npm-logout

Log out of the registry user account

$ npm logout

$ npm logout --registry [registry_url]

npm logout [--registry=<registry url>] [--scope=<scope>]

--registry=
    Specifies the URL of the npm registry to log out from. If not provided, it defaults to the primary registry defined in the npm configuration.

--scope=
    Used to target credentials associated with a specific scope within a registry. While primarily used with npm login, it can help clarify which scoped credentials are being removed if multiple are present for a given registry.

The npm logout command effectively terminates the current user's authenticated session with an npm registry. It removes authentication credentials, such as tokens, username, and password entries, from the user's local .npmrc configuration file. After logging out, subsequent npm commands requiring authentication (e.g., npm publish or installing private packages) will fail until the user logs in again using npm login. This command is crucial for security, especially when working on shared machines or switching user accounts. By default, it logs out from the default npm registry, but can be targeted to specific registries using the --registry option.

npm logout only removes authentication tokens from your local .npmrc configuration file(s). It does not invalidate or revoke the token on the registry server itself. The token remains valid on the server until it expires or is explicitly revoked via the registry's web interface (e.g., npmjs.com user settings page). If you have multiple .npmrc files (e.g., user, global, project), this command primarily affects the user-level ~/.npmrc file.

Upon execution, npm logout intelligently locates and deletes authentication-related entries (such as _authToken, username, and sometimes _password) from the relevant .npmrc file(s) for the specified or default registry. This action ensures that subsequent API requests to the registry from your machine will no longer include the necessary authentication headers, effectively 'logging you out' from a local perspective.

Using npm logout is a recommended security measure, especially when working on public or shared computers. It prevents unauthorized access to your npm account, safeguarding against accidental publishing or access to private packages under your credentials after you've finished your session.

The npm logout command has been a fundamental part of the npm CLI's authentication system since its early development. Introduced to complement npm login, its core functionality—removing local authentication tokens—has remained consistent throughout npm's evolution. It serves as a standard and essential utility for managing user sessions with npm registries.

npm login(1), npm whoami(1), npm config(1), npm token(1)