Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Current behavior
This has bugged me for a while, npm view returns 404 (name is free). npm publish --dry-run completes successfully. But npm publish fails with:
npm error code E403
npm error 403 Forbidden - Package name too similar to existing package
Why this matters
By the time the 403 hits, the developer has already:
Named their GitHub repo
Written the README
Potentially published blog posts or shared links
The current UX creates a false sense of safety. --dry-run explicitly promises to do "everything publish would do except actually publishing" — but it skips the one check that matters most for a new package.
Suggested fix
Run the similarity check as part of npm publish --dry-run and surface it as a warning or error before the actual publish attempt.
If nobodys willing to fix this, Ill take this up, since I believe this was raised earlier as well, but nothing was implemented.
Expected Behavior
Either npm publish --dry-run should run the similarity check and surface the conflict early, or npm view / the registry API should expose a dedicated endpoint to check name similarity so developers can verify before building, creating a GitHub repo, or writing any code.
Steps To Reproduce
Environment
- npm: 11.9.0
- Node.js: 24.14.0
- OS Name: Ubuntu
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Current behavior
This has bugged me for a while, npm view returns 404 (name is free). npm publish --dry-run completes successfully. But npm publish fails with:
npm error code E403
npm error 403 Forbidden - Package name too similar to existing package
Why this matters
By the time the 403 hits, the developer has already:
Named their GitHub repo
Written the README
Potentially published blog posts or shared links
The current UX creates a false sense of safety. --dry-run explicitly promises to do "everything publish would do except actually publishing" — but it skips the one check that matters most for a new package.
Suggested fix
Run the similarity check as part of npm publish --dry-run and surface it as a warning or error before the actual publish attempt.
If nobodys willing to fix this, Ill take this up, since I believe this was raised earlier as well, but nothing was implemented.
Expected Behavior
Either npm publish --dry-run should run the similarity check and surface the conflict early, or npm view / the registry API should expose a dedicated endpoint to check name similarity so developers can verify before building, creating a GitHub repo, or writing any code.
Steps To Reproduce
Environment