The npm E400 Bad Request error occurs when npm sends a malformed or invalid request to the registry. Common causes include misconfigured registry settings, invalid package.json formatting, or scope mismatches when publishing packages.
An HTTP 400 Bad Request response from the npm registry indicates that npm sent a request the server couldn't process. This typically happens during install or publish operations when the request itself is invalid—either due to malformed JSON in package.json, incorrect registry configuration, wrong scope ownership, or authentication issues. Unlike 401 (unauthorized) or 404 (not found) errors, a 400 error means the server understood your intent but rejected the request format or content. The error can occur in multiple npm operations: installing packages from a registry, publishing new packages, or updating existing packages.
Check your current registry configuration and ensure it's pointing to the official npm registry.
npm config get registry
npm config set registry https://registry.npmjs.org/
npm config get registryIf you intentionally use a private registry, verify the URL is correct and accessible.
Corrupted cache or cached authentication tokens can cause the registry to reject requests.
npm cache clean --force
rm -rf node_modules package-lock.json
npm installThis forces npm to fetch fresh metadata and cache from the registry.
An E400 error when publishing often means your package.json has invalid syntax or fields. Validate the JSON and check critical fields.
cat package.json | jq .
npm lsEnsure your package.json contains:
- Valid JSON syntax (no trailing commas, proper quotes)
- Valid package name (lowercase, no spaces, only hyphens/underscores for separators)
- Valid version (semantic versioning: major.minor.patch)
- If publishing to a scoped registry: scope matches your organization
If you're publishing a scoped package, ensure the scope matches your registry organization.
cat ~/.npmrc
# For Nexus, publish to hosted repo (not group):
npm publish --registry https://your-nexus.com/repository/npm-hosted/For multiple registries in .npmrc:
@myorg:registry=https://private-registry.com/
@otherorg:registry=https://another-registry.com/Network configuration, proxies, or stale authentication can cause requests to be rejected.
npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080
npm login
npm config listIf using a VPN, ensure it's active and the registry is accessible.
For Nexus users: E400 errors commonly occur when publishing to a repository group instead of a hosted repository. Groups are read-only proxies—you must publish to the hosted (private) repository directly. Additionally, verify the repository format is set to 'npm', not 'nuget' or another format. For GitHub Packages / GitLab: The E400 error often indicates a scope mismatch. Your package name scope (@org/package) must match the organization or user that owns the repository. Debug mode: Run npm install --verbose to see detailed HTTP requests and responses.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm