This error occurs when npm can't fetch security audit data from the registry. Usually caused by missing package-lock.json, network issues, or private registries that don't support audits.
The EAUDITNODATA error means npm couldn't retrieve vulnerability data from the registry's audit endpoint. npm audit works by sending your dependency tree to the registry's audit API, which checks it against a vulnerability database. This error typically occurs when: - There's no package-lock.json file (npm needs the exact dependency tree) - The registry doesn't support the audit endpoint - Network issues prevent reaching the audit service - The package-lock.json file is corrupted or incomplete
The most common fix—regenerate the lock file:
rm -rf node_modules package-lock.json
npm install
npm auditIf you just need the lock file without installing:
npm i --package-lock-only
npm auditIf using a private registry that doesn't support audits:
npm audit --registry=https://registry.npmjs.org/This sends audit requests to the public registry while keeping your private registry for package downloads.
Verify you can reach the audit endpoint:
# Test registry connectivity
npm ping
# Check audit endpoint
curl https://registry.npmjs.org/-/npm/v1/security/auditsOlder npm versions may have audit issues:
npm install -g npm@latestIf audit is blocking and you need to proceed:
npm install --no-auditNote: This skips security checks. Only use temporarily and run npm audit manually later.
Private registry solutions:
- Verdaccio, Nexus, and Artifactory don't natively support npm audit
- Use --registry=https://registry.npmjs.org/ for audit commands
- Consider npm-audit-proxy for air-gapped environments
- Some enterprise registries offer audit features separately
Offline environments: npm audit requires internet access to the vulnerability database. For air-gapped environments:
- Mirror the GitHub Advisory Database locally
- Use third-party tools that work with local vulnerability data
- Consider Snyk or similar tools with offline capabilities
CI/CD considerations: If audit fails in CI due to registry issues:
# Allow audit to fail without breaking build
npm audit || truenpm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm