Skip to content

NPM Authentication Token

Service Name: Node Package Manager (NPM)

Service Description: NPM is the world's largest software registry, containing over a million packages of JavaScript code that developers can use to share and borrow code.

Service Address: https://www.npmjs.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to publish, update, and manage packages on the NPM registry under the authenticated user's account.

Secret Revokement URL: https://www.npmjs.com/settings/tokens

Secret Example: npm_QvJ6g0A2WzMqIwx5M8D0o9s7n1pFNQoA1a2B3c4D

Suspicious Activity Investigation Instructions:

  • Check the NPM account for unauthorized package publications or updates
  • Review the token's access history in the NPM account settings
  • Verify if any packages have been published with malicious code
  • Check for unexpected version updates to existing packages
  • Look for unauthorized collaborators added to packages

Mitigation Instructions:

  • Immediately revoke the compromised token in NPM account settings
  • Navigate to https://www.npmjs.com/settings/tokens
  • Find the compromised token and click "Revoke"
  • Create a new token with appropriate scopes
  • Update all CI/CD pipelines and development environments with the new token
  • Review and audit all packages published during the suspected compromise period