npm cannot list a directory because Windows/WSL or security tools block access. Remove locks, move to user-owned filesystems, fix ownership, and clean/reinstall.
npm uses scandir to enumerate directories in node_modules, the cache, and global installs. On Windows/WSL, if AV/EDR holds a lock or the directory is on a restricted NTFS/SMB mount, scandir throws EPERM and npm stops. It commonly appears with VS Code/Defender watching node_modules, on WSL2 projects stored on /mnt/c, or in Docker/CI when running as a different user than the volume owner.
ls -ld <path>
stat <path>Close VS Code/terminals and add Defender/AV exclusions for the project and npm cache. Retry from a new shell.
npm config set cache ~/.npm-cache
mkdir -p ~/.npm-global
npm config set prefix ~/.npm-global
export PATH="$HOME/.npm-global/bin:$PATH"On WSL, work under ~/projects (ext4) instead of /mnt/c. In Docker, set --user to match host UID/GID or chown the bind mount.
Network shares may deny directory listing even when Windows shows read access; use a local clone for installs. Corporate macOS/Windows images sometimes mark node_modules as read-only during scans—scheduling installs outside scan windows or adding exclusions helps. In CI, clear caches copied from root-owned layers before npm ci to avoid EPERM on shared cache dirs.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
rm -rf node_modules package-lock.json
npm cache clean --force
npm ci