### Description:

THIS IS NOT AN UPSTREAM BUG! After an update of NPM made by NPM itself (`npm i -g npm@latest`) the bug was gone. Logs suggests this seems to be caused by one of its outdated dependencies (NPM claims it encountered an unexpected HTTP return code, as far as I remember it was a failure of POST request with `403 Forbidden` response code).

While this bug may not affect users using NPM only for installing dependencies and building packages (e.g. from AUR), its severity is critical for Node.js developers as it makes them unable to develop and publish their own packages, hence marked severity of this report as *high* (I find it a bug with core functionality of the program – which is working with Node packages and this includes publishing them as well IMO).

The bug was reproduced when publishing *scoped* packages (i.e. package with name `@username/package`, not `package`). The source code structure was monorepo, using Node's/NPM `workspaces` feature.

As noted before, this is working fine with update to NPM `9.x.y`, I haven't verified if the latest version of `8.x.y` works fine but very likely it does as it is still seems to be maintained. This means, an update to the latest version of one of currently maintained major releases (which currently is `9.7.1` for `v9` and `8.19.4` for `v8`) should make this bug report outdated and could make it closed/resolved.

### Additional info:

* package version(s): `8.19.2-2` (currently outdated version);
* config: there's nothing special – package failed on publishing to NPM's public repository with quite standard configuration. I've been authenticated, it is only the HTTPS request error (it's possibly using an outdated format);
* log files: not captured yet, might be hard to get now as `--dry-run` prints a message to STDOUT like it would be published correctly so it doesn't seem to really verify if request would be handled correctly and publishing NPM packages in general is mostly irreversible and blocks me from using the tag/version when deleted (it seems to be impossible to replace a package with another using the same version tag);
* link to upstream bug report: none found yet, seems to be caused by outdated package and most likely be an Arch-specific issue;

### Steps to reproduce (with all double-checks I had in mind to make sure issue is not on user side):

1. `cd` to package sources you maintain.
2. Make sure you've installed all required dependencies or setup anything required to compile/build/package your sources.
3. Use `npm pack` – to make sure you can reliably generate a `.tgz` archive and no issue is on your side.
4. Make sure you're authenticated correctly, re-authenticate if in doubt.
5. Make sure that package is not private and can be published (`npm publish --dry-run` might be able verify that).
6. Try `npm publish`, enter valid OTP code if requested. See an error.

PS: Sorry for being unable to capture and share any logs for now, I just didn't thought I will be reporting this. Also don't bother requesting me to look if it was stored by NPM on my disk – I've made a clean reinstallation of Arch just recently, both for cleanup reasons and for using different partitioning scheme. But I will try to keep you posted if I will be in need of publishing yet another package to registry and share more details whenever this bug still reliably reproduces for me and publish logs if it does.