Skip to content
Latchkey

npm "404 Not Found" for scoped package (registry config) in CI

npm got a 404 for a scoped package because the request went to the public registry instead of the private one. Without a @scope:registry mapping, npm has no idea where to find it.

What this error means

Install fails with "404 Not Found - GET https://registry.npmjs.org/@scope%2fpkg". The package exists in a private registry, but the runner has no scope-to-registry mapping configured.

node
npm error code E404
npm error 404 Not Found - GET https://registry.npmjs.org/@acme%2fwidgets
npm error 404 '@acme/widgets@^1.0.0' is not in this registry.

Common causes

Missing scope-to-registry mapping

No @scope:registry line in .npmrc, so npm defaults to the public registry where the private package does not exist.

Auth token not provided to the private registry

The mapping exists but no token, so the private registry treats the request as a miss/unauthorized.

How to fix it

Map the scope to the private registry

Add the scope mapping and auth token to .npmrc so scoped requests route correctly.

.npmrc
# .npmrc
@acme:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}

Provide the token in CI

Expose the registry token as an environment variable the .npmrc references.

  1. Store the token as a CI secret.
  2. Export it as NODE_AUTH_TOKEN for the install step.
  3. Confirm the .npmrc references the same env var.

How to prevent it

  • Commit a scope-to-registry mapping in .npmrc.
  • Inject the registry token via a CI secret env var.
  • Verify scoped installs on a clean runner before merging.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →