node-npm-install
optum's artifactory blocks packages that are younger than 5 days old, but also blocks critical and high packages or packages that have supply chain attacks, this skill gives techniques to help resolve npm installs
npm install instructions
Optum blocks packages that are not at least 5 days old. Critical and High CVE severity packages are blocked as well. When you encounter npm installation errors due to package curation policies, follow this systematic approach:
Step 1: Identify Blocked Packages
When npm fails with 403 errors, look for messages like:
npm notice package <package-name>:<version> download was blocked by jfrog packages curation service due to the following policies violated {DelayNPM,NewNPM,Package version is X days old,Use an older version or wait until this version is no longer immature}
Step 2: Find Compatible Versions
For each blocked package, use npm view <package-name> time to list all published versions and their dates:
npm view <package-name> time
npm view <package-name> time | tail -20 # For recent versions
npm view <package-name> time | grep "2025-09" # For specific timeframe
Key Strategy: Always attempt to use the latest version that is older than 5 days from the current date.
Step 3: Pin Compatible Versions
Add package overrides to your package.json to force npm to use the specific, older versions:
{
"name": "your-project",
"dependencies": { ... },
"devDependencies": { ... },
"overrides": {
"<blocked-package-1>": "<compatible-version-1>",
"<blocked-package-2>": "<compatible-version-2>",
"<blocked-package-3>": "<compatible-version-3>"
}
}
Example from real scenarios:
"overrides": {
"rollup": "4.50.0",
"electron-to-chromium": "1.5.200",
"caniuse-lite": "1.0.30001740",
"baseline-browser-mapping": "2.8.5",
"react-day-picker": "9.0.9",
"@types/react": "18.2.9",
"@types/react-dom": "18.2.9"
}
Step 4: Handle Dependency Conflicts
If you encounter override conflicts (e.g., EOVERRIDE errors), consider:
-
Downgrade main dependencies to compatible versions:
"dependencies": { "react": "^18.2.0", // Instead of "^19.x.x" "react-dom": "^18.2.0" // Instead of "^19.x.x" } -
Adjust devDependencies to match:
"devDependencies": { "@types/react": "18.2.9", // Pin exact version "@types/react-dom": "18.2.9", // Pin exact version "@vitejs/plugin-react": "^4.3.0", // Downgrade from 5.x "vite": "^5.4.0" // Downgrade from 7.x }
Step 5: Install with Overrides
Run npm install again. The overrides ensure npm uses only the allowed versions:
npm install
Repeat as necessary: You may encounter additional blocked packages during dependency resolution. Repeat steps 2-4 for each new blocked package until you achieve a working combination.
Step 6: Verify Installation Success
- Check for successful package installation without 403 errors
- Verify your application builds and runs correctly
- Test key functionality to ensure compatibility with downgraded packages
Common Package Categories That May Require Overrides:
- Build tools:
rollup,vite,@vitejs/plugin-react - Browser compatibility:
electron-to-chromium,caniuse-lite,baseline-browser-mapping - React ecosystem:
@types/react,@types/react-dom,react-day-picker - Development tools: Various dev dependencies may trigger blocks
Pro Tips:
- Work incrementally: Install base dependencies first, then add additional packages
- Use specific versions: Pin exact versions in overrides rather than ranges
- Check dates carefully: Ensure the version you choose is actually older than 5 days
- Document your overrides: Keep track of why specific versions were chosen for future reference

