How to fix npm ERR! Error: EACCES: permission denied, stat '<path>' in npm

npmBEGINNERMEDIUM

npm cannot stat a file/directory (node_modules, cache, or global path) because permissions or ACLs block metadata access. Fix ownership, remove broken links, and use user-owned locations.

What this error means

npm stats files to read metadata while resolving versions, validating cache entries, and linking binaries. If the path is root-owned, on a restricted mount, or a broken symlink pointing into a locked area, stat returns EACCES and npm stops. The error appears after sudo installs leave protected folders, when working on NTFS/SMB mounts with Windows ACLs, or when corporate policies restrict /usr/local. Docker/CI can hit it when the workspace volume is owned by root but npm runs as a different user.

Typical symptoms

npm install/ci fails with EACCES: stat '<path>'
Works with sudo/Admin but fails for normal user
node_modules contains root-owned or unreadable entries
find -L shows broken symlinks inside node_modules
npm cache verify reports permission errors on cache files
CI/WSL runs fail while local installs succeed

Common causes

Root-owned files from previous sudo/global installs
Broken symlinks pointing into protected locations
NTFS/SMB mounts (WSL2, network shares) denying stat
Corporate lockdown of /usr/local or /opt/homebrew
Docker/CI running npm as non-owner of the workspace
Antivirus/EDR holding locks on cache or node_modules entries

How to fix "npm ERR! Error: EACCES: permission denied, stat '<path>'"

1Inspect the failing path and find broken links

bash

stat <path>
find node_modules -xtype l -maxdepth 4 2>/dev/null

2Fix ownership for workspace and prefix

bash

sudo chown -R $(whoami) .
sudo chown -R $(whoami) $(npm config get prefix)/{lib/node_modules,bin,share}

3Remove broken symlinks and reinstall

bash

find node_modules -xtype l -delete 2>/dev/null
rm -rf node_modules package-lock.json
npm cache clean --force
npm ci

4Use user-owned cache and prefix

bash

npm config set cache ~/.npm-cache
mkdir -p ~/.npm-global
npm config set prefix ~/.npm-global
export PATH="$HOME/.npm-global/bin:$PATH"

Advanced notes

Stat failures often surface when a symlink inside node_modules points to a system-wide path (e.g., globally linked package) that is not readable by the current user; removing the symlink and reinstalling locally resolves it. In CI, earlier steps may produce root-owned artifacts—chown the workspace before npm ci. macOS Homebrew under /opt/homebrew can become root-owned after OS updates; using nvm/fnm to keep installs in $HOME avoids that drift.

Related errors

Official resources & further reading

📚npm Official Documentation
📖
npm Docs: Resolving EACCES for npm(Official Docs)
📖
Microsoft Docs: WSL file permission considerations(Official Docs)
💬
Stack Overflow: Permission denied errors in npm install(Stack Overflow)
🐙
npm/cli#3618 - permission errors in npm cache/node_modules(GitHub)