If you enable "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.
Expected: Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.
Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround: