This error occurs when npm can't verify the SSL certificate for the registry because the hostname doesn't match the certificate's Subject Alternative Names (SAN). It's commonly caused by DNS issues, corporate proxies, or system clock misalignment.
The ERR_TLS_CERT_ALTNAME_INVALID error is a TLS (Transport Layer Security) validation failure. When npm tries to connect to registry.npmjs.org over HTTPS, it verifies that the server's SSL certificate is valid for that exact hostname. If the certificate is issued to a different hostname (like a.sni.fastly.net or your corporate proxy), the validation fails and npm refuses to proceed. This is actually a security feature designed to prevent man-in-the-middle attacks. The certificate's Subject Alternative Name field must include the hostname you're connecting to. When there's a mismatch, npm treats it as a potential security threat and blocks the connection.
SSL certificates have validity dates, and if your system time is incorrect, certificate validation fails. Check and sync your system clock:
On Windows:
w32tm /resyncOn macOS:
sudo sntp -sS time.apple.comOn Linux:
date
sudo ntpdate -s time.nist.gov
# or
sudo timedatectl set-ntp onDNS misconfiguration or ISP caching can cause registry.npmjs.org to resolve incorrectly. Switch to a public DNS provider:
On Windows:
Open Settings > Network > Change adapter options > Properties
Set IPv4 DNS to 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare)
Or use environment variables temporarily:
NODE_OPTIONS="--dns-result-order=ipv4first" npm installWait 15-30 minutes for local DNS caches to clear, then retry the npm command.
Old versions of npm may have incomplete SSL validation or known issues with certificate handling.
npm install -g npm@latest
npm --version
node --versionAfter updating, clear the npm cache:
npm cache clean --forceEnsure npm is pointing to the correct registry and has proper SSL settings:
npm config get registry
# Should output: https://registry.npmjs.org/
# If not, reset it:
npm config set registry https://registry.npmjs.org/
# Verify strict-ssl is enabled
npm config get strict-ssl
# Should output: trueIf you previously disabled strict SSL, re-enable it:
npm config set strict-ssl trueIf you're behind a corporate proxy with SSL inspection, you need to configure npm to trust your corporate CA certificate:
npm config set proxy http://your-proxy.company.com:8080
npm config set https-proxy http://your-proxy.company.com:8080
# Point npm to your corporate CA certificate file
npm config set cafile /path/to/corporate-ca.pemOr create a .npmrc file:
registry=https://registry.npmjs.org/
proxy=http://proxy.company.com:8080
https-proxy=http://proxy.company.com:8080
cafile=/path/to/corporate-ca.pem
strict-ssl=trueIn Docker environments, the container's DNS resolution or certificate store may differ from the host. Ensure your Docker image has updated CA certificates: RUN apt-get update && apt-get install -y ca-certificates (Debian/Ubuntu). Disabling strict SSL verification using npm config set strict-ssl false or NODE_TLS_REJECT_UNAUTHORIZED=0 is a temporary workaround but exposes you to man-in-the-middle attacks and should only be used for debugging in isolated development environments.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code EMPTYPACKAGE npm ERR! Package contains no files
How to fix 'npm ERR! code EMPTYPACKAGE' - Package contains no files
npm ERR! code EWORKSPACEMISSING npm ERR! Workspace does not exist: packages/missing
How to fix "npm ERR! code EWORKSPACEMISSING - Workspace does not exist" error
npm ERR! code EADDRNOTAVAIL npm ERR! errno EADDRNOTAVAIL npm ERR! Address not available
How to fix "npm ERR! code EADDRNOTAVAIL - Address not available" error