Invalid IP address string

Q: How to fix Node.js ERR_INVALID_IP_ADDRESS Invalid IP address string?

Validate IP addresses before use: net.isIP() returns 4 for IPv4, 6 for IPv6, or 0 for invalid; use it to validate before passing to network APIs.

Production Risk

Medium — validate all external IP inputs to prevent errors and SSRF vectors.

What this means

Thrown when a string that should be a valid IPv4 or IPv6 address is malformed. This appears in DNS, networking, and socket APIs that require a numeric IP address and receive something that does not parse as a valid address.

Why it happens

1Passing a hostname where an IP address is required
2Typo in an IP address string (e.g. "256.0.0.1" or "192.168.1.")
3Incomplete or extra-long IP address strings from user input

How to reproduce

Triggered when an API that validates IP addresses receives a malformed address string.

trigger — this will error

const net = require('net');
net.isIP('256.0.0.1'); // returns 0 (invalid), but some APIs throw
const socket = net.createConnection({ host: '999.999.999.999', port: 80 });

expected output

Error [ERR_INVALID_IP_ADDRESS]: Invalid IP address: 999.999.999.999

Fix

Validate IP addresses before use

WHEN When IP addresses come from user input or config

Validate IP addresses before use

const net = require('net');
const addr = '192.168.1.1';
if (net.isIP(addr) === 0) {
  throw new Error(`Invalid IP: ${addr}`);
}

Why this works

net.isIP() returns 4 for IPv4, 6 for IPv6, or 0 for invalid; use it to validate before passing to network APIs.

Code examples

Triggerjs

const net = require('net');
net.isIP('256.0.0.1'); // returns 0 (invalid), but some APIs throw
const socket = net.createConnection({ host: '999.999.999.999', port: 80 });  // this triggers ERR_INVALID_IP_ADDRESS

Handle in try/catchjs

try {
  // operation that may throw ERR_INVALID_IP_ADDRESS
  riskyOperation()
} catch (err) {
  if (err.code === 'ERR_INVALID_IP_ADDRESS') {
    console.error('ERR_INVALID_IP_ADDRESS:', err.message)
  } else {
    throw err
  }
}

Defensive pattern to avoid itjs

// Validate inputs before calling the operation
function safe_err_invalid_ip_address(...args) {
  // validate args here
  return performOperation(...args)
}

What not to do

✕ Trust user-supplied IP address strings without validation

Invalid IPs cause connection errors; malicious inputs can also be used for SSRF.

Sources

Official documentation ↗

Node.js Error Codes Documentation

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformNode.js Error Codes

CodeERR_INVALID_IP_ADDRESS

ClassDNS

SeverityERROR

TierNotable

ConfidenceHIGH

← All Node.js errors