npm's E404 'Scope not found' error occurs when you attempt to publish a scoped package (@scope/package-name) where the scope (organization or user namespace) either doesn't exist on the npm registry, isn't associated with your account, or isn't properly configured.
A scope is a unique namespace that prevents package name conflicts—each npm user and organization gets their own scope (e.g., @username or @organization), but the scope must first be created on npmjs.com before you can publish packages under it. This is NOT a 'package not found' error in the traditional sense—it's a routing failure because the scope/organization doesn't exist or you don't have permission to publish to it. When you run npm publish, npm sends a PUT request to the registry. The 404 means the registry could not locate the destination scope where your package should be published.
Check which npm account you're authenticated as:
npm whoamiIf it's the wrong account, log out and log back in:
npm logout
npm loginYou must create the organization/scope on npmjs.com before publishing. Go to https://www.npmjs.com/org/create and create an organization with the exact scope name you want to use.
Organization names must be lowercase and can include hyphens. For example:
- "my-company" creates scope @my-company
- "acme" creates scope @acme
If publishing to an existing organization, make sure you've been added. The organization owner must visit https://www.npmjs.com/org/your-org-name/members and invite you.
You must have at least "Developer" permission level to publish packages.
Open your package.json and check the name field:
{
"name": "@your-org/package-name",
"version": "1.0.0"
}The scope name (between @ and /) must exactly match the organization name you created on npmjs.com. Common mistakes:
- Using uppercase letters (npm scopes are lowercase)
- Typos in the organization name
- Missing the @ symbol
Scoped packages are private by default. When publishing a public scoped package:
npm publish --access publicIf you try to publish without --access public and your organization doesn't have a private packages plan, npm will return a 404 error.
If encountering this error in CI/CD, generate a new npm automation token:
1. Visit https://npmjs.com/settings/tokens
2. Click "Create New Token" and select "Automation" type
3. Update the token in your CI/CD secrets
If you've enabled 2FA, you must use an Automation token for CI/CD.
Scopes vs. User Accounts: Every npm user automatically gets a user scope matching their username (@username), but only organizations create organization scopes. If you want to publish under @myorg, the organization "myorg" must exist.
Public vs. Private Packages: Organization scoped packages are private by default. Free organization accounts can only publish public packages. Use --access public to force it public.
Scope Permissions Model: Scopes can only be associated with one registry at a time. If you set a scope to point to a private registry, all packages in that scope will be fetched from that registry.
Token Lifecycle: npm authentication tokens can expire or be invalidated if you enable 2FA, reset your password, or revoke them.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error