The newer publishing path stops being authoritative because the fallback credential can still authenticate. That creates a hidden bypass route for anyone who steals the legacy token. The practical failure is not just weak access control, but incomplete lifecycle closure, where a retired credential remains able to publish packages and override the intended identity flow.
Why This Matters for Security Teams
Leaving a long-lived npm token active after moving to OIDC publishing creates two parallel trust paths: the intended federated identity path and the old static credential path. That matters because package publishing is not just a build-step convenience; it is a software supply chain control point. If the legacy token remains valid, compromise of that token can bypass the newer authentication flow entirely, even when OIDC is correctly configured. NIST SP 800-53 Rev 5 Security and Privacy Controls treats credential lifecycle management and access enforcement as core controls, not optional hygiene. In practice, many security teams encounter this only after a package overwrite, credential leak, or dependency incident has already turned a retired token into an active attack path. The issue is similar to what NHI research highlights in secret sprawl and token persistence: a new control does not eliminate an older one unless revocation is completed. NHIMG’s Guide to the Secret Sprawl Challenge and the Ultimate Guide to NHIs — Static vs Dynamic Secrets both frame this as a lifecycle failure, not a point-in-time misconfiguration. The practical risk is hidden bypass, not just weak access control.How It Works in Practice
OIDC publishing is meant to replace a reusable secret with a short-lived, identity-bound exchange. The publisher proves its workload identity at runtime, receives a temporary authorization decision, and completes the publish without storing a long-lived credential. That model is stronger because the trust decision is tied to the current build context, branch, repository, or environment rather than a static token that can be copied and replayed later. When the old npm token is still active, the system now has two acceptable authentication methods:- the new OIDC flow, which is intended to be the authoritative path;
- the legacy token, which remains valid until explicitly revoked.
- incident responders may assume the migration is complete when it is not;
- attackers who obtain the old token can publish without using OIDC at all;
- policy changes in the federated path do not apply to the fallback token;
- audit trails become ambiguous because publish events can arrive through different trust mechanisms.
Common Variations and Edge Cases
Tighter publishing controls often increase release overhead, requiring organisations to balance stronger assurance against developer friction and emergency-release speed. There is no universal standard for this yet, but current guidance suggests the safest pattern is to treat OIDC as a replacement, not an additive option. If both methods remain enabled indefinitely, the organization preserves a hidden exception path that undermines the migration. In practice, teams need to decide whether the legacy token is disabled immediately, kept only for a short overlap window, or removed after validation of all repository and automation workflows. Edge cases often appear in:- multi-repo organisations where one package owner forgot to rotate the old token;
- third-party automation that still depends on the legacy credential;
- disaster recovery plans that quietly retain a fallback secret “just in case”;
- shared maintainer accounts where the token is copied into multiple environments.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers secret lifecycle gaps that leave old npm tokens active after migration. |
| OWASP Agentic AI Top 10 | Highlights runtime auth risks when automated publish workflows keep fallback credentials. | |
| CSA MAESTRO | Applies to workload identity and trust boundaries in automated software pipelines. | |
| NIST AI RMF | Supports governance of automated release agents and their credential lifecycle. | |
| NIST CSF 2.0 | PR.AC-4 | Least privilege is violated when a retired token still grants publish access. |
Inventory, rotate, and revoke legacy publishing tokens before declaring OIDC migration complete.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org