npm Token

Description

General

• Documentation: https://docs.npmjs.com
• Summary: Npm (Node Package Manager) is a public javascript software registry. Developers can publish and download packages on the platform, organizations may also use npm to manage private packages and development. Npm provides both a CLI and an API to interact with registries. An access token is an alternative to using username and password for authenticating to npm.
• IPs allowlist: A token can be valid only for a given IP address range : this can be specified with the --cidr option using the CLI command npm token.
• Scopes: Three types of access can be granted to a token when creating it : read-only, automation and publish. Read this documentation for more information.

Revoke the secret

Access tokens can be revoked from npm's website or using the CLI. Read this page for more information.

Check for suspicious activity

This is not mentioned in the documentation.

Details for Npm token

• Category: Development tool

• Company: npm

• High recall: False

• Validity check available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 4.16

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - html  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - npm  - _authtoken

Examples

- text: +//registry.leaking-repos.com/:_authToken=e0cd4d7d-19fx-4p18-86f2-0bbf2c36g6a7  apikey: e0cd4d7d-19fx-4p18-86f2-0bbf2c36g6a7
- text: +//192.168.88.9:8081/repository/npmlocal/:_authToken=NpmToken.4536684c-d492-39pb-89a8-494b52767ccc  apikey: 4536684c-d492-39pb-89a8-494b52767ccc
- text: '"_authToken": "b98ec224-cdb2-4340-b7bd-9017fc715d1c"'  apikey: b98ec224-cdb2-4340-b7bd-9017fc715d1c
- text: '-export NPM_TOKEN="007e64c7-635d-4d54-8295-f360cb8e2e4f"'  apikey: 007e64c7-635d-4d54-8295-f360cb8e2e4f