feat!: support for creating granular access tokens

owlstronaut · owlstronaut · commit 5ac7dab38a0e · 2025-10-28T12:26:24.000-07:00
BREAKING CHANGE: The createToken function has been updated to support granular access tokens. The previous method of creating classic tokens is deprecated. Please use the new createToken function with appropriate parameters for granular tokens.
diff --git a/lib/index.js b/lib/index.js
@@ -236,14 +236,10 @@ const removeToken = async (tokenKey, opts = {}) => {
   return null
 }
 
-const createToken = (password, readonly, cidrs, opts = {}) => fetch.json('/-/npm/v1/tokens', {
+const createToken = (tokenData, opts = {}) => fetch.json('/-/npm/v1/tokens', {
   ...opts,
   method: 'POST',
-  body: {
-    password: password,
-    readonly: readonly,
-    cidr_whitelist: cidrs,
-  },
+  body: tokenData,
 })
 
 class WebLoginInvalidResponse extends HttpErrorBase {
diff --git a/test/index.js b/test/index.js
@@ -271,21 +271,24 @@ test('removeToken', t => {
 })
 
 test('createToken', t => {
-  const base = {
-    password: 'secretPassw0rd!',
-    readonly: true,
-    cidr_whitelist: ['8.8.8.8/32', '127.0.0.1', '192.168.1.1'],
+  const tokenData = {
+    type: 'granular',
+    name: 'CI Publish Token',
+    access: 'read-write',
+    expires: '2025-12-01T00:00:00Z',
+    packages: ['@my-org/my-package'],
+    scopes: ['@my-org'],
+    cidr_whitelist: ['8.8.8.8/32'],
   }
-  const obj = Object.assign({
-    token: 'deadbeef',
-    key: 'sha512-badc0ffee',
-    created: (new Date()).toString(),
-  })
-  delete obj.password
-  tnock(t, registry).post('/-/npm/v1/tokens', base).reply(200, obj)
-  return profile.createToken(
-    base.password,
-    base.readonly,
-    base.cidr_whitelist
-  ).then(ret => t.same(ret, obj, 'got the right return value'))
+  const response = {
+    id: '789abc',
+    token: 'npm_gat_abcdef',
+    name: 'CI Publish Token',
+    type: 'granular',
+    access: 'read-write',
+    expires: '2025-12-01T00:00:00Z',
+    created: '2025-04-15T08:20:00Z',
+  }
+  tnock(t, registry).post('/-/npm/v1/tokens', tokenData).reply(201, response)
+  return profile.createToken(tokenData).then(ret => t.same(ret, response, 'got the right return value'))
 })
