The EPRIVATE error occurs when attempting to publish a package that has "private": true in package.json. This is a safety feature to prevent accidental publication of internal code.
The EPRIVATE error is npm's safeguard against accidentally publishing private or internal packages to the public registry. When package.json contains `"private": true`, npm refuses to publish the package to any registry. This is distinct from npm's paid private packages feature. The `private` field in package.json means "never publish this package anywhere"—it's commonly used for application repositories, internal tools, and monorepo root packages that should never be distributed as npm packages.
Edit package.json to remove the private restriction:
{
"name": "my-package",
"version": "1.0.0",
"private": false
}Or simply remove the "private" field entirely—packages are public by default.
Scoped packages (@username/package) default to restricted. Make them public explicitly:
# Publish scoped package as public
npm publish --access publicThis is required even if the private field is not set.
Persist the access setting for future publishes:
{
"name": "@myorg/my-package",
"version": "1.0.0",
"publishConfig": {
"access": "public"
}
}This eliminates the need to pass --access public every time.
Ensure you're logged in with proper permissions:
# Check current login
npm whoami
# Re-authenticate if needed
npm logout
npm login
# Verify email is confirmed
npm profile getIn monorepos, ensure you're in the correct directory:
# Check current package name
cat package.json | grep '"name"'
# Navigate to correct package directory
cd packages/my-publishable-package
npm publishThe root package.json often has private: true intentionally.
If publishing to a private registry (not npm public), configure the registry:
{
"name": "@myorg/my-package",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}Note: The private: true field still blocks publishing to ANY registry, including private ones.
The private field serves different purposes in different contexts. For application repositories (websites, APIs, CLI tools that aren't distributed via npm), setting "private": true is a best practice that prevents accidental publication.
For monorepos, the root package.json should have "private": true while publishable sub-packages should not. Tools like Lerna and Turborepo handle this automatically.
In CI/CD, always include --access public in publish commands for scoped packages, or use publishConfig in package.json. Environment variable NPM_TOKEN must have publish permissions for the scope.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"