This error occurs when attempting to unpublish a package version that doesn't exist in the npm registry, or when authentication/permissions prevent the registry from finding or deleting the specified version.
This error occurs when attempting to unpublish a package version that doesn't exist in the npm registry, or when authentication/permissions prevent the registry from finding or deleting the specified version. The 404 (Not Found) response indicates the DELETE request failed because the server couldn't locate the package version. This can stem from authentication issues, incorrect registry configuration, or the version having already been unpublished. Important: The E404 error often masks authentication problems. The npm CLI frequently returns 404 errors instead of 401/403 auth errors, which is why verbose logging is critical for debugging.
Run the unpublish command with verbose logging to reveal the true error:
npm unpublish <package>@<version> --loglevel verboseRead the full output to determine if this is actually an authentication (401/403) issue disguised as 404.
Check that the specific version you're trying to unpublish actually exists:
npm view <package> versionsIf the version is not listed, it was already unpublished or never published. Remember: once unpublished, a version can never be reused.
Check that the package name:
- Uses only lowercase letters (npm rejects uppercase)
- Has correct spelling without typos
- For scoped packages, uses format @scope/package-name
Example checking a package:
npm view @my-org/my-package versionThe 404 error often masks authentication problems. Clear your npm login and re-authenticate:
npm logout
npm loginEnter your npm username and password when prompted. This generates a fresh authentication token.
Review npm's unpublish policy:
- Within 72 hours: You can unpublish any version
- After 72 hours: You can only unpublish if package has no dependents
- Alternative: Use npm deprecate <package>@<version> '<message>' instead
If your package doesn't meet the policy, contact [email protected].
Ensure npm is configured to use the correct registry:
npm config get registryShould return https://registry.npmjs.org/ (or your private registry URL).
For scoped packages, verify write access:
npm access ls-collaborators <@scope/package>404 masking auth errors: The npm registry frequently returns 404 errors instead of proper 401/403 authentication errors. Always run with --loglevel verbose first.
Verdaccio users: If using Verdaccio (private npm), check the package's JSON file in .verdaccio/storage/ for an 'unpublished' node that may need manual removal.
24-hour cooldown: The npm registry has a 24-hour cooldown after unpublishing an entire package before new versions can be published under that name.
Version immutability: Once a name@version combination is unpublished, it can never be reused—only a new version number is valid.
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"
npm ERR! code EINVALIDTAGNAME npm ERR! Invalid tag name: tag names cannot contain spaces
How to fix "npm ERR! code EINVALIDTAGNAME - tag names cannot contain spaces"
npm ERR! code E400 npm ERR! 400 Bad Request
How to fix "npm ERR! code E400 - 400 Bad Request" error