PyPI API Token
Service Name: Python Package Index (PyPI)
Service Description: PyPI is the official package repository for Python, where developers can publish and share their Python packages with the community.
Service Address: https://pypi.org/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to publish, update, and manage Python packages on PyPI under the associated account.
Secret Revokement URL: https://pypi.org/manage/account/
Secret Example: pypi-AgEIcHlwaS5vcmcCJDFjMTk2YWEyLTM4NTAtNGNkOS1iNjc3LTc4ZDRhZjMwYmZkMQACJXsicGVybWlzc2lvbnMiOiAidXNlciIsICJ2ZXJzaW9uIjogMX0AAAYgbvG5wEV6pZ2NjFCk7mRFJyxL9JVOU_2vxn2-Xm4Gw7A
Suspicious Activity Investigation Instructions:
- Check PyPI account for unauthorized package uploads or modifications
- Review package download statistics for unusual patterns
- Check for unexpected package versions or metadata changes
- Verify the integrity of previously uploaded packages
- Review account access logs if available
Mitigation Instructions:
- Log in to your PyPI account at https://pypi.org/
- Navigate to Account Settings > API tokens
- Revoke the compromised token immediately
- Create a new token with appropriate permissions if needed
- Check for and remove any unauthorized packages or versions
- Change your PyPI account password
- Enable two-factor authentication if not already enabled