This error occurs when you attempt to publish an npm package with a version number that already exists in the registry. npm enforces version immutability for security and ecosystem stability—once a version is published, it can never be overwritten or reused.
This error occurs when you attempt to publish an npm package with a name and version combination that already exists in the registry. npm enforces version immutability for security and ecosystem stability—once a version is published, it can never be overwritten or reused, even if it's unpublished. This is a deliberate design choice to prevent supply-chain attacks where a malicious actor could replace legitimate code with compromised code while keeping the same version number. The immutability guarantee ensures that once you depend on a specific version, the code behind that version will never change. This protection applies to both public and scoped packages on the npm registry.
Query the npm registry to see what versions already exist:
npm info your-package-nameOr for scoped packages:
npm info @your-username/package-nameThis shows all published versions. Note the highest version number currently published.
Update the version field in your package.json to a higher version following semantic versioning:
# For patch release (1.0.0 -> 1.0.1)
npm version patch
# For minor release (1.0.0 -> 1.1.0)
npm version minor
# For major release (1.0.0 -> 2.0.0)
npm version majorThe npm version command automatically creates a git commit and tag.
Double-check that your package.json now contains a unique version number:
cat package.json | grep versionConfirm this version does NOT appear in the npm info output from Step 1.
Now publish with the incremented version:
npm publishFor scoped packages that should be public:
npm publish --access publicConfirm the new version is available:
npm info your-package-nameYou should see your new version in the list of published versions.
Immutability and Security: npm enforces strict version immutability to prevent supply-chain attacks. Once a version is published, it can never be modified or reused, even if unpublished.
Unpublish Policy: You can unpublish a newly published package within 72 hours only if no other packages depend on it. After 72 hours, unpublishing is not allowed unless the package has zero dependents. Even when unpublished, the version number remains permanently reserved.
24-Hour Waiting Period: If you unpublish an entire package, you cannot publish any new versions of that package until 24 hours have passed.
Deprecation as Alternative: If your package doesn't meet unpublish criteria, use npm deprecate to mark it with a warning message while keeping it available for existing users.
Prerelease Versions: Use prerelease versions during development to avoid locking production version numbers:
{ "version": "1.0.0-alpha.1" }Increment prerelease: npm version prerelease → 1.0.0-alpha.2
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error