npm
diff --git a/‎content/cli/v7/commands/npm-token.md
+35-13 b/‎content/cli/v7/commands/npm-token.md
+35-13
diff --git a/‎content/cli/v8/commands/npm-token.md
+30-13 b/‎content/cli/v8/commands/npm-token.md
+30-13
diff --git a/‎content/cli/v9/commands/npm-token.md
+51-13 b/‎content/cli/v9/commands/npm-token.md
+51-13
diff --git a/‎content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx
+35-3 b/‎content/integrations/integrating-npm-with-external-services/about-access-tokens.mdx
+35-3
@@ -20,17 +20,41 @@ redirect_from:
 ---
 
 ### Synopsis
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/token.js -->
+
 ```bash
   npm token list [--json|--parseable]
   npm token create [--read-only] [--cidr=1.1.1.1/24,2.2.2.2/16]
   npm token revoke <id|token>
 ```
 
-Note: This command is unaware of workspaces.
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/token.js -->
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
+
+<Note>
+
+**Note:** This command is unaware of workspaces.
+
+</Note>
 
 ### Description
 
-This lets you list, create and revoke authentication tokens.
+This command lets you:
+
+* List all authentication tokens
+* Revoke any authentication token
+* Generate personal access tokens
+
+<Note>
+
+**Note:** To generate granular access tokens, you must use the website. For more information, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+
+</Note>
 
 * `npm token list`:
   Shows a table of all active authentication tokens. You can request
@@ -64,10 +88,8 @@ This lets you list, create and revoke authentication tokens.
   your password, and, if you have two-factor authentication enabled, an
   otp.
 
-  Currently, the cli can not generate automation tokens. Please refer to
-  the [docs
-  website](https://docs.npmjs.com/creating-and-viewing-access-tokens)
-  for more information on generating automation tokens.
+  The CLI cannot generate automation tokens or granular access tokens. For more information on generating tokens, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+  .
 
 ```bash
 +----------------+--------------------------------------+
@@ -144,10 +166,10 @@ password, npm will prompt on the command line for one.
 
 ### See Also
 
-* [npm adduser](/cli/v7/commands/npm-adduser)
-* [npm registry](/cli/v7/using-npm/registry)
-* [npm config](/cli/v7/commands/npm-config)
-* [npmrc](/cli/v7/configuring-npm/npmrc)
-* [npm owner](/cli/v7/commands/npm-owner)
-* [npm whoami](/cli/v7/commands/npm-whoami)
-* [npm profile](/cli/v7/commands/npm-profile)
+* [npm adduser](/commands/npm-adduser)
+* [npm registry](/using-npm/registry)
+* [npm config](/commands/npm-config)
+* [npmrc](/configuring-npm/npmrc)
+* [npm owner](/commands/npm-owner)
+* [npm whoami](/commands/npm-whoami)
+* [npm profile](/commands/npm-profile)
@@ -27,11 +27,30 @@ npm token revoke <id|token>
 npm token create [--read-only] [--cidr=list]
 ```
 
-Note: This command is unaware of workspaces.
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/token.js -->
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
+
+<Note>
+
+**Note:** This command is unaware of workspaces.
+
+</Note>
 
 ### Description
 
-This lets you list, create and revoke authentication tokens.
+This command lets you:
+
+* List all authentication tokens
+* Revoke any authentication token
+* Generate personal access tokens
+
+<Note>
+
+**Note:** To generate granular access tokens, you must use the website. For more information, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+
+</Note>
 
 * `npm token list`:
   Shows a table of all active authentication tokens. You can request
@@ -65,10 +84,8 @@ This lets you list, create and revoke authentication tokens.
   your password, and, if you have two-factor authentication enabled, an
   otp.
 
-  Currently, the cli can not generate automation tokens. Please refer to
-  the [docs
-  website](https://docs.npmjs.com/creating-and-viewing-access-tokens)
-  for more information on generating automation tokens.
+  The CLI cannot generate automation tokens or granular access tokens. For more information on generating tokens, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+  .
 
 ```bash
 +----------------+--------------------------------------+
@@ -128,10 +145,10 @@ password, npm will prompt on the command line for one.
 
 ### See Also
 
-* [npm adduser](/cli/v8/commands/npm-adduser)
-* [npm registry](/cli/v8/using-npm/registry)
-* [npm config](/cli/v8/commands/npm-config)
-* [npmrc](/cli/v8/configuring-npm/npmrc)
-* [npm owner](/cli/v8/commands/npm-owner)
-* [npm whoami](/cli/v8/commands/npm-whoami)
-* [npm profile](/cli/v8/commands/npm-profile)
+* [npm adduser](/commands/npm-adduser)
+* [npm registry](/using-npm/registry)
+* [npm config](/commands/npm-config)
+* [npmrc](/configuring-npm/npmrc)
+* [npm owner](/commands/npm-owner)
+* [npm whoami](/commands/npm-whoami)
+* [npm profile](/commands/npm-profile)
@@ -37,17 +37,40 @@ redirect_from:
 
 ### Synopsis
 
+<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/token.js -->
+
 ```bash
 npm token list
 npm token revoke <id|token>
 npm token create [--read-only] [--cidr=list]
 ```
 
-Note: This command is unaware of workspaces.
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/token.js -->
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
+
+<Note>
+
+**Note:** This command is unaware of workspaces.
+
+</Note>
 
 ### Description
 
-This lets you list, create and revoke authentication tokens.
+This command lets you:
+
+* List all authentication tokens
+* Revoke any authentication token
+* Generate legacy tokens
+
+<Note>
+
+**Note:** To generate granular access tokens, you must use the website. For more information, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+
+</Note>
 
 * `npm token list`:
   Shows a table of all active authentication tokens. You can request
@@ -81,10 +104,8 @@ This lets you list, create and revoke authentication tokens.
   your password, and, if you have two-factor authentication enabled, an
   otp.
 
-  Currently, the cli can not generate automation tokens. Please refer to
-  the [docs
-  website](https://docs.npmjs.com/creating-and-viewing-access-tokens)
-  for more information on generating automation tokens.
+  The CLI cannot generate automation tokens or granular access tokens. For more information on generating tokens, see "[Creating and viewing access tokens](https://docs.npmjs.com/creating-and-viewing-access-tokens)."
+  .
 
 ```bash
 +----------------+--------------------------------------+
@@ -108,6 +129,9 @@ This lets you list, create and revoke authentication tokens.
 
 ### Configuration
 
+<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
 #### `read-only`
 
 * Default: false
@@ -116,6 +140,9 @@ This lets you list, create and revoke authentication tokens.
 This is used to mark a token as unable to publish when configuring limited
 access tokens with the `npm token create` command.
 
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
 #### `cidr`
 
 * Default: null
@@ -124,13 +151,19 @@ access tokens with the `npm token create` command.
 This is a list of CIDR address to be used when configuring limited access
 tokens with the `npm token create` command.
 
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
 #### `registry`
 
 * Default: "https://registry.npmjs.org/"
 * Type: URL
 
 The base URL of the npm registry.
 
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
 #### `otp`
 
 * Default: null
@@ -142,12 +175,17 @@ when publishing or changing package permissions with `npm access`.
 If not set, and a registry response fails with a challenge for a one-time
 password, npm will prompt on the command line for one.
 
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
+<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
+
 ### See Also
 
-* [npm adduser](/cli/v9/commands/npm-adduser)
-* [npm registry](/cli/v9/using-npm/registry)
-* [npm config](/cli/v9/commands/npm-config)
-* [npmrc](/cli/v9/configuring-npm/npmrc)
-* [npm owner](/cli/v9/commands/npm-owner)
-* [npm whoami](/cli/v9/commands/npm-whoami)
-* [npm profile](/cli/v9/commands/npm-profile)
+* [npm adduser](/commands/npm-adduser)
+* [npm registry](/using-npm/registry)
+* [npm config](/commands/npm-config)
+* [npmrc](/configuring-npm/npmrc)
+* [npm owner](/commands/npm-owner)
+* [npm whoami](/commands/npm-whoami)
+* [npm profile](/commands/npm-profile)
@@ -13,18 +13,50 @@ redirect_from:
 
 An access token is an alternative to using your username and password for authenticating to npm when using the API or the npm command-line interface (CLI).  An access token is a hexadecimal string that you can use to authenticate, and which gives you the right to install and/or publish your modules.
 
-The npm CLI automatically generates an access token for you when you run `npm login`.  You can also create an access token to give other tools (such as continuous integration testing environments) access to your npm packages. For example, GitHub Actions provides the ability to store [secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets), like access tokens, that you can then use to authenticate.  When your workflow runs,  it will be able to complete npm tasks as you, including installing private packages you can access.
+There are two types of access tokens available:
+
+* [Legacy tokens](#about-legacy-tokens)
+* [Granular access tokens](#about-granular-access-tokens)
+
+You can create access tokens to give other tools (such as continuous integration testing environments) access to your npm packages. For example, GitHub Actions provides the ability to store [secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets), such as access tokens, that you can then use to authenticate.  When your workflow runs, it will be able to complete npm tasks as you, including installing private packages you can access.
 
 You can work with tokens from the web or the CLI, whichever is easiest. What you do in each environment will be reflected in the other environment.
 
 npm token commands let you:
 
 * View tokens for easier tracking and management
-* Create new tokens, specifying read-only or full-permission
+* Create new legacy tokens
 * Limit access according to IP address ranges (CIDR)
 * Delete/revoke tokens
 
 For more information on creating and viewing access tokens on the web and CLI, see "[Creating and viewing access tokens][create-token]".
 
-[create-token]: creating-and-viewing-access-tokens
+## About legacy tokens
+
+Legacy tokens are created with the same permissions as the user who created them. The npm CLI automatically generates and uses a publish token when you run `npm login`.
+
+There are three different types of legacy tokens:
+
+
+* **Read-only**: You can use these tokens to download packages from the registry. These tokens are best for automation and workflows where you are installing packages. For greater security, we recommend using [granular access tokens](#about-granular-access-tokens) instead.
+* **Automation**: You can use these tokens to download packages and install new ones. These tokens are best for automation workflows where you are publishing new packages. Automation tokens do not 2FA for executing operations on npm and are suitable for CI/CD workflows. For greater security, we recommend using [granular access tokens](#about-granular-access-tokens) instead.
+* **Publish**: You can use these tokens to download packages, install packages, and update user and package settings. We recommend using them for interactive workflows such as a CLI. If 2FA is enabled on your account, publish tokens will require 2FA to execute sensitive operations on npm. 
 
+Legacy tokens do not have an expiration date. It is important to be aware of your tokens and keep them protected for account security. For more information, see "[Securing your token][secure-token]."
+
+## About granular access tokens
+
+Granular access tokens allow you to restrict access provided to the token based on what you want to use the token for. With granular access tokens, you can:
+
+* Restrict which packages and scopes a token has access to
+* Grant tokens access to specific organizations
+* Set a token expiration date
+* Limit token access based on IP address ranges
+* Select between **read-only** or **read and write** access
+
+You can create up to 50 granular access tokens on your npm account. You can set how long your token is valid for, up to a maximum expiration of 365 days from creation. Each token can access up to 50 organizations, and up to either 50 packages, 50 scopes, or a combination of 50 packages and scopes. Access tokens are tied to users’ permission; hence it cannot have more permission than the user at any point in time. If a user has their access revoked from a package or an org., their granular access token also will have its access revoked from those packages or org.
+
+When you give a token access to an organization, the token can only be used for managing organization settings and teams or users associated with the organization. It does not give the token the right to publish packages managed by the organization.  
+
+[create-token]: creating-and-viewing-access-tokens
+[secure-token]: using-private-packages-in-a-ci-cd-workflow#securing-your-token