The 403 Forbidden error when publishing occurs when the package name is taken, your email isn't verified, or you lack organization permissions. Try using a scoped package name.
The E403 error indicates you're authenticated but not authorized to publish this specific package. The most common cause is that the package name is already taken by another user. Other causes include unverified email, wrong user account, or missing organization permissions. This is an authorization issue, not an authentication issue—npm recognizes who you are, but won't let you publish this package.
Search for existing packages:
# Search npm for the package name
npm search <package-name>
# Or check directly
npm view <package-name>If it exists, you'll need a different name or use a scoped package.
Scoped packages include your username/org:
{
"name": "@yourusername/package-name",
"version": "1.0.0"
}Publish with public access:
npm publish --access publicnpm requires verified email to publish:
1. Go to npmjs.com
2. Log in to your account
3. Check for email verification banner
4. Click verification link in your email
Then retry:
npm publishCheck your current login:
# Check who you're logged in as
npm whoami
# If wrong user, log out and log in
npm logout
npm loginYou cannot republish the same version:
# Increment version
npm version patch # 1.0.0 -> 1.0.1
# or
npm version minor # 1.0.0 -> 1.1.0
# Then publish
npm publishCheck package.json for private setting:
{
"name": "my-package",
"private": false // Remove or set to false
}The "private": true setting prevents publishing.
For org-scoped packages (@org/package):
1. Go to npmjs.com/org/[your-org]
2. Check you're a member with publish permissions
3. Ask org admin to add you if needed
Verify with:
npm team ls @org:developersFor GitHub Packages publishing:
{
"name": "@username/package",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}Requires a Personal Access Token with write:packages scope.
For CI/CD, the token must have publish permissions. In GitHub Actions, use:
permissions:
packages: writeIf publishing to both npm and GitHub Packages, configure separate registries for each scope in .npmrc.
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error