npm Token
Description
General
- Documentation: https://docs.npmjs.com
- Summary: Npm (Node Package Manager) is a public javascript software registry. Developers can publish and download packages on the platform, organizations may also use npm to manage private packages and development. Npm provides both a CLI and an API to interact with registries. An access token is an alternative to using username and password for authenticating to npm.
- IPs allowlist: A token can be valid only for a given IP address range: this can be specified with the
--cidroption using the CLI commandnpm token. - Scopes: Three types of access can be granted to a token when creating it: read-only, automation and publish. Read this documentation for more information.
Revoke the secret
Access tokens can be revoked from npm's website or using the CLI. Read this page for more information.
Check for suspicious activity
This is not mentioned in the documentation.
Details for Npm token
Family: Api
Category: Package registry
Company: npm
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 5.03
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^(cs|x|p|s|r|m)?html5?~?$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- npm
- _authtoken
Examples
- text: +//registry.leaking-repos.com/:_authToken=e0cd4d7d-19fx-4p18-86f2-0bbc5e36g6b1
apikey: e0cd4d7d-19fx-4p18-86f2-0bbc5e36g6b1
- text: +//192.168.88.9:8081/repository/npmlocal/:_authToken=NpmToken.4536684c-d492-39pb-89a8-743a59762bcc
apikey: 4536684c-d492-39pb-89a8-743a59762bcc
- text: '"_authToken": "b98ec224-cdb2-4340-b7bd-9617fc719d1d"'
apikey: b98ec224-cdb2-4340-b7bd-9617fc719d1d
- text: '-export NPM_TOKEN="007e64c7-635d-4d54-8295-f364cd8e0e0f"'
apikey: 007e64c7-635d-4d54-8295-f364cd8e0e0f
Details for Npm token prefixed
Family: Api
Category: Package registry
Company: npm
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 1.45
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^(cs|x|p|s|r|m)?html5?~?$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- npm_
Examples
- text: +//registry.leaking-repos.com/:_authToken=npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
apikey: npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
- text: +//192.168.88.9:8081/repository/npmlocal/:_authToken=npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
apikey: npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
- text: '"_authToken": "npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d"'
apikey: npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
- text: '-export NPM_TOKEN="npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d"'
apikey: npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
# Fat-fingered secret
- text: NPM_TOKEN="nnpm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
apikey: npm_TBljNfh4TLQlHWVhybV4iXrsNj5bMQ9EMh6d
