Potential NPM Access Token
Service Name: Node Package Manager (NPM)
Service Description: NPM is the package manager for Node.js, used to install, share, and distribute code and manage dependencies in JavaScript projects.
Service Address: https://www.npmjs.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to publish, update, and manage packages on the NPM registry under the associated user account.
Secret Revokement URL: https://www.npmjs.com/settings/tokens
Secret Example: npm_7dCGXkKY9QZkfd4CgAdgEwEexEXAMPLE
Suspicious Activity Investigation Instructions:
- Check for unauthorized package publications or updates in your NPM account
- Review the token's recent activity in your NPM account settings
- Verify if any packages have been modified without authorization
- Check for unexpected dependencies added to your projects
- Review package download statistics for unusual patterns
Mitigation Instructions:
- Immediately revoke the compromised token in your NPM account settings
- Navigate to https://www.npmjs.com/settings/tokens
- Identify the compromised token and click "Revoke"
- Create a new token with appropriate scopes
- Update any CI/CD pipelines or development environments with the new token
- Review and audit any packages that may have been modified during the compromise period