NPM Token

Bridgecrew Policy ID: BC_GIT_12
Severity: LOW

NPM Token


The NPM access token can be used to authenticate to npm when using the API or the npm command-line interface (CLI). An access token is a hexadecimal string that you can use to authenticate, and which gives you the right to install and/or publish your modules.

Fix - Buildtime


Step 1: Revoke Secret.

  1. To see a list of your tokens, on the command line, run:
npm token list
  1. In the tokens table, find and copy the ID of the token you want to delete. On the command line, run the following command, replacing 123456 with the ID of the token you want to delete:
npm token delete 123456
npm will report Removed 1 token
  1. To confirm that the token has been removed, run:
npm token list

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.