npm's E404 'Scope not found' error occurs when you attempt to publish a scoped package (@scope/package-name) where the scope (organization or user namespace) either doesn't exist on the npm registry, isn't associated with your account, or isn't properly configured.
A scope is a unique namespace that prevents package name conflicts—each npm user and organization gets their own scope (e.g., @username or @organization), but the scope must first be created on npmjs.com before you can publish packages under it. This is NOT a 'package not found' error in the traditional sense—it's a routing failure because the scope/organization doesn't exist or you don't have permission to publish to it. When you run npm publish, npm sends a PUT request to the registry. The 404 means the registry could not locate the destination scope where your package should be published.
Check which npm account you're authenticated as:
npm whoamiIf it's the wrong account, log out and log back in:
npm logout
npm loginYou must create the organization/scope on npmjs.com before publishing. Go to https://www.npmjs.com/org/create and create an organization with the exact scope name you want to use.
Organization names must be lowercase and can include hyphens. For example:
- "my-company" creates scope @my-company
- "acme" creates scope @acme
If publishing to an existing organization, make sure you've been added. The organization owner must visit https://www.npmjs.com/org/your-org-name/members and invite you.
You must have at least "Developer" permission level to publish packages.
Open your package.json and check the name field:
{
"name": "@your-org/package-name",
"version": "1.0.0"
}The scope name (between @ and /) must exactly match the organization name you created on npmjs.com. Common mistakes:
- Using uppercase letters (npm scopes are lowercase)
- Typos in the organization name
- Missing the @ symbol
Scoped packages are private by default. When publishing a public scoped package:
npm publish --access publicIf you try to publish without --access public and your organization doesn't have a private packages plan, npm will return a 404 error.
If encountering this error in CI/CD, generate a new npm automation token:
1. Visit https://npmjs.com/settings/tokens
2. Click "Create New Token" and select "Automation" type
3. Update the token in your CI/CD secrets
If you've enabled 2FA, you must use an Automation token for CI/CD.
Scopes vs. User Accounts: Every npm user automatically gets a user scope matching their username (@username), but only organizations create organization scopes. If you want to publish under @myorg, the organization "myorg" must exist.
Public vs. Private Packages: Organization scoped packages are private by default. Free organization accounts can only publish public packages. Use --access public to force it public.
Scope Permissions Model: Scopes can only be associated with one registry at a time. If you set a scope to point to a private registry, all packages in that scope will be fetched from that registry.
Token Lifecycle: npm authentication tokens can expire or be invalidated if you enable 2FA, reset your password, or revoke them.
npm error code E401 npm error Incorrect or missing password.
How to fix 'E401 Unable to authenticate' errors with npm private registries
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm