Authentication
LPM has three authentication commands, each for a different scenario:
| Command | Use case | Token type | Lifetime |
|---|---|---|---|
lpm login | Authenticate with LPM | Full access (read + write) | Until revoked |
lpm npmrc | Make npm install work locally | Read-only | 30 days |
lpm setup | Configure .npmrc for CI/CD | ${LPM_TOKEN} placeholder | Depends on CI secret |
lpm setup --oidc | Secret-free CI installs | Read-only OIDC token | 30 minutes |
Step 1 — Sign in
lpm loginThis opens your browser for OAuth authentication. After signing in, your token is stored securely in your OS keychain. If the keychain is unavailable, LPM falls back to an AES-256-GCM encrypted file.
Verify you're authenticated:
lpm whoamiStep 2 — Configure npm for your project
lpm login authenticates the CLI, but npm install doesn't know about the keychain. To make npm install work with LPM packages, run:
lpm npmrcThis creates a 30-day read-only token and writes it to your project's .npmrc. It also adds .npmrc to .gitignore to prevent accidental token commits.
✔ Read-only token created.
✔ .npmrc configured with read-only LPM token.
ℹ .npmrc added to .gitignore to prevent token leaks.
ℹ Token expires: April 18, 2026
ℹ Run `lpm npmrc` again to refresh when expired.
After this, both lpm install and npm install work:
npm install # ✓ uses the token from .npmrc
lpm install # ✓ uses the keychain token (always works)You can customize the token lifetime:
lpm npmrc --days 7 # 7-day token
lpm npmrc --days 90 # 90-day tokenRun lpm npmrc again anytime to refresh an expired token.
CI/CD Authentication
For CI/CD pipelines, you have two options:
Option 1 — OIDC (recommended, no secrets)
If your CI supports OIDC (GitHub Actions, GitLab CI), use lpm setup --oidc for secret-free installs:
lpm setup --oidcThis exchanges the CI provider's identity token for a short-lived LPM read-only token (30 minutes). No LPM_TOKEN secret needed anywhere.
Requires: Your GitHub or GitLab account must be linked to your LPM account at Settings > Security.
See CI/CD Integration for complete workflow examples.
Option 2 — Environment variable
For CI platforms without OIDC, or deployment platforms like Vercel and Netlify:
lpm setupThis writes a .npmrc with the ${LPM_TOKEN} placeholder. Set the LPM_TOKEN environment variable in your CI/deployment settings.
See Deployment Platforms for platform-specific guides.
Sign out
lpm logoutThis removes the stored token from your keychain.
