Npm publish just started failing with 403 after weeks of working fine

I have a job in a pipeline that has worked for weeks but just today started failing. I’m using your standard .npmrc content:

    - export SCOPE="..."
    - echo "@SCOPE:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/" >>.npmrc
    - echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=\"${CI_JOB_TOKEN}\"" >>.npmrc
    - npm publish

There is no existing .npmrc when this is executed.

  • What are you seeing, and how does that differ from what you expect to see?
    Today, the job started failing with a 403. Obvi, everything has been anonymized via <angle-brackets> in the sample below. All values were correct in the pipeline.
$ npm publish
npm notice 
npm notice package: @<scope>/<package-name>@0.5.0-dev.2
npm notice === Tarball Contents === 
npm notice 307B   package.json                              
npm notice 61.5kB <package-name>-0.5.0-dev.2.openapi.json
npm notice 61.5kB <package-name>.openapi.json            
npm notice === Tarball Details === 
npm notice name:          @<scope>/<package-name>                
npm notice version:       0.5.0-dev.2                                
npm notice filename:      @<scope>/<package-name>-0.5.0-dev.2.tgz
npm notice package size:  10.5 kB                                    
npm notice unpacked size: 123.4 kB                                   
npm notice shasum:        884dd0c862a2a5bd4d7a5d02941cc4b937cba649   
npm notice integrity:     sha512-Wbk/KLoq+deWJ[...]zxiLC8rx3xsSw==   
npm notice total files:   3                                          
npm notice 
npm notice Publishing to<project-id>/packages/npm/
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT<project-id>/packages/npm/@<scope>%2f<package-name>
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-04-25T19_46_02_664Z-debug-0.log

We’re using the latest version of SaaS as of this writing.

Any ideas, folks?