NPM Authentication Token
Service Name: Node Package Manager (NPM)
Service Description: NPM is the world's largest software registry, containing over a million packages of JavaScript code that developers can use to share and borrow code.
Service Address: https://www.npmjs.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to publish, update, and manage packages on the NPM registry under the authenticated user's account.
Secret Revokement URL: https://www.npmjs.com/settings/tokens
Secret Example: npm_QvJ6g0A2WzMqIwx5M8D0o9s7n1pFNQoA1a2B3c4D
Suspicious Activity Investigation Instructions:
- Check the NPM account for unauthorized package publications or updates
- Review the token's access history in the NPM account settings
- Verify if any packages have been published with malicious code
- Check for unexpected version updates to existing packages
- Look for unauthorized collaborators added to packages
Mitigation Instructions:
- Immediately revoke the compromised token in NPM account settings
- Navigate to https://www.npmjs.com/settings/tokens
- Find the compromised token and click "Revoke"
- Create a new token with appropriate scopes
- Update all CI/CD pipelines and development environments with the new token
- Review and audit all packages published during the suspected compromise period