npm encountered a 401 Unauthorized HTTP response when attempting to fetch a scoped package. This indicates the registry rejected the request due to missing, invalid, expired, or incorrectly configured authentication credentials.
npm encountered a 401 Unauthorized HTTP response when attempting to fetch a scoped package (e.g., @scope/package). This indicates the registry rejected the request due to missing, invalid, expired, or incorrectly configured authentication credentials. The npm client successfully contacted the registry but lacks the proper authentication token to access the private or protected package. This is different from a 404 errorโthe package exists, but you're not authorized to access it. For private npm packages, GitHub Packages, or other private registries, you must configure authentication tokens in your .npmrc file.
First, check if you have a valid login:
npm whoamiFor private npm registry, log in with your credentials:
npm loginFor GitHub Packages or other registries, log in to that specific registry:
npm login --scope=@your-org --registry=https://npm.pkg.github.comOpen your project's .npmrc file or check your global ~/.npmrc file. Ensure it has the correct format:
For npm registry:
//registry.npmjs.org/:_authToken=YOUR_TOKEN_HEREFor scoped packages from a private registry:
@your-scope:registry=https://your-registry.example.com/
//your-registry.example.com/:_authToken=YOUR_TOKEN_HEREFor GitHub Packages:
@your-org:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=YOUR_GITHUB_TOKENKey points:
- Use _authToken (not _password) for token-based authentication
- The registry URL must match exactly (including trailing slash)
- Use environment variables for CI/CD: ${NPM_TOKEN}
Clear the npm cache to remove any cached authentication failures:
npm cache clean --forceDelete package-lock.json and node_modules:
rm -rf node_modules package-lock.json
npm installThis forces npm to fetch fresh metadata and use updated credentials.
Set up authentication using environment variables. Do NOT hardcode tokens.
Create .npmrc with variable:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}Then provide the token via GitHub Actions secrets:
- name: Install dependencies
run: npm ci
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}For GitHub Packages with setup-node:
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
scope: '@your-org'
- run: npm install
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}Check your authentication token:
For npm registry:
- Go to https://www.npmjs.com/settings/~/tokens
- Verify token hasn't expired
- Ensure token has read permission for the scoped package
For GitHub Packages:
- If using GITHUB_TOKEN: Verify repo has read permission to the package
- If using personal access token: Ensure it has read:packages scope
If token is expired or lacks permissions, generate a new one and update .npmrc or CI/CD secrets.
If the issue persists, run npm with debug logging:
npm install --verboseLook for:
- The exact registry URL being contacted
- Whether the _authToken is being sent
- The HTTP status codes and response headers
- Which specific package is failing
Token Expiration: npm tokens don't automatically refresh. When a token expires, npm returns a 401 error. For high-security environments, tokens may have short validity and need regeneration.
Multiple Registries: When you have multiple scopes mapping to different registries, npm uses the most specific scope match.
always-auth Flag: Setting always-auth=true forces npm to send authentication headers even to the default registry. For npm v7+, the default is always-auth=false.
GitHub Packages: GITHUB_TOKEN's read:packages permission is scoped to the repository. If the package is in a different repo/organization, you need a Personal Access Token with read:packages scope instead.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error