npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

fake-tokens

v0.1.11

Published

NPM package that generates fake authentication tokens for testing and development purposes

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

6mile6mile

Keywords

testinggithubgitlabnpmawstokenssecuritymock-data

Readme

fake-tokens - Generate fake access tokens

fake-tokens

Overview

Have you ever needed fake GitHub, NPM, GitLab or AWS credentials for testing? I did, but when I went looking for a library to use, I couldn't find any, so I wrote my own.

fake-tokens is a Javascript library and CLI that generates fake access tokens for testing and development purposes. fake-tokens currently supports GitHub, NPM, GitLab and AWS tokens. These tokens are intended for use in unit tests, development environments, and other scenarios where you need placeholder authentication data. Security researchers, red teams and bug bounty hunters can use fake-tokens to test their tooling. Finally, you can import the library and use it in your project, or you can run it as a CLI tool.

WARNING: All generated tokens are fake and cannot be used for actual authentication with any service.

Supported Token Types

  • GitHub Classic: ghp_ prefix, 40 characters total
  • GitHub Fine-grained: github_pat_ prefix, 93 characters total (customizable)
  • GitLab: glpat- prefix, 26 characters total
  • NPM: npm_ prefix, 40 characters total
  • AWS Access Key: AKIA prefix, 20 characters total
  • AWS Secret Key: 40-character base64-like string

Installation

npm install fake-tokens

Usage

Use fake-tokens CLI

Generate a single GitHub classic token (default):

fake-tokens

Specify Token Type

Generate different types of tokens:

fake-tokens -t github_classic
fake-tokens -t github_fine_grained
fake-tokens -t gitlab
fake-tokens -t npm
fake-tokens -t aws_access_key
fake-tokens -t aws_secret_key

Generate Multiple Tokens

Generate multiple tokens of the same type:

fake-tokens -c 5                    # 5 GitHub classic tokens
fake-tokens -c 10 -t npm            # 10 NPM tokens
fake-tokens -c 3 -t aws_access_key  # 3 AWS access keys

Command Line Parameters

  • -t, --type: Token type to generate (default: github_classic)
  • -c, --count: Number of tokens to generate (default: 1)
  • -h, --help: Show help message

Help

fake-tokens --help

Examples

Generate AWS Credentials for Testing

# Generate access key
fake-tokens -t aws_access_key
# Output: AKIAIOSFODNN7EXAMPLE

# Generate secret key
fake-tokens -t aws_secret_key
# Output: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Generate Multiple GitHub Tokens

fake-tokens -c 3 -t github_classic
# Output:
# ghp_1234567890abcdef1234567890abcdef12345678
# ghp_abcdef1234567890abcdef1234567890abcdef12
# ghp_567890abcdef1234567890abcdef1234567890ab

Use fake-tokens inline to generate fake access tokens

GITHUB_TOKEN=$(fake-tokens -t github_classic)
AWS_ACCESS_KEY_ID=$(fake-tokens -t aws_access_key)
AWS_SECRET_ACCESS_KEY=$(fake-tokens -t aws_secret_key)

Using fake-tokens as a Javascript module

const TestTokenGenerator = require('fake-tokens');

const generator = new TestTokenGenerator();

// Generate single tokens
const githubToken = generator.generateGitHubClassicToken();
const npmToken = generator.generateNpmToken();
const awsAccessKey = generator.generateAwsAccessKey();

// Generate multiple tokens
const multipleTokens = generator.generateBatch(5, 'github_classic');

console.log('GitHub Token:', githubToken);
console.log('NPM Token:', npmToken);
console.log('AWS Access Key:', awsAccessKey);
console.log('Multiple Tokens:', multipleTokens);

Methods

generateGitHubClassicToken(ensureUnique = true)

Returns a fake GitHub classic token starting with ghp_.

generateGitHubFineGrainedToken(length = 93, ensureUnique = true)

Returns a fake GitHub fine-grained token starting with github_pat_.

generateGitLabToken(ensureUnique = true)

Returns a fake GitLab token starting with glpat-.

generateNpmToken(ensureUnique = true)

Returns a fake NPM token starting with npm_.

generateAwsAccessKey(ensureUnique = true)

Returns a fake AWS access key starting with AKIA.

generateAwsSecretKey(ensureUnique = true)

Returns a fake AWS secret key (40 characters).

generateBatch(count, tokenType = "github_classic")

Returns an array of fake tokens of the specified type.

clearHistory()

Clears the history of generated tokens.

getGeneratedCount()

Returns the number of unique tokens generated.

Security Notes

  • All tokens generated by this script are completely fake
  • Uses Node.js crypto.randomInt() for cryptographically secure random generation
  • Do not use these tokens for actual authentication
  • The tokens follow realistic formats but contain no real credentials
  • Safe to commit to version control in test configurations
  • No actual API keys or secrets are embedded in the script

Token Format Details

GitHub Classic Tokens

  • Format: ghp_ + 36 alphanumeric characters
  • Total length: 40 characters
  • Character set: a-z, A-Z, 0-9

GitHub Fine-grained Tokens

  • Format: github_pat_ + variable length alphanumeric string
  • Default length: 93 characters total
  • Character set: a-z, A-Z, 0-9

GitLab Tokens

  • Format: glpat- + 20 alphanumeric characters
  • Total length: 26 characters
  • Character set: a-z, A-Z, 0-9

NPM Tokens

  • Format: npm_ + 36 characters
  • Total length: 40 characters
  • Character set: a-z, A-Z, 0-9, _, -

AWS Access Keys

  • Format: AKIA + 16 uppercase alphanumeric characters
  • Total length: 20 characters
  • Character set: A-Z, 0-9

AWS Secret Keys

  • Format: 40-character base64-like string
  • Character set: a-z, A-Z, 0-9, +, /

Requirements

  • Node.js 12.0.0 or higher
  • No external dependencies (uses only built-in Node.js modules)

Contributing

Feel free to submit issues or pull requests to add support for additional token formats or improve existing functionality.

License

This script is provided as-is for testing and development purposes. Use responsibly and never for actual authentication.