Accountability sits with the teams that defined the token's scope, storage, rotation, and revocation model, not just with the final victim of the malware. Security, platform, and release engineering all share responsibility when a machine identity is allowed to carry permanent publishing power.
Why This Matters for Security Teams
When a package token is abused, the incident is rarely just a malware problem. It is usually a governance failure around how the token was scoped, where it was stored, who could mint or reuse it, and how quickly it could be revoked. That makes accountability shared across security, platform, and release engineering, because each group influences whether the token can be replayed, exfiltrated, or turned into persistent publishing access. The pattern is visible in NHIMG research such as the Salesloft OAuth token breach, where token misuse became a data access issue, not just an authentication issue.
Current guidance suggests that machine identities must be treated as production assets with lifecycle controls, not as convenience credentials attached to build jobs. That is especially important in supply-chain environments where a single token can unlock package publishing, dependency poisoning, or downstream trust abuse. Industry research reinforces the scale of exposure: GitGuardian reported that The State of Secrets Sprawl 2026 found 59% of compromised machines in a major 2025 supply chain attack were CI/CD runners rather than personal workstations. In practice, many security teams only discover this accountability gap after the token has already been reused across multiple pipelines.
How It Works in Practice
The practical answer starts with identity design. A package token should not be a standing, long-lived credential that can publish whenever it is found. Best practice is evolving toward narrow-scoped, short-lived credentials tied to a specific workload, release event, or approval state. That means the team that owns the package registry policy, the CI/CD platform, and the release process all share accountability for limiting blast radius. NHI governance becomes a lifecycle issue, not a single control point.
Operationally, teams should define:
- exact token scope, such as read-only, publish-only, or environment-specific permissions;
- issuance rules, including just-in-time creation and automatic expiration;
- storage controls, such as secret managers, workload identity, or ephemeral OIDC exchange;
- rotation and revocation triggers after pipeline completion, anomaly detection, or maintainer departure;
- auditing that ties every token use to a workload, commit, runner, or release approval.
For broader NHI control patterns, NHIMG’s Guide to the Secret Sprawl Challenge is useful because it frames exposure as a lifecycle failure, not a detection-only problem. External guidance from the OWASP Non-Human Identity Top 10 and CISA cyber threat advisories supports the same direction: restrict standing privilege, reduce token lifetime, and make revocation automatic. These controls tend to break down when legacy release tooling requires durable shared tokens because the process itself depends on persistent privilege.
Common Variations and Edge Cases
Tighter token controls often increase release friction, so organisations have to balance deployment speed against abuse resistance. That tradeoff is real in monorepos, third-party build services, and multi-tenant runners where one token may support many packages or teams. In those environments, there is no universal standard for this yet, but current guidance suggests moving toward per-project or per-workflow identities rather than org-wide publishing tokens.
Two edge cases matter most. First, if the abuse came through a compromised CI runner, accountability extends beyond the developer who committed the code and into the platform team that allowed reusable secrets on shared infrastructure. Second, if a package token was embedded in an automation script or vendor integration, the owning team still remains accountable for its scope and revocation model even if an attacker triggered the abuse later. NHIMG’s LLMjacking: How Attackers Hijack AI Using Compromised NHIs shows how quickly exposed credentials can be operationalised, while the Shai Hulud npm malware campaign illustrates how package ecosystems turn token misuse into broad downstream impact. The hard lesson is that responsibility does not end at the breach point; it ends when the token can no longer be abused.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Token rotation and revocation are central to preventing package token abuse. |
| CSA MAESTRO | IAM-02 | Covers governance of machine identities used in CI/CD and supply chains. |
| NIST AI RMF | GOVERN | Shared accountability and lifecycle oversight map to AI risk governance principles. |
Bind package publishing to workload identity and restrict standing credentials in pipelines.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
