`npm outdated` suddenly throws a multitude of "Access token expired or revoked. Please try logging in again." notices

[soulchild]

Starting yesterday evening, npm outdated started throwing lots of Access token expired or revoked. Please try logging in again. notices. This seems to happen for every local package in my npm workspaces TurboRepo. Apparently the outdated command tries to find newer versions for local packages as well:

$ npm outdated --verbose 

npm http fetch GET 404 https://registry.npmjs.org/@localnamespace%2ftypescript-config 841ms (cache skip)
npm notice Access token expired or revoked. Please try logging in again.

Googling this error message gave me literally zero results, so I dug deeper into the npm source code and found out that the message is returned from the registry.npmjs.org server itself as a response header and then logged as a notice:

$ curl -v https://registry.npmjs.org/@localnamespace2ftypescript-config
< npm-notice: Access token expired or revoked. Please try logging in again.

I suspect there has been a change yesterday on the npm registry servers which now adds this npm-notice header to every 404 returned by the npm registry. But it makes me wonder: Why does the outdated command check the registry for local packages in the first place? And does it really make sense to return this error when a package was just not found?

[Nettsentrisk]

I'm getting this due to npm trying to fetch packages that are defined with version "file:...."

[anashamad9]

facing the same issue here and couldn't find any solution :(

[jonasnovello]

Ao tentar criar um projeto novo hoje também não consegui autenticar o npm. Dá a mesma mensagem e não instala.

[MirKml]

In monorepo setup, for npm outdated it writes this notice for every package in workspace - with link: true in lock file. It's very annoying and misleading.

Maybe it's related with latest security issues and moving into other type of token based auth of npm registry itself?

[simulanics]

https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/

[digeomel]

I am trying to create a new npm account based on the new instructions and I keep getting an error that the CAPTCHA failed, but there is no CAPTCHA! On Windows 10, Chrome, latest version, with all extensions disabled! 🤦🏻‍♂️🤷🏻‍♂️

[igor-ganov]

+1 to this issue. We use package installation via a Bitbucket Git repository in order to leverage the same OAuth authorization for both the repository and the packages. And during installation, this notification pops up

[Dgillespie00]

My access tokens are expired, I created a new account with npm but when I run npm login from my CLI and press enter to open the browser page it causes this error.

npm error Exit handler never called!
npm error This is an error with npm itself. Please report this error at:
npm error   <https://github.com/npm/cli/issues>

after entering my OTP in the browser and returning to my CLI I'm still logged out

[AlecBlance]

Experiencing the same. I've done the npm login, and I'm authenticated but still it won't let me pass the notice

[jefflinares]

same issue also i've tried to create a new token and put its content in the .npmrc file in the root folder of my local project but still not able to install de dependencies on windows 10

[paintoshi]

In my case I got the "Access token expired or revoked" during github workflow automation even when using the new trusted publisher allowance, but it was solved by making sure it used the latest node and npm versions.

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          registry-url: 'https://registry.npmjs.org'

      - run: npm install -g npm@latest
      - run: npm install -g yarn@latest

      - run: yarn install --frozen-lockfile
      - run: yarn build:asc

      # OIDC-aware publish:
      - run: npm publish

Using a mix of yarn and npm here, but only because the project is using a yarn lockfile. It also failed when using "yarn publish" since that uses yarn v1, which is not OIDC-aware and failed login as result. "npm install -g npm@latest" and "npm publish" did the final trick.

Docs: https://docs.npmjs.com/trusted-publishers

[jefflinares]

Hey guys i've tried to remove the package-lock.json and the node_modules after login and finally i was able to install the dependencies.

[pranjaldaffodil]

I am getting this error for an npm install using all public packages(with no logging in to npm registry AND as @jefflinares mentioned after deleting node_modules and package-lock file), the error specifically is arising from @angular/material in my case, this is the verbose log:

68 silly packumentCache full:https://registry.npmjs.org/@angular%2fcompiler-cli cache-miss
69 http cache https://registry.npmjs.org/@angular%2fcompiler-cli 7ms (cache hit)
70 silly packumentCache full:https://registry.npmjs.org/@angular%2fcompiler-cli set size:3114493 disposed:false
71 silly fetch manifest [email protected]
72 silly packumentCache full:https://registry.npmjs.org/typescript cache-miss
73 http cache https://registry.npmjs.org/typescript 37ms (cache hit)
74 silly packumentCache full:https://registry.npmjs.org/typescript set size:15024347 disposed:false
** HERE IS THE RELEVANT PART
75 silly fetch manifest @angular/material@v18-lts
76 silly packumentCache full:https://registry.npmjs.org/@angular%2fmaterial cache-miss
77 notice Access token expired or revoked. Please try logging in again.
78 http fetch GET 404 https://registry.npmjs.org/@angular%2fmaterial 5374ms (cache skip)
**
79 silly fetch manifest @angular/material-moment-adapter@v18-lts
80 silly packumentCache full:https://registry.npmjs.org/@angular%2fmaterial-moment-adapter cache-miss
81 http cache https://registry.npmjs.org/@angular%2fmaterial-moment-adapter 13ms (cache hit)
82 silly packumentCache full:https://registry.npmjs.org/@angular%2fmaterial-moment-adapter set size:1613452 disposed:false

as you can see other public packages(including the packages from the same publisher i.e. Angular) using version tags and version numbers are resolving just fine but @angular/material is getting a simple 404 for which the error message is saying access token expired, which I believe is a red herring and the issue is just that https://registry.npmjs.org/@angular%2fmaterial is throwing 404s (which in itself is a registry issue and I ~~want to report it but can't find the appropriate place to report~~ have reported to npm support) but status page shows no incidents reported)

[MirKml]

@pranjaldaffodil as described in first message, npm registry adds this weird and misleading notice about token into 404 response and client prints it into stdout.

Local only packages are also checked against registry (with 404 of course), this is nonsense at all.

I'm curious when it will be at least commented, confirmed from someone from npm team (in Microsoft/GitHub).

[theashu02]

When creating a Next.js application using npm, the project initializes correctly, but the dependencies are not installed. This issue also occurs when using Bun.

[jayyp35]

Something similar happening with Vite app as well. Not able to resolve with any login.

[Yash2204V]

I am just trying to do the npm install, Did everything like uninstall node, deleting all folder & then reinstalling it but no change?

npm notice Access token expired or revoked. Please try logging in again.
npm notice Access token expired or revoked. Please try logging in again.
npm notice Access token expired or revoked. Please try logging in again.
npm notice Access token expired or revoked. Please try logging in again.
npm error code E404
npm error 404 Not Found - GET https://registry.npmjs.org/@typescript-eslint%2ftsconfig-utils - Not found
npm error 404
npm error 404  The requested resource '@typescript-eslint/[email protected]' could not be found or you do not have permission to access it.
npm error 404
npm error 404 Note that you can also install from a
npm error 404 tarball, folder, http url, or git url.
npm error A complete log of this run can be found in: C:\Users\Yash Varma\AppData\Local\npm-cache\_logs\2025-12-19T09_02_01_312Z-debug-0.log

[AnuragPathakTDL]

i have created the token still getting the issue

[pranjaldaffodil]

I am just trying to do the npm install, Did everything like uninstall node, deleting all folder & then reinstalling it but no change?

None of that is gonna help as this is a server sided issue at npm registry(404s and incorrect npm-notices). Can we get some eyes on this @wraithgar @dhei @dylanatsmith @jeffwidman @jurre @steiza @xodene ?

[devrZingroll77]

still facing this issue above method is not working .

https://zingroll.com/

[tusharOxacular]

Automatically the issue resolved now

[pranjaldaffodil]

Can confirm, it's resolved for me now. Still nothing on npm status

[tuonotabr]

I still get the issue, no change.

[jayyp35]

Working now for me

[gurpindersingh3]

working fine for me and my team now seems like there was some issue with registry.

[theashu02]

When creating a Next.js application using npm, the project initializes correctly, but the dependencies are not installed. This issue also occurs when using Bun.

If you face dependency installation errors while setting up a Next.js project with npm or Bun, try overriding the problematic dependency version in package.json. After adding the override, run npm install again. This resolved the issue in my case.

/``` "overrides": { "@typescript-eslint/tsconfig-utils": "8.18.0" }

[kapil-4waytechnologies]

Chal gya!!

[wraithgar]

This does appear to have been an issue with the npm registry itself, not the cli. It is a good example of why we try to remind folks to use the support form for registry issues, as it is monitored differently than the issues in this repo.