Skip to content

[BUG] NPM Logout Removes Wrong Access Token #3888

New issue
New issue
Closed
#6895
Closed
[BUG] NPM Logout Removes Wrong Access Token#3888
#6895
Assignees
wraithgar
Labels
Bugthing that needs fixingPriority 1high priority issueRelease 7.xwork is associated with a specific npm 7 release
@Striar-Yunis

Description

@Striar-Yunis
Striar-Yunis
opened on Oct 13, 2021

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

NPM Logout removes the wrong token leaving the login token available. Reproduced in v6, v7, and v8.0.0.

Expected Behavior

NPM login adds an access token to npm config user section.
NPM logout removes an access token from npm config user section.

Steps To Reproduce

  1. In this environment...
  • Go to: https://www.npmjs.com/settings/USER_NAME/tokens
  • Make a Read-Only token. Keep it's value.

    Screenshot from 2021-10-13 12-44-43
  • Make a new folder: mkdir test & cd test
  • Run: npm init
  • Add .npmrc: echo "//registry.npmjs.org/:_authToken=READ_ONLY_TOKEN" > .npmrc
  • Login: npm login (See second access token created)
    Screenshot from 2021-10-13 12-45-22
  • Logout: npm logout (See wrong token removed. Readonly token was deleted)
    Screenshot from 2021-10-13 12-46-03

Environment

  • OS: Ubuntu
  • Node: v14.18.0
  • npm: Last version tested was 8.0.0, but could recreate in 6 and 7.

Metadata

Metadata

Assignees

Labels

Bugthing that needs fixingPriority 1high priority issueRelease 7.xwork is associated with a specific npm 7 release

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions