I am looking for a way to add a custom CA to NPM so I can download from a location using said certificate (an internal git-server) without having to nuke all CA-checking with
npm config set strict-ssl false
Is there any way of achieving this or not? (if not: is there already a defect?)
If Matts Answer isn't helping you:
$env:NODE_EXTRA_CA_CERTS=path\to\certificate.pem; npm install
worked for me in Windows Powershell.For DOS/cmd (pointed out by Marc in the comments)
You can point npm to a
cafile
You can also configure
ca
string(s) directly.ca
can be an array of cert strings too. In your.npmrc
:The
npm config
commands above will persist the relevant config items to your~/.npmrc
file:Note: these CA settings will override the default "real world" certificate authority lookups that npm uses. If you try and use any public npm registries via https that aren't signed by your CA certificate, you will get errors.
If you need to support both public https npm registries as well as your own, you could use curl's Mozilla based CA bundle and append your CA cert to the
cacert.pem
file. Unfortunately npm's CA bundle is not editable as it's provided in the source code (thanks tomekwi).RHEL Note: If you happen to be using a RHEL based distro and the RHEL packaged nodejs/npm you can use the standard
update-ca-trust
method as RedHat points their packages at the system CA's.