This error occurs when antivirus software blocks npm from modifying files in node_modules. The fix involves adding your project folder to antivirus exclusions or temporarily disabling real-time protection.
The EPERM error stands for "Error: PERMission Denied" and indicates that npm cannot perform a critical file operation (delete, write, rename, or link files) in your node_modules directory or npm cache. When antivirus software is the culprit, your system's security tools are actively scanning, locking, or preventing npm from completing these operations. This commonly happens because modern antivirus programs—like Windows Defender, McAfee, and Norton—monitor all file system activity in real-time, and they may flag npm's rapid creation and modification of thousands of files during package installation as suspicious or lock files that npm needs to access. The error itself is harmless, but it blocks your project from progressing until the underlying permission conflict is resolved.
This is the safest solution as it prevents antivirus from interfering without disabling security entirely.
For Windows Defender:
1. Open Windows Security by pressing Windows Key + I to open Settings
2. Go to Virus & threat protection > Manage settings
3. Under "Exclusions," click Add or remove exclusions
4. Click Add an exclusion and choose Folder
5. Browse to and select your project directory (e.g., C:\Users\YourName\Projects\my-app)
6. Repeat for your npm global folder (typically C:\Users\YourName\AppData\Roaming\npm)
7. Close Windows Security
Now retry your npm install:
npm installIf adding folder exclusions doesn't resolve the issue, temporarily disable real-time scanning for a single npm install session.
For Windows Defender:
1. Open Windows Security (Windows Key + I > Virus & threat protection)
2. Click Manage settings
3. Under "Real-time protection," toggle the switch to Off
4. Open Command Prompt or PowerShell and run:
npm install5. Once npm install completes successfully, turn real-time protection back On in Windows Security
Note: Only disable protection temporarily during the npm install—keep your antivirus running for ongoing system protection.
Sometimes npm's cache can become corrupted or locked by antivirus. Clearing the cache and starting fresh often resolves the issue:
# Stop any running npm processes or development servers first
# Clear npm cache
npm cache clean --force
npm cache verify
# Delete the corrupted node_modules folder
rm -r node_modules
# On Windows PowerShell:
# Remove-Item -Recurse -Force node_modules
# Delete package-lock.json to force a fresh lock file
rm package-lock.json
# Reinstall dependencies
npm installWindows antivirus sometimes blocks file operations for non-admin processes. Elevating privileges can allow npm to complete:
1. Right-click Command Prompt or PowerShell and select Run as administrator
2. Navigate to your project directory:
cd C:\Users\YourName\Projects\my-app3. Run npm install:
npm installThe "Run as administrator" window title will show "Administrator" to confirm elevation.
Beyond your project folder, npm has a global configuration directory and cache. Antivirus scanning these locations can also trigger EPERM errors.
First, find your npm directories:
npm config get prefix # Shows global npm location
npm config get cache # Shows cache locationOn Windows, these are typically:
- Global modules: C:\Users\YourName\AppData\Roaming\npm
- Cache: C:\Users\YourName\AppData\Local\npm-cache
Add both directories to your antivirus exclusions (see Step 1 for instructions).
Visual Studio Code, WebStorm, and other editors may lock files in your project, which antivirus can interpret as permission issues:
1. Close all instances of your IDE (VS Code, WebStorm, Sublime, etc.)
2. Stop any running development servers (webpack-dev-server, Next.js dev server, etc.)
3. Open a fresh Command Prompt or PowerShell (not integrated into an IDE)
4. Navigate to your project and run:
npm install5. Once npm completes successfully, reopen your IDE
Real-time antivirus scanning impacts npm performance significantly because npm operations involve creating and extracting thousands of files during a single npm install. Windows Defender alone can increase install times by 3-4x (from ~4 minutes to 15+ minutes on typical projects). McAfee and Norton are often worse offenders because their scanning is more aggressive.
In corporate Windows Server environments, when npm cache or user profile directories are hosted on network file shares with centralized antivirus scanning, the network latency combined with antivirus delays can make npm install nearly impossible. In those cases, moving npm to a local drive outside scanned paths is the only practical solution.
For Docker-based development, running npm inside a container avoids Windows antivirus interference entirely, as the container's filesystem is isolated from the host's security policies.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error