Build fails when needing to add RSA host key

As part of our build setup process, some node modules are downloaded and installed. A large portion of our builds (half or more) will fail at this step because it needs to add an RSA host key:

> node install.js

PhantomJS detected, but wrong version 1.9.8 @ /usr/local/bin/phantomjs.
Download already available at /tmp/phantomjs/phantomjs-1.9.7-linux-x86_64.tar.bz2
Extracting tar contents (via spawned process)
Copying extracted folder /tmp/phantomjs/phantomjs-1.9.7-linux-x86_64.tar.bz2-extract-1449025716359/phantomjs-1.9.7-linux-x86_64 -> /home/ubuntu/Amplitude-Javascript/node_modules/phantomjs/lib/phantom
Writing location.js file
Done. Phantomjs binary available at /home/ubuntu/Amplitude-Javascript/node_modules/phantomjs/lib/phantom/bin/phantomjs
node scripts/version
Updating to version 2.6.2
Updated component.json
Updated  src/amplitude-snippet.js
Updated  src/version.js
Updated version from 2.6.2 to 2.6.2

     building : src/index.js
    installed : component-object@0.0.3
    installed : amplitude-JavaScript-MD5@2350ea9
    installed : segmentio-json@1.0.0
    installed : amplitude-ua-parser-js@407f34a
    installed : component-json-fallback@1.0.0
    installed : segmentio-top-domain@1.0.0
    installed : component-querystring@1.3.0
        error : Error: Warning: Permanently added the RSA host key for IP address '' to the list of known hosts.

    at error (/home/ubuntu/Amplitude-Javascript/node_modules/duo/node_modules/duo-package/node_modules/gh-resolve/index.js:184:10)
    at /home/ubuntu/Amplitude-Javascript/node_modules/duo/node_modules/duo-package/node_modules/gh-resolve/index.js:73:37
    at ChildProcess.exithandler (child_process.js:646:7)
    at ChildProcess.emit (events.js:98:17)
    at maybeClose (child_process.js:756:16)
    at Process.ChildProcess._handle.onexit (child_process.js:823:5)

make: *** [amplitude.js] Error 1
npm ERR! Test failed.  See above for more details.

npm test returned exit code 1

It always seems like a different IP address, and I end up having to rerun tests until I come across an IP address that was already added. Is there some way to bypass this or at least not have the build fail when adding a new RSA key?

Any help is appreciated, thanks!

Which version of npm are you using? It looks like there are some known bugs [1][2] around certain versions of npm that have this issue.