Skip to content

[BUG] OIDC publish failing from GitHub actions #8730

New issue
New issue
Open
Open
[BUG] OIDC publish failing from GitHub actions#8730
Labels
Bugthing that needs fixingNeeds Triageneeds review for next steps
@nex3

Description

@nex3
nex3
opened on Nov 11, 2025

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

My publishing workflow for a nested package is failing with the following error:

npm error code E404
npm error 404 Not Found - PUT https://registry.npmjs.org/@sass%2ftypes - Not found
npm error 404
npm error 404  The requested resource '@sass/types@1.94.0' could not be found or you do not have permission to access it.
npm error 404
npm error 404 Note that you can also install from a
npm error 404 tarball, folder, http url, or git url.

You can see the wokflow here. It's invoked from ci.yml here.

I've verified that it's not the following gotchas:

  • The workflow is upgrading to the latest npm (line 119).

  • The workflow has the id-token: write permissions (line 40 of ci.yml).

  • The trusted publisher settings are pointing to the correct repo and the filename of the parent workflow:

    Image

Expected Behavior

I would expect npm publish to succeed and publish the package using OIDC.

Steps To Reproduce

Rerunning the GitHub Actions workflow reproduces this consistently

Environment

  • npm: Whatever npm@latest was at time of posting
  • Node.js: 24.11.0
  • OS Name: Ubuntu Linux
  • System Model Name: GitHub actions runner
  • npm config: GitHub actions default

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingNeeds Triageneeds review for next steps

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions