Skip to content
Latchkey

Nexus npm "402 Payment Required" publishing a scoped package in CI

A 402 usually means npm tried to publish a scoped private package to the public registry (which charges for private packages) rather than to Nexus. Map the scope to the Nexus registry so publish targets your hosted repo.

What this error means

npm publish of a scoped package fails with "npm ERR! code E402" / "402 Payment Required" even though you intended to publish to an internal Nexus registry.

npm
npm ERR! code E402
npm ERR! 402 Payment Required - PUT
https://registry.npmjs.org/@acme%2fapp - You must sign up for private packages

Common causes

The scope is not mapped to the Nexus registry

Without a @scope:registry line, npm sends the scoped package to the default public registry, which returns 402 for private packages.

publishConfig points at the wrong registry

A missing or incorrect publishConfig.registry in package.json lets npm fall back to registry.npmjs.org.

How to fix it

Map the scope to Nexus

  1. Add a @scope:registry line pointing at the Nexus hosted npm repo.
  2. Or set publishConfig.registry in package.json.
  3. Re-run npm publish so the PUT goes to Nexus.
.npmrc
@acme:registry=https://nexus.example.com/repository/npm-hosted/
//nexus.example.com/repository/npm-hosted/:_authToken=${NEXUS_NPM_TOKEN}

Set publishConfig in package.json

Pin the publish target so it never falls back to the public registry.

package.json
"publishConfig": {
  "registry": "https://nexus.example.com/repository/npm-hosted/"
}

How to prevent it

  • Map every private scope to your Nexus registry in .npmrc.
  • Set publishConfig.registry for private packages.
  • Never rely on the default registry for internal publishes.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →