'Unable to Authenticate' when trying to connect to Azure DevOps Artifacts feed through npm; I get an E401 error

I'm trying to connect to a Azure DevOps Artifacts feed, but I keep getting an E401 error.

I've tried on a different computer and it connected just fine. I've uninstalled, and reinstalled my Node.js, and I still got the error.

Below is the error I get when I run 'npm install'

npm ERR! code E401
npm ERR! Unable to authenticate, need: Bearer authorization_uri=https://login.windows.net/*********, Basic realm="https://pkgsprodcus1.pkgs.visualstudio.com/", TFS-Federated

Below is what was added to the .npmrc file

registry=https://[org].pkgs.visualstudio.com/_packaging/[feed].Npm/npm/registry
//pkgs.dev.azure.com/[org]/_packaging/[feed].Npm/npm/registry/:_authToken=[token]
//pkgs.dev.azure.com/[org]/_packaging/[feed].Npm/npm/:_authToken=[token]

I expected to be connected to the feed after adding my info to the .npmrc file, and running 'npm install'

I had an issue where I couldn't connect, even though I had the same .npmrc as other repos on the same machine. Running vsts-npm-auth -config .npmrc just exited, presumably happy with the cached credentials.

However, the credentials it had seemed to be bad. The solution was to force refreshing the token: vsts-npm-auth -config .npmrc -force

This usually happens when you've recently changed your password. To fix this problem, I ran this command within VS Code's Powershell terminal (any terminal will work)

vsts-npm-auth -config .npmrc

With doing so, a GUI popped-up where I was able to select the account I wanted to use to authenticate.

I hope this helps!

When Microsoft updated changed the name of VSTS to Azure DevOps, they also changed many of the URLs. Most of the old ones still redirect, but it looks like you have a mismatch in your .npmrc file above. Change the URI in the first line to match the other lines, so it looks like this:

registry=https://pkgs.dev.azure.com/[org]/_packaging/[feed].Npm/npm/registry

That should unblock you.

As a note, if you have both the registry and your credentials in the same file, and that file is being committed to source control, you are also saving your credentials to source control. Best practice here is to keep .npmrc in your project root that only has that first line, the one that tells npm which registry to connect to. Then, create a new file at ~/.npmrc (if you are using Windows you can use git bash to help put it in the right place) and just add the other two lines, the ones with your credentials. This will keep your creds local to your machine and the file with the registry note can safely be committed.

Also, remember that the credentials you generate from the Azure package registry are good for 90 days at the most, so at some point you will get the unauthorized error message again and you will need to update the credentials in your local ~/.npmrc file.

I just experienced this gotcha with the Azure DevOps portal:

One of my colleagues couldn't connect. It turned out that the Azure DevOps portal inserted the text %40Local after the feed name if you copy the feed URL in the browser as I did when sharing it over MS Teams.

What my portal showed:

; begin auth token
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/registry/:username=xxx
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/registry/:email=npm requires email to be set but doesn't use the value
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/:username=xxx
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<company>/_packaging/<feed>/npm/:email=npm requires email to be set but doesn't use the value
; end auth token

What his portal showed:

; begin auth token
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/registry/:username=xxx
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/registry/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/registry/:email=npm requires email to be set but doesn't use the value
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/:username=xxx
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/:_password=[BASE64_ENCODED_PERSONAL_ACCESS_TOKEN]
//pkgs.dev.azure.com/<company>/_packaging/<feed>%40Local/npm/:email=npm requires email to be set but doesn't use the value
; end auth token

That caused a mismatch with the repository URL in the projects .npmrc

To fix it: Make sure the URL is correct and is matching in both user .npmrc and project .npmrc

https://docs.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=windows This solution works for me. There is different PowerShell Extension which needs to install before running the command vsts-npm-auth -config .npmrc .

None of the many answers I've seen worked for me. Here's what did work for me:

If you haven't already then run: npm i -g vsts-npm-auth
Open Powershell and run: vsts-npm-auth -config .npmrc -T $HOME/.npmrc

Those 2 commands fixed my case.

My issue was caused by the fact that running vsts-npm-auth command wrote the URLs for username and password into my .npmrc file at %USERPROFILE%\.npmrc that were missing the last URL segment /registry. I added the /registry segment to my user .npmrc file and all is well again.