The EINVALIDRANGE error occurs when package.json contains a version specification that doesn't follow semver syntax. Fix malformed version ranges like '>=foo' or use proper semver format like '^1.0.0'.
This error occurs when npm's semver parser encounters a version range that doesn't follow semantic versioning rules. Version ranges must use valid semver syntax—numbers separated by dots, optionally with range operators. Common invalid patterns include using text instead of numbers ('>=foo'), incomplete versions ('1.0' instead of '1.0.0'), or malformed range syntax ('1.0.0-2.0.0' instead of '>=1.0.0 <2.0.0'). npm uses the node-semver library to parse versions, which strictly enforces semver 2.0 specification.
The error message shows exactly what's wrong:
npm ERR! Invalid version range: ">=foo"Search your package.json for this string:
grep -n "foo" package.jsonValid version formats:
{
"dependencies": {
"exact": "1.2.3",
"caret": "^1.2.3",
"tilde": "~1.2.3",
"range": ">=1.0.0 <2.0.0",
"or": "1.0.0 || 2.0.0",
"any": "*",
"latest": "latest"
}
}Invalid:
- ">=foo" - text instead of number
- "1.0" - missing patch version
- "v1.0.0" - leading 'v'
Common fixes:
// Wrong → Right
"1.0" → "1.0.0"
"v1.0.0" → "1.0.0"
">=1 <2" → ">=1.0.0 <2.0.0"
"1.0.0-2.0.0" → ">=1.0.0 <=2.0.0"
"latest" → "latest" // This is actually validInvalid versions can hide in the lock file:
# Search for suspicious entries
grep -E '"version":\s*"[^0-9]' package-lock.jsonIf found, delete and regenerate:
rm package-lock.json
npm installSometimes npm audit crashes on packages with historical invalid versions:
npm install --no-auditThis skips the audit phase that scans all package versions.
Use a linter to catch invalid versions:
npx npm-package-json-lint .Or check specific versions:
node -e "require('semver').validRange('^1.0.0')"Semver ranges in npm support complex patterns:
^1.2.3 := >=1.2.3 <2.0.0 (same major)
~1.2.3 := >=1.2.3 <1.3.0 (same minor)
1.2.x := >=1.2.0 <1.3.0
* := >=0.0.0 (any version)Pre-release versions have special rules:
1.0.0-alpha.1 < 1.0.0-alpha.2 < 1.0.0-beta < 1.0.0If you're using a monorepo tool like Lerna or Nx, ensure workspace protocol versions (workspace:*) are properly resolved before publishing.
For Git dependencies, use the proper URL format:
"git+https://github.com/user/repo.git#semver:^1.0.0"npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm