Use a token format with a prefix

Private Packagist uses a [token format with a prefix and checksum](https://packagist.com/docs/composer-authentication#token-format) to help with automated scanning for commited secrets in codebases.
For an example, see [Trivy: Secret scanning](https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret/) and https://github.com/aquasecurity/trivy/pull/7826.

Doing the same for Packagist.org would allow those secret scanners to scan for Packagist.org tokens as well.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Use a token format with a prefix #1475

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Use a token format with a prefix #1475

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions