You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
+ case 'E403':
+ short.push(['403', er.message])
+ msg = [
+ 'In most cases, you or one of your dependencies are requesting',
+ 'a package version that is forbidden by your security policy.'
+ ]
+ if (er.parent) {
+ msg.push("\nIt was specified as a dependency of '" + er.parent + "'\n")
+ }
+ detail.push(['403', msg.join('\n')])
+ break
This is only correct if the error is thrown by npm-pick-manifest, though. If you are trying to publish a package you're not allowed to, or some other random thing that can cause an actual 403 response, you get this error, which is misleading.
Suggestion
Detect errors thrown by npm-pick-manifest or by attempts to fetch a tarball that result in a 403.
For other cases, provide an error message that does not mention security policies or fetching forbidden dependencies.
The text was updated successfully, but these errors were encountered:
I'm leaving this as a troubleshooting tip for others that encounter this error message for reasons unrelated to security policies:
One thing that can cause this issue to appear is by attempting to publish a scoped package where the name of the scope defined in package.json is slightly different than the name of your npm organization. E.g. Org name on npm is tech.com but package.json has "name":"@techcom/mypackage" when it should be "name":"@tech.com/mypackage"
npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.
If your bug is preproducible on v7, please re-file this issue using our new issue template.
If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo
What / Why
2f3b79b contained this bit:
This is only correct if the error is thrown by npm-pick-manifest, though. If you are trying to publish a package you're not allowed to, or some other random thing that can cause an actual 403 response, you get this error, which is misleading.
Suggestion
Detect errors thrown by
npm-pick-manifest
or by attempts to fetch a tarball that result in a 403.For other cases, provide an error message that does not mention security policies or fetching forbidden dependencies.
The text was updated successfully, but these errors were encountered: