npm ERR! code ECONNREFUSED

Q: How do I prevent npm:ECONNREFUSED in CI?

Use a proxy/cache registry close to your CI runners to reduce upstream variance. Avoid flaky DNS by using stable resolvers in CI and on build machines. Pin Node/npm versions in CI so network behavior is consistent.

Q: How can I manually validate npm:ECONNREFUSED?

Resolve the registry host: `node -e "require(\"dns\").lookup(new URL(process.argv[1]).hostname, console.log)" $(npm config get registry)`. Check TLS+HTTP from the same machine: `curl -v $(npm config get registry)`. If behind a proxy, confirm it is used only when intended and supports HTTPS CONNECT.

Where the Request Failed

npm reached the registry host, but the TCP connection was refused, usually because the server, proxy, or mirror is not accepting connections.

npm is telling you the request failed before it got a clean response back. Treat the connection path and the failing environment as the first suspects, not the package or image name.

Restore connectivity to the registry

Start by proving the failing machine can reach the right host cleanly. Until DNS, routing, proxy, and trust look sane in that exact environment, retrying the install or pull is mostly noise.

Check which registry npm is using:npm config get registry

If the package is scoped, verify scope registry mapping in .npmrc (example: @your-scope:registry=...).

Run a quick health check:npm ping

Confirm basic HTTPS connectivity from the same machine:curl -I $(npm config get registry)

If you use a proxy, verify settings:npm config get proxy and npm config get https-proxy

If you do not use a proxy, remove stale proxy config:npm config delete proxy and npm config delete https-proxy

If you use a private registry/proxy, confirm the service is running and listening on the expected host/port.

If the registry URL points to localhost or an internal IP, double-check .npmrc and environment overrides.

Retry with logs:npm --verbose (keep the full output).

If this happens in CI only, compare DNS/proxy/firewall between CI and your local machine.

Manual connectivity checks

Resolve the registry host:node -e "require(\"dns\").lookup(new URL(process.argv[1]).hostname, console.log)" $(npm config get registry)

Check TLS+HTTP from the same machine:curl -v $(npm config get registry)

If behind a proxy, confirm it is used only when intended and supports HTTPS CONNECT.

Why It Happens

Usually this comes down to the network path to the registry is unstable (proxy, VPN, firewall, or transient outages), a proxy is misconfigured (wrong proxy / https-proxy), or a corporate proxy is blocking npm traffic, or the registry endpoint is temporarily down or rate-limiting requests.

Prove the Failing Environment Can Reach It

Run npm ping and confirm it succeeds, and re-run the original command and confirm downloads complete without timeouts/resets.

How npm talks to registries

npm fetches package metadata and tarballs over HTTPS from your configured registry. Failures can happen during DNS lookup, TCP connect, TLS handshake, or while streaming the tarball. Proxy configuration (proxy / https-proxy) changes the network path and is a common root cause.

Examples

npm ERR! code ECONNREFUSED
npm ERR! connect ECONNREFUSED <ip>
npm ERR! errno ECONNREFUSED

Prevent Repeat Connectivity Failures

To prevent this, use a proxy/cache registry close to your CI runners to reduce upstream variance, avoid flaky DNS by using stable resolvers in CI and on build machines, and pin Node/npm versions in CI so network behavior is consistent.

Docs and source code

github.com/npm/cli/blob/417daa72b09c5129e7390cd12743ef31bf3ddb83/lib/utils/ping.js

This is the registry request path where npm talks to the network. DNS/TLS errors like this code are raised by Node/OS during this request. - GitHub

// used by the ping and doctor commands
const npmFetch = require('npm-registry-fetch')
module.exports = async (flatOptions) => {
  const res = await npmFetch('/-/ping', { ...flatOptions, cache: false })
  return res.json().catch(() => ({}))
}