NPM Token

Description

The NPM access token can be used to authenticate to npm when using the API or the npm command-line interface (CLI). An access token is a hexadecimal string that you can use to authenticate, and which gives you the right to install and/or publish your modules.

Remediation

NPM

. Revoke Secret.

. To see a list of your tokens, on the command line, run:

npm token list

. In the tokens table, find and copy the ID of the token you want to delete. On the command line, run the following command, replacing 123456 with the ID of the token you want to delete:

npm token delete 123456 npm will report Removed 1 token

. To confirm that the token has been removed, run:

npm token list

. Clean the git history. Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Rule Details

Field	Value
ID	IAC-1310
Severity	LOW
IaC Type	secrets
Frameworks	Git
Checkov ID	CKV_SECRET_12

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

NPM Token

Description

Remediation

npm token list

npm token delete 123456 npm will report Removed 1 token

npm token list

Rule Details

References

SAST Rules

IaC Rules

License Rules

NPM Token ​

Description ​

Remediation ​

npm token list ​

npm token delete 123456 npm will report Removed 1 token ​

npm token list ​

Rule Details ​

References ​

NPM Token

Description

Remediation

npm token list

npm token delete 123456 npm will report Removed 1 token

npm token list

Rule Details

References