diff --git a/detect_secrets/plugins/npm.py b/detect_secrets/plugins/npm.py
index 0ec3b1434..18316107a 100644
--- a/detect_secrets/plugins/npm.py
+++ b/detect_secrets/plugins/npm.py
@@ -13,5 +13,5 @@ class NpmDetector(RegexBasedDetector):
     denylist = [
         # npmrc authToken
         # ref. https://stackoverflow.com/questions/53099434/using-auth-tokens-in-npmrc
-        re.compile(r'\/\/.+\/:_authToken=\s*((npm_.+)|([A-Fa-f0-9-]{36})).*'),
+        re.compile(r'\/\/.+\/:_authToken=\s*(?!\$\{[A-Z_]+\})((npm_.+)|\S+).*'),
     ]
diff --git a/tests/plugins/npm_test.py b/tests/plugins/npm_test.py
index d7d85492a..57f15ef34 100644
--- a/tests/plugins/npm_test.py
+++ b/tests/plugins/npm_test.py
@@ -18,6 +18,8 @@ class TestNpmDetector:
             ('_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False),
             ('foo', False),
             ('//registry.npmjs.org/:_authToken=${NPM_TOKEN}', False),
+            ('//gitlab.com/api/v4/projects/1347/packages/npm/:_authToken=glpat-a8r3xUFrtP-isd1DLK_r', True),
+            ('//gitlab.com/api/v4/projects/1347/packages/npm/:_authToken=${CI_JOB_TOKEN}', False),
         ],
     )
     def test_analyze(self, payload, should_flag):