The EAUTHTOKEN error occurs when npm cannot authenticate using an invalid, expired, or incorrectly configured authentication token in your .npmrc file or environment. This guide covers regenerating tokens, updating credentials, and proper configuration for npm registries.
This error means npm is unable to authenticate your identity when trying to access the npm registry (or a private registry). The authentication token stored in your .npmrc file or environment variables has either expired, been revoked, or is incorrectly formatted. npm uses tokens to verify that you have permission to install packages, especially from private registries or scoped packages. The token might be invalid if your npm account password was recently changed, your organization revoked access, or the token configuration is syntactically incorrect. This commonly happens in CI/CD pipelines, when setting up private registries, or after security updates when npm deprecates older token types.
First check if npm recognizes your current authentication status.
npm whoamiIf this command returns 'not logged in' or throws an error, you need to authenticate. If it returns a username, your local token exists but may be expired or invalid for the registry you're trying to access.
Remove your current .npmrc file and re-authenticate. This generates a fresh token.
On macOS/Linux:
rm ~/.npmrc
npm loginOn Windows:
del %USERPROFILE%\.npmrc
npm loginYou'll be prompted for username, password, and email. npm will automatically create a new .npmrc with a valid token. This is the most straightforward fix for local development.
If you use a private registry (GitHub Packages, GitLab, Azure Artifacts, etc.), you need to generate a new token from that service, not npm.
GitHub Packages:
1. Go to https://github.com/settings/tokens
2. Click "Generate new token (classic)" or "Generate new token (fine-grained)"
3. Select scopes: read:packages and write:packages
4. Copy the token and update your .npmrc with the new token
GitLab:
1. Go to https://gitlab.com/-/user_settings/personal_access_tokens
2. Create a new token with read_api and write_repository scopes
3. Update your .npmrc with the new token
Generic .npmrc Update:
npm config set //registry.example.com/:_authToken "YOUR_NEW_TOKEN_HERE"Stale cache or corrupted package-lock.json can cause persistent authentication issues. Do a clean reinstall.
On macOS/Linux:
rm -rf node_modules
rm -f package-lock.json
npm cache clean --force
npm installOn Windows:
rd /s /q "node_modules"
del package-lock.json
npm cache clean --force
npm installThis forces npm to re-authenticate and fetch fresh package data from the registry.
Never commit tokens to git. Instead, use environment variables in CI/CD pipelines.
Create a .npmrc at the project root (do not commit this file):
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@yourscope:registry=https://registry.example.com/
//registry.example.com/:_authToken=${YOUR_PRIVATE_TOKEN}Then in your CI/CD pipeline, set the environment variable:
GitHub Actions:
steps:
- name: Install dependencies
run: npm install
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
YOUR_PRIVATE_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }}GitLab CI:
install:
script:
- npm install
variables:
NPM_TOKEN: $NPM_TOKENFor CI/CD environments, consider using OIDC (OpenID Connect) / Trusted Publishing instead of static tokens. GitHub Actions, GitLab CI, and other platforms now support keyless authentication that automatically exchanges a short-lived OIDC token for registry access—eliminating the need to rotate long-lived secrets entirely. See npm documentation on 'Trusted Publishing'.
If you use a private registry behind a corporate proxy or firewall, your token might be valid but the registry unreachable. Test connectivity with npm ping --registry=https://your.registry.com/.
For monorepos or projects with multiple registries, use scoped configuration. Each registry needs its own token entry in .npmrc, scoped by the registry URL:
//npm.fontawesome.com/:_authToken=token1
//registry.custom.com/:_authToken=token2npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error