The npm E404 'PUT 404 Not Found' error occurs when attempting to publish a package to npm or a private registry. This error indicates authentication issues, organization/scope misconfigurations, or registry pointing to the wrong location.
When you run 'npm publish', npm sends a PUT request to the registry to create or update a package. The 404 'Not Found' error means the registry could not locate or authenticate to the destination where your package should be published. This is NOT a 'package not found' error in the traditional sense—it's a routing, authentication, or permission failure at the registry level. The error message is misleading because npm conflates 'authentication failed' and 'package location not found' into a single 404 response. Common causes include not being logged in, scope/organization mismatches, or publishing scoped packages without proper access configuration.
Confirm your npm authentication status:
npm whoamiIf this returns your username, you are logged in. If it says 'not logged in', run:
npm logout
npm loginEven if you're logged in via CLI, npm requires a verified email for publishing. Go to https://www.npmjs.com/settings/profile and confirm your email address is marked as verified.
If your package name includes a scope (e.g., @myorg/mypackage), you must be a member of that organization on npmjs.com:
1. Visit https://www.npmjs.com/org/create
2. Check if the organization exists and if your username is a member
3. If the scope doesn't exist, create it or change your package name
4. After being added, run npm logout && npm login to refresh your auth token
Scoped packages are private by default. If you don't have a paid npm account, publish with:
npm publish --access publicAdd this flag to your CI/CD publish command as well.
Open your package.json and verify the name:
{
"name": "@myusername/my-package",
"version": "1.0.0"
}- For npmjs.org: scope must match your npm username or an org you belong to
- For GitHub Packages: scope must match your GitHub username or org
Check your .npmrc file:
cat ~/.npmrcFor default npmjs.org publishing, it should contain:
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=your_token_hereIf publishing from GitHub Actions or other CI:
1. Visit https://www.npmjs.com/settings/tokens
2. Generate a new Automation token (not 'Read and Publish')
3. Update your CI/CD secret (e.g., NPM_TOKEN)
4. If you enabled 2FA, you MUST use an Automation token
Why npm returns 404 instead of 401: npm's registry returns 404 for authentication failures in some cases instead of 401 Unauthorized. This is a design flaw that makes troubleshooting difficult.
Automation tokens for CI/CD: When publishing from CI/CD, regular npm passwords don't work. You must generate an 'Automation' token which works without prompting for 2FA.
Registry-specific auth: Different registries require different authentication mechanisms. npmjs.org uses Bearer tokens, GitHub Packages requires a personal access token, and Artifactory/Nexus have their own credential systems.
Unpublish embargo: After unpublishing a version, that exact version+name combination is locked for 72 hours. You cannot republish it even with new auth.
npm error code E401 npm error Incorrect or missing password.
How to fix 'E401 Unable to authenticate' errors with npm private registries
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm