Error Encyclopedia

npm ERR! code E403 — Forbidden Error

Fix 'npm ERR! code E403' errors when publishing packages, accessing restricted packages, or hitting npm registry permissions.

What Does This Error Mean?

The npm ERR! code E403 means npm was able to authenticate but does not have permission to perform the requested action. This commonly occurs when publishing to a package name that already exists, or accessing a private package without access grants.

Common Causes

1

Trying to publish to a package name that already exists (you don't own it)

2

Package is scoped (@org/package) and you are not a member of the org

3

Two-factor authentication required but not provided

4

Trying to access a private package without being granted access

5

npm registry is configured for a different registry than the package is on

6

Package version already exists and cannot be overwritten

How to Fix It

Check package name availability

Verify the package name is available on npm before publishing.

# Check if a package name is taken
npm view package-name
# If it returns package info, the name is taken

# Use a scoped name for your packages
# @yourusername/package-name

# Or choose a different name

Handle two-factor authentication

Provide the OTP (one-time password) when publishing with 2FA enabled.

# Publish with OTP
npm publish --otp=123456

# Configure npm for 2FA
npm profile enable-2fa auth-only
npm profile enable-2fa auth-and-writes

# Set OTP read from env
# npm config set otp "Your OTP here"

Check package scoping

Ensure you are a member of the organization for scoped packages.

# Check org membership
npm org ls my-org

# Add yourself to an org (by org admin)
npm org add my-org my-username

# Publish scoped package
npm publish --access public  # For public scoped packages
# or
npm publish  # For private scoped packages

Use version bump for existing packages

You cannot republish the same version. Increment the version number.

# Bump patch version
npm version patch
# or manually:
# Update version in package.json

# Then publish again
npm publish

# If you need to unpublish (last 72 hours only)
npm unpublish package-name@version

Related Tools

Use these tools to debug and fix this error:

JWT Generator

Generate signed JWT tokens for testing with custom headers and payloads.

Base64 Encode/Decode

Encode or decode Base64 text instantly in your browser.

Case Converter

Convert text between uppercase, lowercase, title case, sentence case, and more.

Related Errors

Other common errors in this category:

401

401 Unauthorized Error

Learn what a 401 Unauthorized error means, common causes, and how to fix authentication failures in your web applications.

403

403 Forbidden Error

Learn what 403 Forbidden means, how it differs from 401, and how to fix access denied errors in your applications.

404

404 Not Found Error

Learn what 404 Not Found means, common causes, and how to fix broken links and missing resources on your website or API.

429

429 Too Many Requests Error

Learn what 429 Too Many Requests means, how rate limiting works, and how to handle or avoid hitting API rate limits.

Browse All Error Guides