At my company, there is an auto signed ssl certificate. So they're some npm packages that cannot be installed because of it.
I already add strict-ssl=false in .npmrc or --strict-ssl=false command args.
It works for some packages but some doesn't seems to take in charge this option.
For exemple, I tried to install Cypress :
Command :
npm i cypress --save-dev --strict-ssl=false
Error logs :
> cypress#3.4.0 postinstall /Users/mchoraine/Documents/Workplace/SAMSE/rechercheproduit/rechercheproduit-front/node_modules/cypress
> node index.js --exec install
Installing Cypress (version: 3.4.0)
✖ Downloading Cypress
→ Cypress Version: 3.4.0
Unzipping Cypress
Finishing Installation
The Cypress App could not be downloaded.
Please check network connectivity and try again:
----------
URL: https://download.cypress.io/desktop/3.4.0?platform=darwin&arch=x64
Error: self signed certificate in certificate chain
----------
Platform: darwin (18.6.0)
Cypress Version: 3.4.0
Problem seems to occur only for packages with postinstall
The smartest things would be to change the SSL certificate but unfortunately it can't be done.
So are you aware of an alternative to bypass certificat verification on npm postinstall ?
Thanks in advance for your proposal.
Get a copy of your company's certificate, then set the NODE_EXTRA_CA_CERTS environmental variable to point to it before you run the npm commnand:
export NODE_EXTRA_CA_CERTS=path/to/certificate.crt
The post-install script is a separate node program, so the npm flag doesn't affect it.
Credit goes to "zerdos" who posted this solution on a related GitHub issue: https://github.com/cypress-io/cypress/issues/1401#issuecomment-393591520
For me the following solution worked.
OS - windows 10
Terminal - git bash
Run these commands before installing cypress.
setx HTTP_PROXY <your company proxy url>
setx NODE_EXTRA_CA_CERTS <path to cerm.pem file>
These will be set as environment variables in your system for any future use.
You can always get rid of them anytime if you do not need them.
Related
Apologies if this is a repeat question, but I am new to this. I have installed nodeJS and am trying to install hardhat. I have a Windows 10 laptop.
I followed the instructions here: https://hardhat.org/tutorial/setting-up-the-environment
I am trying to run the following code:
mkdir hardhat-tutorial
cd hardhat-tutorial
npm init --yes
npm install --save-dev hardhat
Then I get the following errors:
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/hardhat failed, reason: unable to get local issuer certificate
When I search this online it says to try the following solutions:
npm config set strict-ssl false
OR
npm config set registry http://registry.npmjs.org/
I've done both and rebooted the PC and it doesn't make a difference. Anyone got any ideas of what I can do to resolve this?
Thanks
John
You are running from behind a "deep inspection" web proxy, which issues fake SSL certificates to allow it to inspect your traffic, and although there are probably automated systems to make your browser trust the root CA cert that issues these certificates, npm is not configured to trust that CA.
You should be able to get the CA cert from your browser, the system keychain, or your IT department, and then configure npm to use it with npm config set cafile /path/to/cert.pem
even if you don't know where the corporate certificate is located you can solve it for a single terminal use by running set NODE_TLS_REJECT_UNAUTHORIZED=0 before running the npm commands it will work for the current terminal session.
or you can run setX NODE_TLS_REJECT_UNAUTHORIZED 0 /m once
beware this option as security risks!
to cancel this setting you should run REG delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /F /V NODE_TLS_REJECT_UNAUTHORIZED .
the best way to solve the problem will be to find the corporate certificate and run the following command SetX NODE_EXTRA_CA_CERTS "path/to/certificate" /m when you change path/to/certificate by the full path.
Turning off strict ssl: npm config set strict-ssl=false
Changing the registry to http instead of https: npm config set registry http://registry.npmjs.org/
Changing my cafile setting: npm config set cafile /path/to/your/cert.pem
Stop rejecting unknown CAs: set NODE_TLS_REJECT_UNAUTHORIZED=0
while installing cypress through command :npm install cypress --save-dev getting error as The Cypress App could not be downloaded.
Error :
Finishing Installation
The Cypress App could not be downloaded.
Does your workplace require a proxy to be used to access the Internet? If so, you must configure the HTTP_PROXY environment variable before downloading Cypress. Read more: https://on.cypress.io/proxy-configuration
Otherwise, please check network connectivity and try again:
But please not I m not using any proxy and on my personal wifi.
plz suggest ,what can be done in this case.Thanks
It seems to be too many possible reasons for this issue in general but I managed to find a workaround to install Cypress from within a corporation with npm and without using sudo npm or turning off strict ssl.
The following worked for me per November 18th 2020 with Ubuntu 18.04 and npm 6.14.8:
I downloaded the zip file shown in https://docs.cypress.io/guides/getting-started/installing-cypress.html#Direct-download
I installed cypress as shown in https://docs.cypress.io/guides/getting-started/installing-cypress.html#Install-binary : CYPRESS_INSTALL_BINARY=~/Downloads/cypress.zip npm install cypress --save-dev
I could now run npx cypress open to start the gui (which will also generate the cypress.json file)
Possible Reasons for this issue:
U might be running the project with a proxy setting.
One of the reason could be you are behind the firewall.that may prohibit your network? Please follow the guidelines in Proxy Configuration if so(https://docs.cypress.io/guides/references/proxy-configuration.html#Set-a-proxy-on-Linux-or-macOS).
make sure you have right access to install the cypress.
if none of the above mentioned reasons try removing the biraries or node_modules and install again.
I'm trying to install electron using both npm(npm install electron) and yarn but stuck into a bottleneck issue. PFB the error msg
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1473:34)
at TLSSocket.emit (events.js:311:20)
at TLSSocket._finishInit (_tls_wrap.js:916:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:686:12) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
So, in order to bypass ssl I ran the command npm config set strict-ssl=false and tried again.
Butr now, I get a new error.
ChecksumMismatchError: Generated checksum for
"electron-v5.0.13-darwin-x64.zip" did not match expected checksum.
PFB the versions I'm using.
Node - v12.16.1
npm - 6.13.4
OS - macOS mojave 10.14.16
I struggled with self-signed certificates on an enterprise network too and this is what helps in my case. Whenever I want to install a version of electron, I download the electron-vX.Y.Z-win32-x64.zip and place it in electrons local cache folder. Which is %APP_DATA%\Local\electron\Cache on windows systems.
After that I run a normal npm install. It will look for a cached zip file, find one and use that.
The cache locations for the other operating systems can be found here:
https://www.electronjs.org/docs/tutorial/installation#cache
Edit:
Respondong to your comment - there are a couple of old entries on the electron issue tracker on github, search that for 'ChecksumMismatchError', it hints for mismatching versions of electron, node and maybe other dependencies. One solution would be to calculate the checksum of the zip (assuming, you got it from a trusted source!!) and update the package-lock.json (or yarn). Or - upgrade to the latest version of electron. That's what I recommend, then you get the latest and safest chromium.
https://github.com/electron/electron/issues/13168#issuecomment-400079161
Found the solution. It was the firewall's issue. Temporarily disabled it to proceed with the installation.
I'm in an environment where I am required to run a local proxy, and I am unable to install node-sass. When I try the following:
npm install -g node-sass
I get an error:
Cannot download "https://github.com/sass/node-sass/releases/download/v4.5.3/win32-x64-48_binding.node": tunneling socket could not be established, cause=read ECONNRESET
I have already installed cntlm and configured it correctly. To verify I use the porxy server to access internet and it works fine.
The following environment variables are set
http_proxy -> http://localhost:3128
https_proxy -> http://localhost:3128
Have also added the following to my .npmrc
https-proxy=http://localhost:3128
http-proxy=http://localhost:3128
proxy=http://localhost:3128
Also tried by adding slashes to the end but the result is the same.
Any clues and help would be appreciated since I have no idea how to resolve this.
Additional details:
node -v
v6.11.4
npm -v
5.5.1
The workaround I found was to download the node-sass file from https://github.com/sass/node-sass/releases/download/v4.5.3/win32-x64-48_binding.node and then set the sass-path to the binaries downloaded:
SET_SASS_BINARY_PATH = C:\..\..\
and then doing
npm install -g node-sass
worked for me.
I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.