This error occurs when npm can't fetch security audit data from the registry. Usually caused by missing package-lock.json, network issues, or private registries that don't support audits.
The EAUDITNODATA error means npm couldn't retrieve vulnerability data from the registry's audit endpoint. npm audit works by sending your dependency tree to the registry's audit API, which checks it against a vulnerability database. This error typically occurs when: - There's no package-lock.json file (npm needs the exact dependency tree) - The registry doesn't support the audit endpoint - Network issues prevent reaching the audit service - The package-lock.json file is corrupted or incomplete
The most common fix—regenerate the lock file:
rm -rf node_modules package-lock.json
npm install
npm auditIf you just need the lock file without installing:
npm i --package-lock-only
npm auditIf using a private registry that doesn't support audits:
npm audit --registry=https://registry.npmjs.org/This sends audit requests to the public registry while keeping your private registry for package downloads.
Verify you can reach the audit endpoint:
# Test registry connectivity
npm ping
# Check audit endpoint
curl https://registry.npmjs.org/-/npm/v1/security/auditsOlder npm versions may have audit issues:
npm install -g npm@latestIf audit is blocking and you need to proceed:
npm install --no-auditNote: This skips security checks. Only use temporarily and run npm audit manually later.
Private registry solutions:
- Verdaccio, Nexus, and Artifactory don't natively support npm audit
- Use --registry=https://registry.npmjs.org/ for audit commands
- Consider npm-audit-proxy for air-gapped environments
- Some enterprise registries offer audit features separately
Offline environments: npm audit requires internet access to the vulnerability database. For air-gapped environments:
- Mirror the GitHub Advisory Database locally
- Use third-party tools that work with local vulnerability data
- Consider Snyk or similar tools with offline capabilities
CI/CD considerations: If audit fails in CI due to registry issues:
# Allow audit to fail without breaking build
npm audit || truenpm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error