The 'Invalid tar file' error occurs when npm fails to extract a downloaded package because the tar archive is corrupted, incomplete, or in an unrecognized format. This typically happens during npm install when a package download was interrupted or the cache contains damaged files.
The "Invalid tar file" error occurs when npm fails to extract a downloaded package because the tar archive is corrupted, incomplete, or in an unrecognized format. This typically happens during the npm install process when npm downloads a package from the registry, caches it, and attempts to extract it into node_modules. The tar archive may be damaged due to network interruptions, corrupted cache, checksum mismatches, or registry issues. npm uses the tar package internally to handle gzip decompression and archive extraction. When downloading a package, npm performs an integrity check by comparing the downloaded file's SHA-512 hash against the value in package-lock.json. If hashes don't match or the archive header is malformed, extraction fails.
Remove all cached .tar.gz files and corrupt metadata:
npm cache clean --forceThis forces npm to re-download packages fresh on next install. If you prefer verification first, use:
npm cache verifyRemove both package-lock.json and the node_modules directory to eliminate stale references:
rm -rf node_modules package-lock.jsonOn Windows:
rmdir /S /Q node_modules
del package-lock.jsonRun npm install to download all packages fresh and recreate the lock file:
npm installWatch for any tar errors that reappear—they'll help identify which specific package is problematic.
Ensure you're running the latest stable versions:
npm install -g npm@latestUpdate Node.js via https://nodejs.org. Older versions have known tar extraction bugs that have been fixed in recent releases.
Check your internet connection by visiting https://registry.npmjs.org/ in a browser. If behind a corporate proxy or firewall, temporarily disable them to test.
Run with verbose output to see detailed download progress:
npm install --verboseVerify you have sufficient free disk space:
# macOS/Linux
df -h
# Windows
dir C:\Package extraction needs temp space. If low on space, free up disk and retry.
If errors persist, note which specific package fails from verbose output. Try installing just that package:
npm install <package-name>@<version>Report the issue on that package's GitHub repo if it consistently fails.
Chunked encoding bug: Some npm registry proxies and older npm versions (< v7.20) have issues with HTTP chunked-transfer-encoding, causing partial downloads that appear valid but are actually truncated. Upgrading to npm 9.x+ and Node 16+ largely resolves this.
Private registry considerations: Private registries (Verdaccio, npm Enterprise, Artifactory) may serve corrupted tarballs if misconfigured. Test with curl to verify the registry can serve tarballs cleanly.
Caching strategy: npm v5+ uses "smart cache" that self-heals corruption, but aggressive caching across CI/CD environments can preserve corrupted files. Always use npm ci --prefer-offline in CI for more reproducible builds.
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error