npm-login

Authenticate with the npm registry

TLDR

Log in to a registry user account and save the credentials to the .npmrc file

$ npm login

Log in using a custom registry

$ npm login --registry [registry_url]

Log in using a specific authentication strategy

$ npm login --auth-type [legacy|web]

SYNOPSIS

npm login [--registry=url] [--scope=scope] [--no-otp | --otp ]


        PARAMETERS
        
          --registry=url
    Specifies the registry to log in to. If not provided, npm uses the default registry (registry.npmjs.org).

--scope=scope
    Associates the login credentials with a specific scope. This is useful when working with private scoped packages that might be hosted on a different registry.

--no-otp
    Disables the one-time password prompt. This is generally discouraged for security reasons but can be useful in automated environments where OTP input is not possible. If 2FA is enabled and this flag is used, the login will likely fail.

--otp 
    Provides a one-time password directly, bypassing the interactive prompt. This is used when 2FA is enabled and the OTP is available through other means (e.g., environment variable, script output).


        

        DESCRIPTION
        
          The npm login command allows users to authenticate themselves with an npm registry. This is essential for publishing packages, installing private packages, or accessing scoped packages from private registries.

When executed, it interactively prompts the user for a username, password, and email address. If two-factor authentication (2FA) is enabled for the account, it will also prompt for a one-time password (OTP).

Upon successful authentication, npm login stores an authentication token in the user's .npmrc configuration file, typically located in the home directory (~/.npmrc). This token is then used for subsequent authenticated npm operations, such as npm publish or npm install for private packages. It's the primary way to establish an authenticated session with the npm registry.
        
        CAVEATS
        
          The authentication token stored in .npmrc grants access to your npm account. Ensure your .npmrc file has appropriate permissions (e.g., chmod 600 ~/.npmrc) to prevent unauthorized access. Using --no-otp can reduce security if 2FA is enabled for your account.

Be cautious when logging into public or shared machines, as tokens can persist.
        
        HISTORY
        
          The npm login command has been a fundamental part of the npm CLI since its early days, providing the necessary mechanism for users to authenticate with npm registries. Initially, it was often an alias for npm adduser, and in many current versions, npm adduser still performs the same interactive login process. Its core functionality has remained consistent: facilitating secure access for publishing and consuming private packages. Over time, features like 2FA support (via --otp) have been integrated to enhance security.
        
        SEE ALSO
        
          npm-logout(1), npm-whoami(1), npm-adduser(1), npm-config(1), npmrc(5)