'How to debug 'npm ERR! 403 In most cases, you or one of your dependencies are requesting a package version that is forbidden by your security policy.'

I am currently trying to set up a Jenkins and a private npm repository (Sonatype Nexus). I get the following error when I try to publish to the repository within a Jenkins build pipeline.

+ npm publish --registry https://<my-private-registry>/repository/npm-private/
npm notice 
npm notice package: [email protected]
npm notice === Tarball Contents === 
npm notice 2.4kB  Jenkinsfile                       
...
('notice' level info about the files)
...
npm notice === Tarball Details === 
npm notice name:          ts-acoustics                            
npm notice version:       0.0.0                                   
npm notice package size:  13.8 kB                                 
npm notice unpacked size: 47.5 kB                                 
npm notice shasum:        554b6d2b41321d78e00f6a309bb61c9181a2e3d6
npm notice integrity:     sha512-QtExdu6IqZ+lH[...]r+HXolo4YCFPg==
npm notice total files:   17                                      
npm notice 
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://<my-private-registry>/repository/npm-private/ts-acoustics
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.

I find no further info about why it is forbidden in the Nexus logs and this open GitHub bug tells me that the above error text is leading in the wrong direction in most of the cases?!

Any idea of how to proceed to make publishing work?!

Update 1: I just saw that I have the same problem when I try to publish it manually! So Jenkins is out of the equation for simplicity reasons.

Update 2: I can do npm adduser --registry... and npm tells me

Logged in as <my-user> on https://<my-private-registry>/repository/npm-private/.

When I do npm whoami --registry... it displays the correct user name.

When I do npm publish --registry... in the project, it shows the 403 Error

typescriptnpmjenkins-pipelinenexusc#windowsuwpwindows-forms-designer


Solution 1:[1]

If you are like me and following the Node Cookbook example, or some other example where you just made your account, your error is probably like mine.

I hadn't verified my email address and got the same error (it was a new account). Once I verified, it worked (even on VPN).

Check your email and verify your account.

Solution 2:[2]

This is mainly occur in two scenearios

  1. The error may result due to a *conflicting package that is public. Just change the name of the package in the package.json and try again!

  2. You may have signed up recently and forgot to verify the email. So, you can login to this link: https://www.npmjs.com/login

    On the header you will see an option to send a verification link to your email. Once you complete the verification, try to publish it again.

Remark: 2) worked for me.

Solution 3:[3]

I got the same error while publishing to JFrog Artifactory. It was the result of already having a package with the same name in the repository. In order to fix this, either delete the old package or change the version/name of the new one.

Solution 4:[4]

Updating the PACKAGE-VERSION while publishing, fixed the issue for me.

enter image description here

Solution 5:[5]

I had the same error, which seems to be blanket over these issues. I solved it by renaming the package name in package.json. Also make sure you are updating the version as well every time when publishing if you already have a version published.

Solution 6:[6]

The error may result due to a conflicting package that is public. Just change the name of the package in the package.json and try again!

Solution 7:[7]

I also got this error. I changed the package name of the package.json file, and that fixed the error.

{ "name": "digi-clock", "version": "1.0.0",}

Change the value of this "name"

Solution 8:[8]

I had exactly the same NPM ERR! 403 issue and finally it was resolved by disconnecting from all VPN .

Solution 9:[9]

I had this issue when I by mistake tried to use read-only access token for publishing a package. I've create myself a new access token in the settings -> account -> access tokens and fixed the issue.

Solution 10:[10]

In my case the culprit was the AWS WAF rule EC2MetaDataSSRF_BODY.

Solution 11:[11]

While I don't understand how it's related, updating to the latest version of git resolved this issue for all that were having it in my organization ????

Solution 12:[12]

For me an update of npm from v6 to v8 solved the problem. The old package-lock layout had a full registry path for every package and some of these paths were not up-to-date.

Solution 13:[13]

For me it helped to login to NPM in command line and then publish.

npm login

npm publish

And make sure to publish a new version.

Related Questions

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

Using TensorFlow in IDE on Windows

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

PowerShell Cannot dot-source this command because it was defined in a different language mode

I am making a calculator and I get TypeError: can only concatenate str (not "int") to str [closed]

libtorch throws c10::error after build on Windows 10 (VS2019)

SQLite3.exe shell not successfully creating database?

Is it possible to use output redirections from a cmd file using start?

Unable to create '/git/index.lock': File exists - but it doesn't

Set up Python simpleHTTPserver on Windows [duplicate]

Powershell - windows hard-disk health status is giving inconsistent results

TOX can't find the browser binary