npm install throws ECONNRESET error but only for certain packages

Question

I'm working behind a corporate proxy. I have npm configured like this:

$ npm config get

...
https_proxy = "http://proxy.my-domain.com:8080" 
https-proxy = "http://proxy.my-domain.com:8080" 
proxy = "http://proxy.my-domain.com:8080"
... 

With these settings, I can install some packages fine, but not others. For example $ npm i react works perfectly fine, whereas installing @babel/core throws an ECONNRESET error.

$ npm i @babel/core

npm ERR! code ECONNRESET
npm ERR! syscall read
npm ERR! errno -54
npm ERR! network read ECONNRESET
...

Strangely, I'm able to install the package with yarn (which is configured for the proxy the same way npm is), but it too tells me that I have network issues (even though it successfully installs the package 🤔)

$ yarn add @babel/core
...
✨  Done in 2.99s.
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with your network connection. Retrying...

I can't tell why it works with yarn, but not with npm. Here's what the npm debug log looks like:

73 silly tarball no local data for @jridgewell/sourcemap-codec@https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz. Extracting by manifest.
74 silly tarball no local data for @jridgewell/trace-mapping@https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz. Extracting by manifest.
75 silly tarball no local data for @jridgewell/set-array@https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz. Extracting by manifest.
76 verbose stack Error: read ECONNRESET
76 verbose stack     at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20)
77 verbose cwd /Users/justinsmith/Dev/test-npm
78 verbose Darwin 21.4.0
79 verbose node v18.9.0
80 verbose npm  v8.19.1
81 error code ECONNRESET
82 error syscall read
83 error errno -54

Anyone have any ideas why this is happening?

Answer 1

tl;dr adding this to my ~./npmrc provided a temporary fix:

# This is what I already had set
proxy=http://proxy.my-domain.com:8080/
https-proxy=http://proxy.my-domain.com:8080/
https_proxy=http://proxy.my-domain.com:8080/

# This is what I added
strict-ssl=false
registry=http://registry.npmjs.org/
maxsockets=3

This forces npm to make requests with http instead of https and limits the number of parallel requests to three.

One reason this works is because evidently the corporate proxy was scanning files for malware before forwarding them to the client. Evidently npm making too many requests in parallel over TLS overwhelms the malware scanner which eventually refuses some connections.

Yarn on the other hand will retry a couple of times whereas npm just throws an error and gives up.

A longer-term solution would be to get your IT department to add npm to a malware scanning exclusion list.

Full credit goes to this blog post, which provided these helpful solutions.