All Packages to grant the token access to all packages the user account has access to.
-
仅选择包和范围,以选择最多 50 个特定包或范围来授予令牌访问权限。然后从下拉菜 单中选择特定的包或范围。
¥Only select packages and scopes to choose up to 50 specific packages or scopes to give the token access to. Then select specific packages or scopes from the dropdown menu.
-
-
-
(可选的)在“组织”部分中,配置令牌对组织的访问权限。
¥(Optional) In the Organizations section, configure your token's access to organizations.
-
在“权限”下拉菜单中,选择“无访问权限”、“只读”或“读写”。
¥In the Permissions dropdown menu, select No access, Read-only, or Read and write.
-
在选择组织下,选择你想要授予令牌访问权限的组织。
¥Under Select organizations, select the organizations you want to grant your token access to.
注意:当你向组织授予令牌访问权限时,该令牌只能用于管理组织设置以及与该组织关联的团队或用户。它不赋予令牌发布由组织管理的包的权利。
¥Note: When you give a token access to an organization, the token can only be used for managing organization settings and teams or users associated with the organization. It does not give the token the right to publish packages managed by the organization.
-
-
查看令牌摘要,然后单击生成令牌。
¥Review the token summary, then click Generate Token.
-
从页面顶部复制令牌。
¥Copy the token from the top of page.
使用 CLI 创建令牌
¥Creating tokens with the CLI
你可以使用 CLI 创建具有只读权限或读取和发布权限的令牌。
¥You can create tokens with read-only permissions or read and publish permissions with the CLI.
注意:你不能从 CLI 创建旧版自动化令牌或粒度访问令牌。你必须使用该网站来生成这些类型的令牌。有关详细信息,请参阅“在网站上创建旧令牌”和“在网站上创建粒度访问令牌”。
¥Note: You cannot create legacy automation tokens or granular access tokens from the CLI. You must use the website to generate these types of tokens. For more information, see "Creating legacy tokens on the website" and "Creating granular access tokens on the website."
-
只读:仅允许安装和分发,但没有与你的账户相关的发布或其他权利的令牌。
¥Read-only: Tokens that allow installation and distribution only, but no publishing or other rights associated with your account.
-
发布:新令牌的默认设置和最宽松的令牌类型。发布令牌允许安装、分发、修改、发布以及你对你的账户拥有的所有权利。
¥Publish: The default setting for new tokens, and most permissive token type. Publish tokens allow installation, distribution, modification, publishing, and all rights that you have on your account.
此外,你可以使用 CIDR 表示法指定令牌仅对特定 IPv4 地址范围有效。令牌仅在从指定的 IP 地址使用时才有效。
¥In addition, you can specify that the token is only valid for a specific IPv4 address range, using CIDR notation. The token will only be valid when used from the specified IP addresses.
-
要创建新令牌,请在命令行上运行:
¥To create a new token, on the command line, run:
-
npm token create
用于读取和发布令牌¥
npm token create
for a read and publish token -
npm token create --read-only
为只读令牌¥
npm token create --read-only
for a read-only token -
npm token create --cidr=[list]
表示受 CIDR 限制的读取和发布令牌。例如,npm token create --cidr=192.0.2.0/24
¥
npm token create --cidr=[list]
for a CIDR-restricted read and publish token. For example,npm token create --cidr=192.0.2.0/24
-
npm token create --read-only --cidr=[list]
表示受 CIDR 限制的只读令牌¥
npm token create --read-only --cidr=[list]
for a CIDR-restricted read-only token
-
-
出现提示时,输入你的密码。
¥When prompted, enter your password.
-
如果你启用了 双重身份验证,当出现提示时,输入一次性密码。
¥If you have enabled two-factor authentication, when prompted, enter a one-time password.
-
从命令输出中的令牌字段复制令牌。
¥Copy the token from the token field in the command output.
CIDR 受限的令牌错误
¥CIDR-restricted token errors
如果你输入的 CIDR 字符串无效或格式不正确,你将收到类似于以下错误的错误:
¥If the CIDR string you enter is invalid or in an inappropriate format, you will get an error similar to the one below:
npm ERR! CIDR whitelist contains invalid CIDR entry: X.X.X.X./YY,Z.Z.. . .
确保你使用的是有效的 IPv4 范围并再次尝试创建令牌。
¥Make sure you are using a valid IPv4 range and try creating the token again.
查看访问令牌
¥Viewing access tokens
注意:永远不会显示完整的标记,只会显示第一个和最后四个字符。你只能在创建后立即查看完整的令牌。
¥Note: Full tokens are never displayed, only the first and last four characters will be shown. You can only view a full token immediately after creation.
在网站上查看令牌
¥Viewing tokens on the website
要查看与你的账户关联的所有令牌,请在页面右上角单击你的个人资料图片,然后单击访问令牌。
¥To view all tokens associated with your account, in the upper right corner of the page, click your profile picture, then click Access Tokens.
在 CLI 上查看令牌
¥Viewing tokens on the CLI
要查看与你的账户关联的所有令牌,请在命令行上运行以下命令:
¥To view all tokens associated with your account, on the command line, run the following command:
npm token list
令牌属性
¥Token attributes
-
id:使用令牌 ID 来引用命令中的令牌。
¥id: Use the token ID to refer to the token in commands.
-
令牌:实际令牌的第一个数字。
¥token: The first digits of the actual token.
-
创建:创建令牌的日期。
¥create: Date the token was created.
-
只读:如果是,则表示只读令牌。如果否,则表示具有读取和发布权限的令牌。
¥readonly: If yes, indicates a read-only token. If no, indicates a token with both read and publish permissions.
-
网段白名单:限制 IP 地址使用令牌。
¥CIDR whitelist: Restricts token use by IP address.