GitHub Packages "404 Not Found" for a scoped package in CI
GitHub Packages returned 404 for a scoped package. npm either sent the request to the public registry (no scope mapping), or the authenticated token cannot see a private package in that org.
What this error means
npm install fails with "npm error code E404" and "npm error 404 Not Found - GET https://registry.npmjs.org/@acme%2fwidgets" (wrong host) or a 404 against npm.pkg.github.com for a private package.
npm error code E404
npm error 404 Not Found - GET https://registry.npmjs.org/@acme%2fwidgets
npm error 404 '@acme/widgets@^1.0.0' is not in this registry.Common causes
The scope is not mapped to GitHub Packages
Without @acme:registry=https://npm.pkg.github.com, npm resolves the scoped package on the public registry, where it does not exist (404).
The token cannot see the private package
A private GitHub Packages entry appears as 404 to a token without access to that repository/org, rather than as a 403.
How to fix it
Map the scope to the GitHub Packages registry
- Add the scope registry mapping to
.npmrc. - Ensure the token has read access to the org packages.
- Re-run so the scoped request goes to npm.pkg.github.com.
@acme:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}Grant the token access to the package
For a cross-repo private package, use a PAT or a token whose repository is linked to the package with read access.
How to prevent it
- Always map private scopes to their registry in
.npmrc. - Link packages to the consuming repositories for access.
- Remember a private package reads as 404 without access, not 403.