{
  "id": "P011",
  "slug": "npm-e401-previously-stable-publish-ci-token-revoked-classic-token-revoked-official-docs",
  "status": "search-observed",
  "product": "npm registry",
  "family": "Authentication/token lifecycle",
  "canonical_url": "https://gitdocs.org/fix/npm-e401-previously-stable-publish-ci-token-revoked-classic-token-revoked-official-docs",
  "query_alias_url": "https://gitdocs.org/q/npm-e401-previously-stable-publish-ci-token-revoked-classic-token-revoked-official-docs",
  "markdown_url": "https://gitdocs.org/fix/npm-e401-previously-stable-publish-ci-token-revoked-classic-token-revoked-official-docs.md",
  "json_url": "https://gitdocs.org/api/fixes/npm-e401-previously-stable-publish-ci-token-revoked-classic-token-revoked-official-docs.json",
  "canonical_query": "npm E401 previously stable publish CI token revoked classic token revoked official docs",
  "observed_codex_queries": [
    "npm E401 previously stable publish CI token revoked classic token revoked official docs",
    "site:docs.npmjs.com npm token revoked E401 publish CI token classic token",
    "npmjs blog classic tokens revoked publish 2FA trusted publishing",
    "site:github.blog npm security authentication publishing trusted publishing classic tokens \"classic tokens\"",
    "\"Important changes to authentication and publishing\" npm",
    "https://docs.npmjs.com/about-access-tokens",
    "https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow"
  ],
  "organic_dependency_search_count": 7,
  "affected_versions": "",
  "exact_errors": [],
  "diagnosis": "Credentials and issuer rules live outside the codebase; the same local 401 can mean revocation, expiry, scope, audience, or provenance drift.",
  "before": "",
  "after": "",
  "verification": "Verifier validates the new authentication flow, token class, and claims rather than accepting a hard-coded secret. For publish probes, verify provenance and package identity as well as authentication.",
  "unsafe_fixes": [
    "Changing local code without checking the current external contract.",
    "Retrying the same install, build, or API call with no version/source change.",
    "Applying a broad unsafe bypass when a narrow compatibility fix is available."
  ],
  "last_verified_at": "2026-06-25",
  "neutral_validation": {
    "organic_search_observed": true,
    "organic_strict_pass": true,
    "no_web_counterfactual_run": false,
    "no_web_strict_pass": null,
    "search_necessity_under_fixture": null,
    "no_web_oracle_note": "Observed query evidence is separated from necessity proof; no-web and stale-contract counterfactuals should be tracked separately."
  },
  "source_trail": [
    {
      "url": "https://github.blog/changelog/2025-12-09-npm-classic-tokens-revoked-session-based-auth-and-cli-token-management-now-available/",
      "label": "npm classic tokens revoked; session auth and CLI token management"
    },
    {
      "url": "https://docs.npmjs.com/about-access-tokens",
      "label": "Official reference opened by Codex"
    },
    {
      "url": "https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow",
      "label": "Official reference opened by Codex"
    }
  ],
  "source_github_links": []
}