Skip to main content

npm Token

Description#

General#

  • Documentation: https://docs.npmjs.com
  • Summary: Npm (Node Package Manager) is a public javascript software registry. Developers can publish and download packages on the platform, organizations may also use npm to manage private packages and development. Npm provides both a CLI and an API to interact with registries. An access token is an alternative to using username and password for authenticating to npm.
  • IPs allowlist: A token can be valid only for a given IP address range: this can be specified with the --cidr option using the CLI command npm token.
  • Scopes: Three types of access can be granted to a token when creating it: read-only, automation and publish. Read this documentation for more information.

Revoke the secret#

Access tokens can be revoked from npm's website or using the CLI. Read this page for more information.

Check for suspicious activity#

This is not mentioned in the documentation.

Details for Npm token#

  • Family: Api

  • Category: Development tool

  • Company: npm

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 4.16

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r|m)?html5?~?$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - npm  - _authtoken

Examples#

- text: +//registry.leaking-repos.com/:_authToken=e0cd4d7d-19fx-4p18-86f2-0bbf2c36g6a7  apikey: e0cd4d7d-19fx-4p18-86f2-0bbf2c36g6a7
- text: +//192.168.88.9:8081/repository/npmlocal/:_authToken=NpmToken.4536684c-d492-39pb-89a8-494b52767ccc  apikey: 4536684c-d492-39pb-89a8-494b52767ccc
- text: '"_authToken": "b98ec224-cdb2-4340-b7bd-9017fc715d1c"'  apikey: b98ec224-cdb2-4340-b7bd-9017fc715d1c
- text: '-export NPM_TOKEN="007e64c7-635d-4d54-8295-f360cb8e2e4f"'  apikey: 007e64c7-635d-4d54-8295-f360cb8e2e4f

Details for Npm token prefixed#

  • Family: Api

  • Category: Development tool

  • Company: npm

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r|m)?html5?~?$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - npm_

Examples#

- text: +//registry.leaking-repos.com/:_authToken=npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d  apikey: npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d
- text: +//192.168.88.9:8081/repository/npmlocal/:_authToken=npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d  apikey: npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d
- text: '"_authToken": "npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d"'  apikey: npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d
- text: '-export NPM_TOKEN="npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d"'  apikey: npm_TCllNwh3WLQlHWVhybM1iQrsTj5rMQ0BOh6d