Announcing npm’s new access token format

GitHub is enhancing the security of its supply chain by introducing a new authentication token format for npm, aligning it with the GitHub authentication tokens format. Previously, npm tokens followed a 36-character UUID pattern, which posed challenges like inaccurate detection of compromised tokens. The new tokens begin with an identifiable "npm" prefix, facilitating indexing by GitHub secret scanning and npm's internal secret scanners, and use an underscore as a delimiter for improved usability. This new format increases token entropy from 128 to 178 by making the tokens longer and using a larger alphabet, while the inclusion of a CRC32 checksum encoded in Base62 helps minimize false positives in leak detection. Users are encouraged to reset their existing access tokens to this new format to enhance security and improve the precision of secret scanning.