To keep your account and packages secure, we strongly recommend revoking (deleting) tokens you no longer need or that have been compromised. You can revoke any token you have created.
Note: While access tokens are not derived from your password, changing your password will invalidate all of your tokens. You can also invalidate a single token by logging out on a machine that is logged in with that token. We recommend revoking rather than invalidating tokens.
To see a list of your tokens, on the command line, run:
In the tokens table, find and copy the ID of the token you want to delete.
On the command line, run the following command, replacing 123456 with the ID of the token you want to delete:
npm will report Removed 1 token
To confirm that the token has been removed, run:
Note: You must use the token ID to delete a token, not the truncated version of the token. In some cases, there may be a delay of up to an hour before a token is successfully revoked.