NPM token update

[HyperBrain]

Hi @serverless-heaven/serverless-webpack-team,
as NPM announced that they will change their token handling to a more restricted mode,
I will create and add a new token (the modern one).
Can you please make sure that this is then used in CI/CD properly?
See: https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/
Thanks
Frank

[j0k3r]

@HyperBrain Hello! We'll see as soon as we have a PR opened.

Reading the maximum expiration of 90 days, means you'll have to update it every 90 days?

[HyperBrain]

I created a new NPM token (the new token type) and replaced the old one.
Please check and validate that it is working properly. In January I need to update it again ....

[mogusbi-motech]

Is there any reason why you are not using trusted publishing? Would save having to create a new token every 90 days

https://docs.npmjs.com/trusted-publishers#supported-cicd-providers

[HyperBrain]

Good point. Didn't know about that. Will check it out on the weekend.

[HyperBrain]

I think so - until more people notice that this is secure but not really user friendly .... there is at least a chance that it will be changed again I hope.

…

On Wed, Oct 15, 2025 at 8:56 AM Jérémy Benoist ***@***.***> wrote: @HyperBrain <https://github.com/HyperBrain> Hello! We'll see as soon as we have a PR opened. Reading the maximum expiration of 90 days, means you'll have to update it every 90 days? — Reply to this email directly, view it on GitHub <#2254 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABKEZXVUKDAAZNYGGCWPICT3XXV2ZAVCNFSM6AAAAACJGENWRCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTINRYGM3TENA> . You are receiving this because you were mentioned.Message ID: <serverless-heaven/serverless-webpack/repo-discussions/2254/comments/14683724 @github.com>