Skip to content

Potential NPM Access Token

Service Name: Node Package Manager (NPM)

Service Description: NPM is the package manager for Node.js, used to install, share, and distribute code and manage dependencies in JavaScript projects.

Service Address: https://www.npmjs.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to publish, update, and manage packages on the NPM registry under the associated user account.

Secret Revokement URL: https://www.npmjs.com/settings/tokens

Secret Example: npm_7dCGXkKY9QZkfd4CgAdgEwEexEXAMPLE

Suspicious Activity Investigation Instructions:

  • Check for unauthorized package publications or updates in your NPM account
  • Review the token's recent activity in your NPM account settings
  • Verify if any packages have been modified without authorization
  • Check for unexpected dependencies added to your projects
  • Review package download statistics for unusual patterns

Mitigation Instructions:

  • Immediately revoke the compromised token in your NPM account settings
  • Navigate to https://www.npmjs.com/settings/tokens
  • Identify the compromised token and click "Revoke"
  • Create a new token with appropriate scopes
  • Update any CI/CD pipelines or development environments with the new token
  • Review and audit any packages that may have been modified during the compromise period