The EINVALIDRANGE error occurs when package.json contains a version specification that doesn't follow semver syntax. Fix malformed version ranges like '>=foo' or use proper semver format like '^1.0.0'.
This error occurs when npm's semver parser encounters a version range that doesn't follow semantic versioning rules. Version ranges must use valid semver syntax—numbers separated by dots, optionally with range operators. Common invalid patterns include using text instead of numbers ('>=foo'), incomplete versions ('1.0' instead of '1.0.0'), or malformed range syntax ('1.0.0-2.0.0' instead of '>=1.0.0 <2.0.0'). npm uses the node-semver library to parse versions, which strictly enforces semver 2.0 specification.
The error message shows exactly what's wrong:
npm ERR! Invalid version range: ">=foo"Search your package.json for this string:
grep -n "foo" package.jsonValid version formats:
{
"dependencies": {
"exact": "1.2.3",
"caret": "^1.2.3",
"tilde": "~1.2.3",
"range": ">=1.0.0 <2.0.0",
"or": "1.0.0 || 2.0.0",
"any": "*",
"latest": "latest"
}
}Invalid:
- ">=foo" - text instead of number
- "1.0" - missing patch version
- "v1.0.0" - leading 'v'
Common fixes:
// Wrong → Right
"1.0" → "1.0.0"
"v1.0.0" → "1.0.0"
">=1 <2" → ">=1.0.0 <2.0.0"
"1.0.0-2.0.0" → ">=1.0.0 <=2.0.0"
"latest" → "latest" // This is actually validInvalid versions can hide in the lock file:
# Search for suspicious entries
grep -E '"version":\s*"[^0-9]' package-lock.jsonIf found, delete and regenerate:
rm package-lock.json
npm installSometimes npm audit crashes on packages with historical invalid versions:
npm install --no-auditThis skips the audit phase that scans all package versions.
Use a linter to catch invalid versions:
npx npm-package-json-lint .Or check specific versions:
node -e "require('semver').validRange('^1.0.0')"Semver ranges in npm support complex patterns:
^1.2.3 := >=1.2.3 <2.0.0 (same major)
~1.2.3 := >=1.2.3 <1.3.0 (same minor)
1.2.x := >=1.2.0 <1.3.0
* := >=0.0.0 (any version)Pre-release versions have special rules:
1.0.0-alpha.1 < 1.0.0-alpha.2 < 1.0.0-beta < 1.0.0If you're using a monorepo tool like Lerna or Nx, ensure workspace protocol versions (workspace:*) are properly resolved before publishing.
For Git dependencies, use the proper URL format:
"git+https://github.com/user/repo.git#semver:^1.0.0"npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error