The EPRIVATE error occurs when attempting to publish a package that has "private": true in package.json. This is a safety feature to prevent accidental publication of internal code.
The EPRIVATE error is npm's safeguard against accidentally publishing private or internal packages to the public registry. When package.json contains `"private": true`, npm refuses to publish the package to any registry. This is distinct from npm's paid private packages feature. The `private` field in package.json means "never publish this package anywhere"—it's commonly used for application repositories, internal tools, and monorepo root packages that should never be distributed as npm packages.
Edit package.json to remove the private restriction:
{
"name": "my-package",
"version": "1.0.0",
"private": false
}Or simply remove the "private" field entirely—packages are public by default.
Scoped packages (@username/package) default to restricted. Make them public explicitly:
# Publish scoped package as public
npm publish --access publicThis is required even if the private field is not set.
Persist the access setting for future publishes:
{
"name": "@myorg/my-package",
"version": "1.0.0",
"publishConfig": {
"access": "public"
}
}This eliminates the need to pass --access public every time.
Ensure you're logged in with proper permissions:
# Check current login
npm whoami
# Re-authenticate if needed
npm logout
npm login
# Verify email is confirmed
npm profile getIn monorepos, ensure you're in the correct directory:
# Check current package name
cat package.json | grep '"name"'
# Navigate to correct package directory
cd packages/my-publishable-package
npm publishThe root package.json often has private: true intentionally.
If publishing to a private registry (not npm public), configure the registry:
{
"name": "@myorg/my-package",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}Note: The private: true field still blocks publishing to ANY registry, including private ones.
The private field serves different purposes in different contexts. For application repositories (websites, APIs, CLI tools that aren't distributed via npm), setting "private": true is a best practice that prevents accidental publication.
For monorepos, the root package.json should have "private": true while publishable sub-packages should not. Tools like Lerna and Turborepo handle this automatically.
In CI/CD, always include --access public in publish commands for scoped packages, or use publishConfig in package.json. Environment variable NPM_TOKEN must have publish permissions for the scope.
npm error code ENOENT npm error syscall spawn git npm error path git npm error errno -4058 npm error enoent An unknown git error occurred
How to fix "spawn git ENOENT" in npm
npm error code E401 npm error Incorrect or missing password.
How to fix 'E401 Unable to authenticate' errors with npm private registries
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm