The EBADTAR error indicates npm encountered a corrupted or invalid tarball during package installation. This is typically caused by cache corruption, network issues, or proxy problems.
This error occurs when npm downloads a package tarball (.tgz file) that's either corrupted, incomplete, or in an unexpected format. The tarball is the compressed archive that contains the package code. Common scenarios include: interrupted downloads leaving partial files in cache, network corruption during transfer, proxy servers re-encoding files incorrectly, or registry issues serving invalid content.
Start with the most effective fix:
# Remove dependencies and lock file
rm -rf node_modules package-lock.json
# Clear npm cache completely
npm cache clean --force
# Verify cache integrity
npm cache verify
# Reinstall
npm installFind exactly which package is corrupted:
npm install --verbose
# Even more detailed
npm install --loglevel=sillyLook for lines like:
npm WARN tar TAR_BAD_ARCHIVE: Unrecognized archive format for [email protected]Verify correct registry settings:
# Check registry URL
npm config get registry
# Should be: https://registry.npmjs.org/
# Reset if wrong
npm config set registry https://registry.npmjs.org/
# Check for proxy issues
npm config get proxy
npm config get https-proxy
# Remove proxy if not needed
npm config delete proxy
npm config delete https-proxyFor slow or unreliable networks, increase tolerances:
Add to ~/.npmrc:
fetch-timeout=60000
fetch-retry-mintimeout=20000
fetch-retry-maxtimeout=120000
fetch-retries=5Then retry:
npm installEnsure sufficient disk space:
# Linux/macOS
df -h
# Need at least 1GB free
# If low, clean up:
npm cache clean --force
rm -rf node_modulesOlder npm versions have known tarball handling bugs:
# Update npm
npm install -g npm@latest
# Verify versions
node --version
npm --version
# Reinstall project
rm -rf node_modules package-lock.json
npm installFor corporate environments with proxies, the proxy may be re-encoding tarballs incorrectly. Check with your IT team if Apache or nginx is configured with AddEncoding directives for .tgz files.
If using a private registry like Verdaccio or Nexus, verify it's properly proxying to npmjs.org. Test with: curl -I https://your-registry/package-name
For persistent issues with specific packages, try installing directly from npm: npm install package-name --registry https://registry.npmjs.org
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm