Error Encyclopedia

npm ERR! code E401 — Unauthorized Error

Fix 'npm ERR! code E401' errors when installing or publishing private packages. Learn how to authenticate with npm registries.

What Does This Error Mean?

The npm ERR! code E401 means npm could not authenticate with the registry. This happens when trying to install a private package without valid credentials, or when your npm token has expired.

Common Causes

1

npm token expired or revoked

2

Not logged into the registry for private packages

3

Missing or incorrect .npmrc configuration

4

Using a CI/CD environment without proper npm token setup

5

Trying to access a private package without access permissions

6

Registry URL configuration mismatch

How to Fix It

Log in to the registry

Use npm login or configure an authentication token.

# Login interactively
npm login

# Or use a token
npm set //registry.npmjs.org/:_authToken=YOUR_TOKEN

# For GitHub Packages
npm set //npm.pkg.github.com/:_authToken=YOUR_GITHUB_TOKEN

Configure .npmrc

Set up authentication for private registries in .npmrc.

# ~/.npmrc or project .npmrc
registry=https://registry.npmjs.org/
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

# For scoped packages
@mycompany:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}

Check CI/CD token configuration

Ensure CI/CD environments have the NPM_TOKEN or similar env variable set.

# GitHub Actions example
- name: Install dependencies
  env:
    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  run: npm ci

# The token is read from .npmrc that references the env variable

Related Tools

Use these tools to debug and fix this error:

JWT Generator

Generate signed JWT tokens for testing with custom headers and payloads.

Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text.

Base64 Encode/Decode

Encode or decode Base64 text instantly in your browser.

Related Errors

Other common errors in this category:

401

401 Unauthorized Error

Learn what a 401 Unauthorized error means, common causes, and how to fix authentication failures in your web applications.

403

403 Forbidden Error

Learn what 403 Forbidden means, how it differs from 401, and how to fix access denied errors in your applications.

404

404 Not Found Error

Learn what 404 Not Found means, common causes, and how to fix broken links and missing resources on your website or API.

429

429 Too Many Requests Error

Learn what 429 Too Many Requests means, how rate limiting works, and how to handle or avoid hitting API rate limits.

Browse All Error Guides