Documentation: indicate the minimum scope needed for PAT to access NPM Registry
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
In this documentation page about authenticating to the npm registry, it says that one would need to create a Personal Access Token to do so, but fails to say which scope or scopes are needed to achieve that.
Further details
At first I created a token with all scopes, but it's certainly not ideal. Hence me wanting to know which are the minimum scopes needed.
I supposed, based on my own tests and the description of each scope in the Settings > Access Tokens page, that it ought to be the api scope.
But since it gives access to everything, I was not sure it was the right thing to do (which is closely related to the #20440 (closed) issue).
Proposal
Add some text that indicates that the PAT need api scope in order to be used to download from/upload to the private NPM registry.