PyPI API Token
Detects PyPI (Python Package Index) upload tokens. The fixed marker pypi-AgEIcHlwaS5vcmc is the base64 encoding of "pypi.org", making these tokens near-unmistakable. A leaked token lets an attacker publish malicious package releases.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the static pypi-AgEIcHlwaS5vcmc marker decodes to "pypi.org" and does not occur outside genuine PyPI tokens, giving near-zero false positives.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 9
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
pypi-AgEIcHlwaS5vcmc[A-Za-z0-9_-]{50,1000}Corroborative evidence keywords
pypi, pypi.org, twine, upload token, api token, PYPI_TOKEN, __token__
Proximity: 300 characters
Should match
pypi-AgEIcHlwaS5vcmcABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789— PyPI upload token with pypi.org macaroon markerPYPI_TOKEN=pypi-AgEIcHlwaS5vcmczZyYxXwWvVuUtTsSrRqQpPoOnNmMlLkKjJiIhHgGfFeEdDcCbBaA0123456789_-— Labelled PyPI token in an env assignmentpypi-AgEIcHlwaS5vcmcaB3dE6gH9jK2mN5pQ8sT1uV4wX7yZ0aB3dE6gH9jK2mN5pQ8sT1uV4wX7yZ0aB3dE— Mixed-case PyPI token body
Should not match
pypi-AgEIcHlwaS5vcmcTOOSHORT— Body too short to be a valid PyPI tokenpypi-AgEIbm90cGtlcQABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789— Wrong macaroon marker (does not decode to pypi.org)set your pypi upload token with twine before publishing to pypi.org— Prose mention without a token value
Known false positives
- Documentation showing the literal pypi-AgEIcHlwaS5vcmc marker without a real body. Mitigation: Require a sufficiently long base64 body and check for placeholder markers (example, xxxx).