Skip to content
Latchkey

npm publish "402 Payment Required" on a private scoped package in CI

npm tried to publish a scoped package as private, which requires a paid npm plan. If the package should be public, the fix is --access public; scoped packages default to restricted on first publish.

What this error means

npm publish fails with "npm ERR! code E402" and "402 Payment Required - PUT https://registry.npmjs.org/@scope%2fpkg - You must sign up for private packages".

npm
npm ERR! code E402
npm ERR! 402 Payment Required - PUT https://registry.npmjs.org/@acme%2fwidget - You must sign up for private packages

Common causes

A scoped package defaults to restricted access

On first publish, @scope/name is treated as private (restricted). Private packages on npmjs.org need a paid org or user plan, so a free account gets 402.

No --access flag and no publishConfig

Without --access public or a publishConfig.access in package.json, npm assumes private for scoped names and the registry charges for that.

How to fix it

Publish the scoped package as public

If the package is open source, pass --access public (or set it in package.json) so npm does not require a paid private plan.

Terminal
npm publish --access public

Pin access in package.json for repeatable CI

Set publishConfig so every CI publish uses the same access level without relying on a CLI flag.

package.json
{
  "name": "@acme/widget",
  "publishConfig": { "access": "public" }
}

How to prevent it

  • Decide public vs private at package creation and pin it in publishConfig.
  • Use --access public for open-source scoped packages in CI.
  • Reserve a paid plan only if packages are genuinely meant to be private.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →