npm install without ssl

2019-01-16 14:28发布

问题:

I have an Ubuntu VM that is having trouble connecting to sites with ssl, i.e. https. It can successfully download artifacts from the internet if the url begins with http.

npm install will download dependencies via https. Is there anyway make it download via http?

回答1:

Try changing the registry to the http version rather that the default https one using the command

npm config set registry http://registry.npmjs.org/


回答2:

As conlinf said, the following should work :

npm config set registry http://registry.npmjs.org/

Now, to add my word, you should also consider that downloading without ssl allows a man-in-the-middle attack. It is only to add a warning to people who would read the post.

If you are a solo developer there should be not much trouble downloading in http directly, but if I wanted to attack a company using node.js I would consider delivering malicious code through npm... And performing such an attack without ssl will be much easier.



回答3:

After much trial and error I found that in addition to all that was said above, I also need to set the https-proxy to the value of the http proxy.

So the end .npmrc file looks like

proxy=http://username:password@proxy.address:port/
https-proxy=http://username:password@proxy.address:port/
strict-ssl=false
registry=http://registry.npmjs.org/

Note that proxy and https-proxy are identical!

See the comments on this thread for more info:

https://github.com/npm/npm/issues/8034

Also I ran a npm cache clean --force after updating the npmrc for good measure but I am not sure if it is required.

Hope that helps.



标签: node.js ssl npm