How can I manually validate npm:ECONNREFUSED?

Resolve the registry host: `node -e "require(\"dns\").lookup(new URL(process.argv[1]).hostname, console.log)" $(npm config get registry)`. Check TLS+HTTP from the same machine: `curl -v $(npm config get registry)`. If behind a proxy, confirm it is used only when intended and supports HTTPS CONNECT.

How do I prevent npm:ECONNREFUSED in CI?

Use a proxy/cache registry close to your CI runners to reduce upstream variance. Avoid flaky DNS by using stable resolvers in CI and on build machines. Pin Node/npm versions in CI so network behavior is consistent.

RepoFlow | npm ERR! code ECONNREFUSED

What This Error Means

npm could reach the host but the TCP connection was refused.

How to Fix It

Check which registry npm is using: npm config get registry.
If the package is scoped, verify scope registry mapping in .npmrc (example: @your-scope:registry=...).
Run a quick health check: npm ping.
Confirm basic HTTPS connectivity from the same machine: curl -I $(npm config get registry).
If you use a proxy, verify settings: npm config get proxy and npm config get https-proxy.
If you do not use a proxy, remove stale proxy config: npm config delete proxy and npm config delete https-proxy.
If you use a private registry/proxy, confirm the service is running and listening on the expected host/port.
If the registry URL points to localhost or an internal IP, double-check .npmrc and environment overrides.
Retry with logs: npm --verbose (keep the full output).
If this happens in CI only, compare DNS/proxy/firewall between CI and your local machine.

Why It Happens

The network path to the registry is unstable (proxy, VPN, firewall, or transient outages).
A proxy is misconfigured (wrong proxy / https-proxy), or a corporate proxy is blocking npm traffic.
The registry endpoint is temporarily down or rate-limiting requests.

How to Verify

Run npm ping and confirm it succeeds.
Re-run the original command and confirm downloads complete without timeouts/resets.

Manual connectivity checks

Resolve the registry host: node -e "require(\"dns\").lookup(new URL(process.argv[1]).hostname, console.log)" $(npm config get registry).
Check TLS+HTTP from the same machine: curl -v $(npm config get registry).
If behind a proxy, confirm it is used only when intended and supports HTTPS CONNECT.

Common CLI Output

npm ERR! code ECONNREFUSED

npm ERR! connect ECONNREFUSED <ip>

npm ERR! errno ECONNREFUSED

How npm talks to registries

npm fetches package metadata and tarballs over HTTPS from your configured registry.
Failures can happen during DNS lookup, TCP connect, TLS handshake, or while streaming the tarball.
Proxy configuration (proxy / https-proxy) changes the network path and is a common root cause.

Prevention Tips

Use a proxy/cache registry close to your CI runners to reduce upstream variance.
Avoid flaky DNS by using stable resolvers in CI and on build machines.
Pin Node/npm versions in CI so network behavior is consistent.

Where This Can Be Triggered

github.com/npm/cli/blob/417daa72b09c5129e7390cd12743ef31bf3ddb83/lib/utils/ping.js

This is the registry request path where npm talks to the network. DNS/TLS errors like this code are raised by Node/OS during this request. - GitHub

// used by the ping and doctor commands
const npmFetch = require('npm-registry-fetch')
module.exports = async (flatOptions) => {
  const res = await npmFetch('/-/ping', { ...flatOptions, cache: false })
  return res.json().catch(() => ({}))
}