The E401 error indicates an authentication failure when attempting operations on npm's registry. When related to 2FA, it means your npm account has two-factor authentication enabled, but credentials are missing, invalid, or an OTP code is required.
The E401 error indicates a general authentication failure when attempting operations on npm's registry (login, publish, etc.). When specifically related to 2FA, it means your npm account has two-factor authentication enabled, but either: - No authentication credentials were provided - The credentials are invalid/expired - A one-time password (OTP) code is missing or incorrect Unlike the EOTP error (which specifically requests an OTP), E401 is a broader authentication rejection that may require different solutions depending on context.
Log in to https://npmjs.com, go to Account Settings > Two-Factor Authentication. Note whether 2FA is enabled for 'Authorization Only' or 'Authorization and Writes'. This determines whether you can publish without OTP entry.
For single operations, use npm login on your local machine:
npm loginnpm will prompt for username, password, and then an OTP code from your authenticator app. Have your authenticator ready before starting.
For CI/CD workflows with 2FA enabled:
1. Visit https://npmjs.com/settings/tokens
2. Click 'Generate New Token'
3. Select 'Granular Access Token'
4. Set appropriate permissions (read, publish, or admin)
5. Enable 'Bypass 2FA' for write operations
6. Copy the token and store in your CI/CD provider's secrets manager
export NPM_TOKEN=your_automation_token_hereCreate or update your .npmrc file with your access token:
# Store in ~/.npmrc (user home directory)
//registry.npmjs.org/:_authToken=your_npm_token_hereNever commit .npmrc with tokens to version control. Use environment variables in CI/CD:
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrcIf you must use a password-based workflow with OTP:
# Via environment variable
NPM_CONFIG_OTP=123456 npm publish
# Via command flag
npm publish --otp=123456OTP codes expire within 30-60 seconds, so generate it immediately before running the command.
If auth still fails after trying above steps, clear the npm cache:
npm cache clean --forceThen attempt your operation again. This removes cached credentials that may be invalid.
E401 vs EOTP Error Distinction: E401 is a general authentication rejection, while EOTP specifically means "this operation requires a one-time password." If you see EOTP, provide OTP via --otp flag. If you see E401, the issue is usually invalid/missing credentials or 2FA misconfiguration.
2FA Modes: npm offers two 2FA modes:
- Authorization Only: Requires OTP only when signing in
- Authorization and Writes: Requires OTP for both login AND publish/package modifications
Token Security (as of Nov 2025): npm deprecated long-lived classic tokens. New write-capable granular tokens default to 7-day expiration (max 90 days). For CI/CD, use trusted publishing (OIDC) or short-lived granular tokens with explicit 2FA bypass.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error