什么是npm中的身份验证令牌？

Question

I am learning to the npm package manager, but I am stuck to understand security tokens ( using this documentation ).

As we already know: when we login to any website, a session is created. So I understand that the tokens are sessions. But after deleting the token, the npm login session is still active, which means token plays different role than the sessions in npm.

Then: said documentation is saying that the tokens can also be used to use the packages outside the npm from the current login session. Can anyone please tell me in more simple examples what tokens are in npm and how they are useful?

Answer 1

How it says: the tokens can also be used to use the packages outside the npm from the current login session.

Example 1: If you have a project with CI, the environment where you will execute your jobs, will not be logged into npm registry, so if you are working with private packages, you will not be able to download those packages. (when your job execute npm install, you will get 403 error for private packages). Commonly, you will need to set an env variable with your npm token, like NPM_TOKEN="your npm token"

Example 2: Other example could be when you create a docker container, your docker images will not have a session for npm, so if you run npm i inside your docker container, you will no be able to download the private packages.

With authentication tokens, you will be able to access to your private packages without using npm login .