NPM Token
Service Name: Node Package Manager (NPM)
Service Description: NPM is the world's largest software registry and package manager for JavaScript and Node.js applications. It allows developers to install, share, and distribute code packages and manage dependencies in JavaScript projects.
Service Address: https://www.npmjs.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for access to private packages and scopes.
Secret Access Scope: Grants access to publish, update, and manage packages on the NPM registry. Can provide read/write access to private packages and organization-scoped packages.
Secret Revokement URL: https://www.npmjs.com/settings/~/tokens
Secret Example: npm_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789
Suspicious Activity Investigation Instructions:
- Check the NPM account for unauthorized package publications or updates
- Review the access logs in your NPM account settings
- Verify if any unexpected packages were published under your name or organization
- Check for unexpected version updates to your existing packages
- Review webhooks and integrations for any unauthorized changes
- Examine package download statistics for unusual patterns
Mitigation Instructions:
- Log in to your NPM account at https://www.npmjs.com/
- Navigate to your account settings
- Go to the "Access Tokens" or "Authentication Tokens" section
- Identify the compromised token and click "Revoke" or "Delete"
- Create a new token with appropriate scopes
- Update the token in all legitimate CI/CD pipelines and development
environments
- Review and update your package.json files to ensure no malicious
dependencies were added
- Consider enabling two-factor authentication for your NPM account
- Audit your published packages for any unauthorized changes