npm publish "402 Payment Required" on a private scoped package in CI
npm tried to publish a scoped package as private, which requires a paid npm plan. If the package should be public, the fix is --access public; scoped packages default to restricted on first publish.
What this error means
npm publish fails with "npm ERR! code E402" and "402 Payment Required - PUT https://registry.npmjs.org/@scope%2fpkg - You must sign up for private packages".
npm ERR! code E402
npm ERR! 402 Payment Required - PUT https://registry.npmjs.org/@acme%2fwidget - You must sign up for private packagesCommon causes
A scoped package defaults to restricted access
On first publish, @scope/name is treated as private (restricted). Private packages on npmjs.org need a paid org or user plan, so a free account gets 402.
No --access flag and no publishConfig
Without --access public or a publishConfig.access in package.json, npm assumes private for scoped names and the registry charges for that.
How to fix it
Publish the scoped package as public
If the package is open source, pass --access public (or set it in package.json) so npm does not require a paid private plan.
npm publish --access publicPin access in package.json for repeatable CI
Set publishConfig so every CI publish uses the same access level without relying on a CLI flag.
{
"name": "@acme/widget",
"publishConfig": { "access": "public" }
}How to prevent it
- Decide public vs private at package creation and pin it in publishConfig.
- Use
--access publicfor open-source scoped packages in CI. - Reserve a paid plan only if packages are genuinely meant to be private.