Skip to content
Latchkey

pnpm ERR_PNPM_FETCH_404 - Fix "GET … 404" Package Fetch in CI

ERR_PNPM_FETCH_404 means pnpm requested a package (or version) and the registry returned 404. As with npm, it is usually a private package without auth, a wrong registry, or a non-existent version.

What this error means

pnpm install fails with ERR_PNPM_FETCH_404 and the failing URL. Public packages resolve, but a specific (often scoped/private) package 404s - the registry has nothing for that request as configured.

pnpm output
ERR_PNPM_FETCH_404  GET https://registry.npmjs.org/@acme%2Finternal:
Not Found - 404
This error happened while installing the dependencies of app@1.0.0

Common causes

Private/scoped package without registry+auth

Without a scope→registry mapping and token in .npmrc, pnpm asks the public registry for a private package and gets a 404.

Non-existent version or typo

A version that was never published, or a misspelled name/scope, yields a genuine 404.

Stale mirror

A mirror that has not synced the version reports 404 even though the canonical registry has it.

How to fix it

Configure scope, registry, and token

Map the scope to its registry and provide a CI token.

.npmrc
# .npmrc (pnpm reads it)
@acme:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}

Verify the package and registry

  1. Confirm the scope, name, and version exist on the target registry.
  2. Ensure the CI token is present and has read access.
  3. If using a mirror, confirm it has synced (or fall back to the canonical registry).

How to prevent it

  • Map private scopes and supply CI tokens.
  • Pin published versions in the lockfile.
  • Keep mirrors synced with the source registry.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →