Classic npm tokens sunset due this month(github.blog)
github.blog
Classic npm tokens sunset due this month
https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/
https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/
> Over the next five weeks, we will:
> Revoke all existing legacy classic tokens for npm publishers.
> Disable legacy classic token generation on npmjs.com permanently.
> If you use classic tokens for npm, you must immediately take the following actions:
> Generate new npm granular access tokens with appropriate scoped permissions.
> Update all automation, CI/CD pipelines, and local configurations.