Skip to content
Latchkey

semantic-release "ENPMTOKEN" no npm token specified in CI

The @semantic-release/npm plugin publishes to the npm registry and needs an auth token. It reads NPM_TOKEN from the environment, found nothing, and stopped during "Verify Conditions" before running any release.

What this error means

semantic-release fails with "ENPMTOKEN No npm token specified" and asks you to set the NPM_TOKEN environment variable in CI.

semantic-release
[semantic-release] > ENPMTOKEN No npm token specified.
An npm token must be created and set in the NPM_TOKEN environment variable on your CI environment.

Common causes

NPM_TOKEN was not passed to the step

The npm plugin only reads NPM_TOKEN from the environment; without an env: mapping the step has no token.

The token secret name does not match

The secret is stored under a different name and was never mapped to NPM_TOKEN, so the variable is empty at runtime.

How to fix it

Provide NPM_TOKEN from a secret

  1. Create an npm automation token and store it as a repository secret.
  2. Map it to NPM_TOKEN in the release step env.
  3. Re-run so @semantic-release/npm can authenticate.
.github/workflows/release.yml
- run: npx semantic-release
  env:
    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Skip the npm publish if you only tag

If you do not publish to npm, set the npm plugin to not publish so no token is required.

.releaserc plugins
["@semantic-release/npm", { "npmPublish": false }]

How to prevent it

  • Store an npm automation token in CI secrets for publishing jobs.
  • Map it to the exact name NPM_TOKEN in the step env.
  • Set npmPublish:false when the package is private and not published.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →