This error occurs when attempting to unpublish a package version that doesn't exist in the npm registry, or when authentication/permissions prevent the registry from finding or deleting the specified version.
This error occurs when attempting to unpublish a package version that doesn't exist in the npm registry, or when authentication/permissions prevent the registry from finding or deleting the specified version. The 404 (Not Found) response indicates the DELETE request failed because the server couldn't locate the package version. This can stem from authentication issues, incorrect registry configuration, or the version having already been unpublished. Important: The E404 error often masks authentication problems. The npm CLI frequently returns 404 errors instead of 401/403 auth errors, which is why verbose logging is critical for debugging.
Run the unpublish command with verbose logging to reveal the true error:
npm unpublish <package>@<version> --loglevel verboseRead the full output to determine if this is actually an authentication (401/403) issue disguised as 404.
Check that the specific version you're trying to unpublish actually exists:
npm view <package> versionsIf the version is not listed, it was already unpublished or never published. Remember: once unpublished, a version can never be reused.
Check that the package name:
- Uses only lowercase letters (npm rejects uppercase)
- Has correct spelling without typos
- For scoped packages, uses format @scope/package-name
Example checking a package:
npm view @my-org/my-package versionThe 404 error often masks authentication problems. Clear your npm login and re-authenticate:
npm logout
npm loginEnter your npm username and password when prompted. This generates a fresh authentication token.
Review npm's unpublish policy:
- Within 72 hours: You can unpublish any version
- After 72 hours: You can only unpublish if package has no dependents
- Alternative: Use npm deprecate <package>@<version> '<message>' instead
If your package doesn't meet the policy, contact [email protected].
Ensure npm is configured to use the correct registry:
npm config get registryShould return https://registry.npmjs.org/ (or your private registry URL).
For scoped packages, verify write access:
npm access ls-collaborators <@scope/package>404 masking auth errors: The npm registry frequently returns 404 errors instead of proper 401/403 authentication errors. Always run with --loglevel verbose first.
Verdaccio users: If using Verdaccio (private npm), check the package's JSON file in .verdaccio/storage/ for an 'unpublished' node that may need manual removal.
24-hour cooldown: The npm registry has a 24-hour cooldown after unpublishing an entire package before new versions can be published under that name.
Version immutability: Once a name@version combination is unpublished, it can never be reused—only a new version number is valid.
npm notice access token expired or revoked. Please try logging in again.
Token has expired - npm authentication failure
npm ERR! code EAI_AGAIN
How to fix "EAI_AGAIN" in npm
npm error code E403 npm error 403 Forbidden - PUT https://registry.npmjs.org/<package>
How to fix 'E403 Forbidden' error in npm
npm ERR! code EUSAGE npm ERR! Usage error
How to fix "npm ERR! code EUSAGE" in Node.js projects
npm ERR! code E401 npm ERR! 401 Unauthorized
How to fix "E401 Unauthorized" in npm