Resolving access denied error
Interacting with Bytesafe registry using npm clients and getting authentication errors, can typically be explained with:
- Access token for the registry is not sent correctly to Bytesafe servers (due to missing or incorrect configuration)
- Access token for the registry is no longer valid
Refer to the sections below for more information on how to resolve the different issues.
How to resolve 401 Unauthorized - Access Denied
As every client version can handle authentication differently, there are a number of potential causes for access tokens not being sent to Bytesafe servers.
To identify the source of your issue, review the state of the
.npmrc file used and then proceed along the steps accordingly.
The npmrc file configuration
.npmrc file to view current configuration.
For a developer using
npm from a terminal this is usually the user config file which is stored in the users home directory, accessible by
For a project running in a CI/CD environment or similar, this is usually the project level file accessible at (/path/to/project/.npmrc)
For more information on different .npmrc files refer to the official documentation on npmjs.
# default registry used by the client. Can be replaced by use of --registry flag followed by registry URL
# registry and related access token
# always-auth true forces clients to send credentials to Bytesafe servers
If the information available in users .npmrc file does not match the pattern from the example above, proceed with the steps below.
1. Access token for specific registry is missing
Previous authentication to registry (using
npm login) was unsuccessful.
Active user specific access tokens can be viewed in Bytesafe. If
authToken for a registry in
.npmrc file does not match tokens displayed in Bytesafe, requests will be denied.
Re-authenticate according to authentication instructions. Make sure to use the trailing / after the registry URL.
2. Registry URL has been specified without trailing /
Certain versions of npm cli (and other clients) requires the use of trailing / at the end of the URL. As such it is recommended to always use the trailing / for all interactions with Bytesafe (
npm login /
Re-authenticate using trailing / after the registry URL and make sure subsequent commands use the trailing / as well.
3. always-auth=true missing from .npmrc
This may result in npm cli (or other client) not sending credentials to Bytesafe servers.
# Add the config by running:
$ npm config set always-auth true
4. Using older, unsupported npm version
Certain npm cli versions have known authentication related bugs. If the npm cli version is before npm 6.8 we recommend an upgrade.
Check version with
# Check npm version with the --version flag
$ npm --version
Access token is no longer valid
If the configuration available in the
.npmrc file is correct, the most likely cause for errors are that the
access token has been revoked.
Manually by a workspace admin or automatically by Bytesafe (deactivated user on subscription or trial expiry).
Check active access tokens in Bytesafe.
Contact your account admin to investigate current status of your workspace and any related changes to user limits. If issue persists, contact Bytesafe support.