npm / npm
npm ERR! code E401
Fix npm ERR! code E401 authentication failures when installing or publishing packages.
- Category
- npm
- Error signature
npm ERR! code E401- Quick fix
- Run npm login for the correct registry, then retry the install or publish command.
- Updated
What this error means
npm ERR! code E401 means npm reached a registry that requires authentication, but the current credentials were missing, expired, or rejected.
Common causes
- Your npm token expired or was revoked.
- The project uses a private package scope and the matching registry is not configured.
.npmrccontains an old token, wrong registry URL, or malformed auth line.- Publishing requires two-factor authentication and the command did not include an OTP.
Quick fixes
-
Check which registry npm is using:
npm config get registry -
Log in again:
npm login -
If the package uses a scope, verify the scoped registry:
npm config get @your-scope:registry -
Retry the original command.
Step-by-step troubleshooting
- Run
npm whoamito confirm whether npm sees a valid logged-in user. - Inspect project and user
.npmrcfiles for stale registry or token entries. - Confirm that private package scopes point to the correct registry host.
- For publishing, add the OTP when your npm account requires two-factor authentication.
- If CI fails, rotate the npm token and update the CI secret value.
Related errors
npm ERR! 403 Forbiddennpm ERR! 404 Not Foundnpm ERR! code EINVALIDNPMTOKEN
FAQ
Does E401 always mean my password is wrong?
No. It usually means npm did not send an accepted token for the registry it contacted.
Should I commit my npm token?
No. Keep tokens in your user .npmrc or CI secrets, never in source control.
Can this happen for public packages?
Yes, if your npm config points public installs at a private registry that requires authentication.