The 403 Forbidden error when publishing occurs when the package name is taken, your email isn't verified, or you lack organization permissions. Try using a scoped package name.
The E403 error indicates you're authenticated but not authorized to publish this specific package. The most common cause is that the package name is already taken by another user. Other causes include unverified email, wrong user account, or missing organization permissions. This is an authorization issue, not an authentication issue—npm recognizes who you are, but won't let you publish this package.
Search for existing packages:
# Search npm for the package name
npm search <package-name>
# Or check directly
npm view <package-name>If it exists, you'll need a different name or use a scoped package.
Scoped packages include your username/org:
{
"name": "@yourusername/package-name",
"version": "1.0.0"
}Publish with public access:
npm publish --access publicnpm requires verified email to publish:
1. Go to npmjs.com
2. Log in to your account
3. Check for email verification banner
4. Click verification link in your email
Then retry:
npm publishCheck your current login:
# Check who you're logged in as
npm whoami
# If wrong user, log out and log in
npm logout
npm loginYou cannot republish the same version:
# Increment version
npm version patch # 1.0.0 -> 1.0.1
# or
npm version minor # 1.0.0 -> 1.1.0
# Then publish
npm publishCheck package.json for private setting:
{
"name": "my-package",
"private": false // Remove or set to false
}The "private": true setting prevents publishing.
For org-scoped packages (@org/package):
1. Go to npmjs.com/org/[your-org]
2. Check you're a member with publish permissions
3. Ask org admin to add you if needed
Verify with:
npm team ls @org:developersFor GitHub Packages publishing:
{
"name": "@username/package",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}Requires a Personal Access Token with write:packages scope.
For CI/CD, the token must have publish permissions. In GitHub Actions, use:
permissions:
packages: writeIf publishing to both npm and GitHub Packages, configure separate registries for each scope in .npmrc.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm